Awhile back we heard rumors of a Telegram RCE 0day. We brushed it off as silly memes. Turns out the 0day was 100% real and you're all probably pwned.
It was unveiled on XSS. Nerds celebrated
(joking about pwned part... kind of)
More information: https://www.bleepingcomputer.com/news/security/telegram-fixes-windows-app-zero-day-used-to-launch-python-noscripts/
It was unveiled on XSS. Nerds celebrated
(joking about pwned part... kind of)
More information: https://www.bleepingcomputer.com/news/security/telegram-fixes-windows-app-zero-day-used-to-launch-python-noscripts/
BleepingComputer
Telegram fixes Windows app zero-day used to launch Python noscripts
Telegram fixed a zero-day vulnerability in its Windows desktop application that could be used to bypass security warnings and automatically launch Python noscripts.
🤓64😁16🤔7❤3👍3🥰1😢1
This media is not supported in your browser
VIEW IN TELEGRAM
Today we will give all of you a lesson on computer hardware. This comprehensive video will explain the different components of a computer and how it all comes together to make the magic of the world wide web
😁85🤣57🫡15❤11👍4😎4🤔3🤓2
vx-underground
"Does {book} cover everything I need to know about malware?" No book ever released has covered 'everything' about malware. If you wanted a book to cover everything on malware it would weigh 500lbs (226kg) and be cartoonishly large.
On the Windows platform there dozens of ways to achieve persistence, shellcode execution, process injection, – hundreds of different ways to abuse system components
There are tons of little caveats, niches, tweaks and tricks you can do that are often over looked
tl;dr big book
There are tons of little caveats, niches, tweaks and tricks you can do that are often over looked
tl;dr big book
👏59❤🔥13🤓9👍3💯2🎉1
Today a group named 66slavs claimed to have breached the United States National Energy Research Scientific Computing Center (NERSC).
* We have not reviewed the data
* Yes, they watermarked a data breach
* We have not reviewed the data
* Yes, they watermarked a data breach
🤣140🎉17🔥10😁5❤4❤🔥1
babe wake up mandiant just released artwork for sandworm aka apt44 (officially)
❤101🤓20🔥16🤣13👍3👏2😱2🫡2🤔1
13-year-old Marco Liberale has created a proof-of-concept PasteBin C2 botnet in Go. Is it fully cross platform working on Windows, Linux, and Mac.
We are very happy to see such a young person contributing to this research space.
Check it out here: https://github.com/marco-liberale/PasteBomb
We are very happy to see such a young person contributing to this research space.
Check it out here: https://github.com/marco-liberale/PasteBomb
GitHub
GitHub - marco-liberale/PasteBomb: PasteBomb C2-less RAT
PasteBomb C2-less RAT. Contribute to marco-liberale/PasteBomb development by creating an account on GitHub.
❤110🤓39🔥11🫡11👏10👍9😇4🤣3❤🔥2🤯1🤝1
vx-underground
13-year-old Marco Liberale has created a proof-of-concept PasteBin C2 botnet in Go. Is it fully cross platform working on Windows, Linux, and Mac. We are very happy to see such a young person contributing to this research space. Check it out here: https…
Half of the vx-underground roster were still not fully potty trained at 13, so we find this profoundly impressive.
🤣108❤18🤯7👍4🤔4💯4😢2🤝1
This media is not supported in your browser
VIEW IN TELEGRAM
feege_ spotted a billboard advertisement on the i-95 in Philadelphia, near the Wells Fargo Center, that says:
"Hackers Suck"
"Protect your business. Cover your assets."
"Hackers Suck"
"Protect your business. Cover your assets."
🤣113🤓16👍6😁4😢3❤1🤔1
vx-underground
feege_ spotted a billboard advertisement on the i-95 in Philadelphia, near the Wells Fargo Center, that says: "Hackers Suck" "Protect your business. Cover your assets."
tl;dr you're all going to prison forever (and ever)
😱53🤣17😢8👍5😁5
Hello, how are you? We've updated the vx-underground malware collection. We've added 68,000 new malware samples.
