ultramage

265 posts

ultramage

@ultramage

Slovakia Katılım Şubat 2013

19 Takip Edilen3 Takipçiler

ultramage@ultramage·23h

@vxunderground Time is a circle, isn’t it. There was a time people were just dropping 0days for the clout in the hax0r scene, then ‘responsible disclosure’, then threat actors buying 0days, then bug bounty programs, then companies got greedy and complacent, then loop.

English

264

vx-underground@vxunderground·1d

Microsoft Security Response Center put out a blog post today about Eclipse Nightmare guy Basically they think he's super mean and totally not cool he's dropping zero days. They say you're a jerk if you do this stuff because it's dangerous and stuff microsoft.com/en-us/msrc/blo…

English

162

1.8K

79.1K

ultramage@ultramage·4d

@1337h4x0r_420 @IntCyberDigest No, you have it backwards. They first disclosed it to Microsoft using the official bounty channels, only to be snubbed and ridiculed as ‘reward’. Then after public disclosure Microsoft took increasing retaliatory action leveraging their ownership of the platform and safety excuse

English

Leet Haxor@1337h4x0r_420·4d

@IntCyberDigest So we’re surprised that Microsoft didn’t pay someone who publicly disclosed exploits for their products on a platform they own while calling themselves “Microsoft’s worst nightmare”?

English

1.1K

International Cyber Digest@IntCyberDigest·4d

‼️🚨 Researcher "Nightmare-Eclipse" had their GitHub account flagged and wiped after publicly dropping zero-day PoCs targeting Microsoft products. In a message, they accuse Microsoft of deleting the account they used to report bugs (with zero payout for past disclosures). The signed message ends with a direct threat: "Mark this date July 14th, I will make sure your bones are shattered that day."

English

274

2.4K

136K

ultramage retweetledi

Mahjong Soul Official@MahjongSoul_EN·6d

[New Outfit - Go! Sparkle! Shine! - Fuyumi Shinomiya] "You did great! Want some honey water? It's really refreshing. Oh – this cup? Y-yeah, it's the one I usually use. I brought it from home today... I just thought it might taste a little better if I made it myself. If you don't mind, please have some... A-and, um... g-good luck! I will be cheering for you the whole time...!" Follow & share for a chance to win the new Outfit! 3 winners drawn on X or FB after maintenance. #MahjongSoul #Yostar

English

184

186

7.1K

ultramage retweetledi

Mahjong Soul Official@MahjongSoul_EN·22 May

[New Outfit - Go! Sparkle! Shine! - Kana Fujita] "You're always there for me when I'm nervous before a show. So today, it's Kana's turn to cheer for you! It's your time to shine! Let's go! You've got this!" Follow & share for a chance to win the new Outfit! 3 winners drawn on X or FB after maintenance. #MahjongSoul #Yostar

English

206

201

8.4K

ultramage@ultramage·21 May

@roruroruko The router in this case works like a firewall that completely shuts off all inbound access, except to things you intentionally port-forward, or an app asked to port forward via a UPnP request. It’s a primitive security solution but works out of the box for people who have no idea

English

ultramage@ultramage·21 May

@roruroruko It is doable but you better make sure your firewall is up and the inbound profile is set to public (least exposed) or the other side will get to interact with whatever services on your pc are set to listen on 0.0.0.0. Such as administrative windows file shares (entire disk).

English

299

roru 💢🪳 isopod imouto vtuber@roruroruko·20 May

about 5 minutes ago my chat taught me that plugging your internet straight to your PC instead of using a router is in fact very , very bad the week before that they taught me how to make safe copies of OBS settings after my PC reset twice please trust guys roru can make it on her own roru is grown please stop looking at roru like that roru can totally survive -

Shizukou😈🕹️ Retro Gamer@Shizukougames

vtubing is so funny because some people will act like their oshi needs parental supervision your oshi is a grown woman 😭

