vx-underground
United States President Donald J. Trump posted this message on social media today. Personal grievances the Trump administration it asserts it has with other countries and political theatrics aside, the notion that the United States even hints are exitingβ¦
I'll tell you one thing right now too, and I say this with 100% confidence. Adversaries of the United States understand this is premium real estate (metaphorically speaking) and this should be acted on immediately.
If the Russian Federation or People's Republic of China can push a narrative it is of the benefit of the United States people to exit NATO, it isolates us from the global stage and (at least cybersecurity wise) is absolutely terrifying (to me, atleast). The Russian Federation and People's Republic of China can easily push slop propaganda on places like TikTok or Instagram to coerce the people into moving into cyber-isolationism.
I'm not educated on geopolitical stuff with war, or economies, but I know a little about computers and stuff.
This would be an absolute strategic failure from the United States to do this.
Threat Actors are probably shadowboxing in their underwear right now at the idea of the United States being alone
If the Russian Federation or People's Republic of China can push a narrative it is of the benefit of the United States people to exit NATO, it isolates us from the global stage and (at least cybersecurity wise) is absolutely terrifying (to me, atleast). The Russian Federation and People's Republic of China can easily push slop propaganda on places like TikTok or Instagram to coerce the people into moving into cyber-isolationism.
I'm not educated on geopolitical stuff with war, or economies, but I know a little about computers and stuff.
This would be an absolute strategic failure from the United States to do this.
Threat Actors are probably shadowboxing in their underwear right now at the idea of the United States being alone
β€52π―25π€£20π’4π₯°1π1
> be me
> reading on yara stuff
> reviewing yara
> basically user-mode static analysis engine
> reading, reading, reviewing
> realize ive never written a yara rule before
> thinking...
> realize yara is excluded from AV engines
> no av would flag yara lib or dll
> used everywhere
> thinking ...
> what if...
> make yara rules for identifying security products
> make yara rules for environment identification
> edr and/or av would ignore
> "hehe hes checking if its malicious"
> its free real estate
> reading on yara stuff
> reviewing yara
> basically user-mode static analysis engine
> reading, reading, reviewing
> realize ive never written a yara rule before
> thinking...
> realize yara is excluded from AV engines
> no av would flag yara lib or dll
> used everywhere
> thinking ...
> what if...
> make yara rules for identifying security products
> make yara rules for environment identification
> edr and/or av would ignore
> "hehe hes checking if its malicious"
> its free real estate
π75π€―12π₯°7π4π―3π€£3β€2π±2
vx-underground
> be me > reading on yara stuff > reviewing yara > basically user-mode static analysis engine > reading, reading, reviewing > realize ive never written a yara rule before > thinking... > realize yara is excluded from AV engines > no av would flag yara libβ¦
what are they going to do? make a yara rule to identify yara and flag their own tools as malware?
π₯°62π€£16π₯7β€5π3π1
I have a really deep appreciation for YARA and the work VirusTotal's engineers put into YARA.
YARA is interesting because they encountered some challenges when developing their static analysis engine and they handled it really, really, really well.
Initially I was under the assumption YARA read rules by parsing strings and applying them to binaries in-memory (mapping). However, being a doofus, I failed to consider the fact YARA contains BOOLEAN logic in their rules. Hence, reading the files and parsing them as text wouldn't be able to reliably handle the logic present inside the YARA files.
YARA contains an internal VM and transforms the text into byte code. The caveat being the VM isn't turing complete and does not possess any ability to interact with anything else. This was done intentionally though because it acts as a sandbox.
Regardless, it uses the transformed byte code to perform operations on the in-memory mapped binary using (sort of) simple logic but containing a custom implemented callstack for doing stuff. Furthermore, YARA also has a custom heap management system (they're using the ARENA algorithm).
What makes this even more impressive is all of this written in C, is cross platform for Windows, Linux, and MacOS, and easily compiles.
This is a significant software engineering project and they did an extremely good job.
