There's so much shit with malware TTPs, malware development, reverse engineering, shit on financially motivated malware nerds, state sponsored malware nerds, malware nerds being arrested
I just can't keep up anymore bro I'm just focusing on cat pictures fuck it
I just can't keep up anymore bro I'm just focusing on cat pictures fuck it
β€βπ₯46π€£16π₯°8β€6π’1
vx-underground
There's so much shit with malware TTPs, malware development, reverse engineering, shit on financially motivated malware nerds, state sponsored malware nerds, malware nerds being arrested I just can't keep up anymore bro I'm just focusing on cat pictures fuckβ¦
Ok whatever I'll get back to work on the shitty malware website I work on, you convinced me
π’28π€£15β€13π«‘6π2π1
Sorry for spam.
I received a message from a person named "Riverbank". He was upset that I failed to supply a photo of a kitty cat. He stated what I delivered was a video and/or gif. I apologize for the confusion. As promised I will deliver one (1) cat picture.
Thank you for understanding.
I received a message from a person named "Riverbank". He was upset that I failed to supply a photo of a kitty cat. He stated what I delivered was a video and/or gif. I apologize for the confusion. As promised I will deliver one (1) cat picture.
Thank you for understanding.
π₯°52β€14π€£8π₯3π1π’1
Administrative update:
- I am slowly, but surely, revising the entire malware analysis collection. In essence, I am downloading every malware analysis paper and pulling the related malware samples with it. It is several millions samples going back to the beginning of time (2001-ish). I don't know what to call this collection of stuff, so it's literally just "Malware Analysis". I will merge the old APT collection with this, eventually
- I am slowly resuming my work on archiving malware development papers. My work load has been minimized because this nerd 5mukx posts all sorts of malware papers he finds. I've been going based off his tweets. He doesn't know he is my official malware paper feed. I might offer him a job at vx-underground (I'm poor, I just mean beg him to help me).
- Some random French guy named Dunt has been helping me archive papers too.
- I'm bringing in like, 8,000+- malware samples a day thanks to petikvx and virussign. He is a blessing. I love him so much. I barely talk to the guy. I just check the website and he keeps pushing malware. He's doing it for the love of the game and nothing else. He is also French. I love French people. I think the VirusSign people are Canadian. I love Canadians too.
- Besides working on vx-underground, I've been doing silly things like looking for cool and badass malware samples and unique payloads. I've had minor success. I've also noticed lots of cool malware development research stuff being published. Please slow down. I am behind and it's a lot of reading. I am too old for this shit.
- I have some other big news too, but can't share it yet (don't know if it'll come to fruition).
- Nerds keep asking me about BlockBlasters. If OSINT nerds give me approval I'll share more details. I mostly did the malware stuff. OSINT nerds have been digging into that shit for like, 4 days straight. They're so deep down the rabbit hole I don't even know what's going on anymore.
- Infrastructure for vx-underground pretty steady thanks to TorGuard. This guy just sends me cat memes and money for stuff. I ask if he wants anything else, he just says "keep working on vx-underground". I said "okie np"
Anyway, while I continue to work slowly in the background I'll probably continue to make schizo posts, weird ass memes, post cat pictures, and make unusual commentary on cybersecurity events.
Thank you for the love and support.
- smelly smellington
- I am slowly, but surely, revising the entire malware analysis collection. In essence, I am downloading every malware analysis paper and pulling the related malware samples with it. It is several millions samples going back to the beginning of time (2001-ish). I don't know what to call this collection of stuff, so it's literally just "Malware Analysis". I will merge the old APT collection with this, eventually
- I am slowly resuming my work on archiving malware development papers. My work load has been minimized because this nerd 5mukx posts all sorts of malware papers he finds. I've been going based off his tweets. He doesn't know he is my official malware paper feed. I might offer him a job at vx-underground (I'm poor, I just mean beg him to help me).
- Some random French guy named Dunt has been helping me archive papers too.
- I'm bringing in like, 8,000+- malware samples a day thanks to petikvx and virussign. He is a blessing. I love him so much. I barely talk to the guy. I just check the website and he keeps pushing malware. He's doing it for the love of the game and nothing else. He is also French. I love French people. I think the VirusSign people are Canadian. I love Canadians too.
