vx-underground
The largest collection of malware source, samples, and papers on the internet.
Password: infected
https://vx-underground.org/
Password: infected
https://vx-underground.org/
TGlist рейтингі
0
0
ТүріҚоғамдық
Растау
РасталмағанСенімділік
СенімсізОрналасқан жері
ТілБасқа
Канал құрылған күніJul 30, 2020
TGlist-ке қосылған күні
Sep 22, 2023Жазылушылар
70 592
24 сағат
700.1%Апта
25 88457.9%Ай
26 48160%
Дәйексөз индексі
0
Ескертулер1Каналдарда қайта жазылу0Каналдарда ескерту1
1 жазбаның орташа қамтуы
1 605
12 сағат3 592
83.3%24 сағат1 605
62.5%48 сағат4 277
26%
Қатысу деңгейі (ER)
2.38%
Қайта жазылды3Пікірлер0Реакциялар78
Қамту бойынша қатысу деңгейі (ERR)
5.89%
24 сағат
0.17%Апта
5.9%Ай
3.3%
1 жарнамалық жазбаның қамтуы
4 930
1 сағат65913.37%1 – 4 сағат1 71834.85%4 - 24 сағат2 95659.96%
24 сағаттағы жазбалар саны
8
Динамика
5
"vx-underground" тобындағы соңғы жазбалар
28.04.202514:16
JEFFREY, THIS ISNT A VALID LEGAL STRATEGY
STOP. TALKING.
STOP. TALKING.
28.04.202503:01
JEFFREY, STOP TALKING DAWG
(╯°□°)╯︵ ┻━┻
(╯°□°)╯︵ ┻━┻
27.04.202523:47
For the record, we've known a few people to actually lock in and actually dig through the library. We know C5pider has read quite a bit from it, he ended up making Havok C2 and being big brain. He also know rad9800 read a bunch of it, he's also insanely big brain.
Both these dudes are like, 20 or something, and are dangerously smart.
We also know 5mukx has been locked in pretty hard and digging through the library too. He's taken the painful task of translating and re-writing the C/C++ code into Rust to improve his understanding of malware and improve his Rust programming skills.
Shoutout the young bloods. They got so good, we've been adding their content and research into the library now.
Both these dudes are like, 20 or something, and are dangerously smart.
We also know 5mukx has been locked in pretty hard and digging through the library too. He's taken the painful task of translating and re-writing the C/C++ code into Rust to improve his understanding of malware and improve his Rust programming skills.
Shoutout the young bloods. They got so good, we've been adding their content and research into the library now.
27.04.202523:41
hOw Do I lEaRn MaLwArE StUfF
If you're new to malware stuff, and want to learn malware stuff, go to our paper collection.
If you read 10% of our malware analysis paper collection (took notes, seriously understood it), you'd be a fuckin' monster.
If you know how to code (Python, C, C++, .NET), and visit our malware development section and read about 40% of the papers (took notes, seriously understood it), you'd be a fuckin' monster.
You'd have a powerful understanding of malware analysis, malware development, the malware threat landscape, malware threat groups (state-sponsored or financially motivated). You'd jump from absolute noob dumbie to Subject Matter Expert lightning fast.
Unfortunately, this also requires you to lock in pretty damn hard. You'd have to seriously dedicate yourself. However, if you could do 2 or 3 papers a day, in about 12 months, you'd be ridiculously well versed in malware. But you'd (probably) burn and crash out pretty fast at this rate because the amount of information you'd be ingesting would be astronomical.
Anyway, if you want to actually learn, we have a massive-fuck-off-library of malware educational resources waiting for you.
If you're new to malware stuff, and want to learn malware stuff, go to our paper collection.
If you read 10% of our malware analysis paper collection (took notes, seriously understood it), you'd be a fuckin' monster.
If you know how to code (Python, C, C++, .NET), and visit our malware development section and read about 40% of the papers (took notes, seriously understood it), you'd be a fuckin' monster.
You'd have a powerful understanding of malware analysis, malware development, the malware threat landscape, malware threat groups (state-sponsored or financially motivated). You'd jump from absolute noob dumbie to Subject Matter Expert lightning fast.