YARA is interesting because they encountered some challenges when developing their static analysis engine and they handled it really, really, really well.
Initially I was under the assumption YARA read rules by parsing strings and applying them to binaries in-memory (mapping). However, being a doofus, I failed to consider the fact YARA contains BOOLEAN logic in their rules. Hence, reading the files and parsing them as text wouldn't be able to reliably handle the logic present inside the YARA files.
YARA contains an internal VM and transforms the text into byte code. The caveat being the VM isn't turing complete and does not possess any ability to interact with anything else. This was done intentionally though because it acts as a sandbox.
Regardless, it uses the transformed byte code to perform operations on the in-memory mapped binary using (sort of) simple logic but containing a custom implemented callstack for doing stuff. Furthermore, YARA also has a custom heap management system (they're using the ARENA algorithm).
What makes this even more impressive is all of this written in C, is cross platform for Windows, Linux, and MacOS, and easily compiles.
This is a significant software engineering project and they did an extremely good job.
β€55π₯°8π€―6π5π―2
vx-underground
I have a really deep appreciation for YARA and the work VirusTotal's engineers put into YARA. YARA is interesting because they encountered some challenges when developing their static analysis engine and they handled it really, really, really well. Initiallyβ¦
I'm also surprised by the lack of write ups discussing YARA internals. YARA is a very clear demonstration on how AVs and/or EDRs can perform static analysis on binaries.
It's possible people have reviewed it to learn, but simply didn't share it because it's open source, but still it's kind of unusual to me.
I saw over 9000 write ups on YARA rules, but very few explaining the internal mechanisms of YARA
It's possible people have reviewed it to learn, but simply didn't share it because it's open source, but still it's kind of unusual to me.
I saw over 9000 write ups on YARA rules, but very few explaining the internal mechanisms of YARA
β€43π₯°5π’4
I am genuinely impressed by mainstream media outlets ability to find absolute nobodies in cybersecurity. It's remarkable. I am often left speechless.
There has been dozens occasions, especially as of recent, where some media outlet will be like, "Today as a special guest is world-renowned cybersecurity expert and ethical hacker Joe McCyberSecurity".
I'm like, who the fuck is Joe McCybersecurity? I've been doing cybersecurity and malware stuff for a long time and I've never once seen or heard of Joe McCybersecurity. If he is world-renowned, I would THINK I would have seen them or heard of them.
The camera then pans over to Joe McCybersecurity and it is the most generic cookie cutter white dude in a cheap suit and the tag below him will say something like, "Joe McCybersecurity, Ethical Hacker, CEO of Cybersecurity McJoe Industries"
I'm like, "Cybersecurity McJoe Industries? What the fuck is that?". I look it up and it's a generic WordPress website hosted on GoDaddy with an expired SSL cert.
Joe McCybersecurity then babbles incomprehensible nonsense for about 60 seconds until the TV host goes "woaw" and it cuts to a commercial.
Absolute cinema.
There has been dozens occasions, especially as of recent, where some media outlet will be like, "Today as a special guest is world-renowned cybersecurity expert and ethical hacker Joe McCyberSecurity".
I'm like, who the fuck is Joe McCybersecurity? I've been doing cybersecurity and malware stuff for a long time and I've never once seen or heard of Joe McCybersecurity. If he is world-renowned, I would THINK I would have seen them or heard of them.
The camera then pans over to Joe McCybersecurity and it is the most generic cookie cutter white dude in a cheap suit and the tag below him will say something like, "Joe McCybersecurity, Ethical Hacker, CEO of Cybersecurity McJoe Industries"
I'm like, "Cybersecurity McJoe Industries? What the fuck is that?". I look it up and it's a generic WordPress website hosted on GoDaddy with an expired SSL cert.
Joe McCybersecurity then babbles incomprehensible nonsense for about 60 seconds until the TV host goes "woaw" and it cuts to a commercial.
Absolute cinema.
β€87π48π€£22π―10π₯°3π2π₯2
Meanwhile in Brazil: Arch Linux has to suspend access from Brazil because kids could use Arch Linux, or something, and something about pedophiles.
