vx-underground
Hey Alexa, play "Money In The Bank" by Lil Scrappy.
Just kidding. We don't own an Alexa, or any of that IoT bullshit. God forbid it's compromised and some TA dumps 500 terabutts of peoples conversations in .mp3 format
🥰66🤣32👍6👏4❤2🤓2😱1😢1🤩1🙏1
> be new to cybersecurity
> google cybersecurity discords
> bishopfox listed
> click to join their discord
> discord requires verification (image 1)
> verification site has tons of pop ups (image 2)
> massive pop up saying need to install thing
> annoying page appears
> lady talking giving instructions how to download file
> listen to polite lady and follow her instructions
> download per her instructions (image 3)
> its free malware (image 4)
> google cybersecurity discords
> bishopfox listed
> click to join their discord
> discord requires verification (image 1)
> verification site has tons of pop ups (image 2)
> massive pop up saying need to install thing
> annoying page appears
> lady talking giving instructions how to download file
> listen to polite lady and follow her instructions
> download per her instructions (image 3)
> its free malware (image 4)
😁64🤣49❤6🤓6😍5👍2😢1
vx-underground
> be new to cybersecurity > google cybersecurity discords > bishopfox listed > click to join their discord > discord requires verification (image 1) > verification site has tons of pop ups (image 2) > massive pop up saying need to install thing > annoying…
tl;dr 1st lesson of cybersecurity, verify your identity to bishopfox without detonating malware on your machine (we failed)
🤣77🤓6😢1
vx-underground
> be new to cybersecurity > google cybersecurity discords > bishopfox listed > click to join their discord > discord requires verification (image 1) > verification site has tons of pop ups (image 2) > massive pop up saying need to install thing > annoying…
We made it into the Discord! We only detonated a few malware samples.
1. DocKing (tried to launch weird MS Edge URL, payload failed)
2. We purchased alcohol (wine tasting site)
3. Wave browser PUP/ADWARE
4. Installed a cool AI web search engine Google Chrome extension named Givero. It links to some dead domain via HTTP
1. DocKing (tried to launch weird MS Edge URL, payload failed)
2. We purchased alcohol (wine tasting site)
3. Wave browser PUP/ADWARE
4. Installed a cool AI web search engine Google Chrome extension named Givero. It links to some dead domain via HTTP
😁79😎12🎉7👍6🤣6❤3🤯1😢1
This media is not supported in your browser
VIEW IN TELEGRAM
"i work in tech" simulator
😁99😇18❤6🤣6😢2
This media is not supported in your browser
VIEW IN TELEGRAM
A Russian ransomware affiliate we know sent us this video.
Very cool.
Thank you for educating us on your culture. 🙏
Very cool.
Thank you for educating us on your culture. 🙏
🙏77🤣68❤9😁8🔥7🤓7👍3🤯2😢2❤🔥1🫡1
vx-underground
Someone sent us an e-mail saying they have some malware samples they can send us. We eagerly replied and thanked them. They replied saying the samples "are for sale" and asked how much we'd pay for them.
The current street value of malwares (decent quality) is $1,200 for 7,500,000 malwares.
A curated set of high quality malwares is roughly 15,000 malwares for $3,000.
It's hard to get high quality samples unless you're an AV and/or EDR vendor.
A curated set of high quality malwares is roughly 15,000 malwares for $3,000.
It's hard to get high quality samples unless you're an AV and/or EDR vendor.
😁91🤯16🫡14🤣12👏7👍5❤4❤🔥1🤔1😢1
We're finally updating the site this week.
The poop posting will end soon.
The poop posting will end soon.
😁63😢14🫡7❤🔥5🤣4❤1
vx-underground
We're finally updating the site this week. The poop posting will end soon.
Okay we won't stop poopy posting
👍55🙏23🫡21🔥17❤9🤣5😢2
Here is the process in which we add papers to vx-underground.
1. Find papers (Twitter, blogs, searching online, people sending them to us, etc)
2. Reviewing the paper, ensure it is legitimate, authentic (not copy-paste), and applicable to what we collect
3. Use PrintFriendly to download and transform into readable PDF format
4. Name file appropriately, try to find date of release or approximate date of release, to name it in format such as: "2024-01-05 - Malware Paper Title.pdf"
4.a. If paper contains code or images, place the contents in 7z file that is named after the paper such as: "2024-01-05 - Malware Paper Title.7z". If the content contains an executable file format, password protect the 7z.
5. Take copy, store locally in vx-underground backup NAS
6. Write down new addition in Notepad++ text file to keep track of recent additions (we're ghetto)
7. Once we have a bunch ready to go, push the giant collection of papers to prod.
8. Announce the additions on Twitter and Telegram
9. GOTO 1
We've been doing this cycle, in some form or another, since August 2019. It doesn't sound like much — but as vx-underground grows in size it becomes a lot more painful, tedious, and exhausting.
1. Find papers (Twitter, blogs, searching online, people sending them to us, etc)
2. Reviewing the paper, ensure it is legitimate, authentic (not copy-paste), and applicable to what we collect
3. Use PrintFriendly to download and transform into readable PDF format
4. Name file appropriately, try to find date of release or approximate date of release, to name it in format such as: "2024-01-05 - Malware Paper Title.pdf"
4.a. If paper contains code or images, place the contents in 7z file that is named after the paper such as: "2024-01-05 - Malware Paper Title.7z". If the content contains an executable file format, password protect the 7z.
5. Take copy, store locally in vx-underground backup NAS
6. Write down new addition in Notepad++ text file to keep track of recent additions (we're ghetto)
7. Once we have a bunch ready to go, push the giant collection of papers to prod.
8. Announce the additions on Twitter and Telegram
9. GOTO 1
We've been doing this cycle, in some form or another, since August 2019. It doesn't sound like much — but as vx-underground grows in size it becomes a lot more painful, tedious, and exhausting.
❤53🫡16🥰5😢2👍1
Wicked, a movie scheduled for released in theaters November 22nd, released toys for the film which accidentally listed an adult entertainment site on the toy box.
They meant to print "wickedmovie-dot-com" NOT "wicked-dot-com".
Information via 404mediaco & just2goodYT
They meant to print "wickedmovie-dot-com" NOT "wicked-dot-com".
Information via 404mediaco & just2goodYT
😁71🤣57❤8😢6❤🔥2🔥2🥰2