#vx-underground — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #vx-underground, aggregated by home.social.
-
This is what some the world’s largest banks of #malware look like stacked as hard drives
-
This is what some the world’s largest banks of #malware look like stacked as hard drives
-
Rainbow Six Siege hacké - 2 milliards de crédits distribués à tous les joueurs
https://fed.brid.gy/r/https://korben.info/rainbow-six-siege-hack-credits-ubisoft-mongodb.html
-
"This is the end for you my master"
-
ok...maybe non-kitty images are ok 😌
-
ok...maybe non-kitty images are ok 😌
-
I have been show a non-cat image. This is tragic, disappointing and day ruining :(
-
I have been show a non-cat image. This is tragic, disappointing and day ruining :(
-
cheeky cunt winked at me as soon as I turned on my PC ;-;
-
cheeky cunt winked at me as soon as I turned on my PC ;-;
-
"don't talk to me or my son ever again"
-
"don't talk to me or my son ever again"
-
got a good one today "u got games on ur phone?"
-
got a good one today "u got games on ur phone?"
-
i'm just going to use this thread to post some of the best ones that pop up on boot :D
i call this one "head empty, need food"
#caturday #VXUnderground #cat #torrent #linuxmint #scripting
-
i'm just going to use this thread to post some of the best ones that pop up on boot :D
i call this one "head empty, need food"
#caturday #VXUnderground #cat #torrent #linuxmint #scripting
-
1/ not sure but i suspect "Block Blasters" might be the first #crypto stealing #malware video game to make its debut on #Steam?
#game #videoGame #gaming #malware #vxunderground #threatintel #cybersecurity #infosec #BlockBlasters
-
1/ not sure but i suspect "Block Blasters" might be the first #crypto stealing #malware video game to make its debut on #Steam?
#game #videoGame #gaming #malware #vxunderground #threatintel #cybersecurity #infosec #BlockBlasters
-
wrote a script to show me a random pic from the collection on boot. all the pain was worth it.
#caturday #VXUnderground #cat #torrent #linuxmint #scripting
-
wrote a script to show me a random pic from the collection on boot. all the pain was worth it.
#caturday #VXUnderground #cat #torrent #linuxmint #scripting
-
it's happening agaaaainnnnnnn
-
it's happening agaaaainnnnnnn
-
A picture of my wrist has been posted to the #vxunderground chat (along with a funny message my watch gave me at the time). Does this make me an #infosec rockstar now? Or should I be worried about #AI counting my freckles and doxing me?
https://t.me/vxunderground/6456 -
A picture of my wrist has been posted to the #vxunderground chat (along with a funny message my watch gave me at the time). Does this make me an #infosec rockstar now? Or should I be worried about #AI counting my freckles and doxing me?
https://t.me/vxunderground/6456 -
vx-underground's extracted cat picture torrent is so large, Linux Mint's file manager is struggling to open it. I think I'm in heaven
-
vx-underground's extracted cat picture torrent is so large, Linux Mint's file manager is struggling to open it. I think I'm in heaven
-
#VXUnderground has posted a "best of" page with their favorite papers. I think some of these should be required reading for red teamers, malware researchers, or vulnerability researchers. Thoughts?
https://vx-underground.org/Best%20Of
#redteam #malware #malware_research #vulnerability -
#VXUnderground has posted a "best of" page with their favorite papers. I think some of these should be required reading for red teamers, malware researchers, or vulnerability researchers. Thoughts?