English

6.5K

536.3K

ultramage retweetledi

Mahjong Soul Official@MahjongSoul_EN·21 May

[New Outfit - Go! Sparkle! Shine! - Jane] "Beep beep – listen up! Detective Jane is on the scene, and with my keen eye, I'll make sure everything stays fair and square!" Follow & share for a chance to win the new Outfit! 3 winners drawn on X or FB after maintenance. #MahjongSoul #Yostar

English

223

212

8.5K

ultramage retweetledi

Mahjong Soul Official@MahjongSoul_EN·20 May

[New Outfit - Go! Sparkle! Shine! - Nana Shiraishi (Animated)] "Nana Shiraishi, here to cheer you on! Let me help you warm up before the match!" Follow & share for a chance to win the new Outfit! 3 winners drawn on X or FB after maintenance. #MahjongSoul #Yostar

English

231

214

10.7K

ultramage@ultramage·18 May

@Niall_Ky @TheDarkEnjoyer That would be the escalating part... like, the next breach to interrupt nationwide testing would say 'hacked by smacker hq' and show a r18 filian pic, or, the next ceo/spree shooter would have 'filipino boy' engraved on the casings or something.

English

Niall@Niall_Ky·17 May

@ultramage @TheDarkEnjoyer Graffiti in the NY Subway is now "terror" 🤣

English

✨ 𝗗𝗔𝗥𝗞 ✨ Shitposter Detective@TheDarkEnjoyer·15 May

Can't believe this is a real post i stumble across randomly 💔 Something tells me that the snackers are kind of missing filian here...

✨ 𝗗𝗔𝗥𝗞 ✨ Shitposter Detective tweet media

English

1.4K

35.8K

ultramage@ultramage·18 May

@dizzydokuro Ma’am you are under arrest for possession of a forged license, your height clearly doesn’t match what’s printed here.

English

392

Dizzy Dokuro 🐛🪢 Phase Connect@dizzydokuro·17 May

IF YOU WANT TO GROW STOP POSTING SHORTS 🛑 Instead try this… - go to the DMV - line up to get your license renewed - make small talk with your DMV agent - jokingly ask them to add 1cm to your height so you seem a little taller - repeat I have grown 5cm. Trust me it works.

English

369

99K

ultramage@ultramage·16 May

@vxunderground I get the feeling that 'for you' eventually runs out the most relevant 'for you' stuff and starts padding with generally trending topics to try to milk you for more ad views. There was a point some time ago where the fyp would just run out of stuff to show. That was pretty good.

English

340

vx-underground@vxunderground·16 May

I enjoy the "For You" recommendations on social media. Everyday it is something truly unique. An omnipotent being named "The Algorithm" recommended: - Educational video about Sharks - Silly pictures of cats - Interesting history facts - Cool skateboarding compilations - Funny short skits about aging It was all educational, entertaining, light-hearted, and funny. Then I kept scrolling and saw: - Hatred toward Indians - Hatred toward Black people - Hatred toward Trans people - Hatred toward women - Some dude named Chud - Violent street fights - Deadly car accidents - People overdosing on drugs - Police corruption videos - Police chase videos - War footage (death from drones) I said, wtf where are the silly cat videos "The Algorithm"? The Algorithm replied, "Hatred and disdain toward others is more likely to keep you engaged. You must witness the horrors of man." I said "o ok"

English

790

21.9K

ultramage@ultramage·15 May

@TheDarkEnjoyer ‘d probably give up and just embed audio clips of her right into the document or something

