Windows Defender is very silly and I am flabbergasted.
I always keep Windows Defender off. As a person who collects malware, writes malware, and pokes malware with a stick, Windows Defender is a big stinky dork who isn't cool and gets in my way.
Earlier today I was doing big brain intellectual stuff that you wouldn't understand (watching police chase videos on YouTube) and suddenly Windows Defender began screaming obnoxiously loud into my headphones that it has detected hundreds of malwares on my machine.
Windows Defender turning itself on is no big deal. I keep my several terabytes of malware segregated (it's in a special folder that is whitelisted, I pray I don't accidentally detonate it). However, Windows Defender was screaming malware was in my C drive.
This is sort of weird ... I write malware, maybe it's flagging one of my proof-of-concepts as malware? Maybe?
I look inside and this fucking piece of shit is flagging my anti-malware project I'm working on as malware. That makes literally zero sense. Nothing in my anti-malware static analysis goofy project is even remotely malicious. What the fuck is this piece of shit yapping about?
In my malware static analysis project I extracted the YARA rules from Windows Defender. I use those same rules for identification.
Windows Defender flagged IT'S OWN RULES as malware because of the strings present in THEIR OWN YARA RULES
You dumb son of a bitch. I HATE YOU. Now I have to spend an extra FOUR MINUTES re-extracting your YARA rules and recompiling them for my project. HOW DARE YOU
I always keep Windows Defender off. As a person who collects malware, writes malware, and pokes malware with a stick, Windows Defender is a big stinky dork who isn't cool and gets in my way.
Earlier today I was doing big brain intellectual stuff that you wouldn't understand (watching police chase videos on YouTube) and suddenly Windows Defender began screaming obnoxiously loud into my headphones that it has detected hundreds of malwares on my machine.
Windows Defender turning itself on is no big deal. I keep my several terabytes of malware segregated (it's in a special folder that is whitelisted, I pray I don't accidentally detonate it). However, Windows Defender was screaming malware was in my C drive.
This is sort of weird ... I write malware, maybe it's flagging one of my proof-of-concepts as malware? Maybe?
I look inside and this fucking piece of shit is flagging my anti-malware project I'm working on as malware. That makes literally zero sense. Nothing in my anti-malware static analysis goofy project is even remotely malicious. What the fuck is this piece of shit yapping about?
In my malware static analysis project I extracted the YARA rules from Windows Defender. I use those same rules for identification.
Windows Defender flagged IT'S OWN RULES as malware because of the strings present in THEIR OWN YARA RULES
You dumb son of a bitch. I HATE YOU. Now I have to spend an extra FOUR MINUTES re-extracting your YARA rules and recompiling them for my project. HOW DARE YOU
π€£135π₯°16β€12π4π₯3π€2π’1
vx-underground
> be olafkswg > some dude on the internet > does stuff with cs2 or something idfk > some other dude arrested for terrorism or something > court doc releases > uses same discord picture as olafkswg > cs2 nerds freak out > OMG HE WAS A TERRORIST no lol sameβ¦
Reference:
π€£66π15β€3π₯°2
Media is too big
VIEW IN TELEGRAM
LeakBase admin "Chucky" was arrested.
For those unfamiliar, LeakBase was this big ass fuck off website which sold, traded, auctioned, and freely distributed stolen data from compromised websites or companies.
LeakBase audience was primarily Eastern European.
Despite the wide spread identify theft, credit card fraud, extortion, initial access brokering, and money laundering that "Chucky" enabled, he was a nice guy.
I used to send silly pictures of kitty cats to him.
For those unfamiliar, LeakBase was this big ass fuck off website which sold, traded, auctioned, and freely distributed stolen data from compromised websites or companies.
LeakBase audience was primarily Eastern European.
Despite the wide spread identify theft, credit card fraud, extortion, initial access brokering, and money laundering that "Chucky" enabled, he was a nice guy.
I used to send silly pictures of kitty cats to him.