I actually have no idea what the politicians are even saying anymore. It's all bullshit and it's fucking over FOSS.
I actually have no idea what the politicians are even saying anymore. It's all bullshit and it's fucking over FOSS.
π€£136π’25π±7β€5π4π2β€βπ₯1π₯°1
vx-underground
I am genuinely impressed by mainstream media outlets ability to find absolute nobodies in cybersecurity. It's remarkable. I am often left speechless. There has been dozens occasions, especially as of recent, where some media outlet will be like, "Today asβ¦
To avoid confusion, I'm not positioning myself as like, the authority figure on who is an expert and who isn't an expert in cybersecurity.
My point is that cybersecurity tends to be very close and tight-knit and you would expect someone world-renowned to be immediately identifiable by someone else who works in the industry.
My post is meant to be funny and criticize TV people
My point is that cybersecurity tends to be very close and tight-knit and you would expect someone world-renowned to be immediately identifiable by someone else who works in the industry.
My post is meant to be funny and criticize TV people
π₯°62β€13π9π3π€£2π1π―1
tl;dr normie to big stinky nerd translator
I'm going to share something embarrassing, but this is true. I have found a good usage of AI (for me, at least).
I'm a big stinky nerd and I have a hard time understanding what people are saying to me. I am an extremely explicit communicator. I usually say exactly what I mean (for better or worse). I get very confused when people imply something, or lean heavily on emotional phrasing, to implicitly communicate.
I have been unironically using AI to explain what people are saying to me. I'll detail the conversation to the best of my ability if it was communicated verbally, if it was online I copy-paste my message and the persons response (or comment). The silly AI slop robot then translates what the person says into explicit communication for me so I understand better.
Basically, the dumb ass slop machine robot is better at understanding humans than me. Sometimes I have zero idea what someone is talking about or trying to convey.
I'm going to share something embarrassing, but this is true. I have found a good usage of AI (for me, at least).
I'm a big stinky nerd and I have a hard time understanding what people are saying to me. I am an extremely explicit communicator. I usually say exactly what I mean (for better or worse). I get very confused when people imply something, or lean heavily on emotional phrasing, to implicitly communicate.
I have been unironically using AI to explain what people are saying to me. I'll detail the conversation to the best of my ability if it was communicated verbally, if it was online I copy-paste my message and the persons response (or comment). The silly AI slop robot then translates what the person says into explicit communication for me so I understand better.
Basically, the dumb ass slop machine robot is better at understanding humans than me. Sometimes I have zero idea what someone is talking about or trying to convey.
π₯°75π€36β€18π’10π7π€―4π3π₯3π―1
vx-underground
tl;dr normie to big stinky nerd translator I'm going to share something embarrassing, but this is true. I have found a good usage of AI (for me, at least). I'm a big stinky nerd and I have a hard time understanding what people are saying to me. I am an extremelyβ¦
I wish I was joking. I didn't understand the political banter I saw on social media. I had to use AI slop machine explain it to me.
I didn't understand what the fuck the Levin guy was talking about and I didn't understand why the most liked repost was talking about the dudes military credentials. It didn't make sense in my dumb little brain.
tl;dr robot better human than me
I didn't understand what the fuck the Levin guy was talking about and I didn't understand why the most liked repost was talking about the dudes military credentials. It didn't make sense in my dumb little brain.
tl;dr robot better human than me
π€£80π₯°14π₯4β€2π2π’1
Malware defense stuff is boring and I respect these AV and/or EDR nerds so much for working on this stuff.
I've spent the past few days really locking in on developing an ETW consumer and using the YARA static analysis engine in conjunction with it.
It is all documented. It is easy-ish to follow. It all makes sense. Even the more "hardcore" stuff like the kernel mode callback routines and minifilters are handed to you on a silver platter with tons of documentation and examples from Microsoft.
