home.social

#vxunderground — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #vxunderground, aggregated by home.social.

  1. I have been show a non-cat image. This is tragic, disappointing and day ruining :(

    #caturday #hamster #gerbil #vxunderground

  2. i'm just going to use this thread to post some of the best ones that pop up on boot :D

    i call this one "head empty, need food"

    #caturday #VXUnderground #cat #torrent #linuxmint #scripting

  3. wrote a script to show me a random pic from the collection on boot. all the pain was worth it.

    #caturday #VXUnderground #cat #torrent #linuxmint #scripting

  4. A picture of my wrist has been posted to the #vxunderground chat (along with a funny message my watch gave me at the time). Does this make me an #infosec rockstar now? Or should I be worried about #AI counting my freckles and doxing me?
    t.me/vxunderground/6456

  5. vx-underground's extracted cat picture torrent is so large, Linux Mint's file manager is struggling to open it. I think I'm in heaven

    vx-underground.org/Torrents

    #caturday #vxunderground #cat #torrent #linuxmint

  6. #VXUnderground has posted a "best of" page with their favorite papers. I think some of these should be required reading for red teamers, malware researchers, or vulnerability researchers. Thoughts?
    vx-underground.org/Best%20Of
    #redteam #malware #malware_research #vulnerability

  7. If you’re writing YARA rules or doing other kinds of detection engineering, you’ll want to have a test bed that you can run your rules against.  This is known as a corpus. For your corpus you’ll want to have both Goodware (known good operating system files), as well as a library of malware files.

    One source to get a lot of malware samples is from VX-Underground.  What I really appreciate about VX-Underground is that in addition to providing lots of malware samples, they also produce an annual archive of samples and papers. You can download a whole year’s worth of samples and papers, from 2010 to 2023.

    Pandora’s Box

    Just to understand the structure here, I have a USB device called “Pandora.” On the root of the drive is a folder called “APT”, and within that is a “Samples” directory. Inside the samples directory is the .7z download for 2023 from VX-Underground. There’s also a python script… we’ll get to that soon enough.

    The first thing we’ll need to do is unzip the download with the usual password.

    7zz x 2023.7z

    Once the initial extraction is complete you can delete the original 2023.7z archive.

    Within the archive for each year, there is a directory for the sample, with sub-directories of ‘Samples’ and ‘Papers.’  Every one of the samples is also password protected zip file.

    This makes sense from a safety perspective, but it makes it impossible to scan against all the files at once.

    Python to the Rescue

    We can utilize a Python script to recursively go through the contents of our malware folder and unzip all the password protected files, while keeping those files in their original directories.

    You may have noticed in the first screenshot that I have a script called ExtractSamples.py in my APT directory.

    We will use this for the recursive password protected extractions.

    Python ExtractSamples.py

    A flurry of code goes by, and you congratulate yourself on you Python prowess. Now if we look again at our contents, we’ve got the extracted sample and the original zip file. 

    Let’s get rid of all the zip files as we don’t need them cluttering up the corpus.

    We can start by running a find command to identify all the 7zip files.

    find . -type f -name '*.7z' -print

    After you’ve checked the output and verified the command above is only grabbing the 7z files you want to delete, we can update the command to delete the found files.

    find . -type f -name '*.7z' -delete

    One more a directory listing to verify:

    Success. All the 7z files are removed and all the sample files are intact.

    GitHub Link: ExtractSamples.py

    Time to go write some new detections!

    https://bakerstreetforensics.com/2024/02/01/growing-your-malware-corpus/

    #7zip #DFIR #Malware #Python #security #VXUnderground #yara

  8. 📣 Exciting News! 📚 VXunderground has just dropped the highly anticipated Black Mass Volume 2 book and the best part? You can download it for FREE! (or support them and buy a physical copy on Amazon for example

    Ever wanted to have a coloring picture of a Ransomware operator or a SOC employee sprinkled in between your Infosec articles? Well here's your chance!

    👉 Get your copy here: Black Mass Volume II PDF

    Dive into the world of underground knowledge, hacking, and security with this latest release. It's a treasure trove of insights, research, and information that you won't want to miss. Whether you're a seasoned hacker or just curious about the world of cybersecurity, this book has something for everyone.

    Spread the word and share the love for VXunderground's commitment to open knowledge! #BlackMassVolume2 #VXunderground #Cybersecurity #FreeDownload 📖💻🔒

  9. The next installment of the SentinelOne and #VXUnderground blog series features Millie Nym as they demonstrate their unique reverse engineering techniques as they analyze a sample of ArechClient2. Enjoy and Happy Hunting!

