6 hours ago Reuters got confirmation from Boeing that they were impacted by 'cyber incident'. Boeing declined to comment on whether Lockbit was responsible for the 'cyber incident'.

More information: https://www.reuters.com/business/aerospace-defense/boeing-investigating-cyber-incident-affecting-parts-business-2023-11-01/

We've updated the vx-underground malware sample collection

- MedusaLocker
- XLoader
- SystemBC
- MinodoLoader
- ShellBot
- Moqhao
- XMRig
- PlayRansomware
- MoneyRansomware
- PrivateLoader
- AridGopher
- Micropsoa
- IcedId
and more...

Check it out here: vx-underground.org/

52,807 new malware samples queued for upload in our VXDB and the vx-underground website.

*Reminder our VXDB allows you to search through our malware collection and download for free 🫡

https://virus.exchange

Google is introducing more new TLDs =D

.ing and .meme

New phishing links inbound!

Alternatives to 'whoami.exe'.

COM interface ideas:
- IADsADSystemInfo
- IADsWinNTSystemInfo
- IADsComputer
- WMI COM provider to query 'whoami.exe'

IADsADSystemInfo, IADsWinNTSystemInfo, and IADsComputer are all fundamentally similar in calling syntax and are pretty copy-pasta ish. Windows SDK is kind of a pain though, the GUIDs weren't located easily, so they needed to be manually defined.
Example: https://pastebin.com/raw/S32nYDAp

Advapi32 functionality:
- Advapi32!LookupAccountSidW
- Advapi32!LsaLookupSids

LookupAccountSidW is an internal wrapper that calls LsaOpenPolicy, LsaLookupSids, and subsequently LsaFreeMemory. LsaFreeMemory is a wrapper to RtlFreeHeap.
Example: https://pastebin.com/raw/zJVShnay

Other possibilities:

- NpGetUserName - gets the username from a named pipe. Requires spawning a secondary thread, creating a named pipe, connecting to it, impersonating it, ... it is a long story =D

- Offlinesame.dll - Offline sam has a lot of functionality for enumerating users and domains on the machine. This is undocumented and requires a little more work. However, it has been demonstrated loosely by 0gtweet
Example: https://github.com/gtworek/PSBits/blob/master/OfflineSAM/OfflineAddAdmin.c

tl;dr can't stop thinking about whoami.exe :(

Here is a very poorly written way to do 'whoami' using CreateNamedPipe and Advapi32!NpGetUserName.

This undocumented function will do the generic LookupAccountSidW via GetUserNameExW, but it can act as a proxy function, or something.

https://pastebin.com/raw/ZsReS7k4

An image illustrating the current CloudFlare status

https://www.cloudflarestatus.com/

We've updated the vx-underground Windows malware paper collection

- 2023-07-29 - Lord Of The Ring0 - Part 5 Sarumans Manipulation
- 2023-08-13 - LAPS 2.0 Internals
- 2023-08-29 - DevTunnels for C2
- 2023-09-06 - How to Troll an AV

Forgot to link to the website, but whatever. If you don't know the website by now you've got some sort of cognitive damage.

Going back to bed. If you need anything... don't need anything

Insider Threats come in many shapes and sizes and are a major hurdle to any organization.

Reminder that Threat Actors (probably) haven't paid for a Red Teaming course or any sort of formal education

"Sorry, you can't join our ransomware group, you don't have a Bachelors degree in computer science and you don't seem to have any certificates"

Swift developers proving they're very not cool

tl;dr says "++" and "--" operators are confusing

We've updated the vx-underground Windows malware paper collection

- 2023-09-10 - GIF Steganography from First Principles
- 2023-09-11 - MATLAB Reverse Shell
- 2023-10-09 - Demonstrating Sleep Obfuscation - KrakenMask

Check it out here: https://www.vx-underground.org/

Swift removing ++ and -- operators because they can be confusing because of code like this:

int i = 5;
i = ++i + i++;

This is the beauty of the C/C++ programming language. You can make the metaphorical gun and metaphorically shoot yourself with it. Also, don't code like this

The argument is that this is potentially undefined behavior because of how the pre-increment and post-increment expression will be interpretted (and/or optimized) by the compiler.

tl;dr don't write goofy goober code

tl;dr tl;dr nerds arguing over methods to increment an integer

Hello, how are you?

We're now granting permission to individuals who would like to upload malware to our VXDB. We are only granting this to select individuals we know, or individuals we know who can be trusted (or vouched for). We are doing this to prevent our VXDB being flooded with junk data or non-malicious files.

No changes will be made to the VXDB for user registration or downloads. It will always be free.

If you'd like to contribute to the VXDB you can contact us Twitter DMs or via e-mail at staff@vx-underground.org

Additionally, we are still working on refining the VXDB, bulk download (via API) is still not supported yet. It is in our ever-growing todo list.

Thank you everyone for the love, support, donations, and sponsorships you've given us. We would not have been able to create this VXDB, get this much malware, or share it with this many people if it were not for all of you helping us out.

Love you,

At this moment in time vx-underground is a daily grind - keeping the website updated with new papers, malware samples, the VX-API, the VXDB, etc.

Not entirely sure what else can be done now. Other than continuing the generic updates

Mission accomplished...?