Was reading my baby boy Windows Internals Volume 1 and he started crying.
Oh, so the shiny book with the pretty lady singing is about monkeys and bubble gum trees is cool but Windows Internals isn't? This mfers brain is ROT bro
Oh, so the shiny book with the pretty lady singing is about monkeys and bubble gum trees is cool but Windows Internals isn't? This mfers brain is ROT bro
π₯°92π€£72π’12β€5π3π±1π―1π«‘1
I've made a few intentionally ambiguous posts about Terraria because I was trying to get nerds who do stuff with it to give a fuck.
Turns out they don't give a fuck in any capacity whatsoever so I'll just go full disclosure. When someone brought it to tModloaders attention they said it isn't a big deal. Okie dokie
In Terraria there is a mod called tModloader. It is available for download on Steam.
If someone hosts a game and has tModloader installed, and the person joining (the client) has tModloader installed, the client will arbitrarily download the mods used by the game host.
Very cool
However, if the game host has malicious mods installed then the client who joins the host will arbitrarily execute the malicious mod with no prompting. The malware payload will run in the context of tModloader.
This has been used on and off since roughly 2016. There are dozens of posts about it on places like Reddit, Discord, and Steam. Some nerds have considered making a "tModloader sandbox" to prevent mods from being able to access components outside scope of Terraria. Unfortunately, nothing has been done to prevent this and/or encapsulate mods. Obviously there is no "signing" mechanism for mods.
The host being able to execute mods on the client. Hence, it is not a vulnerability. It is a feature which is being abused.
This technique has been used most recently for cryptodraining malware campaigns (akin to spear phishing). It has been used historically to deploy RATs and information stealing malware.
The technique requires some social engineering to convince someone to join the host, however that is not particularly difficult.
I have a working proof-of-concept. It isn't hard at all. It's shockingly easy.
Thanks for coming to my TED Talk.
Thank you Telegram nerds for giving me code, proof-of-concepts, and explanation on how it works. I initially discussed it on Telegram and dozens of nerds came forward to share their insights, opinions, and code.
Turns out they don't give a fuck in any capacity whatsoever so I'll just go full disclosure. When someone brought it to tModloaders attention they said it isn't a big deal. Okie dokie
In Terraria there is a mod called tModloader. It is available for download on Steam.
If someone hosts a game and has tModloader installed, and the person joining (the client) has tModloader installed, the client will arbitrarily download the mods used by the game host.
Very cool
However, if the game host has malicious mods installed then the client who joins the host will arbitrarily execute the malicious mod with no prompting. The malware payload will run in the context of tModloader.
This has been used on and off since roughly 2016. There are dozens of posts about it on places like Reddit, Discord, and Steam. Some nerds have considered making a "tModloader sandbox" to prevent mods from being able to access components outside scope of Terraria. Unfortunately, nothing has been done to prevent this and/or encapsulate mods. Obviously there is no "signing" mechanism for mods.
The host being able to execute mods on the client. Hence, it is not a vulnerability. It is a feature which is being abused.
This technique has been used most recently for cryptodraining malware campaigns (akin to spear phishing). It has been used historically to deploy RATs and information stealing malware.
The technique requires some social engineering to convince someone to join the host, however that is not particularly difficult.
I have a working proof-of-concept. It isn't hard at all. It's shockingly easy.
Thanks for coming to my TED Talk.
Thank you Telegram nerds for giving me code, proof-of-concepts, and explanation on how it works. I initially discussed it on Telegram and dozens of nerds came forward to share their insights, opinions, and code.
β€91π±15π6π―5π€£4β€βπ₯1π’1
vx-underground
I've made a few intentionally ambiguous posts about Terraria because I was trying to get nerds who do stuff with it to give a fuck. Turns out they don't give a fuck in any capacity whatsoever so I'll just go full disclosure. When someone brought it to tModloadersβ¦
Yes, this can be done in other games too (probably). I don't follow game nerd malware stuff too closely, so maybe this isn't as novel as I perceive it to be. However, I think it's a really cool initial access and/or malware deployment method. I'm genuinely impressed by the ingenuity of nerds.
