When I was a teenager, I infected my personal computer trying to download "mods" for Windows XP. I couldn't find the malware (I only checked My Documents), so I thought the malware was in my modem. I convinced my parents to buy a new modem. It didn't fix it.

- smelly

Another funny story: I got malware (again) from trying to download "hacks" for Halo 2. I couldn't find the malware (again) so I randomly uninstalled software from the Control Panel. I uninstalled the audio drivers and network drivers. This didn't fix it.

- smelly

regular programmers: int x = 0;
malware programmers: DWORD dwIncrementalExportAddressTableEnumerationIndexer = 0;

This is such an oddly specific joke, it's not even funny but it had to be shared

unrelated to malware, but need to kitty post (dont feel like pushing to prod)

we're cooked (we're under the rest)

Removed post about Google having to sell Chrome. It was slightly misleading.

tl;dr will be confirmed or denied Summer 2025 by the courts.

Broke the news so fast they didn't have time to activate Windows

Been spamming F5 all day 🙏

This is not pronounced like "MAGA". It's pronounced like: "Mmmmmm. Aga". The double M's are pronounced like you just ate a delicious slice of pizza. The "Aga" part is pronounced like you're stuck in traffic — a strenuous sigh almost.

It's shrimple.

"my computer harddrive is surrounded by tannerite. if the FBI raids me my harddrive will explode and they'll have no evidence"

Wow. Bravo. You'll be investigated by the FBI and the ATF.

2 birds with 1 stone. Brilliant tactics.

Today at CYBERWARCON we watched arguably one of the most interesting talks we've seen in awhile.

Steven Adair gave a nearly 1 hour presentation regarding APT28's "Nearest Neighbor Attack". In summary, because it was a long and wild story, APT28 successfully compromised one of their clients by compromising a company across the street from the client.

APT28, presumably unable to compromise their target, compromised a company across the street from the target. Then, using a combination of attacks including a 0day exploit, moved laterally across the street pivoting from WiFi. Yes, APT28 daisy chained their way to the target by WiFi. Subsequent to the compromise they primarily lived off the land and covered their tracks using CIPHER.exe

Volexity has released the paper on the talk. However, the paper does not truly do justice to the attack and does not truly emphasize the complexity of the attack. If you ever have a chance, watch the video.

Paper: https://www.volexity.com/blog/2024/11/22/the-nearest-neighbor-attack-how-a-russian-apt-weaponized-nearby-wi-fi-networks-for-covert-access/

Update: CYBERWARCON is now holding us hostage. They have done talks back-to-back, no time to get snacks or use the restroom.

We have ripped up the carpet and starting gnawing on the adhesives for nutrients. We have resorted to urinating in our pants.

Listening to James Elliot from MSTC discuss the "Triple Threat" of North Korean IT workers a/k/a Ruby Sleet via CYBERWARCON.

We've learned a lot about their methods of applying for jobs, their templates and portfolios, how they use AI for faking images, etc. Included in this is how North Korea pays United States citizens to receive laptops for them, keeping them plugged in and alive — the "laptop farms".

In August, 2024, the United States Federal Bureau of Investigation took down a North Korean "laptop farm" for their IT workers which housed over 800 proxies.

tl;dr if you're new to information security (or IT in general) and say you can't get a job, you're doing something wrong.

tl;dr tl;dr the north koreans took your job

Yesterday night (or early morning November 22nd depending on where you reside), it was unveiled an unknown Threat Actor(s) had compromised Andrew Tate's online university, dubbed "The Real World (Hustler's University)".

Note(s):
1. The content was given to non-profit organization DDoSecrets (unable to tag on X due to their account being suspended) and is available for anyone to review

2. Upon compromise (and exfiltration of data, presumably), the individual(s) responsible for the compromise inserted pro-transgender emojis onto the site and uploaded AI photos of Andrew Tate with a transgender flag. The compromise of Andrew Tate's website appears to be ideologically motivated, not financially motivated

3. Upon review of the compromised data we spotted some inconsistencies with reporting from media outlets. Some media outlets have stated the stolen data contains over 325,000 user email addresses. However, upon review we do not see email addresses UNLESS the users actual username on the website was their email address. We only spotted a few thousand (see image 1)

The file in the leaked, "users.json", contains the following:
- Unique UserID
- Username
- External UserID
- Score (reputation)
- Coin balance (forum based currency)
- Server (unsure)
- "User" (unsure)
- Join Date
- Roles

Other fields visible, which appear to be optional entries based on users interaction with the website:
- Profile content
- "Learnv2"
- Avatar

Also present in the compromise is chat logs from both public and private rooms. These rooms include:
- AI Automation
- Business Mastery
- Content Creation & AI Campus
- Copywriting
- Crypto DeFi
- Crypto Trading
- Cryptocurrency Investing
- ECommerce
- Fitness
- Hustler's Campus
- Social Media & Client Acquisition
- The Real World

Each room described has a both public and private variant. We briefly skimmed the contents of these and can confirm they have unfathomable amounts of chat logs and conversations. In the spirit of full disclosure: we are not going to review and/or read these chat logs. They are massive. In summary: the dumped conversations are legit.

As a disclaimer: it may be possible that email addresses and more sensitive information is in the chat logs. We have not reviewed this in totality to confirm that (we don't feel like it).

Hi,

We're aware of the stuff that happened today. We see your messages (and cat pictures). Tomorrow we'll review the stuff on the alleged* Ticketmaster hacker and the new information released on him. We'll review the Spotify stuff too.

Love you,
- smelly

Update: 720,845 emails are stored in one of the private chatrooms (???), removing duplicates will probably bring it to the number being reported.

Breach is 100% legit

Andrew Tate has publicly commented on the compromise of The Real World (Hustlers University).

He asserts the compromise was a result of the Threat Actor(s) paying for membership and simply scraping the site.

His response minimizes the compromise and concludes with him stating he is wealthy.

Based on the data we've seen, he is indeed fairly wealthy if each individual on the website purchased membership. However, his response does not account for the email addresses exfiltrated as a result of the compromise and the database fields visible.

More information has been released regarding Connor Moucka a/k/a Alexander Moucka a/k/a Judische a/k/a Catist a/k/a Waifu, the person allegedly responsible for the Ticketmaster compromise (among many others)

He has way too many aliases

November 22nd, 2024, unsealed documents (from Canada) state authorities believe him to be dangerous to himself, and the public. They also state he a flight risk.

Documents show Mr. Moucka used racial slurs online, frequently discussed killing black people, mass mailing black people "sodium nitrate pills", acquiring weapons to kill random Canadians, and discussing wanting to commit suicide by cop.

Court documents show Mr. Moucka plotting and scheming the Snowflake compromise, which resulted in the Ticketmaster compromise. Chat logs show the scheme, him and his associates discussing how to use stolen credentials, access to private data (banking information, payroll records, driver license numbers, passports, and social security numbers). The scheme conversation included how they would extort people.

Unsealed documents show images of Mr. Moucka's home and how law enforcement identified him. Mr. Moucka was identified by law enforcement by his Apple iCloud account. The Apple iCloud account was linked to his Discord account. Additionally, the Apple iCloud account was tied to his cryptocurrency wallets.

Court records show Mr. Moucka was charged in November, 2023 at age 25 for harassing a woman online and threatening to kill her.

Mr. Moucka's next court case regarding his extradition to the United States is November 29th, 2024.