Eleemosynator

@thegrugq Operational success does not imply Strategic success. True for business, war, and the pursuit of happiness.

“You know you never beat us on the battlefield,” I told my North Vietnamese Army (NVA) counterpart, Colonel Tu, during a meeting in Hanoi a week before the fall of Saigon. “That may be so,” he replied, “but it is also irrelevant.”¹ Seeing US analysts explaining that they’re winning against Iran based on metrics such as number of sorties or equipment destroyed reminds me of this story. __ ¹ : historynet.com/deliberate-dis…

I just finished up Unity Underground, an engine port of a classic 1992 immersive simulation. youtu.be/zWJ3ZdATsDs Available here: kweepa.itch.io/unity-undergro… (Requires original game files and an xbox controller)

@Kweepa Congrats man! Fantastic project!

@zeroxjf @trq212 Anthropic pen-testing SaaS coming in 5...4...3...

The new cyber-abuse guardrails in Opus 4.6 are likely to drive a mass exodus of researchers from the platform. They give option to submit a form to prove legitimate research, but for me got no confirmation of its submission last week and no way of knowing its status 🤷‍♂️ @trq212

@SwiftOnSecurity Loved the early "Tay's secret cybersecurity life" form of this account.

@SwiftOnSecurity 😂

@vxunderground @IceSolst Dude - wiring a custom socket layer on top of windows driver IoCtl calls is the absolute definition of cracked. That and the cat pictures, of course.

@IceSolst Wtf I share my stuff. Does that mean I'm cracked?

There’s an astronomical skill gap between good security people, and the rest. There’s no mid. Accounts you see posting their research here are absolutely cracked, it’s not the norm. When you go out and talk to security folks that don’t go to conferences, don’t read up on research, you realize- holy shit. They have no fucking clue. The majority of the cybersecurity work force is absolutely incompetent. It’s partly why vendors can come up with inane bullshit as marketing material and it works on many CISOs. If you’re reading this, you’re most likely 1000x the skill level of the average person. Like I cannot emphasize enough how low the bar is when the sample size is the entire industry.

@vxunderground Winning meme

@vxunderground The horror....

Chat, I have bad news. I have been informed I previously confirmed with a family member I would attend their child's birthday party. I forgot. No updates now, I have to go subject myself to plagues and watch tiny people scream and throw things

Hello, I am currently syncing and uploading stuff to malware city. Unsurprisingly, it is malware and malware accessories. Please hold while malware is uploaded to the internet. Thanks,

@halvarflake Arguably, one should not let anyone write multi-threaded C++ code irrespective of whether they are an LLM or not

One really shouldn't let an LLM write multi threaded C++ code. Perhaps Rust is really the only way to make this work.

@vxunderground Nah man, they're just here for the cat memes like everyone else

I like to imagine a bunch of military bros at some fuckin base wanting updates on malware and I'm just schizo ranting about my general distrust for the United States government and spamming cat pictures

> see post online > us military offensive cyber warfare division > click profile > they follow me > wtf? > theyre following me? > is the us military using my website to study malware? > *follow back*

@DynamicWebPaige What the Beach Boys were really singing about

🥹🔵 My daily math email this morning was so pretty! Background: The Hopf Fibration is a breathtaking discovery in topology that reveals how a 3-sphere (a sphere in four-dimensional space) can be completely decomposed into an infinite collection of non-intersecting circles. Each circle is "linked" with every other circle exactly once, creating a dense, interlocking web of geometry. When we project these 4D circles into our 3D world using stereographic projection, they appear as nested tori, each composed of a family of circles known as Villarceau circles.

@vxunderground @SwiftOnSecurity More seriously though, the vxundergound collection is an amazing resource. Thank you for holding it together and making it available to everybody including hobbyists like me.

@vxunderground @SwiftOnSecurity > Collect malware > Post cat pictures > WIN No mysterious intermediate step required.