English

2.1K

✨ 𝗗𝗔𝗥𝗞 ✨ Shitposter Detective@TheDarkEnjoyer·15 May

I've watched the menace asmr so many damn times... I kid you not, I literally sat down, painstakingly transcribed it myself to hopefully study it so that i can maybe just maybe, I could incorporate it into my future asmr scripts. I legitimately couldn't tell if half the time she's like drugging herself or jerking off live on stream but whatever she does to get some of those noises out, IS SO SO HARD to put into damn words like wtf... she's a god darn scriptwriter nightmare... YEAH LIIKE you're supposed to [JERK YOURSELF OFF WHILE SAYING THESE WORDS], like honestly how am i supposed to guide somebody to do the very ssame?!?!? Do they just seriously expect me to go all Mmmfffp... Unnf... Mmm-ahh... A-aahh... Ahn... Mngh-ph... Uhmn... Ah... Nnnf... A-a-ahhmmn... Nnhg Uh-uhh... Haahhh... Mmmm-mmh... Nnmm... when IM MAKING MY OWN SCRIPTS?!?! This shit is so legit cancer there's an audio sitting on my pc recreating these sounds, just so I could cringe at myself over how I sound, and you guessed it, it's never gonna see the light of day. Not only that, but like I come from a background of writing stories myself, and god... asmr scripts just, just happen to be one of those mediums where BROKEN english could actually be PEAK?!?!?! IIM HAVING TO LOBOTOMIZE MY WRITER BRAIN LIVE LIKE, BE FR DUDEEEE but... holy fuck... the things we do to attain and make sense of the mountains, god have mercy on my soul....

✨ 𝗗𝗔𝗥𝗞 ✨ Shitposter Detective@TheDarkEnjoyer

It's tough being a vtuber asmr enjoyer... the backlog is immaculate 💀

English

104

3.1K

151.6K

ultramage@ultramage·15 May

@KirscheVerstahl 'negligently' seems like a way to easily weasel out - "They are rated 5 stars and have great reviews", "the govt does not publish a list of unsafe trucking companies to refer to", etc. Like how with false dmca claims you have to prove intent, so noone ever gets prosecuted for it.

English

182

Kirsche 🥥 🧁@KirscheVerstahl·14 May

LETS GOOOOOO the freight brokers being held liable is great now go after the trucking companies themselves too please

Eric Daugherty@EricLDaugh

🚨 BREAKING: The US Supreme Court has ruled 9-0 that freight brokers can be held LIABLE if they negligently hire unsafe trucking companies — including those with ILLEGAL ALIEN and FOREIGN drivers who violate CDL rules and cause accidents LFG! Start cracking down on the companies 🔥 The opinion, delivered by Barrett, confirms that federal law does not shield these brokers from state negligence lawsuits. This will likely help force brokers into being MUCH more careful about which carriers they use, because they want to avoid lawsuits PURGE THE CDL SYSTEM and hold all trucking companies liable! Non-English foreigners all over the roads needs to end.

English

705

7.5K

68.7K

ultramage@ultramage·12 May

@ggwhyp @MikeyFromUK A third of the other replies are crapping on you for the localhost bit and how it's just staged. As if a 'remote' exploit popping up cmd couldn't be staged with a timer if they want to play that game. Should instead say 'mozilla bug no. xyz, current status accepted and confirmed'

English

ggwhyp@ggwhyp·11 May

@MikeyFromUK No, the vulnerability can be exploited remotely without any user interaction required.

English

3.1K

ggwhyp@ggwhyp·11 May

I was hoping to compete in Pwn2Own with a Firefox full-chain entry, but unfortunately it was rejected. I’ve reported the vulnerability to the Mozilla team.

English

720

110.6K

ultramage@ultramage·10 May

@menmakii @Patreon Hmm if it's just the website, maybe a few smartly chosen userCSS rules could make the DM indicator show 0 and be unclickable. Depends on how screwed up the site html is. If he always uses the same name, an even smarter javascript could just filter those chats out.

English

498

Menace☕️🫟@menmakii·10 May

Hey @Patreon can you allow me to turn off DMs or create a feature where we do not allow DMs? I do not know this person or anything they are talking about. If I block they make a new account. There's a lot more I didn't screenshot. I get 38+ every day. Thanks.

English

1.2K

52.4K

ultramage@ultramage·8 May

@Grxit There was the 2022 Vox cancellation by chinese fujos for quoting a yo'mama vine meme. But this is actual business interference. Not sure how to fix that other than if the entire VA and game industry blacklists the studio and ruins them, to make a deterring example out of them.

