Earlier today I made a post about the United States Federal Bureau of Investigation performing an offensive security operation against Telegram.
This was incorrect. I'll explain why.
The document begins with the FBI Philadelphia office requesting permission from the United States Federal Courts to perform a "remote access search", which typically, for a lack of a better word, is "hacking". This coincided with what the report later described as Telegram not cooperating with them.
However, this is misleading and/or partially incorrect. I can't tell if maybe the FBI agent is inaccurately describing what they intend on doing, or if they're vastly over simplifying to the courts their objective, but basically they want to decrypt the Telegram messages... or maybe this is the court legal nomenclature for analyzing encrypted data? I don't know.
Anyway
The paperwork says the FBI will remotely retrieve messages... But the messages are local ... Are they not?
In the court paperwork some individuals were distributing CSAM (Child Sexual Abuse Material). The court documents go into horrific details on the footage discovered. It is sickening. The people distributing the content have already been arrested. Over 1,100 CSAM videos have been retrieved from social media profiles and the perpetrators MEGA.
Included in this is CSAM on infant children.
It concludes with them describing software suites, such as Cellebrite, to analyze the Telegram message content. This conflicts with headlines and initial court documents which suggest this is "remote".
I'll have to read it closer to understand what the fuck they're talking about because it confused me. I'll also share the official court document later on too
This was incorrect. I'll explain why.
The document begins with the FBI Philadelphia office requesting permission from the United States Federal Courts to perform a "remote access search", which typically, for a lack of a better word, is "hacking". This coincided with what the report later described as Telegram not cooperating with them.
However, this is misleading and/or partially incorrect. I can't tell if maybe the FBI agent is inaccurately describing what they intend on doing, or if they're vastly over simplifying to the courts their objective, but basically they want to decrypt the Telegram messages... or maybe this is the court legal nomenclature for analyzing encrypted data? I don't know.
Anyway
The paperwork says the FBI will remotely retrieve messages... But the messages are local ... Are they not?
In the court paperwork some individuals were distributing CSAM (Child Sexual Abuse Material). The court documents go into horrific details on the footage discovered. It is sickening. The people distributing the content have already been arrested. Over 1,100 CSAM videos have been retrieved from social media profiles and the perpetrators MEGA.
Included in this is CSAM on infant children.
It concludes with them describing software suites, such as Cellebrite, to analyze the Telegram message content. This conflicts with headlines and initial court documents which suggest this is "remote".
I'll have to read it closer to understand what the fuck they're talking about because it confused me. I'll also share the official court document later on too
π55β€9π€5π€5π’2π₯1π€£1
When you make an oopsie doopsies from not reading closely enough in front of 400,000 people it sucks
You get booed, people throw tomatoes at you, kids point and laugh at you, even my dog wont look at me. He said, "wow, you're so dumb, you need to be more careful with what you say online. You have a large audience and miscalculations and missteps like this can have real world ramifications."
I said wtf why is my dog speaking German
You get booed, people throw tomatoes at you, kids point and laugh at you, even my dog wont look at me. He said, "wow, you're so dumb, you need to be more careful with what you say online. You have a large audience and miscalculations and missteps like this can have real world ramifications."
I said wtf why is my dog speaking German
β€63π€£47π―7π2π€2π€2π’1
This media is not supported in your browser
VIEW IN TELEGRAM
π₯°63π€―20π’11π9β€βπ₯6β€5π₯3π€£2π±1π1
Security researcher "Bob da Hacker" has been doing more security research.
*This an expansion to a previous post because... it gets worse.
The following applications are all incorrectly configured and exposing user PII (Personal Identifiable Information) in various manners:
- Wimkin
- Reelster
- Cancel the Hate
- Date on the Right
Based on analysis from nerds, Wimkin and Reelster are hand-crafted. They are not vibe coded. "Cancel the Hate" and "Date on the Right" are vibe coded. Each application listed is believed to be made by the same group of individuals.
Very little effort is required to get user data. It is a simple POST request.
Over 500,000 peoples PII are being leaked across all 4 applications.
Data exposed includes:
- Email
- Date of Birth (if supplied)
- Phone number (if supplied)
- Longitude/Latitude (Reelster specific)
- Private messages (Wimkin, Reelster specific)
- User session tokens (Wimkin. Reelster specific)
- User preferences
*This an expansion to a previous post because... it gets worse.
The following applications are all incorrectly configured and exposing user PII (Personal Identifiable Information) in various manners:
- Wimkin
- Reelster
- Cancel the Hate
- Date on the Right
Based on analysis from nerds, Wimkin and Reelster are hand-crafted. They are not vibe coded. "Cancel the Hate" and "Date on the Right" are vibe coded. Each application listed is believed to be made by the same group of individuals.
Very little effort is required to get user data. It is a simple POST request.
Over 500,000 peoples PII are being leaked across all 4 applications.
