Oh yeah? You're a "hacker"? Prove it. Send a stool sample and a copy of your Birth Certificate to Sam Altman.

https://x.com/OpenAI/status/2044161906936791179

What's the matter? Scared? Don't want to give Sam Altman your poop? I guess you're not a real hacker

ok but fr tho, memes aside, while i personally wouldnt do this, them using a system of trust like this to give nerds more ai for their ai gwump probably isnt a terrible idea.

if youre a regular stinky nerd, this is probably no different than giving linkedin all your poop anyway

Claude 🤝Persona

A long, long, long time ago I read a paper on how the United States Central Intelligence Agency intentionally introduced conflict, distrust, and resentment into the inner circle of Julian Assange.

Being unable to physically touch him, they had hoped if they made his life chaotic enough he would commit suicide.

Knowing that the CIA will do this... it makes me wonder if the Federal Bureau of Investigation (or other law enforcement agencies) intentionally inject conflict into the circles of Threat Actors.

I can't even count how many times I've seen Threat Actors have conflicts with other Threat Actors on forums, chatroom, social media, etc. Ultimately, this conflict does very little for Threat Actors except fog their logic and result in poor decision making.

tl;dr I wonder if the FBI unironically just sits there, talking shit, making up fake drama, hoping the criminals betray the other criminals, or make an OPSEC mistake

Day Two of working on really silly malware proof-of-concept.

Is there an easier way to write this code? Yes.

Is it worth investing this much effort into? Probably not, no

Is it a lot of fun bonking Windows with a stick and reading obscure documentation? Yes

Am I a cat? No

Say what you want about TeamPCP, but they have certainly made attribution much easier.

I can't recall a time a Threat Group specified the malware campaign and malware delivery mechanism that resulted in a compromise.

Is TeamPCP lying about how how they compromised these organizations? Is it the result of a different malware campaign? Did they actually steal internet projects and "secrets" from S&P Global? How bad is the Guesty compromise? Will these companies succumb to the ransom demands? What the fuck does PCP stand for in this context? Is TeamPCP suggesting they're addicted to Phencyclidine a/k/a Angel Dust?

Find out on the next action packed episode of Dragon Ball Z

Yeah, so basically I'm trying to make my own "ClickFix" but for Windows binaries by abusing the Windows Runtime, Component Object Model, and whatever Windows grants me from a limited user profile (see attached image)

I saw some research on Windows Toast Notifications by Panos Gkatziroulis, but their paper and code was in C# and Powershell. Their technique displayed a fake update and directed the user to a website which then did ClickFix

So it's like, WindowsClickFix -> ClickFix

I said, "wtf? why not just run program there?"

It turns out you can, it's totally possible and well documented for something like C#. Making a simple notification on Windows which impersonates Windows Defender and runs a .exe (or whatever) is pretty shrimple. But.... there is a massive asterisk next to shrimple because it requires some* pain and suffering.

In extreme summary, need to do registry entries so Windows knows where to send Toast stuff to. In C# or Powershell this is still relatively simple, just kind of annoying. In C, it still isn't too bad.

Unfortunately, I am a person who knows only pain. I didn't want to do C#, or .NET, or do anything with WindowsRT the way Windows wants you to. I said, "well, I've done WinRT in C before, why not do this in C?" Why not make something mildly annoying 200% more difficult?

It has been a challenge. I decided to do EVERYTHING with the WinRT / COM. I didn't want to make ANY WinAPI invocations omit RoInitialize (technically CoInitializeEx).

In the attached image I've successfully impersonated Windows Security. However, "update" doesn't work the way I'd like to. The easiest thing to do in this scenario is trying to abuse a Windows Scheme URI. Unfortunately, WinRT sandboxes and prevents FILE://, and I can't find a URI to abuse to deliver file execution (I tried).

I assume the inability to find a Windows URI to abuse for file execution is why the original authors ended up doing ToastNotification -> ClickFix. Making the Toast Notification go to a web domain is extremely easy. You literally can just specify "button go to website ooga booga" and that's it.

Because I couldn't find a URI to execute a binary my only option left is using INotificationActivationCallback. Basically, I have to register my malicious code in the registry to receive Toast Notification callbacks. When "Update" is clicked my binary is notified and appropriate action is taken.

Again, this is all totally normal functionality, but it's being used for social engineering. The only caveat here is I am trying to do it as painful and convoluted as possible. I have the general layout done... it's just typing out the code and debugging. It's tiring.

I also planned on stripping the headers and making the binary as lightweight as possible. Why? I have no idea. It is totally unnecessary and ass backward logic.

But for real, in C# it's cake

https://learn.microsoft.com/en-us/windows/apps/develop/notifications/app-notifications/adaptive-interactive-toasts

Another zero day exploit released by some nerd (can't remember name right now) because they're annoyed with Microsoft. It's been confirmed by other nerds. It is yet another legit zero day. Whew.

https://github.com/Nightmare-Eclipse/RedSun