New papers.
- 2025-08-26 - Alternatives to NtAllocateMemoryEx
- 2025-08-17 - Control Flow Obfuscation What happens if we modify callee-saved registers
- 2025-08-15 - Driver Reverse Engineering 101
- 2025-07-15 - Weaponizing Windows Drivers
This could be you if you read them
- 2025-08-26 - Alternatives to NtAllocateMemoryEx
- 2025-08-17 - Control Flow Obfuscation What happens if we modify callee-saved registers
- 2025-08-15 - Driver Reverse Engineering 101
- 2025-07-15 - Weaponizing Windows Drivers
This could be you if you read them
β€44π6β€βπ₯5π₯°4π±2π1π’1
vx-underground
New papers. - 2025-08-26 - Alternatives to NtAllocateMemoryEx - 2025-08-17 - Control Flow Obfuscation What happens if we modify callee-saved registers - 2025-08-15 - Driver Reverse Engineering 101 - 2025-07-15 - Weaponizing Windows Drivers This could beβ¦
YouTube
Teddy's Olympic training starts NOW πͺ
Berkeley Humane is providing for all of Teddy's medical needs - please consider donating to support him and other kittens like him! https://berkeleyhumane.org/kitten-season/?utm_source=teddy
β€34π₯°20π’1
Malware Noob Month Post #10
It's impossible to know everything about malware (yes, again, I'm writing this).
Previously I discussed different platforms and architectures. That is just the tip of the iceberg.
If you subscribe to a Threat Intelligence and/or Information Exchange platform you'll see how much information on malware comes flooding in.
Everyday (omit weekends and major holidays) at least one cybersecurity vendor releases a report on an on-going malware campaign or group. On average vx-underground archives 20 malware reports a week. Some months it has gone as high as 100 a month.
These malware reports document new and evolving malware techniques, malware threat groups, who (or why) someone (or something) is being targeted, etc. They also sometimes give a comprehensive breakdown on how the malware works.
Additionally, cybersecurity researchers release papers on offensive malware development practices. These are less common as malware research reports, however vx-underground ingests roughly 20 (Windows based reports*) a month. Unfortunately, we also miss a lot of cool research papers because they're more decentralized than malware research papers.
The volume of material coming in daily, or weekly, is suffocating and overwhelming. If you truly wanted to be cutting edge and on top of everything you would have to allocate several hours a day to simply reading papers. If you wanted to read everything historically it would probably require thousands upon thousands of hours ... which only grows everyday you spend not reading new material.
This is one reason (of many) why malware researchers (offensive or defensive) have focus areas. Instead of reading everything they emphasize something they believe interesting such as only studying ransomware, or information stealer malware, or choosing to only focus on developing malware for Windows, etc.
tldr to know EVERYTHING you're going to have to LOCK IN for YEARS and spend easily 16 hours a day or more reading just to TRY to catch up.
It's impossible to know everything about malware (yes, again, I'm writing this).
Previously I discussed different platforms and architectures. That is just the tip of the iceberg.
If you subscribe to a Threat Intelligence and/or Information Exchange platform you'll see how much information on malware comes flooding in.
Everyday (omit weekends and major holidays) at least one cybersecurity vendor releases a report on an on-going malware campaign or group. On average vx-underground archives 20 malware reports a week. Some months it has gone as high as 100 a month.
These malware reports document new and evolving malware techniques, malware threat groups, who (or why) someone (or something) is being targeted, etc. They also sometimes give a comprehensive breakdown on how the malware works.
Additionally, cybersecurity researchers release papers on offensive malware development practices. These are less common as malware research reports, however vx-underground ingests roughly 20 (Windows based reports*) a month. Unfortunately, we also miss a lot of cool research papers because they're more decentralized than malware research papers.
The volume of material coming in daily, or weekly, is suffocating and overwhelming. If you truly wanted to be cutting edge and on top of everything you would have to allocate several hours a day to simply reading papers. If you wanted to read everything historically it would probably require thousands upon thousands of hours ... which only grows everyday you spend not reading new material.
