This media is not supported in your browser
VIEW IN TELEGRAM
Sim swappers and crypto drainers seem to dislike ZachXBT. We received an anonymous message today with this video.
π€£133π―23β€6π4π€4π€2π1
We've updated the vx-underground malware source code collection on GitHub.
Yesterday the source code to banking trojans Android.Hook and Android.Ermac were leaked online.
*Hook is the successor to Ermac
*Thanks to 3xp0rtblog for the code
https://github.com/vxunderground/MalwareSourceCode
Yesterday the source code to banking trojans Android.Hook and Android.Ermac were leaked online.
*Hook is the successor to Ermac
*Thanks to 3xp0rtblog for the code
https://github.com/vxunderground/MalwareSourceCode
GitHub
GitHub - vxunderground/MalwareSourceCode: Collection of malware source code for a variety of platforms in an array of differentβ¦
Collection of malware source code for a variety of platforms in an array of different programming languages. - vxunderground/MalwareSourceCode
π20π₯°9π₯8β€3
This media is not supported in your browser
VIEW IN TELEGRAM
ZachXBT, an independent cryptocurrency investigator who monitors and tracks cryptocurrency scams, shared ANOTHER video of cryptocurrency thieves taunting him.
The sign says "Fuck ZachXBT. Chards"
That's 3 videos now π
The sign says "Fuck ZachXBT. Chards"
That's 3 videos now π
π79π€£42β€24π10π’8π±3π―3π€2
This media is not supported in your browser
VIEW IN TELEGRAM
"Who is 29a labs?"
π€32π’16π€£5π«‘5β€3
We keep getting pinged. Yes, Boeing has been removed from Lockbit ransomware groups website.
Lockbit administrative staff informed us they removed Boeing because negotiations have begun.
We don't know anything else. It is Halloween. Cya nerds tomorrow. We're busy.
Lockbit administrative staff informed us they removed Boeing because negotiations have begun.
We don't know anything else. It is Halloween. Cya nerds tomorrow. We're busy.
π71π14π₯°9π8π3β€2π€£1
Yesterday ALPHV ransomware group listed Advarra, a clinical research technology company
Advarra told ALPHV quote "We do not pay digital terrorists". Additionally, ALPHV tried contacting one of their executives via text message. She told ALPHV "go fuk yourself"
πππππ
Advarra told ALPHV quote "We do not pay digital terrorists". Additionally, ALPHV tried contacting one of their executives via text message. She told ALPHV "go fuk yourself"
πππππ
π€£212π34π12π₯8β€4π«‘3π±1
This media is not supported in your browser
VIEW IN TELEGRAM
This one simple trick will land you a job anywhere
π€£202π₯28π10π7π5β€4π―3β€βπ₯1
We are behind schedule on almost all of our tasks. 1/2 of our staff is sick.
Seasonal changes are illegal and for nerds
Seasonal changes are illegal and for nerds
π’71π€£14β€βπ₯5π5
6 hours ago Reuters got confirmation from Boeing that they were impacted by 'cyber incident'. Boeing declined to comment on whether Lockbit was responsible for the 'cyber incident'.
More information: https://www.reuters.com/business/aerospace-defense/boeing-investigating-cyber-incident-affecting-parts-business-2023-11-01/
More information: https://www.reuters.com/business/aerospace-defense/boeing-investigating-cyber-incident-affecting-parts-business-2023-11-01/
Reuters
Boeing says 'cyber incident' hit parts business after ransom threat
Boeing , one of the world's largest defense and space contractors, said on Wednesday it was investigating a cyber incident that impacted elements of its parts and distribution business and cooperating with a law enforcement probe into it.
π€£43π6π6π₯1π«‘1
We've updated the vx-underground malware sample collection
- MedusaLocker
- XLoader
- SystemBC
- MinodoLoader
- ShellBot
- Moqhao
- XMRig
- PlayRansomware
- MoneyRansomware
- PrivateLoader
- AridGopher
- Micropsoa
- IcedId
and more...
