"You penetration test 'em so you simulate the pressure"

🗣🔥🔥

I've seen some comments recently where people have criticized this social media profiles grammar, typos, and word misuse.

This has been a long standing issue with this social media because the mysterious (and smelly) person behind it can't brain good.

Hi

I have finished the first part of my Spoopy Windows Sockets project. I'll continually work on it for because I'm (probably) mentally ill.

I have written code which can communicate with HTTPS hosts without using WININET, WINHTTP, or WINSOCKS. It works by communicating directly with the Windows AFD (Ancillary Function Driver for WinSock). This is extremely beneficial because WININET, WINHTTP, and WINSOCKS have Windows telemetry stuff in place, for detecting stuff, or whatever.

My favorite part of this project is that it also resolves DNS with AFD, so you can resolve DNS with SYSCALLS too.

Basically, you can do web stuff with raw SYSCALLS and nothing else (sort of). The HTTPS TLS verification stuff happens (mostly) in user-mode space, and attempting to recreate it programmatically would result in me having to basically recreate something like OpenSSL, but Windows specific. I'm not doing that.

You COULD do HTTPS stuff without verifying the TLS stuff, but that is probably a poor decision.

Anyway, I have stripped this code down to the bone. I have removed virtually all dependencies. All headers have been recreated from scratched so there is zero bloat. This project and/or proof-of-concept is entirely self-encapsulated.

To make it work all you need to do CTRL+C and CTRL+V into Visual Studio. That's it. Nothing else. I have made it as shrimple as possible.

It has two functions right now:
- EXAMPLE_HttpsSimpleGetRequestClose
- EXAMPLE_HttpsSimpleGetRequestKeepAlive

The names speak for themselves.

I have code in place which will allow file uploads, downloads, and (maybe) HTTPS authentication. Ideally Red Team nerds, or Blue Team nerds, can look at this, poke it with a stick, and do really cool stuff with it. I have made it as least-schizo as possible. I have removed the position independence and stuff.

This project is the result of research by x86matthew, Apple, Mārtiņš Možeiko, Mateusz Lewczak, Google Chrome nerds, ReactOS nerds, and some guy on UnknownCheats who writes like a caveman.

https://gist.github.com/vxunderground/0db801dbc16371fc2b3143d471f551b0

TODO:
- File Upload (done, just needs improvement)
- File Download
- Authentication
- C5pider mentioned proxy support?

Thanks to HTTPBin I'm having a lot of fun with this.

The Chinese government executed 11 people today. They were leaders in a massive crypto scamming empire.

The Ming crime family had at it's peak over 10,000 people performing scams for them. People who tried to leave were beaten or in some instances killed.

They people who "worked" for the Ming crime family performed crypto pig butchering scams. In other words, long-term romance cons.

The Chinese government began a crackdown on the Ming crime family in 2023 following international scrutiny. After their detention they sentenced to death.

One of the leaders of the Ming crime family killed himself in jail while awaiting sentencing.

Life is so gosh dang weird

Some nerd from Rapid7 commented that my Spoopy Winsocks project is basically identical to Amatera stealers HTTPS functionality.

I didn't know this existed. Our code base and application flow is similar. It looks like Amatera stealer and I also used the same research material.

tldr creepily similar code, by complete chance

https://www.proofpoint.com/us/blog/threat-insight/amatera-stealer-rebranded-acr-stealer-improved-evasion-sophistication

Based on the binary analysis from Proofpoint, my code base does some things slightly differently, but regardless the core concept and main application flow is the same.

It's really fucking weird how similar it is by complete chance

Amatera Stealer isn't open source. It's not something you can copy pasta off GitHub.

Startup idea: electric vehicles that charge over USB C

Microsoft stock fell 11% today, a total loss equal to $400,000,000,000.

Despite constant growth from Microsoft, and cloud earnings exceeding expectations, investors expressed concern over "ballooning" AI spending.

Microsoft asserts their spending is due to being unable to meet customer demand for AI.

"Don't you get tired of being on the computer?"

When I'm on my death bed, surrounded by loved one, ready to pass on to the pearly gates, my only regret will be I didn't spend more time on the computer.

Did some research, I could get the Spooky Winsock project working in enterprise environments, resolve proxies and automagically handle PAC/WPAD, and do it all with SYSCALLs for maximum silliness.

But I'm doing this all on my personal computer, at my house, while in my undies. I don't want to have to setup and configure a bunch of stuff. My personal computer is also RDPing into stuff and processing malware. I don't want to even temporarily disrupt my silly computer from thinking.

If you're by chance an enterprise and would like to provide me resources for free malware research and development, let me know. I'm just doing it for the love of the game.

vx-underground will be in the next Paged Out! zine.

I spoke with Gynvael Coldwind, the main nerd doing stuff with it, and offered them money to assist with Paged Out!. He declined and instead put vx-underground in the zine just for the love of game.

Imagine offering someone MONEY for FREE to support their zine thingy and instead they just offer you free stuff.

Who is this man and why is he so cool and badass

There is a place in Turkey called the "Yıldız Technical University's Davutpaşa Campus"

They have a place called "Kedili Duvar". This translates to "The wall of Cats". Unbeknownst to me, someone has DEFILED this wall by LEAKING the password on it

Initially someone told me it was an abandoned building, but it turns out people just write all over the walls at universities in Turkey (no one understands why)

Thank you Lyoshi19 for correcting me. He goes to this university. He thought it was someones Instagram handle.

YouTube has orbital nuked several high-profile AI slop YouTube channels.

If you go online and review the channels which were orbital nuked, the things YouTube has commented about AI slop, and research Kapwing Content Analysts have performed, it actually makes sense why YouTube hates AI slop.

See attached image of the slop channels recently struck by a nuclear missile.

tl;dr (still kind of long) to save you from having to read a bunch of news articles, CEO interviews, and content analyst stuff
> Research shows 21% (or more) of YouTube feed is slop
> Channels have billions of views
> Millions of subscribers
> AI slop farms making millions of dollars
> AI slop farmers happy
> YouTube CEO Neal Mohan NOT happy
> Mohan says "not good long-term"
> Mohan says AI slop will make people hate YouTube
> Mohan says AI slop steals from real creators
> Mohan says AI slop makes advertisers mad (big one)
> Mohan says AI slop will degrade platform
> Mohan says fast ez money, but bad later
> Mohan tells devs to destroy AI slop with space lasers
> Devs roll out AI to detect AI slop
> AI slop detection system bamboozles non AI slop
> Unironically using AI to detect AI slop
> AI slop costing YouTube a bunch of money
> Mohan ulta mega mad at AI sloppers
> Deploys orbital nuke on biggest AI slop farmers
> AI slop farmers crying (probably)

Actually, I'm wrong. Not all of these channels have orbital nuked (yet).

- CuentosFacianantes NUKED
- Imperiodejesus NUKED
- Super Cat League NUKED

Will YouTube destroy the rest? Find out next time on Dragon Ball Z