Unfortunately, this also requires you to lock in pretty damn hard. You'd have to seriously dedicate yourself. However, if you could do 2 or 3 papers a day, in about 12 months, you'd be ridiculously well versed in malware. But you'd (probably) burn and crash out pretty fast at this rate because the amount of information you'd be ingesting would be astronomical.
Anyway, if you want to actually learn, we have a massive-fuck-off-library of malware educational resources waiting for you.
27.04.202523:30
Malware paper statistic breakdown:
Windows malware development papers:
721 papers
Malware analysis papers:
12,293 papers
Linux malware development papers:
65 papers
ICS/SCADA malware papers:
94 papers
Windows malware development papers:
721 papers
Malware analysis papers:
12,293 papers
Linux malware development papers:
65 papers
ICS/SCADA malware papers:
94 papers
27.04.202523:28
Updates to the VXUG collection:
- 2020-08-15 - Kernel Mode TCP Sockets LSASS Dump
- 2025-01-05 - Reliable system call interception
- 2025-01-19 - C2 infrastructure on AWS
- 2025-01-23 - Pitfalls of COM activation
- 2025-01-23 - Operating Inside the Interpreted - Python Malware
- 2020-08-15 - Kernel Mode TCP Sockets LSASS Dump
- 2025-01-05 - Reliable system call interception
- 2025-01-19 - C2 infrastructure on AWS
- 2025-01-23 - Pitfalls of COM activation
- 2025-01-23 - Operating Inside the Interpreted - Python Malware
27.04.202522:17
the anime store owner seeing a tsunami of stinky nerds holding pictures of cats enter their store
27.04.202521:59
We should do some kind of weird impromptu malware meetup. Like, we all show up at an anime store or something and exchange our favorite pictures of cats.
27.04.202505:43
That's not a typo. The paper is actually says, "for pun and fropit". It discusses polymorphic mutation in JScript.
27.04.202502:49
Originally the headlines and articles (which presented little information) painted a picture of an Insider Threat potentially aid and abetting Threat Groups.
Now it gives the picture of a misunderstanding and potentially the United States Federal Bureau of Investigation doing a poor job in regards to cybercrime.
Historically we have believed the FBI has done a great job with cybercrime. We have seen them takedown large and sophisticated Threat Groups. In this case (based on the details presented thus far) the FBI of Oklahoma has done a poor job and is chasing a non-issue.
tl;dr sounds like a shit show
Now it gives the picture of a misunderstanding and potentially the United States Federal Bureau of Investigation doing a poor job in regards to cybercrime.
Historically we have believed the FBI has done a great job with cybercrime. We have seen them takedown large and sophisticated Threat Groups. In this case (based on the details presented thus far) the FBI of Oklahoma has done a poor job and is chasing a non-issue.
tl;dr sounds like a shit show
27.04.202502:46
Earlier today we shared some information on a CEO of a cybersecurity company in Oklahoma, United States, allegedly intentionally deploying malware to a healthcare facility in Oklahoma City.
More details have been presented which paint a different picture than what was originally shared and it kind of complicates the issue presented.
Jeffrey Bowie, the Chief Executive Officer of cybersecurity firm Veritaco, had a warrant for his arrest issued by the United States Federal Bureau of Investigation for allegedly intentionally deploying malware to a client of Veritaco (St. Anthony Hospital). Interestingly, the FBI did not immediately notify Mr. Bowie of the arrest warrant — however they DID notify local media new stations. Mr. Bowie was informed of his arrest warrant by friends, family, and colleagues rather than law enforcement themselves.
Mr. Bowie has publicly released the "source code" of the malware allegedly deployed on the healthcare facility (attached image). The "malware" is a powershell script which takes images of the desktop computer every 20 seconds then sends the images back to a remote server owned by Mr. Bowie. The powershell script was deployed onto 2 machines in the healthcare facility and set to run via Windows task scheduler.
Mr. Bowie asserts the endpoint the "malware" sends data to was terminated in August, 2024. Hence, the code present is basically worthless.
1 of the computers (Computer "A") was publicly accessible and specifically designated for guests to use.