- Besides working on vx-underground, I've been doing silly things like looking for cool and badass malware samples and unique payloads. I've had minor success. I've also noticed lots of cool malware development research stuff being published. Please slow down. I am behind and it's a lot of reading. I am too old for this shit.
- I have some other big news too, but can't share it yet (don't know if it'll come to fruition).
- Nerds keep asking me about BlockBlasters. If OSINT nerds give me approval I'll share more details. I mostly did the malware stuff. OSINT nerds have been digging into that shit for like, 4 days straight. They're so deep down the rabbit hole I don't even know what's going on anymore.
- Infrastructure for vx-underground pretty steady thanks to TorGuard. This guy just sends me cat memes and money for stuff. I ask if he wants anything else, he just says "keep working on vx-underground". I said "okie np"
Anyway, while I continue to work slowly in the background I'll probably continue to make schizo posts, weird ass memes, post cat pictures, and make unusual commentary on cybersecurity events.
Thank you for the love and support.
- smelly smellington
β€100π«‘16π₯°9π₯2β€βπ₯1π1π’1
Really behind on stuff
Just going to be pushing unusually specific, esoteric, or weird stinky nerd tech memes for a few days
Chat, we're back to deranged posting for a few days. Buckle up.
Just going to be pushing unusually specific, esoteric, or weird stinky nerd tech memes for a few days
Chat, we're back to deranged posting for a few days. Buckle up.
π₯59π«‘13β€7π―4π4π’1
This media is not supported in your browser
VIEW IN TELEGRAM
π€£130π₯°11β€9π4π’3π2π1
This media is not supported in your browser
VIEW IN TELEGRAM
certified hood classic π
π€72π€£32π₯29π―8β€3π’3β€βπ₯1π1π1
vx-underground
certified hood classic π
this isnt ai. gucci mane reportedly said the rap game isnt for him and hes decided to enroll in a code bootcamp. it inspired him to write this song
π₯72π€£21β€11π4π₯°4π4π€2π1π’1
if you pretend to be a little girl on roblox pedophiles give you free stuff. its badass
π€£152π€―18β€15π―6π₯5π₯°3π2π’1π€©1π1π«‘1
Was reading my baby boy Windows Internals Volume 1 and he started crying.
Oh, so the shiny book with the pretty lady singing is about monkeys and bubble gum trees is cool but Windows Internals isn't? This mfers brain is ROT bro
Oh, so the shiny book with the pretty lady singing is about monkeys and bubble gum trees is cool but Windows Internals isn't? This mfers brain is ROT bro
π₯°92π€£72π’12β€5π3π±1π―1π«‘1
I've made a few intentionally ambiguous posts about Terraria because I was trying to get nerds who do stuff with it to give a fuck.
Turns out they don't give a fuck in any capacity whatsoever so I'll just go full disclosure. When someone brought it to tModloaders attention they said it isn't a big deal. Okie dokie
In Terraria there is a mod called tModloader. It is available for download on Steam.
If someone hosts a game and has tModloader installed, and the person joining (the client) has tModloader installed, the client will arbitrarily download the mods used by the game host.
Very cool
However, if the game host has malicious mods installed then the client who joins the host will arbitrarily execute the malicious mod with no prompting. The malware payload will run in the context of tModloader.
This has been used on and off since roughly 2016. There are dozens of posts about it on places like Reddit, Discord, and Steam. Some nerds have considered making a "tModloader sandbox" to prevent mods from being able to access components outside scope of Terraria. Unfortunately, nothing has been done to prevent this and/or encapsulate mods. Obviously there is no "signing" mechanism for mods.
The host being able to execute mods on the client. Hence, it is not a vulnerability. It is a feature which is being abused.
This technique has been used most recently for cryptodraining malware campaigns (akin to spear phishing). It has been used historically to deploy RATs and information stealing malware.
The technique requires some social engineering to convince someone to join the host, however that is not particularly difficult.
I have a working proof-of-concept. It isn't hard at all. It's shockingly easy.
Thanks for coming to my TED Talk.
