Yeah, we rip on Microsoft a lot. But for each feature they add, they're just expanding the Threat Landscape in corporate environments (and potentially homeusers).

Should we be more optimistic? Maybe.

Are we optimistic? Hell nah

Microsoft CEO Satya Nadella greeting the Red Teamers after Microsoft Ignite 2024 (they can now clone target voices)

🚨 BREAKING 🚨

MICROSOFT HAS JUST DISCOVERED VDI'S AND THIN CLIENTS. THIS IS NOT A DRILL!!!!

APT28 and APT29 listenin' to Eminem - "Without Me" as we speak

Today the United States Department of Justice unsealed criminal charges brought against 5 people.

- Ahmed Hossam Eldin Elbadawy, 23, a/k/a "AD", of College Station, Texas
- Noah Michael Urban, 20, a/k/a "Sosa" and "Elijah", of Palm Coast, Florida
- Evans Onyeaka Osiebo, 20, of Dallas, Texas
- Joel Martin Evans, 25, a/k/a "joeleoli", of Jacksonville, North Carolina
- Tyler Robert Buchanan, 22, of the United Kingdom

The individuals are accused of performing phishing and/or social engineering attacks which resulted in the theft of millions of dollars.

More information: https://www.justice.gov/usao-cdca/pr/5-defendants-charged-federally-running-scheme-targeted-victim-companies-phishing-text

When I was a teenager, I infected my personal computer trying to download "mods" for Windows XP. I couldn't find the malware (I only checked My Documents), so I thought the malware was in my modem. I convinced my parents to buy a new modem. It didn't fix it.

- smelly

Another funny story: I got malware (again) from trying to download "hacks" for Halo 2. I couldn't find the malware (again) so I randomly uninstalled software from the Control Panel. I uninstalled the audio drivers and network drivers. This didn't fix it.

- smelly

regular programmers: int x = 0;
malware programmers: DWORD dwIncrementalExportAddressTableEnumerationIndexer = 0;

This is such an oddly specific joke, it's not even funny but it had to be shared

unrelated to malware, but need to kitty post (dont feel like pushing to prod)

we're cooked (we're under the rest)

Removed post about Google having to sell Chrome. It was slightly misleading.

tl;dr will be confirmed or denied Summer 2025 by the courts.

Broke the news so fast they didn't have time to activate Windows

Been spamming F5 all day 🙏

This is not pronounced like "MAGA". It's pronounced like: "Mmmmmm. Aga". The double M's are pronounced like you just ate a delicious slice of pizza. The "Aga" part is pronounced like you're stuck in traffic — a strenuous sigh almost.

It's shrimple.

"my computer harddrive is surrounded by tannerite. if the FBI raids me my harddrive will explode and they'll have no evidence"

Wow. Bravo. You'll be investigated by the FBI and the ATF.

2 birds with 1 stone. Brilliant tactics.

Today at CYBERWARCON we watched arguably one of the most interesting talks we've seen in awhile.

Steven Adair gave a nearly 1 hour presentation regarding APT28's "Nearest Neighbor Attack". In summary, because it was a long and wild story, APT28 successfully compromised one of their clients by compromising a company across the street from the client.

APT28, presumably unable to compromise their target, compromised a company across the street from the target. Then, using a combination of attacks including a 0day exploit, moved laterally across the street pivoting from WiFi. Yes, APT28 daisy chained their way to the target by WiFi. Subsequent to the compromise they primarily lived off the land and covered their tracks using CIPHER.exe

Volexity has released the paper on the talk. However, the paper does not truly do justice to the attack and does not truly emphasize the complexity of the attack. If you ever have a chance, watch the video.

Paper: https://www.volexity.com/blog/2024/11/22/the-nearest-neighbor-attack-how-a-russian-apt-weaponized-nearby-wi-fi-networks-for-covert-access/

Update: CYBERWARCON is now holding us hostage. They have done talks back-to-back, no time to get snacks or use the restroom.

We have ripped up the carpet and starting gnawing on the adhesives for nutrients. We have resorted to urinating in our pants.