If you want to learn more about malware the easiest method is learning malware TTPs (Tactics Techniques and Procedures). Basically, understand some of the techniques employed by malware authors to do stuff
Some malware techniques are simple and old
Some malware techniques are incredibly sophisticated
What you'll notice though with malware TTPs is each TTP is a "stepping stone". For example, the most advanced evasion techniques often stem from the most basic of evasion techniques.
Research and improvements on malware don't come from nowhere. Each technique comes from standing (metaphorically) on the work of others.
Malware TTPs are broken down kind of subjectively. They're hard to categorize. MITRE is the industry standard for malware TTPs, but even then there is some debate on the effectiveness of it.
By effectiveness I mean, if you have a simple malware technique that is slightly modified, is it the same malware technique? Is it a whole new category? How many "modifications" until it has its own entry? It's just debating classification.
For Windows malware however malware is defined as something along the lines of:
1. How was it delivered to the machine?
2. How many "chains" or "stages" or "redirects" were performed until the payload was detonated?
3. How was the payload detonated?
4. Is the payload persistent?
5. What was the objective of the malware?
On missiles and stuff, the part that explodes is the payload. It is the same concept with malware. The actual malicious code that does the malicious stuff is the payload.
With chains, or redirects, or stages, ... modern malware is often not as simple as someone double clicking a .exe the payload detonates. While this is true for common malware, more sophisticated malware will often jump through a series of hoops until the actual payload is detonated.
For example, more sophisticated malware may send a malicious email attachment that is a .Lnk file (shortcut file). When the user double clicks the .Lnk file the .Lnk file may download a .zip file. The . Lnk file will extract the .zip which will contain a malicious .JS file. The .Lnk file will execute the .JS file.
The .JS file will delete the .Lnk and .zip. The .JS file with then generate a .PS1 noscript and execute it. The .PS1 file will delete the .JS file and download a .exe file. The .exe file then will download a .dll file. The .DLL is the payload.
1. Lnk downloads .zip
2. Lnk extracts zip
3. Lnk runs .JS
4. JS deletes .Lnk
5. JS deletes .zip
6. JS makes .ps1
7. ps1 downloads .exe
8. ps1 deletes .JS
9. .exe downloads .DLL
10. .exe runs .DLL payload
The reason malware does this is because it makes it difficult for anti virus software to identify the final payload. Researchers will need to reconstruct the series of events which lead to the payload delivery. Additionally, malware authors may modify the chaining at any given moment to make detection much more difficult.
Okay, that's enough schizo ranting for now.
Some malware techniques are simple and old
Some malware techniques are incredibly sophisticated
What you'll notice though with malware TTPs is each TTP is a "stepping stone". For example, the most advanced evasion techniques often stem from the most basic of evasion techniques.
Research and improvements on malware don't come from nowhere. Each technique comes from standing (metaphorically) on the work of others.
Malware TTPs are broken down kind of subjectively. They're hard to categorize. MITRE is the industry standard for malware TTPs, but even then there is some debate on the effectiveness of it.
By effectiveness I mean, if you have a simple malware technique that is slightly modified, is it the same malware technique? Is it a whole new category? How many "modifications" until it has its own entry? It's just debating classification.
For Windows malware however malware is defined as something along the lines of:
1. How was it delivered to the machine?
2. How many "chains" or "stages" or "redirects" were performed until the payload was detonated?
3. How was the payload detonated?
4. Is the payload persistent?
5. What was the objective of the malware?
On missiles and stuff, the part that explodes is the payload. It is the same concept with malware. The actual malicious code that does the malicious stuff is the payload.
With chains, or redirects, or stages, ... modern malware is often not as simple as someone double clicking a .exe the payload detonates. While this is true for common malware, more sophisticated malware will often jump through a series of hoops until the actual payload is detonated.
For example, more sophisticated malware may send a malicious email attachment that is a .Lnk file (shortcut file). When the user double clicks the .Lnk file the .Lnk file may download a .zip file. The . Lnk file will extract the .zip which will contain a malicious .JS file. The .Lnk file will execute the .JS file.
The .JS file will delete the .Lnk and .zip. The .JS file with then generate a .PS1 noscript and execute it. The .PS1 file will delete the .JS file and download a .exe file. The .exe file then will download a .dll file. The .DLL is the payload.
1. Lnk downloads .zip
2. Lnk extracts zip
3. Lnk runs .JS
4. JS deletes .Lnk
5. JS deletes .zip
6. JS makes .ps1
7. ps1 downloads .exe
8. ps1 deletes .JS
9. .exe downloads .DLL
10. .exe runs .DLL payload
The reason malware does this is because it makes it difficult for anti virus software to identify the final payload. Researchers will need to reconstruct the series of events which lead to the payload delivery. Additionally, malware authors may modify the chaining at any given moment to make detection much more difficult.
Okay, that's enough schizo ranting for now.
🥰65❤25🫡13😁4🔥2😢1💯1🤝1
Sometimes I still think about how zhangsansec hacked our website.
He found the silliest bug.