Thank you Telegram nerds for giving me code, proof-of-concepts, and explanation on how it works. I initially discussed it on Telegram and dozens of nerds came forward to share their insights, opinions, and code.
Turns out they don't give a fuck in any capacity whatsoever so I'll just go full disclosure. When someone brought it to tModloaders attention they said it isn't a big deal. Okie dokie
In Terraria there is a mod called tModloader. It is available for download on Steam.
If someone hosts a game and has tModloader installed, and the person joining (the client) has tModloader installed, the client will arbitrarily download the mods used by the game host.
Very cool
However, if the game host has malicious mods installed then the client who joins the host will arbitrarily execute the malicious mod with no prompting. The malware payload will run in the context of tModloader.
This has been used on and off since roughly 2016. There are dozens of posts about it on places like Reddit, Discord, and Steam. Some nerds have considered making a "tModloader sandbox" to prevent mods from being able to access components outside scope of Terraria. Unfortunately, nothing has been done to prevent this and/or encapsulate mods. Obviously there is no "signing" mechanism for mods.
The host being able to execute mods on the client. Hence, it is not a vulnerability. It is a feature which is being abused.
This technique has been used most recently for cryptodraining malware campaigns (akin to spear phishing). It has been used historically to deploy RATs and information stealing malware.
The technique requires some social engineering to convince someone to join the host, however that is not particularly difficult.
I have a working proof-of-concept. It isn't hard at all. It's shockingly easy.
Thanks for coming to my TED Talk.
Thank you Telegram nerds for giving me code, proof-of-concepts, and explanation on how it works. I initially discussed it on Telegram and dozens of nerds came forward to share their insights, opinions, and code.
β€91π±15π6π―5π€£4β€βπ₯1π’1
vx-underground
I've made a few intentionally ambiguous posts about Terraria because I was trying to get nerds who do stuff with it to give a fuck. Turns out they don't give a fuck in any capacity whatsoever so I'll just go full disclosure. When someone brought it to tModloadersβ¦
Yes, this can be done in other games too (probably). I don't follow game nerd malware stuff too closely, so maybe this isn't as novel as I perceive it to be. However, I think it's a really cool initial access and/or malware deployment method. I'm genuinely impressed by the ingenuity of nerds.
I would have easily fallen for this if I played Terraria with tModloader.
I would have easily fallen for this if I played Terraria with tModloader.
π₯°43β€15π€6β€βπ₯4π’1
One way to differentiate a real nerd from a phony nerd is their appreciation of stuff
For example, someone may share an idea, or proof-of-concept, which illustrates something which is unusual
A nerd will appreciate it for it's documentation and appreciation that someone has shared this finding
A phony nerd will almost immediately, without hesitation, question the applicability of the thing being presented
Dawg, not everything has to have a purpose. Sometimes things are fun. Sometimes it's cool to do shit, just do to do shit. Not everything has to be for profit, or progress, or whatever the fuck else.
I've done so much useless stupid bullshit just because I thought it was interesting.
I've seen nerds share weird ass notes on something they reversed on Windows that basically no one uses or gives a shit about, and I love it and appreciate it.
You can just do things bro
The unknown is cool and badass. Explore it
If it's known and you wanna explore it, do it anyway so you can experience it yourself
Just fuckin have fun idfk
For example, someone may share an idea, or proof-of-concept, which illustrates something which is unusual
A nerd will appreciate it for it's documentation and appreciation that someone has shared this finding
A phony nerd will almost immediately, without hesitation, question the applicability of the thing being presented
Dawg, not everything has to have a purpose. Sometimes things are fun. Sometimes it's cool to do shit, just do to do shit. Not everything has to be for profit, or progress, or whatever the fuck else.
I've done so much useless stupid bullshit just because I thought it was interesting.
I've seen nerds share weird ass notes on something they reversed on Windows that basically no one uses or gives a shit about, and I love it and appreciate it.
You can just do things bro
The unknown is cool and badass. Explore it
If it's known and you wanna explore it, do it anyway so you can experience it yourself
Just fuckin have fun idfk
π―114β€31π€6π₯4π3π2π1π’1