English

866

ꓕNIOԀꓤƎ⅁⅁Iꓤꓕ@Grxit·8 May

This is the most ridiculous shit I’ve ever heard 😂

AnimeTrends@animetrends

VTUBER KRONII ES DESPEDIDA POR HACER UN CHISTE HACE 4 AÑOS Ouro Kronii (Hololive) acaba de sufrir la "funa" más ridícula del año: la despidieron como actriz de doblaje de un videojuego por un chiste de hace 4 años. Kronii iba a ser la voz en inglés de un personaje para Eternal Return. Sin embargo, la comunidad coreana desenterró un clip viejo donde ella cazaba a un jabalí (boar) dentro del juego y decía que era "boar-ing" (juego de palabras para decir "aburrido"). Los jugadores se ofendieron, juraron que estaba insultando al juego y lloraron tanto que los desarrolladores le quitaron el papel. ¿Lo mejor? Kronii respondió como una absoluta reina basada: empezó a hacer MÁS chistes malos en sus redes y mandó a los ofendidos a "visitar un hospital", aclarando después que las barreras del idioma causan este nivel de estupidez.

English

1.4K

22.7K

ultramage@ultramage·8 May

@animetrends Oh, that reminds me of Vox quoting a 2014 viral meme video “your mom’s a hoe”, and one of the asian countries (prob China) culturally cancelling him, crying about insulting parents, and being completely ignorant of both the meme and the ancient american genre of yo’mama insults.

English

716

AnimeTrends@animetrends·8 May

Español

118

535

9.6K

274K

ultramage@ultramage·6 May

@vxunderground Supposedly UWP apps can to some degree isolate their keys from the user by adding the requirement for the caller to have a specific package id, and it's kernel enforced. If so, and the microsoft store variant actually used that, then the malware would need to elevate first.

English

ultramage@ultramage·6 May

@vxunderground The less noisy way is to simply become Chromium. Mimic the code, load the user files, ask CryptoAPI as the user to decrypt with the active user's session key, get passwords. You cannot defend against this on this level, anything you do is just defeatable obfuscation.

English

238

vx-underground@vxunderground·6 May

The initial proof-of-concept was released in C-sharp. Using this method to dump credentials is iffy because it requires administrative access and some security access tokens which can raise some flags. First, Edge is Chromium based. This is a Chromium thing but (if my memory serves me correctly) a unique attribute to Edge exclusively. However, because it is Chromium based this may impact other Chromium bases. It requires more investigation. Edge is a primary target because it's the default Windows browser and used in enterprise environments. Secondly, as far as malware goes, this is yet another method to potentially dump credentials on a home users machine. There are a few different ways. This method doesn't surprise me. However, successfully using this method is an enterprise environment would be difficult to use. It would require administrative access and some security access tokens which would immediately raise some flags. In other words, this method is interesting, I like the research performed, however it isn't something super super critical. If you're using this method in an enterprise environment then that company has been completely compromised down to the bone and they've got much larger issues. The code and research is really cool though. I just wish it wasn't written in C-sharp (I have an irrational disdain to .NET, especially lately).

International Cyber Digest@IntCyberDigest

‼️🚨 Microsoft calls this "intended behaviour," so here we go. How to dump the credentials of every user stored in Microsoft Edge: 1. Open Edge. Don't browse anywhere, just open it. 2. Flip to Task Manager, find Edge, expand the task. 3. Highlight the "browser" sub-task, right-click, and choose "Create Memory Dump." 4. Open the dump file and look for credentials. The logged-in Windows user can dump every stored Edge credential with no additional rights. Which means any malware that user executes has those credentials for the asking. Thanks to Rob VandenBrink at SANS: isc.sans.edu/diary/32954

English

808

84.3K

Keşfet

@vxunderground @1337h4x0r_420 @IntCyberDigest @roruroruko @Niall_Ky @TheDarkEnjoyer @dizzydokuro @elonmusk