Download the malware.
- Virussign.2024.04.09
- Virussign.2024.04.10
- Virussign.2024.04.11
- Virussign.2024.04.12
- Virussign.2024.04.13
- Virussign.2024.04.14
- Virussign.2024.04.15
- Virussign.2024.04.16
- Virussign.2024.04.17
- InTheWild.0118
- InTheWild.0119
Check it out here: https://vx-underground.org/Samples
Download the malware.
- Virussign.2024.04.09
- Virussign.2024.04.10
- Virussign.2024.04.11
- Virussign.2024.04.12
- Virussign.2024.04.13
- Virussign.2024.04.14
- Virussign.2024.04.15
- Virussign.2024.04.16
- Virussign.2024.04.17
- InTheWild.0118
- InTheWild.0119
Check it out here: https://vx-underground.org/Samples
❤20🔥7💯2👍1
Nerds are reporting the new Team Fortress 2 64bit version is being flagged as malware from AV engines.
🤣75😁9🫡8👍1
Malware review:
2024-03-26 - Malware Disguised as Installer from Korean Public Institution (Kimsuky Group)
- Masquerades as installer (0 points)
- Masqueraded installer is not functional (-1 points)
- Dropper is signed (+1 points)
- Drops src.rar (-1 points)
- Password protected with "1q2w3e4r" (-1 points)
- Execution begins with command "installer" (0 points)
- Copies to %USERPROFILE% (0 points)
- Payload masquerades as svchost.exe (0 points)
- Registers itself in Task Scheduler (0 points)
- Masquerades in Task Scheduler as "Windows Backups" (0 points)
- Developed in Go (+1 points)
- Recycled code from previous malware campaign (-1 points)
- Used same signed certificate from previous malware campaign (-1 points)
- Has generic RAT functionality (0 points)
- TA pushed Mimikatz to infected machine (-2 points)
- Mimikatz masqueraded as cache.exe (0 points)
- TA used free Ngrok domain for C2 (-1 points)
We give Kimsuky Group's recent APT campaign an F.
Unoriginal, generic code, some code dependent on external applications (Winrar) which may not be present on victim machines. Password is hardcoded in payload and easily identifiable. Recycled code and recycled certificate is poor design and lazy. Masqueraded installer not working is lazy. Pushing Mimikatz is also a poor decision, this tool is heavily flagged and is a big red flag.
2024-03-26 - Malware Disguised as Installer from Korean Public Institution (Kimsuky Group)
- Masquerades as installer (0 points)
- Masqueraded installer is not functional (-1 points)
- Dropper is signed (+1 points)
- Drops src.rar (-1 points)
- Password protected with "1q2w3e4r" (-1 points)
- Execution begins with command "installer" (0 points)
- Copies to %USERPROFILE% (0 points)
- Payload masquerades as svchost.exe (0 points)
- Registers itself in Task Scheduler (0 points)
- Masquerades in Task Scheduler as "Windows Backups" (0 points)
- Developed in Go (+1 points)
- Recycled code from previous malware campaign (-1 points)
- Used same signed certificate from previous malware campaign (-1 points)
- Has generic RAT functionality (0 points)
- TA pushed Mimikatz to infected machine (-2 points)
- Mimikatz masqueraded as cache.exe (0 points)
- TA used free Ngrok domain for C2 (-1 points)
We give Kimsuky Group's recent APT campaign an F.
Unoriginal, generic code, some code dependent on external applications (Winrar) which may not be present on victim machines. Password is hardcoded in payload and easily identifiable. Recycled code and recycled certificate is poor design and lazy. Masqueraded installer not working is lazy. Pushing Mimikatz is also a poor decision, this tool is heavily flagged and is a big red flag.
🤣81👏11👍7❤2😢1💯1🫡1