This is one reason (of many) why malware researchers (offensive or defensive) have focus areas. Instead of reading everything they emphasize something they believe interesting such as only studying ransomware, or information stealer malware, or choosing to only focus on developing malware for Windows, etc.
tldr to know EVERYTHING you're going to have to LOCK IN for YEARS and spend easily 16 hours a day or more reading just to TRY to catch up.
π₯38β€24π5π€£2π«‘2π―1
The Nepal government was overthrown, or something, and new government leadership has been selected by performing a poll on Discord.
https://www.nytimes.com/2025/09/11/world/asia/nepal-protest-genz-discord.html
https://www.nytimes.com/2025/09/11/world/asia/nepal-protest-genz-discord.html
NY Times
Nepalβs Social Media Ban Backfires as Politics Moves to a Chat Room
βThe Parliament of Nepal right now is Discord,β a user said of the platform popular with video gamers, where tens of thousands are debating the nationβs future.
π₯49π€―34π6π€£5β€1π1π’1π1
Some of the people who helped throw the Nepal government follow us
I was just criticizing Discord for an election because I don't think it's a secure place to do it
I'm sorry. Please don't kill me (bro, they overthrew the fucking government, these nerds DO NOT fuck around)
I was just criticizing Discord for an election because I don't think it's a secure place to do it
I'm sorry. Please don't kill me (bro, they overthrew the fucking government, these nerds DO NOT fuck around)
π«‘85π40β€7π’3β€βπ₯2π€1π―1
vx-underground
Some of the people who helped throw the Nepal government follow us I was just criticizing Discord for an election because I don't think it's a secure place to do it I'm sorry. Please don't kill me (bro, they overthrew the fucking government, these nerdsβ¦
I need to add some context
No one from Nepal threatened me. This post is me trying to be funny and light hearted
I deleted 2 posts about Nepal because I was misinformed and was accidentally spreading misinformation. People from Nepal politely corrected me.
Tldr no big deal
No one from Nepal threatened me. This post is me trying to be funny and light hearted
I deleted 2 posts about Nepal because I was misinformed and was accidentally spreading misinformation. People from Nepal politely corrected me.
Tldr no big deal
β€62π€£26π«‘7π₯°2π1π’1
Malware Noob Month Post #11
Is writing malware illegal? No.
If writing malware was illegal everyone in vx-underground, and associated with vx-underground, would be in prison by now.
Writing malware is all about intent. What your intentions are with what you've made.
If you write a cool malware proof-of-concept and then do nothing with it, you just did it for the love of the game and fun, then it's not a crime.
If you write a cool malware proof-of-concept and open sourced it on GitHub for others to review, give feedback, or to study from, then it's not a crime
If you write a fully weaponized malware C2 (panel, builder, payload, modules), and then keep it all for yourself and do nothing with it, then it's not a crime.
If you write a fully weaponized malware C2 (panel, builder, payload, modules), and then share it privately with friends, then you're potentially putting yourself in a small (microscopic) amount of danger. If your friend uses it for a large scale malware campaign, and you're identified as the author, you might have some legal problems.
If you write a fully weaponized malware C2 (panel, builder, payload, modules), and then exclusively sell it to Threat Actors, then that is a crime.
If you write a fully weaponized malware C2 (panel, builder, payload, modules), and then sell it to Red Team companies for ethical stuff, then it's not a crime, but you should probably consult with a lawyer in the event something bad happens and you're blamed (it leaks, used without consent, etc)
If you write a fully weaponized malware C2 (panel, builder, payload, modules), and then sell it to the government and/or it's allies, then it gets weird and you're probably just a patriot or something, I don't know.
If you write a fully weaponized malware C2 (panel, builder, payload, modules), and then sell it to foreign adversaries of your government, then it's a crime (probably)
Is writing malware illegal? No.
If writing malware was illegal everyone in vx-underground, and associated with vx-underground, would be in prison by now.
