Today reports surfaced on a cybersecurity incident impacting the London Transport Department
We can assert with a high degree of confidence that this 'incident' is of extreme severity. The immediate presence of the NCA and NCSC drives this point further.
We can assert with a high degree of confidence that this 'incident' is of extreme severity. The immediate presence of the NCA and NCSC drives this point further.
๐ฑ42๐6๐ฏ6๐5๐คฏ4๐ค2๐ค1
Updates to vx-underground:
Papers:
- 2024-09-03 - Rundll32 and Phantom DLL lolbins
- 2024-08-17 - HookChain - A new perspective for Bypassing EDR Solutions
- 2024-08-11 - DriverJack
- 2024-08-11 - Blocking EDR drivers with HVCIDisallowedimage
- 2024-08-10 - ShimMe - Manipulating Shim and Office for Code Injection
- 2024-08-09 - Blocking EDR Drivers with WDAC policies
- 2024-08-08 - Abusing Windows Hello without a severed hand
Families:
- Android.BlankBot
- AteraAgent
- AtlantidaStealer
- Azorult
- BruteRatel
- CobaltStrike
- DCRat
- DonutLoader
- GCleaner
- Gh0stRAT
- GuLoader
- Lokibot
- LummaStealer
- Mirai
- Neshta
- NjRat
- Pony
- PureLogStealer
- RhadamanthysLoader
- Sliver
- Vidar
- XWorm
- ArcStealer
- AgentTesla
- Amadey
- Andromeda
- AsyncRAT
- AugustStealer
- CryptBot
- CyberGateRAT
- Danabot
- Formbook
- Latrodectus
- MicroClip
- Rakos
- Redline
- Remcos
- StealC
- XenoRAT
Note: someone said the artwork we use when pushing updates is scary, they requested we post something cute instead.
Papers:
- 2024-09-03 - Rundll32 and Phantom DLL lolbins
- 2024-08-17 - HookChain - A new perspective for Bypassing EDR Solutions
- 2024-08-11 - DriverJack
- 2024-08-11 - Blocking EDR drivers with HVCIDisallowedimage
- 2024-08-10 - ShimMe - Manipulating Shim and Office for Code Injection
- 2024-08-09 - Blocking EDR Drivers with WDAC policies
- 2024-08-08 - Abusing Windows Hello without a severed hand
Families:
- Android.BlankBot
- AteraAgent
- AtlantidaStealer
- Azorult
- BruteRatel
- CobaltStrike
- DCRat
- DonutLoader
- GCleaner
- Gh0stRAT
- GuLoader
- Lokibot
- LummaStealer
- Mirai
- Neshta
- NjRat
- Pony
- PureLogStealer
- RhadamanthysLoader
- Sliver
- Vidar
- XWorm
- ArcStealer
- AgentTesla
- Amadey
- Andromeda
- AsyncRAT
- AugustStealer
- CryptBot
- CyberGateRAT
- Danabot
- Formbook
- Latrodectus
- MicroClip
- Rakos
- Redline
- Remcos
- StealC
- XenoRAT
Note: someone said the artwork we use when pushing updates is scary, they requested we post something cute instead.
๐ฅฐ53๐ฅ11๐4๐4๐3โค1๐ข1
September 3rd, Lara Trump (daughter-in-law of former U.S. President Donald Trump) and Tiffany Trump (daughter of former U.S. President Donald Trump) had their X accounts compromised.
Their accounts briefly shilled some sort of crypto stuff. X locked the accounts within minutes.
Their accounts briefly shilled some sort of crypto stuff. X locked the accounts within minutes.
๐คฃ78โค10๐ค8๐3๐1๐ข1
vx-underground
September 3rd, Lara Trump (daughter-in-law of former U.S. President Donald Trump) and Tiffany Trump (daughter of former U.S. President Donald Trump) had their X accounts compromised. Their accounts briefly shilled some sort of crypto stuff. X locked the accountsโฆ
> compromise high profile social media accounts tied to powerful american political figures
> can do catastrophic damage
> shills crypto
> can do catastrophic damage
> shills crypto
๐ฏ86๐คฃ64๐7๐3๐ข1
vx-underground
pizza topping must be a valid email address
pepperoni_is_ok_i_guess_im_not_picky@gmail
๐คฃ130โค10๐ฏ6๐3๐2๐ค1
RansomHub ransomware group claims to have ransomed Planned Parenthood
๐คฃ85๐ข52๐ฅ14๐ค11๐6๐6โคโ๐ฅ4๐4โค2๐คฉ2๐ฏ1
vx-underground
We have performed a colossal oopsie doopsie. Our malware ingestion system prepended 'file=' to every file being sent to VirusTotal, thus impacting AV vendors down stream. Sent vendors hundreds of thousands of botched malware samples
We were made aware of the issue when AV companies contacted us regarding our VirusTotal account and the files being corrupted.
tl;dr my bad yall (its free, so fuck you, but seriously were sorry were fixing it)
tl;dr my bad yall (its free, so fuck you, but seriously were sorry were fixing it)
โค90๐คฃ39๐ค16๐ข4๐3๐ฅ1๐1๐ค1
Today the United States Department of Justice indicted Russian nationals Elena Afanasyeva and Kostiantyn Kalashnikov for violations of the Foreign Agents Registration Act (FARA), and conspiracy to commit money laundering.
Afanasyeva and Kalashnikov remain at large as of September 4th.
