We are behind schedule on almost all of our tasks. 1/2 of our staff is sick.
Seasonal changes are illegal and for nerds
Seasonal changes are illegal and for nerds
π’71π€£14β€βπ₯5π5
6 hours ago Reuters got confirmation from Boeing that they were impacted by 'cyber incident'. Boeing declined to comment on whether Lockbit was responsible for the 'cyber incident'.
More information: https://www.reuters.com/business/aerospace-defense/boeing-investigating-cyber-incident-affecting-parts-business-2023-11-01/
More information: https://www.reuters.com/business/aerospace-defense/boeing-investigating-cyber-incident-affecting-parts-business-2023-11-01/
Reuters
Boeing says 'cyber incident' hit parts business after ransom threat
Boeing , one of the world's largest defense and space contractors, said on Wednesday it was investigating a cyber incident that impacted elements of its parts and distribution business and cooperating with a law enforcement probe into it.
π€£43π6π6π₯1π«‘1
We've updated the vx-underground malware sample collection
- MedusaLocker
- XLoader
- SystemBC
- MinodoLoader
- ShellBot
- Moqhao
- XMRig
- PlayRansomware
- MoneyRansomware
- PrivateLoader
- AridGopher
- Micropsoa
- IcedId
and more...
Check it out here: vx-underground.org/
- MedusaLocker
- XLoader
- SystemBC
- MinodoLoader
- ShellBot
- Moqhao
- XMRig
- PlayRansomware
- MoneyRansomware
- PrivateLoader
- AridGopher
- Micropsoa
- IcedId
and more...
Check it out here: vx-underground.org/
π20π€14β€βπ₯5π2
52,807 new malware samples queued for upload in our VXDB and the vx-underground website.
*Reminder our VXDB allows you to search through our malware collection and download for free π«‘
https://virus.exchange
*Reminder our VXDB allows you to search through our malware collection and download for free π«‘
https://virus.exchange
π₯33π«‘15β€βπ₯9π4π1
Google is introducing more new TLDs =D
.ing and .meme
New phishing links inbound!
.ing and .meme
New phishing links inbound!
π€£113π₯17β€4π±4π’4π€3π€2β€βπ₯1
Alternatives to 'whoami.exe'.
COM interface ideas:
- IADsADSystemInfo
- IADsWinNTSystemInfo
- IADsComputer
- WMI COM provider to query 'whoami.exe'
IADsADSystemInfo, IADsWinNTSystemInfo, and IADsComputer are all fundamentally similar in calling syntax and are pretty copy-pasta ish. Windows SDK is kind of a pain though, the GUIDs weren't located easily, so they needed to be manually defined.
Example: https://pastebin.com/raw/S32nYDAp
Advapi32 functionality:
- Advapi32!LookupAccountSidW
- Advapi32!LsaLookupSids
LookupAccountSidW is an internal wrapper that calls LsaOpenPolicy, LsaLookupSids, and subsequently LsaFreeMemory. LsaFreeMemory is a wrapper to RtlFreeHeap.
Example: https://pastebin.com/raw/zJVShnay
Other possibilities:
- NpGetUserName - gets the username from a named pipe. Requires spawning a secondary thread, creating a named pipe, connecting to it, impersonating it, ... it is a long story =D
- Offlinesame.dll - Offline sam has a lot of functionality for enumerating users and domains on the machine. This is undocumented and requires a little more work. However, it has been demonstrated loosely by 0gtweet
Example: https://github.com/gtworek/PSBits/blob/master/OfflineSAM/OfflineAddAdmin.c
tl;dr can't stop thinking about whoami.exe :(
COM interface ideas:
- IADsADSystemInfo
- IADsWinNTSystemInfo
- IADsComputer
- WMI COM provider to query 'whoami.exe'
IADsADSystemInfo, IADsWinNTSystemInfo, and IADsComputer are all fundamentally similar in calling syntax and are pretty copy-pasta ish. Windows SDK is kind of a pain though, the GUIDs weren't located easily, so they needed to be manually defined.
