AI inside of a keyboard to help type

AI inside of a computer mouse to help mouse on the computer

Hello

I have pushed more malware stuff to malware city. Please look at it. It is cool and badass.

I am going to crawl into bed and suffer.

KK love you bye

https://vx-underground.org/Updates

"Isn't this a cybersecurity malware account? All they do is cry about AI and post pictures of cats"

1. Yes
2. Yes

Sorry to the nerds at Oakland Community College for cancelling my schizo talk.

I'm sick as a sick guy in a sick thing right now.

Please accept this cat picture as a token of my something (can't remember how the phrase goes, too much NyQuil)

Thank you.

Windows is silly.

Using the Windows API (WINAPI, historically called WIN32API, to distinguish it from the deprecated WIN16API) has some unusual things. For example, if you want to create a file using the Windows API you use CreateFile

However, if you lookup CreateFile on MSDN (Microsoft Development Network) you'll see there are two versions of CreateFile

- CreateFileA
- CreateFileW

When you code in C/C++ and type "CreateFile", depending on your compiler settings, it will default to either CreateFileA or CreateFileW

Why the FUCK does Windows have CreateFileA/W?

Because things are very silly. CreateFileA means ANSI. CreateFileW means WIDE (Wide character, Unicode support).

Way back in the day, in 16-bit Windows, Windows wanted to implement characters other than the English alphabet (such as Japanese, Mandarin, Russian, etc). They decided to make non-English alphabet stuff in equal size buffers (WIDE, UTF-16).

For backwards compatibility, however, Windows could not simply force UNICODE onto everything because it would break existing applications. Instead they opted to make 2 variants of every function which details with strings (A/W).

Interestingly, if you invoke CreateFileA under the hood Windows will transform the ANSI string into a UNICODE string. In other words, when you invoke CreateFileA the Windows OS turns the ANSI string into a UNICODE string then invokes CreateFileW. The OS then reverts the UNICODE string back to an ANSI string for your application which called CreateFileW

- CreateFileA(FilePath)
-- MultiByteToWideChar(FilePath to UNICODE)
--- CreateFileW(FilePath) (More internal stuff)
-- WideCharToMultiByte(FilePath back to ANSI)
- CreateFileA(FilePath)

Let's get even MORE silly. When dealing with strings on Windows you have

CHAR (ANSI)
WCHAR (UNICODE)
TCHAR (Ambiguous, Transitional CHAR)

When programming on Windows, and you're not sure what the compiler settings are (defaulting to ANSI or UNICODE) developers can use TCHAR. With TCHAR the compiler will resolve to the correct data type.

An example of this silliness can be seen in official Microsoft documentation. Windows has CreateProcessA and CreateProcessW (for reasons described above). In the examples from Microsoft they use LPTSTR (Long Pointer Transitional Character String) when using CreateProcess.

In the example, LPTSTR will resolve to either:
- CHAR* FilePath = 0;
or
- WCHAR* FilePath = 0;

Depending on compiler settings.

After I uploaded malware to the malware website yesterday I drank a bunch of NyQuil, like, a ton of NyQuil.

I didn't measure it, I didn't even realize how much I was drinking. I ended up drinking the entire bottle and 1/4th of another bottle.

I got up to use the restroom and it looked like the toilet bowl was breathing (moving in and out, hard to explain). I also felt like I wasn't myself and instead I was watching through someone else's eyes.

I also saw some squiggling lines (like from staring at the sun too long) when I closed my eyes to sleep, but they were more pronounced, and it was like ... I don't know how to explain it ... Like gardening tools or something were in my eyes?

I don't know bro, that shit was crazy as hell. Never had that before.

TIL I was "robo tripping".

I'm just really sick and congested. I kept drinking it to numb my throat and cough. I thought maybe I was just really tired. I wasn't afraid seeing the toilet breath, but I was like "??? wtf the toilet doing ???"

I've stopped nearly 100% of cyber attacks using this 1 simple trick.

I open all ports on the computer. I never update the OS. I removed all passwords.

When hackers find the computer they say, "This has to be fake. No one is this vulnerable."

Then they turn around and LEAVE.

I use this exact same method with my home.

My wife and I moved to the most dangerous neighborhood in America (Gary, Indiana).

Windows? Open
Door? Open
Car? Keys in ignition

Our only problem is the wildlife

Animals will come into the home and attack you. Possums are STRONG

The entire AV, EDR, and SOC industry is a SCAM.

Has your organization been a victim of ransomware? Start the computer in DEBUG MODE. DUH.

Then simply delete the malware. It's as simple as that.

Sometimes when I make satirical posts about malware people get really mad at me

Anyway, I just woke up. I'm still sick. I checked on the internet stuff to see what's going on and (as is tradition) it's just silly shenanigans.

I'm shocked that the AI slop reply got over 50 likes though. It's pretty obvious it's AI slop (it's also wrong, unironically)

Cat

I've learned some things about Windows Copilot after poking it with a big stick for over 5 hours

1. This should never ship by default
2. This shouldn't be in the task bar
3. They don't need Copilot Gaming

Architecturally (how it's written) is pretty cool. I have an appreciation for Windows Copilot now. I still have a lot of poking to do, but I unironically think Copilot is a banger, they just can't fucking stick it in everything.

tldr I like how Copilot is written, it's a cool thingie, they shouldn't slap it on everything

Oh, I forgot to mention, when I was poking Copilot with a big stick there is code present for PII identification. However, based on my extremely high level overview of it, it looks like it removes PII from ... file paths only? But it has stuff in there to identify all sorts of funky PII

I'll have to look at it more before I say anything else though. I don't want to misspeak and make internet privacy schizos have a psychiatric meltdown.