Hello, This social media profile is now the largest cybersecurity-related profile on Xitter. It has passed @SwiftOnSecurity. What does this mean? Well, as the top influencer I am carrying the weight of the world on my shoulders. This is a very serious role. I'm basically a superhero. First, I will begin pushing my new cybersecurity course. It will be somewhere between $200 - $500. It will not be formally recognized by any institution or employer. Additionally, it will be poorly developed and half-assed. I will lie and say it will help you get a job (it won't). Second, I will begin pushing cryptocurrency coins which I will say are going to solve some opaque problem in cybersecurity. I'll make something up, like, "this coin will prevent DHCP DNS cluster fraud". It won't make sense. When someone questions it I will immediately deflect blame or call them bad names. Third, I will travel to every major cybersecurity conference. Each talk I give will not be technical. My talks will primarily revolve around my experiences, and wisdom, or something. I will pretend to be an old sage filled with knowledge, things you could literally never understand. In actuality, I can barely send an e-mail. Thank you for the love and support. I look forward to rug pulling all of you.

@vxunderground Guess this guy is not here for the cat pictures - boo. You do attract the weirdest comments.

Some people asked, "do I need to worry about this effecting my computer?". The answer is: No. Lotus Blossom is an extremely skilled and patient group with high-profile targets. This would be like asking, "do I need to worry about Navy Seal Team Six kidnapping me?" This group isn't going to target some random stinky nerd on Xitter, they're not going to waste their time attacking Susie Schnarf on Facebook, they're going after serious institutions with objectives and goals in mind. ... unless you're a well-known politician located in Southeast Asia or Central America with information related to national security ... then maybe you should have more security concerns ...

Non-malware schizos asking about why the Notepad++ malware payload was so interesting. Okay, we'll discuss it without getting too schizo. First, Rapid7 (and other various Cyber Threat Intelligence vendors) seem to generally attribute the Notepad++ compromise to Chinese APT group "Lotus Bloom". They attribute it to Lotus Blossom because they tend to recycle code segments to save time. Basically, fingerprints. Lotus Blossom is the invented name intelligence organizations have assigned to a group of Chinese government sponsored hackers. Their true identity is unknown, but speculative. It is not one person, it is likely a group of unknown size, it could two people, it could 15 people. Lotus Blossom has been active since 2009 (or so they speculate). Lotus Blossom are not noobs who do hacker noob stuff. Lotus Blossom is assigned high-profile tasks. Lotus Blossom does extremely specific targets, most notably they are instructed by the Chinese government to hack government institutions, telecom companies, aviation companies, and critical infrastructure (nuclear power plants, electrical power grids, hydroelectric dams, etc) in Southeast Asia and Central America. When Lotus Blossom targeted Notepad++, and users in specific regions (presumably Southeast Asia and Central America) attempted to do an update it delivered "Chrysalis Backdoor". Chrysalis Backdoor is the name intelligence companies invented and now call this malware. Chrysalis Backdoor used a lot of really common malware techniques which truthfully I won't go too much into (API hashing, custom implementations of GetProcAddress, malware nerd stuff). However, what makes this malware very special is it's usage of Microsoft Warbird. Microsoft Warbird is a proprietary technology which is rarely discussed. It is an internal library Microsoft uses to obfuscate it's instruction set in-memory. In other words, it's Microsoft really fancy custom way of preventing people from reverse engineering what Windows is doing when it's running. Unknown to me personally (and a lot of people apparently), in the past few years (2023) some security researchers have discovered ways to discretely use Microsoft Warbird and use it as a weapon. Basically, you can use undocumented APIs in Windows to use Warbird for your malware. This provides a way to hide what your malicious code is doing while it's running without needing any external tooling or custom implementations. They're weaponizing Microsoft's anti-tampering and/or anti-reverse engineering technology for malicious purposes. This is extremely impressive because it shows: 1. Lotus Blossom pays close attention to really talented security researchers or... 2. Lotus Blossom has really good security researchers on payroll Both are totally possible. The remainder of the Lotus Blossom tooling is fairly generic malware stuff and isn't too terribly impressive. Lotus Blossom (unironically) did a very good job hijacking Notepad++ update infrastructure and weaponizing Microsoft's anti-tampering technology (Warbird).

