This was almost a paid advertisement

(we said no because we have no problem giving smaller conferences publicity)

(we aren't financially motivated)

Dulgex making fire for x64dbg

(x64dbg is gangsta af fr fr ong)

Currently exploring some COM stuff – found a cute trick to read registry keys.

The COM interface expects a WCHAR string (BSTR). But then... it converts it to a CHAR string to invoke RegQueryValueExA

You can do some goofy stuff and run a executable with it (wraps to ShellExecuteEx)

https://pastebin.com/raw/V1jmkp39

The coolest part is the existence IWshShell, IWshShell2, and IWshShell3. All of them the exact same, except each one has an extra method present. IWshShell3 exposes an Exec method which is almost identical to IWshShell::Run

Microsoft is being criticized (again) because Administrator-to-Kernel mode execution is not considered a security boundary.

Researchers noted that home users, who often run as administrator, could be a victim of this lack-of security boundary.

Researchers asked Microsoft why?

💻 Programmers! 💻

What's stopping you from coding like this? 🙏

Today Kaspersky issued a goodbye letter to it's American customers.

We are going to miss Kaspersky.

Kaspersky was always a solid AV product and the research they conducted was always excellent.

Throwback to when some nerd found a tomato garden on Shodan

The x10 software engineer skit by KaiLentit

> login
> check news
> riteaid breached
> trello api abused to scrape emails
> more new ransomware groups
> more 8k sec filing
> more malware being the malware
> ???

Today it was reported by AT&T (via email to customers) that an individual involved in the recent AT&T data breach has been arrested.

The only thing keeping vx-underground HQ from metaphorically burning to the ground is grotesque quantities of alprazolam

good morning, or good night, to the 345,958 people living in my phone

Updates to vx-underground:

- 2024-07-02 - Exposing FakeBat loader: Distribution methods and adversary infrastructure
- 2024-06-30 - Deep Analysis of Snake (404 keylogger)
- 2024-06-27 - Poseidon Stealer malspam campaign targeting Swiss macOS users
- 2024-07-02 - The LandUpdate808 Fake Update Variant
- 2024-06-24 - ‘Poseidon’ Mac stealer distributed via Google ads
- 2024-07-02 - Kematian Stealer forked from PowerShell Token Grabber

Wikipedia has introduced dark mode into their website.

After nearly two weeks of radio silence from Lockbit ransomware group they've returned with a Telegram account, a Briar account, a Signal account, and an XMPP account

They also immediately threw shade at RansomHub by accusing them of being a rebrand of ALPHV.

The real Lockbit ransomware group Telegram channel and their first fancy little message. Interesting times we live in, seeing them pivot to Telegram.

We see some nerds getting super hostile to women in tech — especially if they're conventionally attractive and/or have a high number of followers on social media

If you're feeling upset: scream at your Mom, heat up some pizza rolls, and put on some anime

It's going to be okay.

This post is going to be controversial. But we believe it is necessary. Threat Intelligence nerds, Blue Team nerds, and Law Enforcement nerds following us on sock accounts – don't have a conniption.

Dear Threat Actor(s) who contact us,

We advise you do NOT use the leaked Babuk builder and source code. Babuk is notorious for failing to decrypt files (especially large files), and corrupting data. If you (or your group) decide to do ransomware ... for the sake of literally everybody involved (you and/or your group, the victim, Threat Intelligence, Digital Forensic & Incident Response firms, Law Enforcement, etc) DO NOT USE BABUK. Don't go anywhere near Babuk. If someone recommends Babuk, slap them around with a large trout.

Thanks,