I've had some people ask me about Microsoft Copilot and what I've been doing since I've been poking it with a stick (reverse engineering it).

Initially I planned on doing a blog post, or something, but I don't feel like doing that. I dislike writing. I also do not know how far down this rabbit hole I'll go. I prefer social media posts sometimes because it's more loose and I don't have to be as crazy verbose (detailing everything). Basically, I just want to share interesting stuff and have fun. I don't plan on doing some crazy write-up.

I decided to poke Microsoft Copilot with a stick because I wanted to understand how it works, what it does, etc. It's a big and (soon to be) popular product. I would like to understand how it works. And (hopefully) you'll feel compelled to poke Microsoft Copilot (or whatever else) with a stick too.

Besides being curious, I hope by better understanding how it works I can also use this knowledge to find potential points-of-interest to manipulate and/or abuse for malicious purposes (I like malware). If I don't find anything I think I can abuse (because I'm a noob or get bored) then at least I can find solace in the fact I learned a little bit along the way.

Because people seem moderately interested, I'll make posts as I poke Copilot with a stick and explore it. Again, to be clear, it is entirely possible I get bored 1/4th of the way into this and say, "meh, good enough".

I've already done quite a bit of poking though, so I'll probably make a post later about the Copilot initialization process and the main Copilot binary. It isn't anything super crazy, but it has some cool things I (personally) haven't seen in awhile.

Also, some of the stuff Microsoft has done architecturally with Copilot I don't understand. I understand the code, but I don't understand WHY they decided to do this with their code (pros and cons).

The core components for Copilot are written using C#.NET and I am not too strong with .NET managed code. I haven't personally done stuff seriously with .NET since the initial release of .NET 4.5 (2012).

Maybe some of you can educate me on why they would do something, or not, whatever. .NET is a beast, man. It has evolved like crazy in the past 13 years

Okay, love u, byebye

Someone was being an Insider Threat at CrowdStrike for $25,000

Dawg, $25,000 IS NOT worth ruining your life, reputation, career, and possibly freedom for

$25,000 in the grand scheme of things isn't shit. Your legal expenses alone are gonna be double that

I honestly don't think there is any possible amount of money you could offer me to make me an Insider Threat.

Think of your family. What's going to happen if you're caught and you can't see them for a few years?

Money can't buy time back

I've been poking Microsoft Copilot with a stick. I've made a bunch of posts on it.

This is my dumb notes and/or discussion part 1.

My current machine is Windows 11 but Microsoft Copilot wasn't on the machine, so I installed it from the Microsoft app store. I don't know if the installation process and libraries present from the Microsoft app store are different than the Microsoft Copilot which will come default with Windows 11 in the future.

The installation of Microsoft Copilot introduced some registry artifacts. Notably the introduction of a protocol handler "URL:ms-copilot". It also introduced a bunch of COM component stuff. I haven't played with the Copilot URI.

The registry also introduces a registry key called "Copilot" under HKCU in Software\Microsoft\Windows\Shell. I haven't played with this registry key yet. However, I am going to assume this enables or disables Copilot for the Windows Shell. Mine defaulted to disabled. This is what it looks like:

"IsCopilotAvailable", DWORD, 0x00000000
"CopilotDisabledReason", SZ, "FeatureIsDisabled"

I am going to assume in the future, if Copilot is forced upon you, Copilot can be removed (or disabled) from the Shell from here.

Under HKLM some registry artifacts are present for Windows File Explorer called CopilotFileExplorerMenu. There is also stuff present for Copilot and Microsoft Edge.

HKLM also keys called "WindowsAI". Windows AI has "DisableCocreator", "DisableGenerateFill", "DisableImageCreator", SetCopilotHardwareKey", "TurnOffWindowsCopilot".

I have no idea what Cocreator, ImageCreator, GenerateFill, or CopilotHardwareKey is or what it means. The TurnOffWindowsCopilot key just provides some insights onto how to disable Windows Copilot. However, GenerateFill, Cocreator, and ImageCreator all point to Paint.exe. I'm going to faithfully assume Microsoft has AI stuff in Paint now.

HKLM also has "SystemSettings_DesktopTaskbar_Copilot" and points to "SettingsHandlers_DesktopTaskbar.dll" in System32.

There's a bunch of other Copilot shit too, too much to list, but there's stuff "Personalized Chats", "Copilot Gaming", over 9000 thingies for "Copilot Nudges", and stuff for caching.

Later today, or tomorrow, or whenever I feel like it, I'll talk about the main Copilot.exe binary which is actually a loader (.NET runtime host for custom stuff). The actual stuff for Copilot is Copilot.dll and it's jammed with shit

Copilot has introduced A METRIC SHIT TON of functionality into Windows. There are so many DLLs and EXEs to poke. It is exciting.

Microsoft Copilot has functionality for being banned

How do you get banned from Copilot if it's tied to the Operating System? What happens if you're banned from Copilot?

Unless this ban functionality is for detecting if you're banned from something else ... ? Maybe? I don't know. I'm looking at the endpoint stuff and I'm like ???