https://vx-underground.org/Best%20Of
#redteam #malware #malware_research #vulnerability -
-
📬 Banshee Stealer Quellcode geleakt: macOS-Malware unschädlich gemacht
#ITSicherheit #Malware #BansheeStealer #ElasticSecurityLabs #macOS #macOSMalware #QuellcodeLeak #VXUnderground https://sc.tarnkappe.info/ad2a32 -
📬 Banshee Stealer Quellcode geleakt: macOS-Malware unschädlich gemacht
#ITSicherheit #Malware #BansheeStealer #ElasticSecurityLabs #macOS #macOSMalware #QuellcodeLeak #VXUnderground https://sc.tarnkappe.info/ad2a32 -
NationalPublicData.com Hack Exposes a Nation’s Data https://krebsonsecurity.com/2024/08/nationalpublicdata-com-hack-exposes-a-nations-data/ #NationalPublicDatabreach #NationalCriminalDataLLC #AtlasDataPrivacyCorp #TrinityEntertainment #HaveIBeenPwnedcom #TwistedHistoryLLC #InstantCheckmate #ALittleSunshine #recordschecknet #SalvatoreVerini #TheComingStorm #JericoPictures #ShadowgladeLLC #PeopleConnect #VXUnderground #DataBreaches #TruthFinder #InfraGard #SalVerini #TroyHunt #USDoD #SXUL #fbi
-
NationalPublicData.com Hack Exposes a Nation’s Data https://krebsonsecurity.com/2024/08/nationalpublicdata-com-hack-exposes-a-nations-data/ #NationalPublicDatabreach #NationalCriminalDataLLC #AtlasDataPrivacyCorp #TrinityEntertainment #HaveIBeenPwnedcom #TwistedHistoryLLC #InstantCheckmate #ALittleSunshine #recordschecknet #SalvatoreVerini #TheComingStorm #JericoPictures #ShadowgladeLLC #PeopleConnect #VXUnderground #DataBreaches #TruthFinder #InfraGard #SalVerini #TroyHunt #USDoD #SXUL #fbi
-
Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested https://krebsonsecurity.com/2024/06/alleged-boss-of-scattered-spider-hacking-group-arrested/ #NoahMichaelUrban #ScatteredSpider #NeerDoWellNews #TylerBuchanan #VXUnderground #DataBreaches #SIMSwapping #MurciaToday #SIMswapping #WebFraud20 #Mailchimp #DoorDash #lastpass #0ktapus #Caesars #GroupIB #KingBob #signal #TheCom #Okta #Sosa #fbi #MGM
-
Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested https://krebsonsecurity.com/2024/06/alleged-boss-of-scattered-spider-hacking-group-arrested/ #NoahMichaelUrban #ScatteredSpider #NeerDoWellNews #TylerBuchanan #VXUnderground #DataBreaches #SIMSwapping #MurciaToday #SIMswapping #WebFraud20 #Mailchimp #DoorDash #lastpass #0ktapus #Caesars #GroupIB #KingBob #signal #TheCom #Okta #Sosa #fbi #MGM
-
FBI’s LockBit Takedown Postponed a Ticking Time Bomb in Fulton County, Ga. https://krebsonsecurity.com/2024/02/fbis-lockbit-takedown-postponed-a-ticking-time-bomb-in-fulton-county-ga/ #FultonCountyDistrictAttorneyFannyWillis #NationalCrimeAgency #Ne'er-Do-WellNews #ANSecuritybreach #FultonCountyhack #VXUnderground #DonaldTrump #GeorgeChidi #LockBitSupp #Ransomware #Europol #LockBit #CNN #fbi #XSS
-
If you’re writing YARA rules or doing other kinds of detection engineering, you’ll want to have a test bed that you can run your rules against. This is known as a corpus. For your corpus you’ll want to have both Goodware (known good operating system files), as well as a library of malware files.
One source to get a lot of malware samples is from VX-Underground. What I really appreciate about VX-Underground is that in addition to providing lots of malware samples, they also produce an annual archive of samples and papers. You can download a whole year’s worth of samples and papers, from 2010 to 2023.
Pandora’s Box
Just to understand the structure here, I have a USB device called “Pandora.” On the root of the drive is a folder called “APT”, and within that is a “Samples” directory. Inside the samples directory is the .7z download for 2023 from VX-Underground. There’s also a python script… we’ll get to that soon enough.
The first thing we’ll need to do is unzip the download with the usual password.
7zz x 2023.7zOnce the initial extraction is complete you can delete the original 2023.7z archive.
Within the archive for each year, there is a directory for the sample, with sub-directories of ‘Samples’ and ‘Papers.’ Every one of the samples is also password protected zip file.
This makes sense from a safety perspective, but it makes it impossible to scan against all the files at once.
Python to the Rescue
We can utilize a Python script to recursively go through the contents of our malware folder and unzip all the password protected files, while keeping those files in their original directories.
You may have noticed in the first screenshot that I have a script called ExtractSamples.py in my APT directory.
We will use this for the recursive password protected extractions.
Python ExtractSamples.pyA flurry of code goes by, and you congratulate yourself on you Python prowess. Now if we look again at our contents, we’ve got the extracted sample and the original zip file.
Let’s get rid of all the zip files as we don’t need them cluttering up the corpus.
We can start by running a find command to identify all the 7zip files.
find . -type f -name '*.7z' -printAfter you’ve checked the output and verified the command above is only grabbing the 7z files you want to delete, we can update the command to delete the found files.
find . -type f -name '*.7z' -deleteOne more a directory listing to verify:
Success. All the 7z files are removed and all the sample files are intact.