    ***As usual, for this #miniCTF, I am going to leave out a piece of information and it is your job to find it! DM me with the answer or leave a comment!
    Hint: Check the links in the article!***

    Notable MITRE ATT&CK TTPs:
    TA0005 - Defense Evasion
    T1055.? - Process Injection: [fill in this blank]
    T1562 - Impair Defenses: Disable or Modify Tools
    T1112 - Modify Registry

    TA0009 - Collection
    T1005 - Data from Local System

    TA0011 - Command and Control
    T1102 - Web Service

    #CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday

    Reverse Engineering Walkthrough | Analyzing A Sample Of Arechclient2
    sentinelone.com/blog/reverse-e

  10. The next installment of the SentinelOne and #VXUnderground blog series features Millie Nym as they demonstrate their unique reverse engineering techniques as they analyze a sample of ArechClient2. Enjoy and Happy Hunting!

    ***As usual, for this #miniCTF, I am going to leave out a piece of information and it is your job to find it! DM me with the answer or leave a comment!
    Hint: Check the links in the article!***

    Notable MITRE ATT&CK TTPs:
    TA0005 - Defense Evasion
    T1055.? - Process Injection: [fill in this blank]
    T1562 - Impair Defenses: Disable or Modify Tools
    T1112 - Modify Registry

    TA0009 - Collection
    T1005 - Data from Local System

    TA0011 - Command and Control
    T1102 - Web Service

    #CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday

    Reverse Engineering Walkthrough | Analyzing A Sample Of Arechclient2
    sentinelone.com/blog/reverse-e

  11. The next installment of the SentinelOne and #VXUnderground blog series features Millie Nym as they demonstrate their unique reverse engineering techniques as they analyze a sample of ArechClient2. Enjoy and Happy Hunting!

    ***As usual, for this #miniCTF, I am going to leave out a piece of information and it is your job to find it! DM me with the answer or leave a comment!
    Hint: Check the links in the article!***

    Notable MITRE ATT&CK TTPs:
    TA0005 - Defense Evasion
    T1055.? - Process Injection: [fill in this blank]
    T1562 - Impair Defenses: Disable or Modify Tools
    T1112 - Modify Registry

    TA0009 - Collection
    T1005 - Data from Local System

    TA0011 - Command and Control
    T1102 - Web Service

    #CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday

    Reverse Engineering Walkthrough | Analyzing A Sample Of Arechclient2
    sentinelone.com/blog/reverse-e

  12. The next installment of the SentinelOne and #VXUnderground blog series features Millie Nym as they demonstrate their unique reverse engineering techniques as they analyze a sample of ArechClient2. Enjoy and Happy Hunting!

    ***As usual, for this #miniCTF, I am going to leave out a piece of information and it is your job to find it! DM me with the answer or leave a comment!
    Hint: Check the links in the article!***

    Notable MITRE ATT&CK TTPs:
    TA0005 - Defense Evasion
    T1055.? - Process Injection: [fill in this blank]
    T1562 - Impair Defenses: Disable or Modify Tools
    T1112 - Modify Registry

    TA0009 - Collection
    T1005 - Data from Local System

    TA0011 - Command and Control
    T1102 - Web Service

    #CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday

    Reverse Engineering Walkthrough | Analyzing A Sample Of Arechclient2
    sentinelone.com/blog/reverse-e

  13. The next installment of the SentinelOne and #VXUnderground blog series features Millie Nym as they demonstrate their unique reverse engineering techniques as they analyze a sample of ArechClient2. Enjoy and Happy Hunting!

    ***As usual, for this #miniCTF, I am going to leave out a piece of information and it is your job to find it! DM me with the answer or leave a comment!
    Hint: Check the links in the article!***

    Notable MITRE ATT&CK TTPs:
    TA0005 - Defense Evasion
    T1055.? - Process Injection: [fill in this blank]
    T1562 - Impair Defenses: Disable or Modify Tools
    T1112 - Modify Registry

    TA0009 - Collection
    T1005 - Data from Local System

    TA0011 - Command and Control
    T1102 - Web Service

    #CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday

    Reverse Engineering Walkthrough | Analyzing A Sample Of Arechclient2
    sentinelone.com/blog/reverse-e

  14. #HappyMonday everyone! I am back from a weeklong "vacation" with an article from the SentinelOne blog but the research was conducted by Pol Thill. There was a challenge thrown down by #VXUnderground and SentinelOne looking for research that was conducted but not previously published, which I think is a really interesting concept and needs to happen more often!

    Anyways, here is Pol's research on Neo_Net, the Kingpin of Spanish eCrime! Enjoy and Happy Hunting!

    Link in the comments!

    Notable MITRE ATT&CK TTPs and Behaviors:
    Mobile Matrix:
    TA0035 - Collection
    T1636.004 - Protected User Data: SMS Messages

    TA0037 - Command and Control
    T1437.001 - Application Layer Protocol: Web Protocols
    T1481.003 - Web Service: One-Way Communication

    #CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday

    Neo_Net | The Kingpin of Spanish eCrime
    sentinelone.com/blog/neo_net-t

  15. #vxunderground has met the same fate as #BreachForums - and about time too. Kudos to the Cybercrime Unit of the canton of Vaud and all the other agencies involved in the action. #TangoDown

    vx-underground.org