I would have easily fallen for this if I played Terraria with tModloader.
I would have easily fallen for this if I played Terraria with tModloader.
π₯°43β€15π€6β€βπ₯4π’1
One way to differentiate a real nerd from a phony nerd is their appreciation of stuff
For example, someone may share an idea, or proof-of-concept, which illustrates something which is unusual
A nerd will appreciate it for it's documentation and appreciation that someone has shared this finding
A phony nerd will almost immediately, without hesitation, question the applicability of the thing being presented
Dawg, not everything has to have a purpose. Sometimes things are fun. Sometimes it's cool to do shit, just do to do shit. Not everything has to be for profit, or progress, or whatever the fuck else.
I've done so much useless stupid bullshit just because I thought it was interesting.
I've seen nerds share weird ass notes on something they reversed on Windows that basically no one uses or gives a shit about, and I love it and appreciate it.
You can just do things bro
The unknown is cool and badass. Explore it
If it's known and you wanna explore it, do it anyway so you can experience it yourself
Just fuckin have fun idfk
For example, someone may share an idea, or proof-of-concept, which illustrates something which is unusual
A nerd will appreciate it for it's documentation and appreciation that someone has shared this finding
A phony nerd will almost immediately, without hesitation, question the applicability of the thing being presented
Dawg, not everything has to have a purpose. Sometimes things are fun. Sometimes it's cool to do shit, just do to do shit. Not everything has to be for profit, or progress, or whatever the fuck else.
I've done so much useless stupid bullshit just because I thought it was interesting.
I've seen nerds share weird ass notes on something they reversed on Windows that basically no one uses or gives a shit about, and I love it and appreciate it.
You can just do things bro
The unknown is cool and badass. Explore it
If it's known and you wanna explore it, do it anyway so you can experience it yourself
Just fuckin have fun idfk
π―114β€31π€6π₯4π3π2π1π’1
A long time I worked with a man who was victim to a romance scam.
He was a very obese man, desperately wanting a girlfriend. He had poor hygiene and had a habit of making wildly inappropriate comments to women in a (poor) attempt to flirt with women.
One day he low-key made a comment about his "girlfriend". We knew this was his attempt to bring up the subject. We were all very happy for him and congratulated him.
When we asked "who's the lucky lady?", he showed us a photo of what could possibly be an Instagram influencer. It was a very pretty and busty Hispanic woman. It was very obviously not his "girlfriend".
We said, "No, seriously, who is your girlfriend?", and he very seriously asserted this was his significant other.
He told us he met her on a dating app. He told us she was a doctor studying abroad and currently resides in Africa.
We asked if he had ever verbally spoken with her and he said no. He said where she lives she doesn't have good cellular service (yet she's on a dating app?).
We all kind of looked at each other in disbelief and shrugged. We didn't bring it up ever again.
Over the following months he'd occasionally comment that his "girlfriend" needs money for her cell phone, for a plane ticket to visit "her mom", money for "school supplies". He had given "his girlfriend" thousands upon thousands of dollars over the time span of just a few months.
One day he commented, "I think she's just using me for my money". It hadn't come into question yet in his mind that this was a scammer.
Then suddenly, without comment, he would appear at work unusually scruffy and unusually stinky. He stopped mentioning his girlfriend ever again. When we mentioned her, he would try to convince us that he "never had a girlfriend" and that we were misremembering things. It was almost like he was in complete denial about the entire experience.
It wasn't until several years later, when we no longer worked together, he would confess it was an African man pretending to be a woman and they had scammed him out of approx. $12,000
He was a very obese man, desperately wanting a girlfriend. He had poor hygiene and had a habit of making wildly inappropriate comments to women in a (poor) attempt to flirt with women.