Example: https://pastebin.com/raw/S32nYDAp
Advapi32 functionality:
- Advapi32!LookupAccountSidW
- Advapi32!LsaLookupSids
LookupAccountSidW is an internal wrapper that calls LsaOpenPolicy, LsaLookupSids, and subsequently LsaFreeMemory. LsaFreeMemory is a wrapper to RtlFreeHeap.
Example: https://pastebin.com/raw/zJVShnay
Other possibilities:
- NpGetUserName - gets the username from a named pipe. Requires spawning a secondary thread, creating a named pipe, connecting to it, impersonating it, ... it is a long story =D
- Offlinesame.dll - Offline sam has a lot of functionality for enumerating users and domains on the machine. This is undocumented and requires a little more work. However, it has been demonstrated loosely by 0gtweet
Example: https://github.com/gtworek/PSBits/blob/master/OfflineSAM/OfflineAddAdmin.c
tl;dr can't stop thinking about whoami.exe :(
π€£51π11π€7β€4π3π₯1
Here is a very poorly written way to do 'whoami' using CreateNamedPipe and Advapi32!NpGetUserName.
This undocumented function will do the generic LookupAccountSidW via GetUserNameExW, but it can act as a proxy function, or something.
https://pastebin.com/raw/ZsReS7k4
This undocumented function will do the generic LookupAccountSidW via GetUserNameExW, but it can act as a proxy function, or something.
https://pastebin.com/raw/ZsReS7k4
π25π’9π€5β€3π₯3π2
We've updated the vx-underground Windows malware paper collection
- 2023-07-29 - Lord Of The Ring0 - Part 5 Sarumans Manipulation
- 2023-08-13 - LAPS 2.0 Internals
- 2023-08-29 - DevTunnels for C2
- 2023-09-06 - How to Troll an AV
- 2023-07-29 - Lord Of The Ring0 - Part 5 Sarumans Manipulation
- 2023-08-13 - LAPS 2.0 Internals
- 2023-08-29 - DevTunnels for C2
- 2023-09-06 - How to Troll an AV
π₯30
This media is not supported in your browser
VIEW IN TELEGRAM
Insider Threats come in many shapes and sizes and are a major hurdle to any organization.
π65π€£43β€5π€4π€4π2
Reminder that Threat Actors (probably) haven't paid for a Red Teaming course or any sort of formal education
π88π32π€11π―9π€7π€―4π4β€3π±2π€£2
"Sorry, you can't join our ransomware group, you don't have a Bachelors degree in computer science and you don't seem to have any certificates"
π€£272π12π’12π8π€―7π―3π€3π±2π2β€1π₯1
We've updated the vx-underground Windows malware paper collection
- 2023-09-10 - GIF Steganography from First Principles
- 2023-09-11 - MATLAB Reverse Shell
- 2023-10-09 - Demonstrating Sleep Obfuscation - KrakenMask
Check it out here: https://www.vx-underground.org/
- 2023-09-10 - GIF Steganography from First Principles
- 2023-09-11 - MATLAB Reverse Shell
- 2023-10-09 - Demonstrating Sleep Obfuscation - KrakenMask
Check it out here: https://www.vx-underground.org/
β€20π€―8π4π₯4π€2
Swift removing ++ and -- operators because they can be confusing because of code like this:
This is the beauty of the C/C++ programming language. You can make the metaphorical gun and metaphorically shoot yourself with it. Also, don't code like this
int i = 5;
i = ++i + i++;
This is the beauty of the C/C++ programming language. You can make the metaphorical gun and metaphorically shoot yourself with it. Also, don't code like this
π83π€£31π€9π€8π’4β€1π1
vx-underground
Swift removing ++ and -- operators because they can be confusing because of code like this: int i = 5; i = ++i + i++; This is the beauty of the C/C++ programming language. You can make the metaphorical gun and metaphorically shoot yourself with it. Alsoβ¦
The argument is that this is potentially undefined behavior because of how the pre-increment and post-increment expression will be interpretted (and/or optimized) by the compiler.
tl;dr don't write goofy goober code
tl;dr tl;dr nerds arguing over methods to increment an integer
tl;dr don't write goofy goober code
tl;dr tl;dr nerds arguing over methods to increment an integer
π46π€£15π€9π2