vx-underground

@Voltlighter You were correct. x.com/vxunderground/…

@vxunderground I'd look him up in a court records database, I'm sure John Strawberry has been having some interesting adventures.

Dawg, like, 8 months ago this dude randomly knocks on my door and he's like, "are you John Strawberry?" (not the actual name he said). I'm like, "....No?" and he's like, "Well, do you know where he is or how to find him?" I reply, "I have no idea who that is, sorry." and then I go on about my business and I forget about it. Bro shows up again a few months later knocking on my door asking for John Strawberry. This time my wife answered the door and he's yapping about how he has to return something really important to him. My wife is like "??? Who the FUCK is John Strawberry ???" Fast forward, this whacko shows up AGAIN. This time he parks outside my house. He knocks on the door. He says his car broke down and he needs help. I'm like, "weren't you the dude asking for John Strawberry?" and he's like, "Oh, do you know John Strawberry? How can I contact him?" I'm like ??? This dude drives by my house now AT LEAST once a week. He rolls by real slow and takes a look and then leaves. Then the police show up asking for John Strawberry. They say they have a warrant out for his arrest and my home was listed as last known good address. DAMN YOU JOHN STRAWBERRY

Per the comments, I decided to look up John Strawberry. It turns out John Strawberry is like, a general contractor or handyman, or something. He owns his own company and does stuff like painting, or drywall repair, or window installation. He used to live where I live now. His outdated business details lists my home as his companies address from 2016. John Strawberry has two warrants for his arrest. He also lost a court case against someone and owes them $250,000 ... because he never showed up to court because he has two warrants for his arrest. DAMN YOU JOHN STRAWBERRY

hahahahahaha. they use yr_compiler_add_file and this function expects a FILE* object when windows natively uses HANDLE. you can use fopen, but depending on how you compile the libyara64.dll in release mode it throws weird crt errors when trying to pass the FILE* ... because of some dumb shit, i cant remember now, i fixed it by using yr_compiler_add_string

@vxunderground "the YARA API is very POSIX-y but this can be dealt with easily" > #defines snake_case functions to CamelCase

IT'S NOT FAIR The samples the dorks over on Reddit shared are (sort of) a dead end. The SHA256 file hash they shared is a basic bitch malware loader. It's literally called "monthly.vbs", it isn't obfuscated, and it makes a plain HTTP (not HTTPS) call with WinHTTP to a clearly malicious Alibaba OSS (Object Storage Service) instance. The Threat Actor(s) didn't even have the common courtesy to make it look non-malicious. When you try cURLing that bby it replies: "AccessDenied You have no right to access this object because of bucket ACL" THEY MADE IT NON-PUBLIC BUT IT STILL EXISTS. LET ME IN

@MaplePrism nah, c2 is dead. need the malwares from vt, but dont have access to vt (they think im a nerd)

@vxunderground x.com/MaplePrism/sta…

EVERYONE GETS MALWARE EXCEPT ME ITS NOT FAIR

@drunkennutz no im small brain, was in bed, copied sha256 wrong. i thought you shared hashes not on vt lmfao

@vxunderground If you have VT enterprise you can pull them there

@drunkennutz What am I supposed to do with these if they're not shared anywhere

@vxunderground 3ccc5b5b2d6e59cb32d31394287630f007658d01ded68dedf8e7c25e1da0b5ab 2653fcfead0706674007ac0d2ae76fef6d694356c479aa0005c6c26828bcc3eb

@MaplePrism okie, in the meantime ill bonk the installer with a stick

@vxunderground IM TRYING SO HARD TO FIND YOU A SAMPLE

@MaplePrism gib malware plz

@vxunderground I am so shocked you're in my replies right now hello LMAO This is so cool But yeah, DNA gave out free malware to all its players with the update a week after they themselves got hacked HAHA

PSA FOR DUET NIGHT ABYSS PLAYERS THE LATEST GAME UPDATE INSTALLS MALWARE ON YOUR PC AS WELL AS A DELAYED TASK TRIGGER. PLEASE ENSURE YOU CHECK YOUR PC FOR THIS IF YOU'VE UPDATED THE GAME. The official subreddit has been suppressing and down playing this situation, shameful.