One day he low-key made a comment about his "girlfriend". We knew this was his attempt to bring up the subject. We were all very happy for him and congratulated him.
When we asked "who's the lucky lady?", he showed us a photo of what could possibly be an Instagram influencer. It was a very pretty and busty Hispanic woman. It was very obviously not his "girlfriend".
We said, "No, seriously, who is your girlfriend?", and he very seriously asserted this was his significant other.
He told us he met her on a dating app. He told us she was a doctor studying abroad and currently resides in Africa.
We asked if he had ever verbally spoken with her and he said no. He said where she lives she doesn't have good cellular service (yet she's on a dating app?).
We all kind of looked at each other in disbelief and shrugged. We didn't bring it up ever again.
Over the following months he'd occasionally comment that his "girlfriend" needs money for her cell phone, for a plane ticket to visit "her mom", money for "school supplies". He had given "his girlfriend" thousands upon thousands of dollars over the time span of just a few months.
One day he commented, "I think she's just using me for my money". It hadn't come into question yet in his mind that this was a scammer.
Then suddenly, without comment, he would appear at work unusually scruffy and unusually stinky. He stopped mentioning his girlfriend ever again. When we mentioned her, he would try to convince us that he "never had a girlfriend" and that we were misremembering things. It was almost like he was in complete denial about the entire experience.
It wasn't until several years later, when we no longer worked together, he would confess it was an African man pretending to be a woman and they had scammed him out of approx. $12,000
π€£100π’97π«‘20β€9π€―7π4π€3π±2π₯°1
Kido Schools, an international nursery business, which is "for parents, by parents", is a fucking nightmare come alive.
6,000 pre-school kids PII being extorted. 20,000 parents PII being extorted.
Look at this fucking slop piece of shit
https://github.com/kido-fullstack/mykido-api/blob/master/mail.py
6,000 pre-school kids PII being extorted. 20,000 parents PII being extorted.
Look at this fucking slop piece of shit
https://github.com/kido-fullstack/mykido-api/blob/master/mail.py
π€£58π±23π€4β€3π₯2π2π€―1π’1π«‘1
vx-underground
Kido Schools, an international nursery business, which is "for parents, by parents", is a fucking nightmare come alive. 6,000 pre-school kids PII being extorted. 20,000 parents PII being extorted. Look at this fucking slop piece of shit https://github.com/kidoβ¦
The fucking developers accidentally exposed some of the internal software suite, left hardcoded SMTP credentials in the code.
This is the fucking slop shit that's protecting children online? Fire everyone immediately
This is the fucking slop shit that's protecting children online? Fire everyone immediately
π50π―19β€10π₯9π8π’3
vx-underground
The fucking developers accidentally exposed some of the internal software suite, left hardcoded SMTP credentials in the code. This is the fucking slop shit that's protecting children online? Fire everyone immediately
Parents: if you can't find a family member to watch your kids, bring them to a local mom-n-pop nursery type place. Don't bring them to a for-profit international business trying to monetize your children
π63π―25β€9π’1
Previously I shared some footage of 3 individuals raiding a home in the United Kingdom. In the video two of the men begin destroying the elderly woman's home. The video concludes with one of the masked men physically striking the elderly woman.
New details have emerged online as to why this event occurred.
One of the occupants of that home was believed to be a member of "CVLT", an online group which produces CSAM and other nefarious material.
Unfortunately for myself, some individuals have come forward and shared some footage with me which I regret seeing.
The footage I saw, and regret seeing, shows one of the home inhabitants producing zoophilia pornography with a canine that is believed to also reside in that home.
There is no indication on whether or not the elderly woman from the video is aware someone in her home is producing zoophilia pornography.
Violence is never the answer. These individuals should not have raided this home and physically assaulted the elderly woman. The footage was sickening and I wish I never saw it.
New details have emerged online as to why this event occurred.
One of the occupants of that home was believed to be a member of "CVLT", an online group which produces CSAM and other nefarious material.
Unfortunately for myself, some individuals have come forward and shared some footage with me which I regret seeing.
