Media outlets today announced the apprehension of a 17 year old individual residing in the United States believed to be tied to the infamous Scattered Spider.

Historically, Owen Flowers, Thalha Jubair, and Noah Urban were identified as key members.

who tf is this guy???

My best guess at this point is that the Federal Bureau of Investigation is now low-key sniping off any person who even orbited the main players

Tldr even associates getting cooked

There's so much shit with malware TTPs, malware development, reverse engineering, shit on financially motivated malware nerds, state sponsored malware nerds, malware nerds being arrested

I just can't keep up anymore bro I'm just focusing on cat pictures fuck it

Ok whatever I'll get back to work on the shitty malware website I work on, you convinced me

Sorry for spam.

I received a message from a person named "Riverbank". He was upset that I failed to supply a photo of a kitty cat. He stated what I delivered was a video and/or gif. I apologize for the confusion. As promised I will deliver one (1) cat picture.

Thank you for understanding.

Administrative update:

- I am slowly, but surely, revising the entire malware analysis collection. In essence, I am downloading every malware analysis paper and pulling the related malware samples with it. It is several millions samples going back to the beginning of time (2001-ish). I don't know what to call this collection of stuff, so it's literally just "Malware Analysis". I will merge the old APT collection with this, eventually

- I am slowly resuming my work on archiving malware development papers. My work load has been minimized because this nerd 5mukx posts all sorts of malware papers he finds. I've been going based off his tweets. He doesn't know he is my official malware paper feed. I might offer him a job at vx-underground (I'm poor, I just mean beg him to help me).

- Some random French guy named Dunt has been helping me archive papers too.

- I'm bringing in like, 8,000+- malware samples a day thanks to petikvx and virussign. He is a blessing. I love him so much. I barely talk to the guy. I just check the website and he keeps pushing malware. He's doing it for the love of the game and nothing else. He is also French. I love French people. I think the VirusSign people are Canadian. I love Canadians too.

- Besides working on vx-underground, I've been doing silly things like looking for cool and badass malware samples and unique payloads. I've had minor success. I've also noticed lots of cool malware development research stuff being published. Please slow down. I am behind and it's a lot of reading. I am too old for this shit.

- I have some other big news too, but can't share it yet (don't know if it'll come to fruition).

- Nerds keep asking me about BlockBlasters. If OSINT nerds give me approval I'll share more details. I mostly did the malware stuff. OSINT nerds have been digging into that shit for like, 4 days straight. They're so deep down the rabbit hole I don't even know what's going on anymore.

- Infrastructure for vx-underground pretty steady thanks to TorGuard. This guy just sends me cat memes and money for stuff. I ask if he wants anything else, he just says "keep working on vx-underground". I said "okie np"

Anyway, while I continue to work slowly in the background I'll probably continue to make schizo posts, weird ass memes, post cat pictures, and make unusual commentary on cybersecurity events.

Thank you for the love and support.
- smelly smellington

One of the guys who drained cancer bro is on Xitter flexing that he drained $800,000, not the initial $150,000 ZachXBT reported

Really behind on stuff

Just going to be pushing unusually specific, esoteric, or weird stinky nerd tech memes for a few days

Chat, we're back to deranged posting for a few days. Buckle up.

certified hood classic 🙏

this isnt ai. gucci mane reportedly said the rap game isnt for him and hes decided to enroll in a code bootcamp. it inspired him to write this song

if you pretend to be a little girl on roblox pedophiles give you free stuff. its badass

DO NOT let your kids learn C++

Was reading my baby boy Windows Internals Volume 1 and he started crying.

Oh, so the shiny book with the pretty lady singing is about monkeys and bubble gum trees is cool but Windows Internals isn't? This mfers brain is ROT bro

I've made a few intentionally ambiguous posts about Terraria because I was trying to get nerds who do stuff with it to give a fuck.

Turns out they don't give a fuck in any capacity whatsoever so I'll just go full disclosure. When someone brought it to tModloaders attention they said it isn't a big deal. Okie dokie

In Terraria there is a mod called tModloader. It is available for download on Steam.

If someone hosts a game and has tModloader installed, and the person joining (the client) has tModloader installed, the client will arbitrarily download the mods used by the game host.

Very cool

However, if the game host has malicious mods installed then the client who joins the host will arbitrarily execute the malicious mod with no prompting. The malware payload will run in the context of tModloader.

This has been used on and off since roughly 2016. There are dozens of posts about it on places like Reddit, Discord, and Steam. Some nerds have considered making a "tModloader sandbox" to prevent mods from being able to access components outside scope of Terraria. Unfortunately, nothing has been done to prevent this and/or encapsulate mods. Obviously there is no "signing" mechanism for mods.

The host being able to execute mods on the client. Hence, it is not a vulnerability. It is a feature which is being abused.

This technique has been used most recently for cryptodraining malware campaigns (akin to spear phishing). It has been used historically to deploy RATs and information stealing malware.

The technique requires some social engineering to convince someone to join the host, however that is not particularly difficult.

I have a working proof-of-concept. It isn't hard at all. It's shockingly easy.

Thanks for coming to my TED Talk.

Thank you Telegram nerds for giving me code, proof-of-concepts, and explanation on how it works. I initially discussed it on Telegram and dozens of nerds came forward to share their insights, opinions, and code.