These AV and/or EDR nerds unironically have to spend their days monitoring microscopic potential edge cases for malware evasion and then making a tiny little change in code to account for it. If they don't account for this tiny little potential attack vector they're criticized and insulted endlessly.
Conversely, this tiny line of code they've added burns the hours of research I've placed into developing something.
I've spent the past few days really locking in on developing an ETW consumer and using the YARA static analysis engine in conjunction with it.
It is all documented. It is easy-ish to follow. It all makes sense. Even the more "hardcore" stuff like the kernel mode callback routines and minifilters are handed to you on a silver platter with tons of documentation and examples from Microsoft.
These AV and/or EDR nerds unironically have to spend their days monitoring microscopic potential edge cases for malware evasion and then making a tiny little change in code to account for it. If they don't account for this tiny little potential attack vector they're criticized and insulted endlessly.
Conversely, this tiny line of code they've added burns the hours of research I've placed into developing something.
π₯°55β€15π2π―2
vx-underground
Malware defense stuff is boring and I respect these AV and/or EDR nerds so much for working on this stuff. I've spent the past few days really locking in on developing an ETW consumer and using the YARA static analysis engine in conjunction with it. It isβ¦
Malware defense stuff is pretty much just standing by the front door with a really big stick waiting for someone to walk in, bonking them on the head with it, and then throwing their unconscious body back outside ... forever and ever ... until you're dead or retire.
π―68π11β€6π₯°5π€£5π₯1
Someone sent me a malware sample they found on Discord. I'll tell you one thing right now, Chat. StealIt is a colossal pain in the fucking ass to reverse engineer.
I was crashing out on Xitter for a second about it. This thing is soooo annoying. It is super evasive because of their GOD DAMN SEA BLOBS AND NODE JS BULLSHIT
I was crashing out on Xitter for a second about it. This thing is soooo annoying. It is super evasive because of their GOD DAMN SEA BLOBS AND NODE JS BULLSHIT
π₯°70β€20π15π€―7π’2
RIP Chuck Norris
I'll never forget all the goofy jokes you inspired
I'll never forget all the goofy jokes you inspired
π«‘196β€23π’14π€―5π€£4β€βπ₯3π±3π€1π1π1π1
vx-underground
RIP Chuck Norris I'll never forget all the goofy jokes you inspired
Chuck Norris doesnβt read books.
He stares them down until he gets the information
He stares them down until he gets the information
β€109π€£41π6π«‘3π2π2π€2
November, 2024 weight:
285lbs
129.2kg
March, 2026
226lbs
102.5kg
After my son was born I fell off the weight loss wagon due to sleep deprivation and exhaustion from baby stuff. I got back on it.
I feel a lot better since losing so much weight. Health and science and stuff
285lbs
129.2kg
March, 2026
226lbs
102.5kg
After my son was born I fell off the weight loss wagon due to sleep deprivation and exhaustion from baby stuff. I got back on it.
I feel a lot better since losing so much weight. Health and science and stuff
β€140π55π₯12π€£9π7β€βπ₯3π2π€2π₯°1π1π1
Mildly Interesting:
Windows Defender 1.445.674.0 contains logic to detect malware designed to target "AIGen" threats.
It is titled "AIGen.Trojan.ClawHavoc".
Windows Defender 1.445.674.0 contains logic to detect malware designed to target "AIGen" threats.
It is titled "AIGen.Trojan.ClawHavoc".
π₯°37π€£32π7π€6β€2
> be IT
> new hardware comes in
> need to image 2000 new DELLs
> protect kids from pedos law drops
> id verification at OS level
> enter my ID for 2000 PCs
> FBI raids office building
> everyone arrested
> everyone was using pc with my ID
> all arrested for identity theft
> new hardware comes in
> need to image 2000 new DELLs
> protect kids from pedos law drops
> id verification at OS level
> enter my ID for 2000 PCs
> FBI raids office building
> everyone arrested
> everyone was using pc with my ID
> all arrested for identity theft
π₯°80π€£73π€―6β€5π2π1π€1