Furthermore, it is probably worth reminding people that the IRGC-CEC successfully compromised Donald J. Trump's political campaign in 2024.

3 individuals operating under the monikers "Jalili", "Aghamiri", and "Balaghi" successfully compromised aides to the current President of the United States via social engineering.

The United States government issued an official indictment for the individuals believed to be responsible for the compromise.

More information: https://www.documentcloud.org/documents/25177046-24-cr-439-indictment

when i see misinformation vs misinformation on malware

hOw iS maLwARe wRiTteN

I unironically see this question posed by people who can program.

In its simplest form malware is just like any other program written except it has task automation present. Anything after the task automation segment is an auxiliary component and designed to avoid detection.

For example, if we discuss information stealer malware (which is rampant online), it can broken down into a few different "steps".

Step 1. "Land" on the machine. Your first step is getting the program on the machine and getting the user to run the program. More often than not, this is the most difficult part for malware. The most common method is file masquerading — in other words, "ImportantFile.pdf.exe".

To make this file masquerading "Step" more believable to the target, you simply change the files default icon to be that of a PDF file. This is extremely common in programming in general, I'm sure many of you have tried to customize your program.

2. Enumerate files on the machine. This is extremely easy to do and I'm sure any programmer can do this. Most files will be stored in the Documents directory. You use Windows GetEnvironmentVariableW function (or some variant of it) to get the user document directory. Then all you do is iterate through each file in that folder.

3. Examine each file discovered in the directory and/or follow sub-directories. Each file you encounter you should examine the file by determining its file extension. If the file extension is something which may possess something valuable (e.g. .PDF, .TXT, .PNG, .DOCX), then appropriate action should be taken and the next "Step" should be triggered.

4. Data exfiltrating — any file deemed potentially valuable should be uploaded to a remote host you own. You can use any method you want and any host you want. Some malware uses Discord, some use FTPs, some use their own custom infrastructure. If you've ever written code that sends a document somewhere then you can do this.

5. Self-terminate. Your malware has done its job.

Anything else beyond those 5 key "Steps" is used to avoid detection. Additionally, malware developers will spend a great deal of time trying to find unique ways to enumerate files, identify files, or send files to remote hosts. The more unusual you can make your malware the better. Of course more "Steps" may be introduced to steal cookies, cached passwords, etc. Other "Steps" may be to identify where the malware is running (e.g. country, what version of Windows, etc).

Thanks for coming to my Ted Talk

Thank you, Google

me using linux

Good morning, afternoon, or evening.

The boys are making some backend infrastructure changes. We'll be moving some data and stuff. Once this is completed we will begin doing updates.

I have probably 400+ papers in queue. Lots of cool stuff.

Malware is cool

She's mastered the N word in her professional life

Chat do I want internet or WiFi

I was thicc boi at 280lbs (127kg). Happy to share I've dropped down to 230lbs (104kg).

My goal is 180lbs (81kg).

50lbs (23kg) weight loss in 8 months

Never cared I was getting thicc. Decided to lose weight so my son didn't see fat stinky Dad on computer being yucky.

Now he just sees stinky Dad being yucky

Idea: CAPTCHA-ware.

Every time the user clicks with the mouse (left / right click) a CAPTCHA takes focus and covers the screen. They must solve the CAPTCHA to continue

Users must either:

1. Learn to navigate using only the keyboard

2. Upload cat pictures to a website

Parents,

I heard a weird noise coming from my child's room. I checked, and he was reading Windows Internals Vol. 1, specifically on the Windows I/O system. He also wearing some computer virus swag.

Has anyone seen this before? What do we do?

Thanks,

[Content Warning: This post contains graphic denoscriptions that some readers may find distressing]

June 13th, 2025, United States South Carolina Senator Robert John May III was arrested in connection to the distribution of Child Sexual Abuse Material (CSAM). In April, 2025, the United States National Center for Missing and Exploited Children was notified of Mr. May's actions on social media platform Kik.

On March 31, 2024, Kik flagged several of Mr. May's videos as CSAM.

Mr. May was operating on Kik under the moniker "joebidennnn69" and other places online as "Eric Rentling" where he actively traded CSAM with other users. Kik flagged 28 unique CSAM videos shared by Mr. May with additional data showing the material derived from an IP address located in West Columbia, South Carolina, United States.

Following the notification from Kik, on June 27th, 2024, the Lexington County Sheriff's Office obtained a state warrant to retrieve information on the AT&T IP address distributing the CSAM. The IP address was tied to an AT&T account holder "Robert John May III" who was an acting United States Senator.