The 2nd computer (Computer "B") remained unlocked (???) was designated for sending and receiving PHI (?). Mr. Bowie asserts "unlike Computer A, no software was written."[sic]
Mr. Bowie has (as of this writing) not explicitly stated why the powershell script took screenshots every 20 seconds. Additionally, no details have been shared as to how long this "malware" has been present on machines.
Mr. Bowie asserts local media outlets have defamed his character and has stated he has placed his faith in judicial system and God to deem him not guilty of any wrong doing.
Image 1. of "malware" source code
Image 2. of him informing the hospital he has removed the "malware" from the 2nd computer
More details have been presented which paint a different picture than what was originally shared and it kind of complicates the issue presented.
Jeffrey Bowie, the Chief Executive Officer of cybersecurity firm Veritaco, had a warrant for his arrest issued by the United States Federal Bureau of Investigation for allegedly intentionally deploying malware to a client of Veritaco (St. Anthony Hospital). Interestingly, the FBI did not immediately notify Mr. Bowie of the arrest warrant — however they DID notify local media new stations. Mr. Bowie was informed of his arrest warrant by friends, family, and colleagues rather than law enforcement themselves.
Mr. Bowie has publicly released the "source code" of the malware allegedly deployed on the healthcare facility (attached image). The "malware" is a powershell script which takes images of the desktop computer every 20 seconds then sends the images back to a remote server owned by Mr. Bowie. The powershell script was deployed onto 2 machines in the healthcare facility and set to run via Windows task scheduler.
Mr. Bowie asserts the endpoint the "malware" sends data to was terminated in August, 2024. Hence, the code present is basically worthless.
1 of the computers (Computer "A") was publicly accessible and specifically designated for guests to use.
The 2nd computer (Computer "B") remained unlocked (???) was designated for sending and receiving PHI (?). Mr. Bowie asserts "unlike Computer A, no software was written."[sic]
Mr. Bowie has (as of this writing) not explicitly stated why the powershell script took screenshots every 20 seconds. Additionally, no details have been shared as to how long this "malware" has been present on machines.
Mr. Bowie asserts local media outlets have defamed his character and has stated he has placed his faith in judicial system and God to deem him not guilty of any wrong doing.
Image 1. of "malware" source code
Image 2. of him informing the hospital he has removed the "malware" from the 2nd computer
Жойылды27.04.202504:04
26.04.202509:44
tl;dr long written opinion on being new to cybersecurity, list my experience as a reference to a "jr" role requirement list, show how much of a noob i am, yapping like a yapper
funny_cat_picture_with_caption.png
Non-tldr:
Earlier someone made a comment on one of our posts about requirements for Juniors in cybersecurity. The list was pretty extensive. This isn't a diss to this person, but I strongly disagree with their opinion. Here is what they listed as a requirement to be a Junior in cybersecurity:
• Strong experience in Linux servers and AD
• Must hold at least CCNA, CCNP, CompTIA
• Strong knowledge of cloud computing like AWS, Azure, GCP
• Must have Security+, CEH, CISSP, Cisco CyberOps
• Knowledge of SQL, Oracle db, with Java, Python, C++
If these were required, I wouldn't have a job.
- Never attended a university. Never attended a college. Finished High School (primary school for nerds in UK, EU?) with average grades.
- I use Linux as a daily driver (Ubuntu), and I use Windows 11 for video games and doing C/C++ development. I would not consider myself "strong" in Linux — there are some seriously hardcore Linux nerds. I can use it, I can Google stuff, but I am not "strong" (in my opinion).
- Little to no experience with AD. I've used it in enterprise environments, I'm aware of basic concepts of exploitation of it and lateral movement, but I am nowhere near capable of doing anything serious or important with it. Shoutout the Network and/or System administrators who do stuff with Forests, or something, some buzzword I remember.
- I don't possess any certificates. My understanding of networking is limited to the TCP/IP model (can barely remember OSI model), and basics of headers. My knowledge of networking primarily revolves around using it when programming. I will instantly fail any Cisco related certificate. I can use Wireshark. Am I cool enough?