GitHub Link: ExtractSamples.py
Time to go write some new detections!
https://bakerstreetforensics.com/2024/02/01/growing-your-malware-corpus/
-
📣 Exciting News! 📚 VXunderground has just dropped the highly anticipated Black Mass Volume 2 book and the best part? You can download it for FREE! (or support them and buy a physical copy on Amazon for example
Ever wanted to have a coloring picture of a Ransomware operator or a SOC employee sprinkled in between your Infosec articles? Well here's your chance!
👉 Get your copy here: Black Mass Volume II PDF
Dive into the world of underground knowledge, hacking, and security with this latest release. It's a treasure trove of insights, research, and information that you won't want to miss. Whether you're a seasoned hacker or just curious about the world of cybersecurity, this book has something for everyone.
Spread the word and share the love for VXunderground's commitment to open knowledge! #BlackMassVolume2 #VXunderground #Cybersecurity #FreeDownload 📖💻🔒
-
📣 Exciting News! 📚 VXunderground has just dropped the highly anticipated Black Mass Volume 2 book and the best part? You can download it for FREE! (or support them and buy a physical copy on Amazon for example
Ever wanted to have a coloring picture of a Ransomware operator or a SOC employee sprinkled in between your Infosec articles? Well here's your chance!
👉 Get your copy here: Black Mass Volume II PDF
Dive into the world of underground knowledge, hacking, and security with this latest release. It's a treasure trove of insights, research, and information that you won't want to miss. Whether you're a seasoned hacker or just curious about the world of cybersecurity, this book has something for everyone.
Spread the word and share the love for VXunderground's commitment to open knowledge! #BlackMassVolume2 #VXunderground #Cybersecurity #FreeDownload 📖💻🔒
-
The next installment of the SentinelOne and #VXUnderground blog series features Millie Nym as they demonstrate their unique reverse engineering techniques as they analyze a sample of ArechClient2. Enjoy and Happy Hunting!
***As usual, for this #miniCTF, I am going to leave out a piece of information and it is your job to find it! DM me with the answer or leave a comment!
Hint: Check the links in the article!***Notable MITRE ATT&CK TTPs:
TA0005 - Defense Evasion
T1055.? - Process Injection: [fill in this blank]
T1562 - Impair Defenses: Disable or Modify Tools
T1112 - Modify RegistryTA0009 - Collection
T1005 - Data from Local SystemTA0011 - Command and Control
T1102 - Web Service#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday
Reverse Engineering Walkthrough | Analyzing A Sample Of Arechclient2
https://www.sentinelone.com/blog/reverse-engineering-walkthrough-analyzing-a-sample-of-arechclient2/ -
The next installment of the SentinelOne and #VXUnderground blog series features Millie Nym as they demonstrate their unique reverse engineering techniques as they analyze a sample of ArechClient2. Enjoy and Happy Hunting!
***As usual, for this #miniCTF, I am going to leave out a piece of information and it is your job to find it! DM me with the answer or leave a comment!
Hint: Check the links in the article!***Notable MITRE ATT&CK TTPs:
TA0005 - Defense Evasion
T1055.? - Process Injection: [fill in this blank]
T1562 - Impair Defenses: Disable or Modify Tools
T1112 - Modify RegistryTA0009 - Collection
T1005 - Data from Local SystemTA0011 - Command and Control
T1102 - Web Service#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday
Reverse Engineering Walkthrough | Analyzing A Sample Of Arechclient2
https://www.sentinelone.com/blog/reverse-engineering-walkthrough-analyzing-a-sample-of-arechclient2/ -
#HappyMonday everyone! I am back from a weeklong "vacation" with an article from the SentinelOne blog but the research was conducted by Pol Thill. There was a challenge thrown down by #VXUnderground and SentinelOne looking for research that was conducted but not previously published, which I think is a really interesting concept and needs to happen more often!
Anyways, here is Pol's research on Neo_Net, the Kingpin of Spanish eCrime! Enjoy and Happy Hunting!
Link in the comments!
Notable MITRE ATT&CK TTPs and Behaviors:
Mobile Matrix:
TA0035 - Collection
T1636.004 - Protected User Data: SMS MessagesTA0037 - Command and Control
T1437.001 - Application Layer Protocol: Web Protocols
T1481.003 - Web Service: One-Way Communication#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday
Neo_Net | The Kingpin of Spanish eCrime
https://www.sentinelone.com/blog/neo_net-the-kingpin-of-spanish-ecrime/ -
#HappyMonday everyone! I am back from a weeklong "vacation" with an article from the SentinelOne blog but the research was conducted by Pol Thill. There was a challenge thrown down by #VXUnderground and SentinelOne looking for research that was conducted but not previously published, which I think is a really interesting concept and needs to happen more often!