Writing malware is all about intent. What your intentions are with what you've made.
If you write a cool malware proof-of-concept and then do nothing with it, you just did it for the love of the game and fun, then it's not a crime.
If you write a cool malware proof-of-concept and open sourced it on GitHub for others to review, give feedback, or to study from, then it's not a crime
If you write a fully weaponized malware C2 (panel, builder, payload, modules), and then keep it all for yourself and do nothing with it, then it's not a crime.
If you write a fully weaponized malware C2 (panel, builder, payload, modules), and then share it privately with friends, then you're potentially putting yourself in a small (microscopic) amount of danger. If your friend uses it for a large scale malware campaign, and you're identified as the author, you might have some legal problems.
If you write a fully weaponized malware C2 (panel, builder, payload, modules), and then exclusively sell it to Threat Actors, then that is a crime.
If you write a fully weaponized malware C2 (panel, builder, payload, modules), and then sell it to Red Team companies for ethical stuff, then it's not a crime, but you should probably consult with a lawyer in the event something bad happens and you're blamed (it leaks, used without consent, etc)
If you write a fully weaponized malware C2 (panel, builder, payload, modules), and then sell it to the government and/or it's allies, then it gets weird and you're probably just a patriot or something, I don't know.
If you write a fully weaponized malware C2 (panel, builder, payload, modules), and then sell it to foreign adversaries of your government, then it's a crime (probably)
π«‘51β€25π€£12π₯6β€βπ₯1π1π€1π’1π―1
vx-underground
Malware Noob Month Post #11 Is writing malware illegal? No. If writing malware was illegal everyone in vx-underground, and associated with vx-underground, would be in prison by now. Writing malware is all about intent. What your intentions are with whatβ¦
Oh, ya, this varies in each country by the way. This is the law for the United States. A lot of countries have similar laws. Apparently Germany is not cool or badass though and bitches about shit a lot more because they're lame and old
β€27π―11π’7π€£6π5π±4
vx-underground
Malware Noob Month Post #11 Is writing malware illegal? No. If writing malware was illegal everyone in vx-underground, and associated with vx-underground, would be in prison by now. Writing malware is all about intent. What your intentions are with whatβ¦
Oh and I'm not a lawyer, or whatever. This is just my dumbass opinion, or something
β€32π€7π6π5π’2π―2
tl;dr chinas firewall censorship thingy has massive leak. shows code and political ambitions and stuff
idk the significance because i dont study chinese network firewall sciency stuff. maybe one of you nerds is interested. its all available for download online now
https://gfw.report/blog/geedge_and_mesa_leak/en/
idk the significance because i dont study chinese network firewall sciency stuff. maybe one of you nerds is interested. its all available for download online now
https://gfw.report/blog/geedge_and_mesa_leak/en/
π₯49π±6π4β€3π’1π€1
Today an unknown group of individuals created a domain to display individuals who mocked the death of American conservative Charlie Kirk.
Attached image is from the websites landing page.
The website asserts the domain is not for "doxxing", rather the website is designed to archive instances of people promoting political violence. The authors also assert the material is not illegal and has been aggregated by legal means (e.g. posted publicly on social media).
The website displays (as of this writing) approx. 30,000 individuals who have (allegedly) mocked the death of Charlie Kirk. Details include:
- First name
- Last name
- Approx. location (city and/or state)
- Place of employment
- Social media profiles
- Photos from social media
Attached image is from the websites landing page.
The website asserts the domain is not for "doxxing", rather the website is designed to archive instances of people promoting political violence. The authors also assert the material is not illegal and has been aggregated by legal means (e.g. posted publicly on social media).
The website displays (as of this writing) approx. 30,000 individuals who have (allegedly) mocked the death of Charlie Kirk. Details include:
- First name
- Last name
- Approx. location (city and/or state)
- Place of employment
- Social media profiles
- Photos from social media
π±60β€46π30π€£19π€9π’8π€7π6π₯4π1π―1