The footage I saw, and regret seeing, shows one of the home inhabitants producing zoophilia pornography with a canine that is believed to also reside in that home.
There is no indication on whether or not the elderly woman from the video is aware someone in her home is producing zoophilia pornography.
Violence is never the answer. These individuals should not have raided this home and physically assaulted the elderly woman. The footage was sickening and I wish I never saw it.
π±52π23β€12π€3π€£2π€2π«‘2π1π1π1π―1
vx-underground
Previously I shared some footage of 3 individuals raiding a home in the United Kingdom. In the video two of the men begin destroying the elderly woman's home. The video concludes with one of the masked men physically striking the elderly woman. New detailsβ¦
People on Telegram were unsurprised about this news. I, however, was very surprised.
π±56π€£22π10β€4π’2
Hello, I have arrived and I am bringing gifts. It is malwares.
Each VirusSign block contains 3,000 malwares. Each InTheWild block contains 25,000 malwares.
If my math is correct this is approx. 98,000 malwares.
- Virussign.2025.09.07
- Virussign.2025.09.08
- Virussign.2025.09.09
- Virussign.2025.09.10
- Virussign.2025.09.11
- Virussign.2025.09.12
- Virussign.2025.09.13
- Virussign.2025.09.14
- Virussign.2025.09.15
- Virussign.2025.09.16
- Virussign.2025.09.17
- Virussign.2025.09.18
- Virussign.2025.09.19
- Virussign.2025.09.20
- Virussign.2025.09.21
- Virussign.2025.09.22
- InTheWild.0211
- InTheWild.0212
Please download the malwares and stare at them longly and passionately.
Each VirusSign block contains 3,000 malwares. Each InTheWild block contains 25,000 malwares.
If my math is correct this is approx. 98,000 malwares.
- Virussign.2025.09.07
- Virussign.2025.09.08
- Virussign.2025.09.09
- Virussign.2025.09.10
- Virussign.2025.09.11
- Virussign.2025.09.12
- Virussign.2025.09.13
- Virussign.2025.09.14
- Virussign.2025.09.15
- Virussign.2025.09.16
- Virussign.2025.09.17
- Virussign.2025.09.18
- Virussign.2025.09.19
- Virussign.2025.09.20
- Virussign.2025.09.21
- Virussign.2025.09.22
- InTheWild.0211
- InTheWild.0212
Please download the malwares and stare at them longly and passionately.
β€60π₯°23π₯7π1π’1
vx-underground
Hello, I have arrived and I am bringing gifts. It is malwares. Each VirusSign block contains 3,000 malwares. Each InTheWild block contains 25,000 malwares. If my math is correct this is approx. 98,000 malwares. - Virussign.2025.09.07 - Virussign.2025.09.08β¦
I gotta add some more papers n shit too. Add some other stuff too, or something. I've got a bottle of Tylenol extra strength. Gonna lock in tomorrow and push some crazy updates.
Love you all
- smelly smellington
Love you all
- smelly smellington
π₯°43π―6β€5π€5π’1
Also, I'm surprised X still uses the Twitter authentication subdomain for Okta. But I guess, "X.Okta-dot-com" wasn't available.
π€£59β€5π4π’2
One time some SANS nerds low-key talked to me about doing SANS stuff
They told me I couldn't be a degenerate with the constant swearing, weird cat memes, chain smoking, dark jokes, looking homeless, etc
I can't change who I am dawg. I guess I'm a loser forever
They told me I couldn't be a degenerate with the constant swearing, weird cat memes, chain smoking, dark jokes, looking homeless, etc
I can't change who I am dawg. I guess I'm a loser forever
β€74π€£12π₯°8π€7π―5π’3π₯2π«‘1
vx-underground
One time some SANS nerds low-key talked to me about doing SANS stuff They told me I couldn't be a degenerate with the constant swearing, weird cat memes, chain smoking, dark jokes, looking homeless, etc I can't change who I am dawg. I guess I'm a loser forever
At the end of the day all I have is my son, my wife, my family, and my soul
Can't sell my soul for money. Can't pretend to be something I'm not just for money (I'm a degenerate nerd)
That's why still don't monetize this shit and just beg for money like a bum
Can't sell my soul for money. Can't pretend to be something I'm not just for money (I'm a degenerate nerd)
That's why still don't monetize this shit and just beg for money like a bum
β€112π«‘23π€£12π―6π’4β€βπ₯3
Earlier today I made a post about the United States Federal Bureau of Investigation performing an offensive security operation against Telegram.