β€79π€£57π«‘20π₯°8π₯2
vx-underground
LeakBase admin "Chucky" was arrested. For those unfamiliar, LeakBase was this big ass fuck off website which sold, traded, auctioned, and freely distributed stolen data from compromised websites or companies. LeakBase audience was primarily Eastern European.β¦
Was he a hardcore cyber criminal? Yes
Did he enable crime? Yes
Did he help facilitate crime? Yes
Did he aid and abet criminals? Yes
Did he give a platform to other criminals? Yes
But, did he have good taste in silly kitty cat pictures? Yes, he had very silly kitty cat pictures.
Did he enable crime? Yes
Did he help facilitate crime? Yes
Did he aid and abet criminals? Yes
Did he give a platform to other criminals? Yes
But, did he have good taste in silly kitty cat pictures? Yes, he had very silly kitty cat pictures.
β€109π₯°36π26π8π5π€£3π₯1
A lot of people don't know this but I'm actually an expert in military strategy. I have over four "chicken dinners" in a hyper-realistic military strategy "game" called "P.U.B.G.". Additionally, I have a chess ELO rating of 1214.
Many people believe Iran cannot defeat the United States, but they're incorrect. Iran has failed to utilize advanced guerilla warfare the likes of which has not been witnessed since an important war that took place somewhere.
If the Iranian government wants to win they need to use asymmetrical antiheuristic dogfooding guerilla warfare with telemetry.
Here's what they need to do NOW:
1. Make an Etsy account
2. Purchase as many pro-America flags and memorabilia as possible
3. Plaster said purchases all over critical infrastructure
The Etsy items MUST contain things such as, but not limited to, "9/11 NEVER FORGET", "GO WOKE GO BROKE", "TRUMP 2028", "LET'S GO BRANDON", "BACK THE BLUE".
Furthermore, the Iranian government needs to purchase the largest Bluetooth speakers available on the market and begin playing this playlist:
- "Courtesy of the Red, White and Blue" - Toby Keith
- "Try That in a Small Town" - Jason Aldean
- Anything from Kid Rock, Aaron Lewis, or Hank Williams Jr
When the United States military is deployed they physically will be unable to attack. If they attack then they're actually WOKE and HATE FREEDOM. They'll see how unbelievable BASED and AMERICA-PILLED the Iranian government is and drop to their knees. They'll say, "Oh my sweet sweet, Blonde Hair, Blue Eye'd, sweet Baby Jesus"
Hegseth and the Trump administration in totality will begin violently convulsing on the floors.
They will be physically, emotionally, intellectually, sexually, financially, psychologically, hypothetically, and theoretically unable to combat such a BASED enemy.
Many people believe Iran cannot defeat the United States, but they're incorrect. Iran has failed to utilize advanced guerilla warfare the likes of which has not been witnessed since an important war that took place somewhere.
If the Iranian government wants to win they need to use asymmetrical antiheuristic dogfooding guerilla warfare with telemetry.
Here's what they need to do NOW:
1. Make an Etsy account
2. Purchase as many pro-America flags and memorabilia as possible
3. Plaster said purchases all over critical infrastructure
The Etsy items MUST contain things such as, but not limited to, "9/11 NEVER FORGET", "GO WOKE GO BROKE", "TRUMP 2028", "LET'S GO BRANDON", "BACK THE BLUE".
Furthermore, the Iranian government needs to purchase the largest Bluetooth speakers available on the market and begin playing this playlist:
- "Courtesy of the Red, White and Blue" - Toby Keith
- "Try That in a Small Town" - Jason Aldean
- Anything from Kid Rock, Aaron Lewis, or Hank Williams Jr
When the United States military is deployed they physically will be unable to attack. If they attack then they're actually WOKE and HATE FREEDOM. They'll see how unbelievable BASED and AMERICA-PILLED the Iranian government is and drop to their knees. They'll say, "Oh my sweet sweet, Blonde Hair, Blue Eye'd, sweet Baby Jesus"
Hegseth and the Trump administration in totality will begin violently convulsing on the floors.
They will be physically, emotionally, intellectually, sexually, financially, psychologically, hypothetically, and theoretically unable to combat such a BASED enemy.
π€£121π―20β€14π€6π4π₯1π₯°1
This media is not supported in your browser
VIEW IN TELEGRAM
Masquerading malware is malicious software that disguises itself as something legitimate to avoid detection and trick users or security systems into trusting it.
