Here is a very poorly written way to do 'whoami' using CreateNamedPipe and Advapi32!NpGetUserName.

This undocumented function will do the generic LookupAccountSidW via GetUserNameExW, but it can act as a proxy function, or something.

https://pastebin.com/raw/ZsReS7k4

An image illustrating the current CloudFlare status

https://www.cloudflarestatus.com/

We've updated the vx-underground Windows malware paper collection

- 2023-07-29 - Lord Of The Ring0 - Part 5 Sarumans Manipulation
- 2023-08-13 - LAPS 2.0 Internals
- 2023-08-29 - DevTunnels for C2
- 2023-09-06 - How to Troll an AV

Forgot to link to the website, but whatever. If you don't know the website by now you've got some sort of cognitive damage.

Going back to bed. If you need anything... don't need anything

Insider Threats come in many shapes and sizes and are a major hurdle to any organization.

Reminder that Threat Actors (probably) haven't paid for a Red Teaming course or any sort of formal education

"Sorry, you can't join our ransomware group, you don't have a Bachelors degree in computer science and you don't seem to have any certificates"

Swift developers proving they're very not cool

tl;dr says "++" and "--" operators are confusing

We've updated the vx-underground Windows malware paper collection

- 2023-09-10 - GIF Steganography from First Principles
- 2023-09-11 - MATLAB Reverse Shell
- 2023-10-09 - Demonstrating Sleep Obfuscation - KrakenMask

Check it out here: https://www.vx-underground.org/

Swift removing ++ and -- operators because they can be confusing because of code like this:

int i = 5;
i = ++i + i++;

This is the beauty of the C/C++ programming language. You can make the metaphorical gun and metaphorically shoot yourself with it. Also, don't code like this

The argument is that this is potentially undefined behavior because of how the pre-increment and post-increment expression will be interpretted (and/or optimized) by the compiler.

tl;dr don't write goofy goober code

tl;dr tl;dr nerds arguing over methods to increment an integer

Hello, how are you?

We're now granting permission to individuals who would like to upload malware to our VXDB. We are only granting this to select individuals we know, or individuals we know who can be trusted (or vouched for). We are doing this to prevent our VXDB being flooded with junk data or non-malicious files.

No changes will be made to the VXDB for user registration or downloads. It will always be free.

If you'd like to contribute to the VXDB you can contact us Twitter DMs or via e-mail at staff@vx-underground.org

Additionally, we are still working on refining the VXDB, bulk download (via API) is still not supported yet. It is in our ever-growing todo list.

Thank you everyone for the love, support, donations, and sponsorships you've given us. We would not have been able to create this VXDB, get this much malware, or share it with this many people if it were not for all of you helping us out.

Love you,

At this moment in time vx-underground is a daily grind - keeping the website updated with new papers, malware samples, the VX-API, the VXDB, etc.

Not entirely sure what else can be done now. Other than continuing the generic updates

Mission accomplished...?

No, we're not shutting down. We're noting that we are considering exploring other projects for vx-underground (keyword: considering, nothing solid).

Also, we love all of you, especially you

It's been 10 minutes - still trying to understand this e-mail

Over the weekend we received a series of e-mails from compromised enterprise networks with the message "Я гей" ("I'm gay" in Russian). In a weird twist of fate, we received an e-mail (an uncompromised e-mail....) with the message "I'm gay".

Lots of gay people ¯\_(ツ)_/¯

TrustedSec has repeatedly spoken out about the importance of giving back, helping others, and making an impact on the community - whether it be them donating to educational programs to schools, creating cybersecurity conferences designed to make a positive impact on the community, sponsoring local events, or donating to people, giving away items, etc.

We spoke with Dave Kennedy, CEO of TrustedSec - he has offered us invaluable resources to aid us in our growth, given us insight into potential ways we can expand (while remaining free, vx-underground will remain free forever).

TrustedSec is also now our largest sponsor.

Thank you Dave Kennedy and friends at TrustedSec for making an impact and doing everything that you do. It is wholeheartedly appreciated it.

It should also be noted that Dave Kennedy asked for nothing in return for sponsoring us - not even a tweet or a logo on vx-underground. He is legitimately just wildin' out and helping nerds for fun

Monthly additions are now live. New additions:

- Virusshare.482 total of 52,807 new samples
- The Old New Thing for October, 2023
- Malware analysis collection - 82 new papers from malpedia

Have a nice day.

https://www.vx-underground.org/

Attempting to close Microsoft OneDrive on Windows 11 triggers a poll asking the user why they want to terminate the process.

*Killing the process via task manager doesn't trigger the poll

Image via tomwarren