@vxunderground ✅ Cat content ⭐⭐⭐⭐⭐

@vxunderground > Clicked on article because it had a cat in the picture. > No cat pictures inside. > 1 ⭐ > Interesting RE dive though.

@vxunderground @kamo_mash 🤯

@kamo_mash Communicating directly with the drivers using DeviceIoControl

I had this idea to do HTTPS stuff in C using the Windows Sockets API (Winsocks). I did it. I got it working. I was able to verify an SSL cert, do a GET, do a POST octet binary stream thingy to upload a simple file (unironically testing using a picture of a cat). After I got it working I decided to do what I always do: make it more malware like. I decided I wanted to poke Windows with a stick, make the code position independent, and make it function as close to the metal as possible. What happened next cannot be described as a "rabbit hole". I have fallen into an infinite abyss, a fucking Windows internals chasm. I am looking at things in Windows I have never looked at before. I am scared, confused, intrigued, ... but mostly confused (and lost). ReactOS, x86matthew, some weird French Guy (can't remember his name), and random nerds on OSR, have done unholy work and really dug into it. They deserve a lot of credit for walking knee deep in Windows sludge.

@SwiftOnSecurity Volcanic Compost has a certain ring to it

Composter of Avatar: Fire and Ash responds to rave reviews of a particular scene's music

@gothburz @BoozyEstate Underrated comment

@BoozyEstate Consultants help you say nothing in 200 pages. This is the opposite.

Last quarter I rolled out Microsoft Copilot to 4,000 employees. $30 per seat per month. $1.4 million annually. I called it "digital transformation." The board loved that phrase. They approved it in eleven minutes. No one asked what it would actually do. Including me. I told everyone it would "10x productivity." That's not a real number. But it sounds like one. HR asked how we'd measure the 10x. I said we'd "leverage analytics dashboards." They stopped asking. Three months later I checked the usage reports. 47 people had opened it. 12 had used it more than once. One of them was me. I used it to summarize an email I could have read in 30 seconds. It took 45 seconds. Plus the time it took to fix the hallucinations. But I called it a "pilot success." Success means the pilot didn't visibly fail. The CFO asked about ROI. I showed him a graph. The graph went up and to the right. It measured "AI enablement." I made that metric up. He nodded approvingly. We're "AI-enabled" now. I don't know what that means. But it's in our investor deck. A senior developer asked why we didn't use Claude or ChatGPT. I said we needed "enterprise-grade security." He asked what that meant. I said "compliance." He asked which compliance. I said "all of them." He looked skeptical. I scheduled him for a "career development conversation." He stopped asking questions. Microsoft sent a case study team. They wanted to feature us as a success story. I told them we "saved 40,000 hours." I calculated that number by multiplying employees by a number I made up. They didn't verify it. They never do. Now we're on Microsoft's website. "Global enterprise achieves 40,000 hours of productivity gains with Copilot." The CEO shared it on LinkedIn. He got 3,000 likes. He's never used Copilot. None of the executives have. We have an exemption. "Strategic focus requires minimal digital distraction." I wrote that policy. The licenses renew next month. I'm requesting an expansion. 5,000 more seats. We haven't used the first 4,000. But this time we'll "drive adoption." Adoption means mandatory training. Training means a 45-minute webinar no one watches. But completion will be tracked. Completion is a metric. Metrics go in dashboards. Dashboards go in board presentations. Board presentations get me promoted. I'll be SVP by Q3. I still don't know what Copilot does. But I know what it's for. It's for showing we're "investing in AI." Investment means spending. Spending means commitment. Commitment means we're serious about the future. The future is whatever I say it is. As long as the graph goes up and to the right.