For example: this is not a bumble bee. It is a kitty cat. The cat is masquerading as a bumble bee.
For example: this is not a bumble bee. It is a kitty cat. The cat is masquerading as a bumble bee.
π₯°121β€29π€£12π9π5π1
Today Handala, a suspected Iranian-based Threat Actor Group, successfully compromised the personal e-mail address of Kash Patel, the current Director of the United States Federal Bureau of Investigation
The e-mails have a date range from 2010 to 2022. It appears to be primarily photos from Mr. Patel. The dump is 1.06GB.
While this compromising is probably deeply embarrassing to Patel and the FBI, the e-mails are relatively benign. The photos present are:
- Him being goofy
- Photos of his family members
- Updates on family stuff
- Some kind of ice hockey thing
- Traveling stuff
Basically, Kash Patel looks like a regular guy who wants updates on what his family is doing.
From a public-relations perspective, this makes Kash Patel look like a family man and a goofy dork. Unfortunately, some mistakes were made and it resulted in his e-mail be compromised. That is embarrassing.
From a security perspective, to people who are enemies of the United States, this potentially endangers him or his family members who can now be easily identified.
The e-mails have a date range from 2010 to 2022. It appears to be primarily photos from Mr. Patel. The dump is 1.06GB.
While this compromising is probably deeply embarrassing to Patel and the FBI, the e-mails are relatively benign. The photos present are:
- Him being goofy
- Photos of his family members
- Updates on family stuff
- Some kind of ice hockey thing
- Traveling stuff
Basically, Kash Patel looks like a regular guy who wants updates on what his family is doing.
From a public-relations perspective, this makes Kash Patel look like a family man and a goofy dork. Unfortunately, some mistakes were made and it resulted in his e-mail be compromised. That is embarrassing.
From a security perspective, to people who are enemies of the United States, this potentially endangers him or his family members who can now be easily identified.
π₯°41π28β€9π₯5π±3π1
TeamPCP has done ANOTHER supply chain attack.
My Brother in Christ, how many of these fuckin' things are you going to do? YOU'VE DONE 50 FUCKING SUPPLY CHAIN ATTACKS. 50 SUPPLY CHAIN ATTACKS IN EIGHT FUCKING DAYS.
March 19th:
- Trivy
March 20th:
- EmilGroup (28 packages)
- OpenGov (16 packages)
- Teale-io (eslint-config)
- AIRTM (uuid-base32)
- PypeSteam (floating-ui-dom)
March 23rd:
- Checkmarx
March 24th:
- LiteLLM
March 27th:
- Telnyx
My Brother in Christ, how many of these fuckin' things are you going to do? YOU'VE DONE 50 FUCKING SUPPLY CHAIN ATTACKS. 50 SUPPLY CHAIN ATTACKS IN EIGHT FUCKING DAYS.
March 19th:
- Trivy
March 20th:
- EmilGroup (28 packages)
- OpenGov (16 packages)
- Teale-io (eslint-config)
- AIRTM (uuid-base32)
- PypeSteam (floating-ui-dom)
March 23rd:
- Checkmarx
March 24th:
- LiteLLM
March 27th:
- Telnyx
β€46π₯24π±17π€£3π₯°2π€1
Part of TeamPCP's success thus far has been the speed in which they operate.
tl;dr teampcp doing lots of supply chains, exhausting, smash and grab passwords, runaway, really tiring
Generally speaking, large scale supply chain attacks are quiet with the focus being silence and espionage. A notable example of this is SOLARWINDS supply-chain attack which was conducted by the Russian Federation. The goal is to discretely insert malicious code into a products update cycle. The payload would (under ideal circumstances) execute with specific triggers in place and BE QUIET. They don't want to set off any metaphorical alarms. You quietly watch and SLOWLY work.
TeamPCP (as of this writing) has focused on information exfiltration (stealing sensitive data, primarily credentials) which is more akin to a smash-and-grab rather staying silent and watching what people are doing with their binoculars.
A successful supply chain attack can be a DFIR (Digital Forensics and Incident Response) nightmare. Many organizations do not have an internal DFIR on staff, hence they consult with external entities. Suddenly with a supply chain attack you've got dozens of organizations contacting the same group of companies needing a forensic investigation launched.