Because of Mr. May's career as a United States Senator this resulted in the United States Department of Homeland Security Investigations to review the case further. The United States HSI concluded the Kik account "joebidennnn69" connected back directly to Mr. May's residence via VPN 48 times, via cellular internet 67 times, and via the home internet 958 times. Additionally, the HSI concluded the home devices were NOT compromised as a result of a Threat Actor. Hence, according to the HSI, all CSAM activity on Kik was conducted by someone in the home who owned a Samsung SM-G781U1.

On August 5th, 2024, the HSI in conjunction with the Lexington County Sheriff's Office raided Mr. May's residency.

Authorities retrieved materials including a Samsung SM-G781U1 Android smart phone which was found on Mr. May's bed side. The phone contained the same e-mail address which was used to register on Kik.

The contents of the phone unveiled a total of 265 CSAM videos.

Forensic evidence shows Mr. May used Kik, Telegram, Loki Messenger, and MEGA to actively share CSAM and finder other like-minded individuals. Interestingly, forensic shows Mr. May deleted all of his CSAM accounts April 4th, 2024 all within seconds of each other.

The MEGA account was registered to "Eric Rentling" which contained CSAM. Additionally, forensic evidence showed Mr. May possessed a secondary Facebook account which operated under the name "Eric Rentling". The Facebook account "Eric Rentling" contained a image of Mr. May. Upon examination the "Eric Rentling" Facebook account showed Mr. May speaking with sex workers in Colombia.

Per the United States Department of Justice on conjunction with the United States Department of Homeland Investigations, the United States Department of Justice’s Child Exploitation & Obscenity Section, and United States South Carolina Lexington County Sheriff's Office, Mr. May was found in the possession of the following:

[Warning: This is your last warning. The following segment is extremely graphic. This information was made public by the United States Department of Justice. We are sharing it in the spirit of full-disclosure and to illustrate the crimes by Mr. May]

1. April 3rd, 2024: Mr. May sent 5 individuals footage of a fully clothed child giving a grown man a fellatio. The man recording the video pans the camera to the left in which the man receiving the fellatio is performing the act in front of his wife and newborn child

2. April 3rd, 2024: Mr. May receives footage of an adult male penetrating a newborn babies vagina. The baby winces in pain and cries.

3. April 3rd, 2024: Mr. May receives footage of a woman kneeling an infant down with it's bottom exposed. A woman than performs oral sex on the newborn.

4. April 3rd, 2024: Mr. May distributes a CSAM compilation music video. The compilation includes a male forcing a prepubescent girl to perform oral sex on a dog, a man ejaculation on the face of a newborn baby, and a newborn baby being forced to consume the ejaculate of a male.

5. April 1st, 2024: Mr. May sends 3 different individuals a video of a group of men sexually assaulting a newborn child.

6. April 1st, 2024: Mr. May receives footage of a woman masturbating while she gives a newborn baby a fellatio.

The United States Department of Justice continues to provide profoundly graphic denoscriptions of the material Mr. May received. I am sharing the abridged denoscriptions of the official documents. I am too sickened to keep reading and discussing them. They share in total 10 denoscriptions. I am stopping at number 6. They continue to get progressively worse and more violent.

If found guilty he faces a total of 200 years in prison and $2,500,000 of fines.

Deleting files recursively on Linux:
rm -rf /path/to/folder

Deleting files recursively on Windows:
set "target=C:\Path\To\Folder"
for /R "%target%" %F in (*) do del /F /Q "%F"
for /F "delims=" %D in ('dir "%target%" /AD /B /S ^| sort /R') do rd "%D"

French Media outlets are reporting IntelBroker was apprehended by law enforcement February 22nd. Today they're reporting French law enforcement have apprehended 4 more individuals believed to act as administrators for breached

https://www.valeursactuelles.com/societe/info-va-les-administrateurs-francais-du-site-de-vente-de-donnees-volees-breachforums-interpelles

Note: This is a correction post. I incorrectly stated Kai West a/k/a IntelBroker moved money from RAMP (Ransomware MarketPlace) to Coinbase. That is wrong. I misread the court documents. It was RAMP Exchange Network.

tldr too many acronyms, I'm dumb

Per court documents, the Threat Actor known as IntelBroker was caught because he transfered money from RAMP (RAMP Exchange) to his personal Coinbase account.

He tried obfuscating the money transfer but it didn't work.

The Federal Bureau of Investigation and National Crime Agency have known IntelBrokers identity since later 2023, early 2024.

As stated previously, Mr. West and dozens of other Threat Actors we have seen are caught because they (incorrectly) believe law enforcement does not know their identity because they have not been visited or apprehended.

Law enforcement was able to easily identify Mr. West via Coinbase because of KYC (Know Your Customer), hence law enforcement was able to get Mr. West's drivers license and various other PII.

Once identified, law enforcement monitored Mr. West, as well as his associates, and established a long case and wrap sheet.

He is currently facing over 20 years in prison in the United States.