The bug allowed him to arbitrarily upload, download, edit, and delete files. He couldn't modify any website code, but he had the ability for a brief moment in time to destroy our entire archive.
When he discovered the exploit he notified us via DM. He didn't ask for anything in return. He didn't want a bug bounty. He shared his thoughts on where he believed the bug was on our side.
After he reported the vulnerability and confirmed we fixed it, ... he disappeared.
This guy is a fucking badass. Who the fuck was that absolute chad? Bro hacked our shit for the love of the game and as a meme ... then just left???
He found the silliest bug.
The bug allowed him to arbitrarily upload, download, edit, and delete files. He couldn't modify any website code, but he had the ability for a brief moment in time to destroy our entire archive.
When he discovered the exploit he notified us via DM. He didn't ask for anything in return. He didn't want a bug bounty. He shared his thoughts on where he believed the bug was on our side.
After he reported the vulnerability and confirmed we fixed it, ... he disappeared.
This guy is a fucking badass. Who the fuck was that absolute chad? Bro hacked our shit for the love of the game and as a meme ... then just left???
🫡124❤🔥28❤8🥰8🤝4🤔3💯3🤓3👍1😢1
Hi,
I will begin doing giveaways soon for the holiday season. This will be our third year doing giveaways.
This year I'll be giving away significantly less stuff because I have a baby and he doesn't respect anything except milk, food, pooping, and sleep.
Regardless, I still have lots of cool stuff to giveaway.
I'll be doing giveaways from cyberwarfarelab, CCGCyberWorld, HCAdamSec, ddd1ms, and some stuff from myself personally out-of-pocket. I forgot to harass more people for free stuff. I'm sure someone will come around.
For those new: each holiday season I giveaway a bunch of educational cybersecurity and/or information technology stuff. It's for anyone.
tl;dr cats r cool
I will begin doing giveaways soon for the holiday season. This will be our third year doing giveaways.
This year I'll be giving away significantly less stuff because I have a baby and he doesn't respect anything except milk, food, pooping, and sleep.
Regardless, I still have lots of cool stuff to giveaway.
I'll be doing giveaways from cyberwarfarelab, CCGCyberWorld, HCAdamSec, ddd1ms, and some stuff from myself personally out-of-pocket. I forgot to harass more people for free stuff. I'm sure someone will come around.
For those new: each holiday season I giveaway a bunch of educational cybersecurity and/or information technology stuff. It's for anyone.
tl;dr cats r cool
❤146❤🔥26🥰14🎉6👍3😢1
This media is not supported in your browser
VIEW IN TELEGRAM
🤯118🤣49❤25😱7🥰6💯4😁2😢2🤓2🔥1😎1
If you had to choose between never seeing your family ever again or never being able to get on the internet ever again
Which website would you visit once your family is gone forever
Which website would you visit once your family is gone forever
🤣171🥰27😁19😱8❤5🤓5💯3🔥2😢2🤔1
In like, 2020 I read this paper from 2006 about a malware keylogging idea. It was briefly discussed on forums and some cybersecurity conventions.
No one ever produced code for the idea.
Every few months I return back to the idea and poke around for a bit.
I have no idea why I've been obsessed with this idea for FIVE FUCKING YEARS. Regardless, today after poking around some more I think I finally figured it out.
No one ever produced code for the idea.
Every few months I return back to the idea and poke around for a bit.
I have no idea why I've been obsessed with this idea for FIVE FUCKING YEARS. Regardless, today after poking around some more I think I finally figured it out.
🤯48🎉11❤9🤓6🥰2😢1
vx-underground
In like, 2020 I read this paper from 2006 about a malware keylogging idea. It was briefly discussed on forums and some cybersecurity conventions. No one ever produced code for the idea. Every few months I return back to the idea and poke around for a bit.…
It's not even like, super cool or 1337. It's just something that's been bugging me for years. I was annoyed that no one produced code for it and I didn't get it working. It was like an itch I couldn't get to go away.
🥰42🤣9👍3❤2😢1
vx-underground
It's not even like, super cool or 1337. It's just something that's been bugging me for years. I was annoyed that no one produced code for it and I didn't get it working. It was like an itch I couldn't get to go away.
I haven't returned to the idea in so long I didn't realize these nerds kind of did it. It's not a full POC, but it's closed to what I've been toying with for awhile
https://www.praetorian.com/blog/leveraging-microsoft-text-services-framework-tsf-for-red-team-operations/
https://www.praetorian.com/blog/leveraging-microsoft-text-services-framework-tsf-for-red-team-operations/
❤27🥰5🔥1😢1
Some silly stuff happening this Thanksgiving.
Mixpanel, a company that lets your company perform analytics on your ChatGPT slop, has been compromised. However, because Mixpanel requires you having an OpenAI account, and does analysis on your ChatGPT slop, some media outlets are mischaracterizing it as an OpenAI compromise.