.@bquintero I understand your design philosophy, but as a Windows nerd this mildly irritates my jimmies and I demand VirusTotal enterprise with unlimited downloads as compensation

yr_compiler_add_file DOESN'T ACCEPT WCHAR wE NeEd iT To WoRkl WiTh LiNux AnD maCoS Okay, I guess I'll call WideCharToMultiByte 9000 times to APPEASE YOU

@TalB87268183 I'm not making a product. I've historically done malware development so I decided to explore the defensive side to see what nerds are doing over here.

@vxunderground If all you've got is an ETW consumer and YARA nobody will buy your EDR ;) From my own limited experience, these things are SO hard to scale and run without a bizarre performance cost while actually keeping up with new malware

@cyb3rjerry Yes, but I enjoy the exploratory process. Blue Team nerds are basically standing by the door, trying not to fall asleep, because the next attack could be in a few days... or weeks... or months... or maybe a crazy couple of days then months of silence.

@vxunderground Same goes for attack no? You're just endlessly looking for ways to avoid the bodyguard and if he'll bonk you on the head if you do things every so slightly differently

@mvalsmith oh, thats a good point actually. thanks for the input

When I was "infosec" famous (speaking at Blackhat, Defcon, bunch of the other cons, working on big name tools, publishing, etc.) I was interviewed by multiple media outlets. A few that stand out: Forbes, Washington Post, Wall Street Journal. Not once, in the 10s of interviews I went through, did they get it right in the story. This resulted in me implementing a ban on doing interviews. A lot of bigger names than me that I know have done the same. So maybe its just people who don't care about accuracy, just about getting their name out, that are willing to do interviews.

I am genuinely impressed by mainstream media outlets ability to find absolute nobodies in cybersecurity. It's remarkable. I am often left speechless. There has been dozens occasions, especially as of recent, where some media outlet will be like, "Today as a special guest is world-renowned cybersecurity expert and ethical hacker Joe McCyberSecurity". I'm like, who the fuck is Joe McCybersecurity? I've been doing cybersecurity and malware stuff for a long time and I've never once seen or heard of Joe McCybersecurity. If he is world-renowned, I would THINK I would have seen them or heard of them. The camera then pans over to Joe McCybersecurity and it is the most generic cookie cutter white dude in a cheap suit and the tag below him will say something like, "Joe McCybersecurity, Ethical Hacker, CEO of Cybersecurity McJoe Industries" I'm like, "Cybersecurity McJoe Industries? What the fuck is that?". I look it up and it's a generic WordPress website hosted on GoDaddy with an expired SSL cert. Joe McCybersecurity then babbles incomprehensible nonsense for about 60 seconds until the TV host goes "woaw" and it cuts to a commercial. Absolute cinema.

I wish I was joking. I didn't understand the political banter I saw on social media. I had to use AI slop machine explain it to me. I didn't understand what the fuck the Levin guy was talking about and I didn't understand why the most liked repost was talking about the dudes military credentials. It didn't make sense in my dumb little brain. tl;dr robot better human than me

tl;dr normie to big stinky nerd translator I'm going to share something embarrassing, but this is true. I have found a good usage of AI (for me, at least). I'm a big stinky nerd and I have a hard time understanding what people are saying to me. I am an extremely explicit communicator. I usually say exactly what I mean (for better or worse). I get very confused when people imply something, or lean heavily on emotional phrasing, to implicitly communicate. I have been unironically using AI to explain what people are saying to me. I'll detail the conversation to the best of my ability if it was communicated verbally, if it was online I copy-paste my message and the persons response (or comment). The silly AI slop robot then translates what the person says into explicit communication for me so I understand better. Basically, the dumb ass slop machine robot is better at understanding humans than me. Sometimes I have zero idea what someone is talking about or trying to convey. pic related: machine deciphering human language and explaining to my dumb nerd brain