- I possess little to no knowledge on Cloud computing. I can upload and download files, I can copy and move things, I know how to list files. I know the basics of creating a bucket and doing permissions, but I am by no means an expert. I praise the nerds who do Cloud stuff and DevOps because I think it's boring.
- I've been coding in C for 19 years. I consider myself strong in it. However, I still don't know "everything". I've been studying and/or doing Windows internals stuff for over 10 years. I consider myself "strong", but there are some truly brilliant people who I believe can walk circles around me and make me look like an idiot. There are many, many, many times I realize I have a knowledge gap or make a really obvious and dumb mistake (probably like, every day)
I can code (without using AI like a total dork) in C, C++, Visual Basic .NET framework), C# (.NET framework), Python, AutoIT, Python, x86/x64 MASM, T-SQL. However, my usage of them is varied and many of them I'm extremely rusty.
My opinion is that if you want to do something in cybersecurity, do what you enjoy and do it well. If you want a job you need to apply places, talk to people, get involved, and try hard. You don't need to go to conferences, but cybersecurity is a rapidly evolving field and (similar to Doctors of Medicine), is it profoundly important to remain actively engaged (Continual Education*). Things change daily. You need to be somewhere, doing something, to pay attention and understand what is happening.
- smelly
funny_cat_picture_with_caption.png
Non-tldr:
Earlier someone made a comment on one of our posts about requirements for Juniors in cybersecurity. The list was pretty extensive. This isn't a diss to this person, but I strongly disagree with their opinion. Here is what they listed as a requirement to be a Junior in cybersecurity:
• Strong experience in Linux servers and AD
• Must hold at least CCNA, CCNP, CompTIA
• Strong knowledge of cloud computing like AWS, Azure, GCP
• Must have Security+, CEH, CISSP, Cisco CyberOps
• Knowledge of SQL, Oracle db, with Java, Python, C++
If these were required, I wouldn't have a job.
- Never attended a university. Never attended a college. Finished High School (primary school for nerds in UK, EU?) with average grades.
- I use Linux as a daily driver (Ubuntu), and I use Windows 11 for video games and doing C/C++ development. I would not consider myself "strong" in Linux — there are some seriously hardcore Linux nerds. I can use it, I can Google stuff, but I am not "strong" (in my opinion).
- Little to no experience with AD. I've used it in enterprise environments, I'm aware of basic concepts of exploitation of it and lateral movement, but I am nowhere near capable of doing anything serious or important with it. Shoutout the Network and/or System administrators who do stuff with Forests, or something, some buzzword I remember.
- I don't possess any certificates. My understanding of networking is limited to the TCP/IP model (can barely remember OSI model), and basics of headers. My knowledge of networking primarily revolves around using it when programming. I will instantly fail any Cisco related certificate. I can use Wireshark. Am I cool enough?
- I possess little to no knowledge on Cloud computing. I can upload and download files, I can copy and move things, I know how to list files. I know the basics of creating a bucket and doing permissions, but I am by no means an expert. I praise the nerds who do Cloud stuff and DevOps because I think it's boring.
- I've been coding in C for 19 years. I consider myself strong in it. However, I still don't know "everything". I've been studying and/or doing Windows internals stuff for over 10 years. I consider myself "strong", but there are some truly brilliant people who I believe can walk circles around me and make me look like an idiot. There are many, many, many times I realize I have a knowledge gap or make a really obvious and dumb mistake (probably like, every day)
I can code (without using AI like a total dork) in C, C++, Visual Basic .NET framework), C# (.NET framework), Python, AutoIT, Python, x86/x64 MASM, T-SQL. However, my usage of them is varied and many of them I'm extremely rusty.
My opinion is that if you want to do something in cybersecurity, do what you enjoy and do it well. If you want a job you need to apply places, talk to people, get involved, and try hard. You don't need to go to conferences, but cybersecurity is a rapidly evolving field and (similar to Doctors of Medicine), is it profoundly important to remain actively engaged (Continual Education*). Things change daily. You need to be somewhere, doing something, to pay attention and understand what is happening.