Check it out here: vx-underground.org/
- MedusaLocker
- XLoader
- SystemBC
- MinodoLoader
- ShellBot
- Moqhao
- XMRig
- PlayRansomware
- MoneyRansomware
- PrivateLoader
- AridGopher
- Micropsoa
- IcedId
and more...
Check it out here: vx-underground.org/
π20π€14β€βπ₯5π2
52,807 new malware samples queued for upload in our VXDB and the vx-underground website.
*Reminder our VXDB allows you to search through our malware collection and download for free π«‘
https://virus.exchange
*Reminder our VXDB allows you to search through our malware collection and download for free π«‘
https://virus.exchange
π₯33π«‘15β€βπ₯9π4π1
Google is introducing more new TLDs =D
.ing and .meme
New phishing links inbound!
.ing and .meme
New phishing links inbound!
π€£113π₯17β€4π±4π’4π€3π€2β€βπ₯1
Alternatives to 'whoami.exe'.
COM interface ideas:
- IADsADSystemInfo
- IADsWinNTSystemInfo
- IADsComputer
- WMI COM provider to query 'whoami.exe'
IADsADSystemInfo, IADsWinNTSystemInfo, and IADsComputer are all fundamentally similar in calling syntax and are pretty copy-pasta ish. Windows SDK is kind of a pain though, the GUIDs weren't located easily, so they needed to be manually defined.
Example: https://pastebin.com/raw/S32nYDAp
Advapi32 functionality:
- Advapi32!LookupAccountSidW
- Advapi32!LsaLookupSids
LookupAccountSidW is an internal wrapper that calls LsaOpenPolicy, LsaLookupSids, and subsequently LsaFreeMemory. LsaFreeMemory is a wrapper to RtlFreeHeap.
Example: https://pastebin.com/raw/zJVShnay
Other possibilities:
- NpGetUserName - gets the username from a named pipe. Requires spawning a secondary thread, creating a named pipe, connecting to it, impersonating it, ... it is a long story =D
- Offlinesame.dll - Offline sam has a lot of functionality for enumerating users and domains on the machine. This is undocumented and requires a little more work. However, it has been demonstrated loosely by 0gtweet
Example: https://github.com/gtworek/PSBits/blob/master/OfflineSAM/OfflineAddAdmin.c
tl;dr can't stop thinking about whoami.exe :(
COM interface ideas:
- IADsADSystemInfo
- IADsWinNTSystemInfo
- IADsComputer
- WMI COM provider to query 'whoami.exe'
IADsADSystemInfo, IADsWinNTSystemInfo, and IADsComputer are all fundamentally similar in calling syntax and are pretty copy-pasta ish. Windows SDK is kind of a pain though, the GUIDs weren't located easily, so they needed to be manually defined.
Example: https://pastebin.com/raw/S32nYDAp
Advapi32 functionality:
- Advapi32!LookupAccountSidW
- Advapi32!LsaLookupSids
LookupAccountSidW is an internal wrapper that calls LsaOpenPolicy, LsaLookupSids, and subsequently LsaFreeMemory. LsaFreeMemory is a wrapper to RtlFreeHeap.
Example: https://pastebin.com/raw/zJVShnay
Other possibilities:
- NpGetUserName - gets the username from a named pipe. Requires spawning a secondary thread, creating a named pipe, connecting to it, impersonating it, ... it is a long story =D
- Offlinesame.dll - Offline sam has a lot of functionality for enumerating users and domains on the machine. This is undocumented and requires a little more work. However, it has been demonstrated loosely by 0gtweet
Example: https://github.com/gtworek/PSBits/blob/master/OfflineSAM/OfflineAddAdmin.c
tl;dr can't stop thinking about whoami.exe :(
π€£51π11π€7β€4π3π₯1
Here is a very poorly written way to do 'whoami' using CreateNamedPipe and Advapi32!NpGetUserName.
This undocumented function will do the generic LookupAccountSidW via GetUserNameExW, but it can act as a proxy function, or something.
https://pastebin.com/raw/ZsReS7k4
This undocumented function will do the generic LookupAccountSidW via GetUserNameExW, but it can act as a proxy function, or something.
https://pastebin.com/raw/ZsReS7k4
π25π’9π€5β€3π₯3π2