We are behind schedule on almost all of our tasks. 1/2 of our staff is sick.
Seasonal changes are illegal and for nerds
Seasonal changes are illegal and for nerds
😢71🤣14❤🔥5🙏5
6 hours ago Reuters got confirmation from Boeing that they were impacted by 'cyber incident'. Boeing declined to comment on whether Lockbit was responsible for the 'cyber incident'.
More information: https://www.reuters.com/business/aerospace-defense/boeing-investigating-cyber-incident-affecting-parts-business-2023-11-01/
More information: https://www.reuters.com/business/aerospace-defense/boeing-investigating-cyber-incident-affecting-parts-business-2023-11-01/
Reuters
Boeing says 'cyber incident' hit parts business after ransom threat
Boeing , one of the world's largest defense and space contractors, said on Wednesday it was investigating a cyber incident that impacted elements of its parts and distribution business and cooperating with a law enforcement probe into it.
🤣43😁6🙏6🔥1🫡1
We've updated the vx-underground malware sample collection
- MedusaLocker
- XLoader
- SystemBC
- MinodoLoader
- ShellBot
- Moqhao
- XMRig
- PlayRansomware
- MoneyRansomware
- PrivateLoader
- AridGopher
- Micropsoa
- IcedId
and more...
Check it out here: vx-underground.org/
- MedusaLocker
- XLoader
- SystemBC
- MinodoLoader
- ShellBot
- Moqhao
- XMRig
- PlayRansomware
- MoneyRansomware
- PrivateLoader
- AridGopher
- Micropsoa
- IcedId
and more...
Check it out here: vx-underground.org/
👍20🤓14❤🔥5🎉2
52,807 new malware samples queued for upload in our VXDB and the vx-underground website.
*Reminder our VXDB allows you to search through our malware collection and download for free 🫡
https://virus.exchange
*Reminder our VXDB allows you to search through our malware collection and download for free 🫡
https://virus.exchange
🔥33🫡15❤🔥9👍4👏1
Google is introducing more new TLDs =D
.ing and .meme
New phishing links inbound!
.ing and .meme
New phishing links inbound!
🤣113🔥17❤4😱4😢4🤓3🤔2❤🔥1
Alternatives to 'whoami.exe'.
COM interface ideas:
- IADsADSystemInfo
- IADsWinNTSystemInfo
- IADsComputer
- WMI COM provider to query 'whoami.exe'
IADsADSystemInfo, IADsWinNTSystemInfo, and IADsComputer are all fundamentally similar in calling syntax and are pretty copy-pasta ish. Windows SDK is kind of a pain though, the GUIDs weren't located easily, so they needed to be manually defined.
Example: https://pastebin.com/raw/S32nYDAp
Advapi32 functionality:
- Advapi32!LookupAccountSidW
- Advapi32!LsaLookupSids
LookupAccountSidW is an internal wrapper that calls LsaOpenPolicy, LsaLookupSids, and subsequently LsaFreeMemory. LsaFreeMemory is a wrapper to RtlFreeHeap.
Example: https://pastebin.com/raw/zJVShnay
Other possibilities:
- NpGetUserName - gets the username from a named pipe. Requires spawning a secondary thread, creating a named pipe, connecting to it, impersonating it, ... it is a long story =D
- Offlinesame.dll - Offline sam has a lot of functionality for enumerating users and domains on the machine. This is undocumented and requires a little more work. However, it has been demonstrated loosely by 0gtweet
Example: https://github.com/gtworek/PSBits/blob/master/OfflineSAM/OfflineAddAdmin.c
tl;dr can't stop thinking about whoami.exe :(
COM interface ideas:
- IADsADSystemInfo
- IADsWinNTSystemInfo
- IADsComputer
- WMI COM provider to query 'whoami.exe'
IADsADSystemInfo, IADsWinNTSystemInfo, and IADsComputer are all fundamentally similar in calling syntax and are pretty copy-pasta ish. Windows SDK is kind of a pain though, the GUIDs weren't located easily, so they needed to be manually defined.