This was incorrect. I'll explain why.
The document begins with the FBI Philadelphia office requesting permission from the United States Federal Courts to perform a "remote access search", which typically, for a lack of a better word, is "hacking". This coincided with what the report later described as Telegram not cooperating with them.
However, this is misleading and/or partially incorrect. I can't tell if maybe the FBI agent is inaccurately describing what they intend on doing, or if they're vastly over simplifying to the courts their objective, but basically they want to decrypt the Telegram messages... or maybe this is the court legal nomenclature for analyzing encrypted data? I don't know.
Anyway
The paperwork says the FBI will remotely retrieve messages... But the messages are local ... Are they not?
In the court paperwork some individuals were distributing CSAM (Child Sexual Abuse Material). The court documents go into horrific details on the footage discovered. It is sickening. The people distributing the content have already been arrested. Over 1,100 CSAM videos have been retrieved from social media profiles and the perpetrators MEGA.
Included in this is CSAM on infant children.
It concludes with them describing software suites, such as Cellebrite, to analyze the Telegram message content. This conflicts with headlines and initial court documents which suggest this is "remote".
I'll have to read it closer to understand what the fuck they're talking about because it confused me. I'll also share the official court document later on too
This was incorrect. I'll explain why.
The document begins with the FBI Philadelphia office requesting permission from the United States Federal Courts to perform a "remote access search", which typically, for a lack of a better word, is "hacking". This coincided with what the report later described as Telegram not cooperating with them.
However, this is misleading and/or partially incorrect. I can't tell if maybe the FBI agent is inaccurately describing what they intend on doing, or if they're vastly over simplifying to the courts their objective, but basically they want to decrypt the Telegram messages... or maybe this is the court legal nomenclature for analyzing encrypted data? I don't know.
Anyway
The paperwork says the FBI will remotely retrieve messages... But the messages are local ... Are they not?
In the court paperwork some individuals were distributing CSAM (Child Sexual Abuse Material). The court documents go into horrific details on the footage discovered. It is sickening. The people distributing the content have already been arrested. Over 1,100 CSAM videos have been retrieved from social media profiles and the perpetrators MEGA.
Included in this is CSAM on infant children.
It concludes with them describing software suites, such as Cellebrite, to analyze the Telegram message content. This conflicts with headlines and initial court documents which suggest this is "remote".
I'll have to read it closer to understand what the fuck they're talking about because it confused me. I'll also share the official court document later on too
π55β€9π€5π€5π’2π₯1π€£1
When you make an oopsie doopsies from not reading closely enough in front of 400,000 people it sucks
You get booed, people throw tomatoes at you, kids point and laugh at you, even my dog wont look at me. He said, "wow, you're so dumb, you need to be more careful with what you say online. You have a large audience and miscalculations and missteps like this can have real world ramifications."
I said wtf why is my dog speaking German
You get booed, people throw tomatoes at you, kids point and laugh at you, even my dog wont look at me. He said, "wow, you're so dumb, you need to be more careful with what you say online. You have a large audience and miscalculations and missteps like this can have real world ramifications."
I said wtf why is my dog speaking German
β€63π€£47π―7π2π€2π€2π’1
This media is not supported in your browser
VIEW IN TELEGRAM
π₯°63π€―20π’11π9β€βπ₯6β€5π₯3π€£2π±1π1