Posting from mobile. Im not sure why my phone wrote "Lesbian Dating App" like it was an official title or acronym or something (LDA)....

Lolwtf

I recommend following this thread (comments and quoted retweets) to follow the drama and shit storm.

STOP THE SLOP. NO MORE AI VIBE CODED APPS.

https://x.com/acgfbr/status/1965116645556600882

If people keep pushing AI vibe coded slop imagine how much money us cybersecurity nerds are gonna make

Chat, it's going to be a very prosperous couple of decades

> TeaApp
> Used Firebase
> Bucket not configured correctly

> Brazil dating app (Sapphos)
> Used Firebase
> Bucket not configured correctly

It's literally free money

The drama in Brazil continues.

Sapphos, a lesbian-focused dating app, was compromised as a result of a poorly developed API with users speculating it was vibe coded.

Sapphos, after discovering the situation unfolding on social media, quickly put out a message regarding the compromise.

Sapphos begins by implying the compromise was a targeted campaign by men. However, while it was compromised by men, it does not appear (based on social media conversations and threads) to be compromised as a result of disdain toward women. Rather, the compromise was the result of nerds being nerds and messing with the application.

The message concludes with the statement that no documentation was exfiltrated. However, based on photo evidence on social media, this is incontrovertibly false. Photos and logs have been presented which proves this is false.

tl;dr Brazil mentioned?

I say Brazil mentioned because following the post about the compromise and/or data leak, Brazil nerds seemed happy to see Brazil mentioned.

Brazilian people are cool and badass

Mildly interesting

As I'm working on collecting older malware samples I've made some observations.

1. The word "IOC" (Indicator of Compromise) has not been present in a report from 2001 - 2010.

2. Most malware samples were not shared. If they were shared they used MediaFire

3. Around 2008 people began referencing VirusTotal for malware detection rates and names. VirusTotal reports from that era are broken because they URLs have changed. VirusTotal's URLs were originally in spanish and were HTTP based

4. One of the first vendors to share malware MD5 (or SHA1, haven't seen a SHA256 yet) was FireEye (now Trellix) and Secureworks

5. Malware campaigns using social networks for target users was revolutionary concepts in 2009.

6. Conficker malware analysis reports illustrate how much malware has evolved. The malware techniques used by Conficker are amateur at best compared to modern malware techniques. Conficker was declared revolutionary (not exact words) because of its modularity. See attached image. A modern malware payload doing what Conficker did is ... meh ... everyone can do this. Interesting how much has changed.

The most interesting person in the world was messaging me.

They've suddenly deleted their e-mail and Xitter account.

Come back:(

MALAYSIA, STOP. DO NOT VIBE CODE A BANK

NOOOOO

https://www.rytbank.my/

Someone is going to do a prompt injection and transfer the entire countries GDP into a Swiss bank account 😭

Connor Fitzpatrick a/k/a Pompompurin, the previous administrator of Breached, has been subject to re-trial and is being re-sentenced.

He is facing 188 months in prison (15 years) and $1,016,786.51 in restitution to victims.

The first malware paper I've seen use a SHA256 was on November 12th, 2010 by Giuseppe Bonfa.

It was noted in an article for the InfosecInstitute titled: ZeroAccess Malware - De-Obfuscating and Reversing the User-Mode Agent Dropper

Mr. Bonfa now works for IBM

Prior to this, I had only seen MD5 hashes and (sometimes, rarely) SHA1. Congratulations Mr. Bonfa

me going to bed after a long day of internet schizophrenia

Tiny people inside my computer,

I come with gifts.

New papers:
- 2024-06-28 - An unexpected journey into Microsoft Defender's signature World
- 2025-07-26 - Ghosting the Sensor Disrupting Defender for Identity Without Detection
2025-08-24 - Hyper-V utility LiveCloudKd evolution and architecture technical analysis
- 2025-08-31 - Fetch PEB Using Verifier DLL
- 2025-09-04 - Investigating a Mysteriously Malformed AuthenticodeSignature

Thank you to Explode3240 for assisting with these papers.

New malware samples:
- Malware analysis papers from 2006 - 2010 have been synced and pushed to prod

New malware source code:
- Added a proof-of-concept "CSS" keylogger. It was initially noted by usetraceix

Pic unrelated

Nerds angry at ProtonMail today (yesterday?) due to internet drama (as is tradition). People are big mad. Is it a big deal? Are people overreacting? Why did normie accounts comment on the issue like they know what's going on?

Phrack did some silly things on the internet. They were able to get access to North Korean state-sponsored machines, or something, which were being used to attack South Korean government stuff. Specifically, the DPRK was targeting:
- South Korea Defense Counterintelligence Command
- South Korea Ministry of Foreign Affairs
- ???

Phrack was able to do some internet nerd stuff and dump DPRK password sheets (domain, username, password) which were stored in various files unencrypted (literally a .docx). They also dumped screenshots of user stuff, more credentials, tooling, documentation, and 20,000 browser history entries.

Following this, Phrack decided to be nice and notify the South Korean government regarding the DPRK.

I'm not a government nerd, but I'd guess that the South Korean government would like to be notified of any intelligence regarding the DPRK and their offensive cybersecurity actions toward them.

Here is the drama:
Phrack was speaking to South Korean nerds in proxy. Some nerd made a Proton e-mail and contacted the South Korean government from Proton e-mail. On August 15th, proxy nerd had their Proton e-mail magically nuked. Additionally, Phrack nerd had their Proton e-mail magically nuked August 16th.

It doesn't take a rocket scientist to put 2 and 2 together here and determine that Proton, for reasons not explained, took action against them (in some capacity) and terminated their accounts.

Phrack then contacted Proton e-mail requesting an unban, or something. Proton replied with, "your account will cause further damage to our service, therefore we will keep the account suspended."

Phrack then decided to contact Proton legal department. Phrack contacted Proton's legal department on 8 separate occasions and was ignored.

Did Proton violate their privacy stuff by terminating the Phrack accounts? Why was Phrack stuff terminated? Did the South Korean government get big mad and decide to send legal stuff to Phrack? Is Proton illegal and for nerds?

Find out next time on Dragon Ball Z

You can read more about it from Phrack themselves. You can also look at North Korean nerds silly passwords (they're basically qwerty)

https://phrack.org/issues/72/7_md#article