- smelly
26.04.202509:05
Updates to the vx-underground collection:
- 2011-07-04 - Mixing x86 with x64 code
- 2018-04-11 - WoW64 internals
- 2023-04-19 - WOW64 Callback Table - FinFisher
- 2025-04-16 - Control Flow Hijacking via Data Pointers
- 2011-07-04 - Mixing x86 with x64 code
- 2018-04-11 - WoW64 internals
- 2023-04-19 - WOW64 Callback Table - FinFisher
- 2025-04-16 - Control Flow Hijacking via Data Pointers
26.04.202500:38
Imma be real with you, Chat. I've been unfathomably busy IRL and it's brought me immense joy schizo-posting satirical nonsense to thousands of people.
26.04.202500:34
The naming convention "Trojan" easily confuses people i.e. Remote Access Trojan. Unfortunately, due to successful media campaigns, the term Trojan is now closely affiliated to condoms.
Instead we petition to formally change the term to something which is reminiscent of the term "Trojan Horse", and carries the same meaning
Suggestion: Horse
Example(s):
- Remote Access Horse
- Sophisticated Horse
- "... The Threat Actors inserted a Horse payload into the Word document..."
Laymen can easily identify a horse and they will understand the concept of a horse on the loose is very dangerous. You can explain to customers there is a horse loose in their computer and the horse is causing serious damage.
Instead we petition to formally change the term to something which is reminiscent of the term "Trojan Horse", and carries the same meaning
Suggestion: Horse
Example(s):
- Remote Access Horse
- Sophisticated Horse
- "... The Threat Actors inserted a Horse payload into the Word document..."
Laymen can easily identify a horse and they will understand the concept of a horse on the loose is very dangerous. You can explain to customers there is a horse loose in their computer and the horse is causing serious damage.
Рекордтар
27.04.202519:35
70.6KЖазылушылар17.08.202423:59
200Дәйексөз индексі03.04.202523:59
23.5K1 жазбаның қамтуы26.10.202423:59
8KЖарнамалық жазбаның қамтуы05.03.202510:09
140.96%ER03.04.202523:59
53.04%ERR
08.04.202519:39
Hello,
"Sean" has informed us that, somewhere in the midst of our kitty cat collection, is a photo of a cute doggie making homophobic remarks.
This is terrible news. The entire collection is contaminated.
"Sean" has informed us that, somewhere in the midst of our kitty cat collection, is a photo of a cute doggie making homophobic remarks.
This is terrible news. The entire collection is contaminated.
07.04.202517:24
Chat, we've got a problem.
Over 5,000 people are trying to download our kitty cat collection file. It is 159GB.
What is 159GB x 5,000 downloads at the same time? Unironically, we are DDoSing ourselves with cat pictures.
Over 5,000 people are trying to download our kitty cat collection file. It is 159GB.
What is 159GB x 5,000 downloads at the same time? Unironically, we are DDoSing ourselves with cat pictures.
18.04.202517:49
28.04.202514:16
JEFFREY, THIS ISNT A VALID LEGAL STRATEGY
STOP. TALKING.
STOP. TALKING.
26.04.202500:34
The naming convention "Trojan" easily confuses people i.e. Remote Access Trojan. Unfortunately, due to successful media campaigns, the term Trojan is now closely affiliated to condoms.
Instead we petition to formally change the term to something which is reminiscent of the term "Trojan Horse", and carries the same meaning
Suggestion: Horse
Example(s):
- Remote Access Horse
- Sophisticated Horse
- "... The Threat Actors inserted a Horse payload into the Word document..."
Laymen can easily identify a horse and they will understand the concept of a horse on the loose is very dangerous. You can explain to customers there is a horse loose in their computer and the horse is causing serious damage.
Instead we petition to formally change the term to something which is reminiscent of the term "Trojan Horse", and carries the same meaning
Suggestion: Horse
Example(s):
- Remote Access Horse
- Sophisticated Horse
- "... The Threat Actors inserted a Horse payload into the Word document..."
Laymen can easily identify a horse and they will understand the concept of a horse on the loose is very dangerous. You can explain to customers there is a horse loose in their computer and the horse is causing serious damage.
Канал өзгерістері тарихы
Көбірек мүмкіндіктерді ашу үшін кіріңіз.