These DFIR's can take time with reporting, identifying victims, potential PII or sensitive documents stolen, cooperation with law enforcement and legal departments (or external law firms) ... it can take days, weeks, or (depending on the scope of impact and bureaucracy) months.
And then suddenly there is another supply chain attack ... and then another ... and then another ... and then another ... with a total of 50 as of this writing. The best I can describe what I'm currently seeing is a "DFIR resource exhaustion" technique.
If you've got only a handful of DFIR firms spread thin across a dozen of so companies and then ANOTHER supply chain attack happens AND THEN ANOTHER AND THEN ANOTHER, with some organizations potentially being hit multiple times, it's a nightmare come alive.
TeamPCP (as of what we've learned thus far) successfully used a supply chain attack to pivot to other supply chain attacks. They're chaining chains.
The concern now is they've performed 50 supply chain attacks in 8 days. Is there anymore coming? Has any other vendor failed to rotate their security credentials correctly? Is any company not cooperating? What data was stolen? How many companies are even impacted? How many are unaware of what happened? How much user PII was stolen? How were these other supply chain attacks conducted?
The current prevailing theory is all of these supply chain attacks are the result of the initial Trivy supply chain attack, however (unironically) DFIR work must be conducted and more investigative work needs to be performed. It is dangerously to assert with high-confidence it is the result of the Trivy supply chain attack. If you're wrong, what if it's from something else we're not aware of yet? I'm sure not all details are public (yet). More information will come out eventually.
This sort of DFIR work would take months but now it's a race against the clock hoping another doesn't occur.
2026 starting off strong.
tl;dr teampcp doing lots of supply chains, exhausting, smash and grab passwords, runaway, really tiring
Generally speaking, large scale supply chain attacks are quiet with the focus being silence and espionage. A notable example of this is SOLARWINDS supply-chain attack which was conducted by the Russian Federation. The goal is to discretely insert malicious code into a products update cycle. The payload would (under ideal circumstances) execute with specific triggers in place and BE QUIET. They don't want to set off any metaphorical alarms. You quietly watch and SLOWLY work.
TeamPCP (as of this writing) has focused on information exfiltration (stealing sensitive data, primarily credentials) which is more akin to a smash-and-grab rather staying silent and watching what people are doing with their binoculars.
A successful supply chain attack can be a DFIR (Digital Forensics and Incident Response) nightmare. Many organizations do not have an internal DFIR on staff, hence they consult with external entities. Suddenly with a supply chain attack you've got dozens of organizations contacting the same group of companies needing a forensic investigation launched.
These DFIR's can take time with reporting, identifying victims, potential PII or sensitive documents stolen, cooperation with law enforcement and legal departments (or external law firms) ... it can take days, weeks, or (depending on the scope of impact and bureaucracy) months.
And then suddenly there is another supply chain attack ... and then another ... and then another ... and then another ... with a total of 50 as of this writing. The best I can describe what I'm currently seeing is a "DFIR resource exhaustion" technique.
If you've got only a handful of DFIR firms spread thin across a dozen of so companies and then ANOTHER supply chain attack happens AND THEN ANOTHER AND THEN ANOTHER, with some organizations potentially being hit multiple times, it's a nightmare come alive.
TeamPCP (as of what we've learned thus far) successfully used a supply chain attack to pivot to other supply chain attacks. They're chaining chains.
The concern now is they've performed 50 supply chain attacks in 8 days. Is there anymore coming? Has any other vendor failed to rotate their security credentials correctly? Is any company not cooperating? What data was stolen? How many companies are even impacted? How many are unaware of what happened? How much user PII was stolen? How were these other supply chain attacks conducted?
The current prevailing theory is all of these supply chain attacks are the result of the initial Trivy supply chain attack, however (unironically) DFIR work must be conducted and more investigative work needs to be performed. It is dangerously to assert with high-confidence it is the result of the Trivy supply chain attack. If you're wrong, what if it's from something else we're not aware of yet? I'm sure not all details are public (yet). More information will come out eventually.
This sort of DFIR work would take months but now it's a race against the clock hoping another doesn't occur.
2026 starting off strong.
β€14π₯°6π4