Apologies – was testing something on Telegram. I'm sorry if that sent out a broadcast message.
😁49🤣20❤6❤🔥4🤓4😢2🫡2😘1
No major updates, news, or memes. Right now we're very busy (that's a lie, we're just being lazy)
🔥51🤣16❤8👏6😢3🎉2🤓1
June 11th a Microsoft engineer accidentally leaked 4GB of Microsoft PlayReady internal code. It was leaked on the Microsoft Developer Community. The leak includes:
- WarBird configurations
- WarBird libraries for code obfuscation functionality
- Libraries with symbolic information related to PlayReady
Researchers from AG Security Research Lab were able to successfully build the Windows PlayReady dll library from the leaked code. Interestingly, they were assisted because on the Microsoft Developer Community forum a user also provided step-by-step instructions on how to begin the build process.
Also, interestingly, interestingly, the Microsoft Symbol Server doesn't block requests for PDB files corresponding to Microsoft WarBird libraries, which inadvertently leaks more information.
Adam Gowdiak of AG Security Research Lab reported the issue and Microsoft removed the forum post. However, as of this writing, the download link is still active.
File listing is below. Forums screenshots are attached. All information discovered by AG Security Research Lab
File listing: https://pastebin.com/raw/i65qfd2z
- WarBird configurations
- WarBird libraries for code obfuscation functionality
- Libraries with symbolic information related to PlayReady
Researchers from AG Security Research Lab were able to successfully build the Windows PlayReady dll library from the leaked code. Interestingly, they were assisted because on the Microsoft Developer Community forum a user also provided step-by-step instructions on how to begin the build process.
Also, interestingly, interestingly, the Microsoft Symbol Server doesn't block requests for PDB files corresponding to Microsoft WarBird libraries, which inadvertently leaks more information.
Adam Gowdiak of AG Security Research Lab reported the issue and Microsoft removed the forum post. However, as of this writing, the download link is still active.
File listing is below. Forums screenshots are attached. All information discovered by AG Security Research Lab
File listing: https://pastebin.com/raw/i65qfd2z
😁49❤8🎉7👍4🫡3💯1
vx-underground
Today Lockbit ransomware groups 'timer' on the 'Federal Reserve' hit zero. They did not ransom the Federal Reserve as we expected – they ransomed Evolve Bank & Trust. We also assume the data is not critical because the facility is still operational.
As reference: we expressed extremely skepticism with Lockbit ransomware groups claims. We suspected the affiliate (who probably doesn't know English) saw a document that said "United States Federal Reserve" and thought it was that.
https://x.com/vxunderground/status/1805214817625530613
https://x.com/vxunderground/status/1805214817625530613
🤣79💯6😢1
vx-underground
When we find the guy who did the documentation for IActiveScript and IActiveScriptParse64 on MSDN
tl;dr exploring executing vbnoscript and jnoscript in-memory from a binary in c++. modexp did a c project on it, explored possibilities of it. worked with vbnoscript, imploded on jnoscript with hresult 0x80020101
got annoyed
heres the vbnoscript code that works: https://pastebin.com/raw/dW3w97Bx
got annoyed
heres the vbnoscript code that works: https://pastebin.com/raw/dW3w97Bx
❤17🤔2🤓2😢1
This media is not supported in your browser
VIEW IN TELEGRAM
When the Security Team catches a Threat Actor actively trying to compromise a machine
🤣153🫡16😁9🥰3😢2🤔1🤝1😎1
This media is not supported in your browser
VIEW IN TELEGRAM
🔥86🫡27🤣15❤8🤔5👍2😢2
"oTheR cOmpAnieS haVe MorE mAlwArE thAn yOu"
Ted Talk time.
First of all, we're not a company. We're just a bunch of internet nerds wildin' out on a computer.
Secondly, right now vx-underground ingests roughly 120,000 malware samples a month with a budget of a slice of pizza and some weird lookin' lint we found in our pocket.
The reality of the situation is large organizations ingest absurd quantities of malware. Antivirus vendors, (some) Threat Intelligence vendors, and Endpoint Security vendors ingest terabytes of malware a day.
We are aware of some organizations which ingest 500,000 - 1,000,000 malware samples a day. Whereas some AV vendors reportedly ingest over 5,000,000 malware samples a day. These organizations dwarf us.
Part of the reason why is simple: intelligence. Vendors are ingesting malware in large quantities, through various means such as honeypots, sharing between organizations (private exchanges), submissions from VirusTotal, and malware captured from user endpoints.
They use this data to track and monitor malware campaigns, C2 addresses (IPs or domains), look for modification of code bases, and look for any missteps and leaking of PII. They then distribute this data and update security rules, update known-good and known-bad SHA256 collections, and often work with law enforcements agencies to takedown Threat Groups. This is work that happens everyday, around the clock, 24/7 and these organizations work hard monitoring malware nerds.
Our purpose of collecting malware is historical in nature – people can download the malware, reverse the malware, and study the malware. Our malware is often hammy downs (metaphorically speaking) from larger organizations and is rarely cutting edge. It would be difficult to identify a new Threat Group from our malware collection. The advantage of our collection is it is often difficult for people to even get hammy down malware without begging someone (or some organization) OR the malware samples are scattered all over the place. Our collection is in 1 singular location making it easier to get the cool stuff nerds wanna study.
Thanks for coming to our Ted Talk.
Ted Talk time.
First of all, we're not a company. We're just a bunch of internet nerds wildin' out on a computer.
Secondly, right now vx-underground ingests roughly 120,000 malware samples a month with a budget of a slice of pizza and some weird lookin' lint we found in our pocket.
The reality of the situation is large organizations ingest absurd quantities of malware. Antivirus vendors, (some) Threat Intelligence vendors, and Endpoint Security vendors ingest terabytes of malware a day.
We are aware of some organizations which ingest 500,000 - 1,000,000 malware samples a day. Whereas some AV vendors reportedly ingest over 5,000,000 malware samples a day. These organizations dwarf us.
Part of the reason why is simple: intelligence. Vendors are ingesting malware in large quantities, through various means such as honeypots, sharing between organizations (private exchanges), submissions from VirusTotal, and malware captured from user endpoints.
They use this data to track and monitor malware campaigns, C2 addresses (IPs or domains), look for modification of code bases, and look for any missteps and leaking of PII. They then distribute this data and update security rules, update known-good and known-bad SHA256 collections, and often work with law enforcements agencies to takedown Threat Groups. This is work that happens everyday, around the clock, 24/7 and these organizations work hard monitoring malware nerds.
Our purpose of collecting malware is historical in nature – people can download the malware, reverse the malware, and study the malware. Our malware is often hammy downs (metaphorically speaking) from larger organizations and is rarely cutting edge. It would be difficult to identify a new Threat Group from our malware collection. The advantage of our collection is it is often difficult for people to even get hammy down malware without begging someone (or some organization) OR the malware samples are scattered all over the place. Our collection is in 1 singular location making it easier to get the cool stuff nerds wanna study.
Thanks for coming to our Ted Talk.
❤215👍22❤🔥10🤣6🫡6🥰2😘2🤔1😢1💯1