Anyways, here is Pol's research on Neo_Net, the Kingpin of Spanish eCrime! Enjoy and Happy Hunting!
Link in the comments!
Notable MITRE ATT&CK TTPs and Behaviors:
Mobile Matrix:
TA0035 - Collection
T1636.004 - Protected User Data: SMS MessagesTA0037 - Command and Control
T1437.001 - Application Layer Protocol: Web Protocols
T1481.003 - Web Service: One-Way Communication#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday
Neo_Net | The Kingpin of Spanish eCrime
https://www.sentinelone.com/blog/neo_net-the-kingpin-of-spanish-ecrime/ -
📬 Lesetipps: LockBit-Ransomware vs. MacOS und tote Vögel als Drohnen
#Lesetipps #ElonMusk #kattascha #PentagonLeak #PiaLamberty #pompompurin #RichardRoberson #TiloJung #VolkerWissing #VXUnderground https://tarnkappe.info/lesetipps/lesetipps-lockbit-ransomware-vs-macos-und-tote-voegel-als-drohnen-273053.html -
📬 Lesetipps: LockBit-Ransomware vs. MacOS und tote Vögel als Drohnen
#Lesetipps #ElonMusk #kattascha #PentagonLeak #PiaLamberty #pompompurin #RichardRoberson #TiloJung #VolkerWissing #VXUnderground https://tarnkappe.info/lesetipps/lesetipps-lockbit-ransomware-vs-macos-und-tote-voegel-als-drohnen-273053.html -
#vxunderground has met the same fate as #BreachForums - and about time too. Kudos to the Cybercrime Unit of the canton of Vaud and all the other agencies involved in the action. #TangoDown
vx-underground.org
-
#vxunderground has met the same fate as #BreachForums - and about time too. Kudos to the Cybercrime Unit of the canton of Vaud and all the other agencies involved in the action. #TangoDown
vx-underground.org
-
📬 Lesetipps: Und wann klopfen die Hacker auch bei euch an die Tür?
#Anonymous #Cyberangriffe #DarkCommerce #Datenschutz #Empfehlungen #Internet #ITSicherheit #Kurios #Lesetipps #Linux #Malware #Podcast #ReverseEngineering #Videos #Bildungszwecke #Gcam #GhostSec #HomeGallery #JackRhysider #MediaGoblin #novaGallery #OpBalochistan #qTox #RalfRosanowski #truecrime #uTOX #VXUnderground #Wyroczen https://tarnkappe.info/lesetipps/lesetipps-und-wann-klopfen-die-hacker-auch-bei-euch-an-die-tuer-265998.html -
📬 Lesetipps: Und wann klopfen die Hacker auch bei euch an die Tür?
#Anonymous #Cyberangriffe #DarkCommerce #Datenschutz #Empfehlungen #Internet #ITSicherheit #Kurios #Lesetipps #Linux #Malware #Podcast #ReverseEngineering #Videos #Bildungszwecke #Gcam #GhostSec #HomeGallery #JackRhysider #MediaGoblin #novaGallery #OpBalochistan #qTox #RalfRosanowski #truecrime #uTOX #VXUnderground #Wyroczen https://tarnkappe.info/lesetipps/lesetipps-und-wann-klopfen-die-hacker-auch-bei-euch-an-die-tuer-265998.html -
📬 Activision gehackt: Leak geheimer Call of Duty-Dokumente
#Cyberangriffe #Gaming #ActivisionBlizzard #Activisiongehackt #CallofDuty #PhishingAngriff #PhishingAttacke #Sicherheitsvorfall #VXUnderground https://tarnkappe.info/artikel/gaming/activision-gehackt-leak-geheimer-call-of-duty-dokumente-265832.html -
📬 Activision gehackt: Leak geheimer Call of Duty-Dokumente
#Cyberangriffe #Gaming #ActivisionBlizzard #Activisiongehackt #CallofDuty #PhishingAngriff #PhishingAttacke #Sicherheitsvorfall #VXUnderground https://tarnkappe.info/artikel/gaming/activision-gehackt-leak-geheimer-call-of-duty-dokumente-265832.html -
The one thing I miss on mastodon is vx-underground :-/ #vx #virus #vxunderground #itsec #itsecurity
-
@ygalanter It seems as if #Mastodon was #blacklisted as string in #URLs - kinda like #VXunderground's entire #website...
-
Oh yeah! I forgot to mention that I’m also a volunteer with #VXUnderground and #malpedia so if you have any questions or just want to connect feel free to reach out.
-
you know it's a great night when you get lost down the VX-underground rabbit hole #malwareresearch #VXUnderground