Data exposed includes:
- Date of Birth (if supplied)
- Phone number (if supplied)
- Longitude/Latitude (Reelster specific)
- Private messages (Wimkin, Reelster specific)
- User session tokens (Wimkin. Reelster specific)
- User preferences
β€45π25π€£23π±4π’2
You don't have to write super sophisticated malware with 9000 different evasion techniques
Just name it important_file.pdf.exe and have it prompt for UAC. They'll probably allow it
Just name it important_file.pdf.exe and have it prompt for UAC. They'll probably allow it
β€90π€£41π―15π₯9π«‘5π₯°2π’2π1
Lots of drama on the internet today with Bug Bounty Nerds and HackOne
Bug Bounty Nerds are saying HackerOne is ran by Zionists, or something, and saying HackerOne is Islamophobic, or something
I don't know the whole lore behind this and I don't know the main characters arguing back and forth. It feels like I've walked into the shit show in the middle of season two of the anime.
Will report back if I understand what's going on (I probably won't report back, but people keeping tagging me).
Bug Bounty Nerds are saying HackerOne is ran by Zionists, or something, and saying HackerOne is Islamophobic, or something
I don't know the whole lore behind this and I don't know the main characters arguing back and forth. It feels like I've walked into the shit show in the middle of season two of the anime.
Will report back if I understand what's going on (I probably won't report back, but people keeping tagging me).
π34π26β€9π€―3π₯°1π’1
vx-underground
Lots of drama on the internet today with Bug Bounty Nerds and HackOne Bug Bounty Nerds are saying HackerOne is ran by Zionists, or something, and saying HackerOne is Islamophobic, or something I don't know the whole lore behind this and I don't know theβ¦
tldr watching nerds fight and have no idea wtf is going on (I'm scared and confused but also nosey)
β€63π19π₯°7β€βπ₯3π’1
vx-underground
Photo
This image got censored on Xitter for violence, or something. Makes zero sense. There was footage of the Charlie Kirk assassination all over Xitter and literally nothing was censored. You'd be scrolling and accidentally find the murder video, yet they block a cartoon meme with ms-paint blood
Wtf are they doing over there
Wtf are they doing over there
π€£111π22π€9β€6π―4π’1
This media is not supported in your browser
VIEW IN TELEGRAM
cybersecurity
β€βπ₯84π₯°29β€12π€£6π’3π€2π€2π1π―1
The volume of updates I've pushed to the malware library far exceed Xitter limits. I also don't want to do Xitter articles for it. I'll instead push them to VX FEED Discord.
This Discord is straight business. There is no memeing, silly posts, or talking allowed.
This Discord is straight business. There is no memeing, silly posts, or talking allowed.
β€42π±18π₯5π3π€3π€1π’1
There is someone exposing IRGC (Islamic Revolutionary Guard Corps) stuff on GitHub.
I'm not a IRGC geopolitical nerd, so I can't assess the value of the content. However, if you know what the fuck is going on, maybe you'll find it interesting:
https://github.com/KittenBusters/CharmingKitten
I'm not a IRGC geopolitical nerd, so I can't assess the value of the content. However, if you know what the fuck is going on, maybe you'll find it interesting:
https://github.com/KittenBusters/CharmingKitten
GitHub
GitHub - KittenBusters/CharmingKitten: Exposing CharmingKitten's malicious activity for IRGC-IO Counterintelligence division (1500)
Exposing CharmingKitten's malicious activity for IRGC-IO Counterintelligence division (1500) - KittenBusters/CharmingKitten
π€£30π₯17π€14β€4π3π±1π’1
vx-underground
There is someone exposing IRGC (Islamic Revolutionary Guard Corps) stuff on GitHub. I'm not a IRGC geopolitical nerd, so I can't assess the value of the content. However, if you know what the fuck is going on, maybe you'll find it interesting: https://gβ¦
I have zero idea what this is supposed to mean, big dawg
π€£56π€―6π€4β€3π1π₯°1π’1
Based on the information from the IRGC (Iranian government) CharmingKitten leaks, this woman is a target. The Iranian government wants to target her because ???
I tried using a translation thingy and it didn't work (I didn't try very hard)
I tried using a translation thingy and it didn't work (I didn't try very hard)
π€40π15π₯°6β€2π€―2π’1
This media is not supported in your browser
VIEW IN TELEGRAM
> openai sora released
> misinformation nightmare
> ai slop nightmare
> *scroll*
> redhat breached
> sensitive stuff included like nsa stuff
> *scroll*
> iran government leaks
> targets and malware logs and stuff
another day of internet schizophrenia
> misinformation nightmare
> ai slop nightmare
> *scroll*
> redhat breached
> sensitive stuff included like nsa stuff
> *scroll*
> iran government leaks
> targets and malware logs and stuff
another day of internet schizophrenia
β€102π―28π₯°14π€£12π«‘7π4β€βπ₯2π2π1π’1