Mixpanel has stated several times this is NOT an OpenAI breach presumably because they don't want Sam Altman and his group of bazillbobillionaires to physically beat Mixpanel executives to death with a shovel
Mixpanel, a company that lets your company perform analytics on your ChatGPT slop, has been compromised. However, because Mixpanel requires you having an OpenAI account, and does analysis on your ChatGPT slop, some media outlets are mischaracterizing it as an OpenAI compromise.
Mixpanel has stated several times this is NOT an OpenAI breach presumably because they don't want Sam Altman and his group of bazillbobillionaires to physically beat Mixpanel executives to death with a shovel
🥰50🤣33❤5😢1
vx-underground
Some silly stuff happening this Thanksgiving. Mixpanel, a company that lets your company perform analytics on your ChatGPT slop, has been compromised. However, because Mixpanel requires you having an OpenAI account, and does analysis on your ChatGPT slop…
"SAM, I SWEAR I DIDNT SAY U WERE COMPROMISED. IM SORRY SAM, PLEASE DONT BREAK MY LEGS"
🤣87🥰17❤11🤓5😢1
Big news for stinky nerds.
I've got a massive fuckin' giveaway. I've got a voucher for either a COMPTIA SEC+ or a ISC2 Systems Security Certified Practitioner (SSCP).
Both of these are great for your career.
But, I'm not going to give this shit away to some random fucking nerd in a comment section. This is the type of gift that could accelerate someones career and change someones life.
Some giveaways people burn, watch YouTube shorts, and shoot-the-shit with their friends on Discord calls like a bunch of bums. This is going to vetted. When I gift this to someone I expect them to follow through with it.
If you're gifted a career changing gift and you squander it I WILL lose my mind.
More information coming soon.
I've got a massive fuckin' giveaway. I've got a voucher for either a COMPTIA SEC+ or a ISC2 Systems Security Certified Practitioner (SSCP).
Both of these are great for your career.
But, I'm not going to give this shit away to some random fucking nerd in a comment section. This is the type of gift that could accelerate someones career and change someones life.
Some giveaways people burn, watch YouTube shorts, and shoot-the-shit with their friends on Discord calls like a bunch of bums. This is going to vetted. When I gift this to someone I expect them to follow through with it.
If you're gifted a career changing gift and you squander it I WILL lose my mind.
More information coming soon.
🔥84❤23🥰13❤🔥5🤣5👏4🎉3😢1
I was sitting here and I was like, "I wonder if any vendors have released any malware research papers? It's a major holiday in the United States, surely it's slowed down"
I check my MISP thingie and 27 papers released in the past 2 days
WHO ARE YOU PEOPLE
I check my MISP thingie and 27 papers released in the past 2 days
WHO ARE YOU PEOPLE
🤣90🔥6❤4🥰3🤓2😢1
Post
See new posts
Conversation
vx-underground
@vxunderground
Big drama on the internet today (a very real and serious place)
On Steam video games that have used AI to aid in the assistance of the game are given a "made with AI" tag.
Tim Sweeney, CEO of Epic Games, thinks this is a poor decision and says they will not be doing this on their platform
As you could probably imagine, this has made gamers go fuckin spazzo on Epic Games. Gamers have concluded Steam has (once again) won the "battle" by doing nothing.
Mr. Sweeney was ruthlessly flamed on social media for it. Some reposts got as many as 150,000 upvotes.
Will this make Epic Games change their mind? Probably not, no
Is it fun to throw tomatoes at wealthy people, politicians, and large businesses? Yes
See new posts
Conversation
vx-underground
@vxunderground
Big drama on the internet today (a very real and serious place)
On Steam video games that have used AI to aid in the assistance of the game are given a "made with AI" tag.
Tim Sweeney, CEO of Epic Games, thinks this is a poor decision and says they will not be doing this on their platform
As you could probably imagine, this has made gamers go fuckin spazzo on Epic Games. Gamers have concluded Steam has (once again) won the "battle" by doing nothing.
Mr. Sweeney was ruthlessly flamed on social media for it. Some reposts got as many as 150,000 upvotes.
Will this make Epic Games change their mind? Probably not, no
Is it fun to throw tomatoes at wealthy people, politicians, and large businesses? Yes
🥰83❤28😁14🤣6❤🔥2😢1
vx-underground
Post See new posts Conversation vx-underground @vxunderground Big drama on the internet today (a very real and serious place) On Steam video games that have used AI to aid in the assistance of the game are given a "made with AI" tag. Tim Sweeney, CEO of…
Correction: 250,000+ upvotes.
If Xitter was a real place Tim Sweeney would be in serious trouble. After seeing this insane RATIO he probably wiped tears from his eyes with $100 bills while resting in his 5th Lamborghini
https://x.com/Bricker_Man/status/1994041026575798322
If Xitter was a real place Tim Sweeney would be in serious trouble. After seeing this insane RATIO he probably wiped tears from his eyes with $100 bills while resting in his 5th Lamborghini
https://x.com/Bricker_Man/status/1994041026575798322
X (formerly Twitter)
BrickerMan 🥸 (@Bricker_Man) on X
🥰34🤣33❤7❤🔥1😢1🤝1