"Why are you reverse engineering malware on your main PC? Why don't you use a VM? If you used a VM you wouldn't have infected yourself"

Okay, the silly shenanigans are over. I've repaired the damage done to my box. Overall this was a very whimsical Saturday.

For people new to this account:
Do I really not use a VM when doing malware analysis? Yes. I have a VM, but I don't know, I get lazy. I throw the malware in a random directory called like, "sgsdggggg" (I type random letters on the keyboard) and start poking it.

Is this the first time I've detonated malware on my computer? No. I've detonated ransomware (REvil), some suspected state-sponsored malware from the Russian government (APT28), a crypto-miner, and now this.

I also once messed up an rsync command and synced my tax documents to the staff at DEFCON. They expected malware, instead they got my birth certificate, my tax returns, and some other various documents.

Do I panic? No, I deal with malware every single day. I collect malware, reverse engineer malware, write malware, etc. It is more annoying than actually concerning. The only time I was genuinely concerned was when I detonated REvil because I usually don't make backups (I'm not a coward).

Basically, I'm a jackass who has gotten way too comfortable with malware and you should not do what I do.

I get so many DMs, emails, and comments on social media of people calling me a cat

It's some sort of deep state psyop by silly cat picture to make me a furry

It's not going to work. Stop calling me a cat and stop asking me to meow you goobers

I know you expected a post about malware, or something, but I've been battling demons (trying to get a baby to sleep) and I've got nothing.

I did however find this video to be cute and silly, so I decided to share it

The best thing about being a Dad is that now I can dress like Dad

I just purchased several pairs of cargo shorts and button up shirts I intend on tucking in.

GTV VI leaks reportedly show the pricing for the game at $25,999

Gamers can take out a loan from Rockstar Games official banking app, or get a 2% discount if they pay in full at checkout

They have options available if you have no credit or poor credit

More information: https://www.nationalcrimeagency.gov.uk/news/cyber-criminals-who-hacked-into-transport-for-londons-computer-network-are-convicted

Hello

1. If you're reading this, that means you live inside my computer. Please leave my computer. You are stinking the place up.

2. I am syncing 150,000+ malwares to the internet. Please download the malware.

3. I now possess 14TB (7z ultra compressed) of malware

A person operating under the moniker "mizanthropiaz" compromised the Brazilian governments Emergency Alert System in Sao Paulo, Rio, and Brasilia. The Threat Actor sent a notification to hundreds of thousands of people which read "misanthropi4".

More details have emerged regarding the compromise, and truthfully, it is terrifying. The Brazilian government is extremely secure and it is quite remarkable any living person could have gotten past their enhanced security measures.

"mizanthropiaz" found a username and password login to the Brazilian governments Emergency Alert System. The username and password was present because an employee working there accidentally infected themselves with malware in 2016.

The employee there did not change the password in over 10 years.

But, after the employee accidentally infected their computer with malware, did they change their password? No.

But, did the Brazilian government do IP address blacklisting which would prevent unauthorized devices from accessing the Emergency Alert System? No.

But, did the Brazilian government require a VPN connection to authenticate to the Emergency Alert System because it's a government network? No.

But, did the Brazilian government require MFA (e-mail, text, or Authenticator Code)? No.

But, did the Brazilian government send notifications on new devices connecting? No.

But, did the Brazilian government issue alerts on password changes or password change requests? No.

But, did the Brazilian government require e-mail verification prior to changing or resetting passwords? No.

But, did the Brazilian government have rate-limiting to prevent brute-force attacks? No.

But, did the Brazilian government introduce a CAPTCHA to prevent brute-force attacks? Yes, but it was 2+2 and it never changed. It always asked "2+2="

But, did the Brazilian government require password complexity to make brute-forcing difficult? No, the password to the Brazilian government employee was the same as their username.

> be spaceX employee
> be rustled
> say spaceX sucks
> go on dread
> advertise being an insider threat
> verified by dread as being legit spaceX employee
> offer access to ransomware groups
> everyone see it
> everyone on telegram talking about it

me every update tuesday

me on the internet

Hello, I have a lot to say. However, I have come to discover many of you dislike long posts. To make this easier for some of you I will speak like a caveman to convey this information.

1. lots malware on internet. me collect malware. me put malware on website. download malware. malware good. you like malware.

2. me add papers. read papers. ooga booga. read good for brain.

3. people ask for all papers in 7z. this many papers. me no think people want lots of papers. me do later. this many papers

Click linky for list of malware and papers. Me no want to list all here

https://vx-underground.org/Updates