Example: https://pastebin.com/raw/S32nYDAp
Advapi32 functionality:
- Advapi32!LookupAccountSidW
- Advapi32!LsaLookupSids
LookupAccountSidW is an internal wrapper that calls LsaOpenPolicy, LsaLookupSids, and subsequently LsaFreeMemory. LsaFreeMemory is a wrapper to RtlFreeHeap.
Example: https://pastebin.com/raw/zJVShnay
Other possibilities:
- NpGetUserName - gets the username from a named pipe. Requires spawning a secondary thread, creating a named pipe, connecting to it, impersonating it, ... it is a long story =D
- Offlinesame.dll - Offline sam has a lot of functionality for enumerating users and domains on the machine. This is undocumented and requires a little more work. However, it has been demonstrated loosely by 0gtweet
Example: https://github.com/gtworek/PSBits/blob/master/OfflineSAM/OfflineAddAdmin.c
tl;dr can't stop thinking about whoami.exe :(
🤣51👍11🤓7❤4😎3🔥1
Here is a very poorly written way to do 'whoami' using CreateNamedPipe and Advapi32!NpGetUserName.
This undocumented function will do the generic LookupAccountSidW via GetUserNameExW, but it can act as a proxy function, or something.
https://pastebin.com/raw/ZsReS7k4
This undocumented function will do the generic LookupAccountSidW via GetUserNameExW, but it can act as a proxy function, or something.
https://pastebin.com/raw/ZsReS7k4
👍25😢9🤔5❤3🔥3🎉2
We've updated the vx-underground Windows malware paper collection
- 2023-07-29 - Lord Of The Ring0 - Part 5 Sarumans Manipulation
- 2023-08-13 - LAPS 2.0 Internals
- 2023-08-29 - DevTunnels for C2
- 2023-09-06 - How to Troll an AV
- 2023-07-29 - Lord Of The Ring0 - Part 5 Sarumans Manipulation
- 2023-08-13 - LAPS 2.0 Internals
- 2023-08-29 - DevTunnels for C2
- 2023-09-06 - How to Troll an AV
🔥30
This media is not supported in your browser
VIEW IN TELEGRAM
Insider Threats come in many shapes and sizes and are a major hurdle to any organization.
😁65🤣43❤5🤔4🤓4👍2
Reminder that Threat Actors (probably) haven't paid for a Red Teaming course or any sort of formal education
👍88😁32🤔11💯9🤓7🤯4🎉4❤3😱2🤣2
"Sorry, you can't join our ransomware group, you don't have a Bachelors degree in computer science and you don't seem to have any certificates"
🤣272👍12😢12😁8🤯7💯3🤓3😱2😎2❤1🔥1
We've updated the vx-underground Windows malware paper collection
- 2023-09-10 - GIF Steganography from First Principles
- 2023-09-11 - MATLAB Reverse Shell
- 2023-10-09 - Demonstrating Sleep Obfuscation - KrakenMask
Check it out here: https://www.vx-underground.org/
- 2023-09-10 - GIF Steganography from First Principles
- 2023-09-11 - MATLAB Reverse Shell
- 2023-10-09 - Demonstrating Sleep Obfuscation - KrakenMask
Check it out here: https://www.vx-underground.org/
❤20🤯8👍4🔥4🤓2
Swift removing ++ and -- operators because they can be confusing because of code like this:
This is the beauty of the C/C++ programming language. You can make the metaphorical gun and metaphorically shoot yourself with it. Also, don't code like this
int i = 5;
i = ++i + i++;
This is the beauty of the C/C++ programming language. You can make the metaphorical gun and metaphorically shoot yourself with it. Also, don't code like this
😁83🤣31🤝9🤔8😢4❤1👍1
vx-underground
Swift removing ++ and -- operators because they can be confusing because of code like this: int i = 5; i = ++i + i++; This is the beauty of the C/C++ programming language. You can make the metaphorical gun and metaphorically shoot yourself with it. Also…
The argument is that this is potentially undefined behavior because of how the pre-increment and post-increment expression will be interpretted (and/or optimized) by the compiler.
tl;dr don't write goofy goober code
tl;dr tl;dr nerds arguing over methods to increment an integer
tl;dr don't write goofy goober code
tl;dr tl;dr nerds arguing over methods to increment an integer
😁46🤣15🤓9👍2