Afanasyeva and Kalashnikov are accused of laundering money to covertly fund as much as $10,000,000 to English-speaking social media companies (listed as U.S. Company-1) to sway content in favor of the Russian government.
Interestingly, the indictment states the company which received the funds is described as, "a network of heterodox commentators that focus on Western political and cultural issues". Journalists and researchers have tied this to Tennessee-based company Tenet Media ... because ... it has the exact same message on their homepage verbatim.
This media company employees conservative media commentators Lauren Southern, Tim Pool, Tayler Hansen, Matt Christiansen, Dave Rubin, and Benny Johnson.
The indictment is interesting, discusses the money laundering techniques, disinformation campaigns, and their chat communication medium ... on Discord.
Image 1 is U.S. Company-1 per the indictment. Image 2 is Tenet Media.
More information: https://www.justice.gov/opa/pr/two-rt-employees-indicted-covertly-funding-and-directing-us-company-published-thousands
Afanasyeva and Kalashnikov remain at large as of September 4th.
Afanasyeva and Kalashnikov are accused of laundering money to covertly fund as much as $10,000,000 to English-speaking social media companies (listed as U.S. Company-1) to sway content in favor of the Russian government.
Interestingly, the indictment states the company which received the funds is described as, "a network of heterodox commentators that focus on Western political and cultural issues". Journalists and researchers have tied this to Tennessee-based company Tenet Media ... because ... it has the exact same message on their homepage verbatim.
This media company employees conservative media commentators Lauren Southern, Tim Pool, Tayler Hansen, Matt Christiansen, Dave Rubin, and Benny Johnson.
The indictment is interesting, discusses the money laundering techniques, disinformation campaigns, and their chat communication medium ... on Discord.
Image 1 is U.S. Company-1 per the indictment. Image 2 is Tenet Media.
More information: https://www.justice.gov/opa/pr/two-rt-employees-indicted-covertly-funding-and-directing-us-company-published-thousands
๐คฃ58๐21โค6๐ข6๐ฅ4๐3๐ซก3๐2๐ฑ2๐คฏ1
This media is not supported in your browser
VIEW IN TELEGRAM
One time a high ranking official for the United States National Security Agency made a post on Twitter about memes.
We sent them a private message. They never responded.
This is the video we sent:
We sent them a private message. They never responded.
This is the video we sent:
๐ซก73๐คฃ61โค8๐ค5๐คฏ4๐3๐2๐ข1๐คฉ1๐ฏ1๐ค1
Updates to vx-underground:
*Note: Image of cat used per request. Not all requests are granted, but this is a wizard kitty.
Archive:
- The Old New Thing, July 2024
- The Old New Thing, August 2024
Papers:
- 2024-09-04 - Rundll32 and Phantom DLL lolbins, 32-bit version
- 2024-08-10 - Sneaking around with Web Assembly
- 2024-08-04 - WhenFS - Using Google Calender as a Filesystem
- 2024-08-02 - Using Windows Setup for persistence
- 2024-07-01 - Booting Linux off of Google Drive
- 2024-06-11 - Lets Go into the rabbit hole part 2 - the challenges of dynamically hooking Golang programs
- 2023-10-03 - Lets Go into the rabbit hole - the challenges of dynamically hooking Golang programs
*Note: Image of cat used per request. Not all requests are granted, but this is a wizard kitty.
Archive:
- The Old New Thing, July 2024
- The Old New Thing, August 2024
Papers:
- 2024-09-04 - Rundll32 and Phantom DLL lolbins, 32-bit version
- 2024-08-10 - Sneaking around with Web Assembly
- 2024-08-04 - WhenFS - Using Google Calender as a Filesystem
- 2024-08-02 - Using Windows Setup for persistence
- 2024-07-01 - Booting Linux off of Google Drive
- 2024-06-11 - Lets Go into the rabbit hole part 2 - the challenges of dynamically hooking Golang programs
- 2023-10-03 - Lets Go into the rabbit hole - the challenges of dynamically hooking Golang programs
๐37โคโ๐ฅ22๐ฅ8๐ฏ3โค2๐ฅฐ2๐1๐ข1
Hello,
Just because you did 1 thing for me 1 time does not make you a core contributor, volunteer, or member. It does not mean you're my friend, it does not mean you can list me as a reference.
Wake up. Stop making this weird.
We've had like, 6 people now say they're part of vx-underground because they personally assisted me like, one time, 3 years ago.
It's called doing someone a favor. It doesn't mean you can put it on a resume.
Also, these companies do background checks, and when they contact me via e-mail, or Telegram, or Discord, and say "do you know this person?" and send me your resume and photo, it makes you look like a giant jackass when I have to say "I have no idea who that is"
-smelly
Just because you did 1 thing for me 1 time does not make you a core contributor, volunteer, or member. It does not mean you're my friend, it does not mean you can list me as a reference.
Wake up. Stop making this weird.
We've had like, 6 people now say they're part of vx-underground because they personally assisted me like, one time, 3 years ago.
It's called doing someone a favor. It doesn't mean you can put it on a resume.
Also, these companies do background checks, and when they contact me via e-mail, or Telegram, or Discord, and say "do you know this person?" and send me your resume and photo, it makes you look like a giant jackass when I have to say "I have no idea who that is"
-smelly
๐คฃ252๐ค20๐19โค10๐ข6๐ฑ5๐ฅ4๐3๐2๐2๐1