Exploit development, or dealing with exploits in general, is like purchasing some fresh food from a farmers market. It is new, clean, and pretty.
Malware development is like finding a 20 year old can of peas in your basement. It's old as hell, looks gross, but its still okay
Malware development is like finding a 20 year old can of peas in your basement. It's old as hell, looks gross, but its still okay
π€£89π7β€4π―4π₯1π’1
vx-underground
Exploit development, or dealing with exploits in general, is like purchasing some fresh food from a farmers market. It is new, clean, and pretty. Malware development is like finding a 20 year old can of peas in your basement. It's old as hell, looks grossβ¦
y'know those articles on the process environment block, walking the NTDLL export-address-table? Thats from 29a zine 2... in 1997. It's a 27 year old technique that everyone is still using and yappin' about.
π€£57π€12π5β€4π’3π€3
A ransomware group was compromised.
It contains some interesting information β it's their tooling, some minor chat information, infrastructure credentials, internal notes, etc.
It's going to make some people VERY angry.
tl;dr mini Conti leaks
It contains some interesting information β it's their tooling, some minor chat information, infrastructure credentials, internal notes, etc.
It's going to make some people VERY angry.
tl;dr mini Conti leaks
π€£96π15π€―11β€8π7π7π’4π±2π€1π1
Hello,
It has come to our attention more people have received the recent ransomware leak.
Our advice is to tread carefully. Our primary delaying factor is the presence of victim PII β most notably data from public schools who may or may not have paid the extortionists.
In other words, we aren't making it public until we feel comfortable sharing data we believe people can get value from and learn from, without putting past victims in danger again.
tl;dr not going to distribute hacked schools information and data
It has come to our attention more people have received the recent ransomware leak.
Our advice is to tread carefully. Our primary delaying factor is the presence of victim PII β most notably data from public schools who may or may not have paid the extortionists.
In other words, we aren't making it public until we feel comfortable sharing data we believe people can get value from and learn from, without putting past victims in danger again.
tl;dr not going to distribute hacked schools information and data
β€86π«‘30π€9π3π’3π±2π―2
The unknown person who claims to have compromised zserver dot ru, the bulletproof webhosting provider, has begun sending emails to zserver dot ru clients.
Interestingly, the person who claimed to have compromised zserver dot ru did not tell us this.
One of their customers did.
Interestingly, the person who claimed to have compromised zserver dot ru did not tell us this.
One of their customers did.
π₯78π₯°6π5π’2β€βπ₯1β€1π1
A 0day exploit is going to be dropped soon. We ourselves aren't entirely clear on the details yet, but we know it is going to impact gamers.
It won't impact business operations, unless your end users are unironically playing video games at work.
It won't impact business operations, unless your end users are unironically playing video games at work.
π―106π€30π±16π8π₯6π₯°6β€βπ₯3π€3π’2π2
vx-underground
A 0day exploit is going to be dropped soon. We ourselves aren't entirely clear on the details yet, but we know it is going to impact gamers. It won't impact business operations, unless your end users are unironically playing video games at work.
Note: It's not Steam, it's not Discord
π€120π26π8π’6π€©6β€4π4π±2
This media is not supported in your browser
VIEW IN TELEGRAM
We have appeared in another YouTube documentary. It is always a wonderful feeling knowing we are becoming part of history and making an impact.
Sometimes though it is our silliest quotes that make it into documentaries.
Sometimes though it is our silliest quotes that make it into documentaries.
β€87π31π€£23π6π2π₯2π±2π’1
vx-underground
We have appeared in another YouTube documentary. It is always a wonderful feeling knowing we are becoming part of history and making an impact. Sometimes though it is our silliest quotes that make it into documentaries.
YouTube
How a Hacker Saved the Internet
Visit https://fern.deals/brilliant for 20% off of a premium subscription. Start learning new skills today! It's also a great way to support our channel. (ad)
A group of hackers tried to gain access to millions of servers around the world - a master key toβ¦
A group of hackers tried to gain access to millions of servers around the world - a master key toβ¦
π₯41π€£8β€7π7
Hello, how are you?
tl;dr tl;dr I'm sick, update on ransomware leak, update on video game 0day, stuff
Apologies for so many delayed communications β I have contracted some sort of viral infection. My sinus' have begun draining fluid into my esophagus. tl;dr Sinusitis. As this post is being written, I have consumed enough Robitussin to kill an Elephant.
Anyway, regarding the ransomware leaks, the data is a result of an unknown person(?) compromising ransomware threat actor VPS'. Once the individual compromised the VPS' they decided to forfeit the data over to law enforcement (anonymously) which they believe resulted in the apprehension of individuals and the takedown of several onion domains. Following the takedown and arrests, this person (people?) decided to gift the data to us to study or distribute to others. They believed that, due to the size of our audience, us announcing it and sharing it would disseminate information faster. Because this person(s) compromised a VPS, it has a great deal of victim PII present β it appears they compromised some of their hosts mid-ransomware campaign or attack. In order for us to share it, we need to scrub the victim PII. We still haven't done that (see why in first paragraph).
However, we have decided we will share the data to Threat Intelligence vendors, or anti-virus vendors, or whomever to study, review, blah blah blah. We believe these companies, which typically offer anti-ransomware services, will make good use of this information and data. Truthfully, we ourselves have not reviewed the data in totality. Our domain of study typically revolves around malware development β reviewing VPS data is kind of a Threat Intel / DFIR thing, so there is a lot someone could probably find that we would probably miss. If your organization is interested in the data to do a review, or write-up, or whatever, shoot us an e-mail or a DM or something. You'll need to show us proof you're from a legitimate vendor.
We have no timeline on a public release. I don't feel like scrubbing the PII, maybe someone else in our group feels like it, I don't know, I haven't asked because I've been sick. I could probably ask right now, but I'm not.
About the video game 0day, very few people are aware of its existence and we believe it will cause a mini-shit storm online. It's high severity, but it's impact is limited to a relatively small userbase. I've sworn on the Old Robitussin bottle and the New Robitussin bottle (Game of Thrones reference) to not disclose more information. Regardless, you'll all have a nice chuckle. It's disclosure timeline is roughly 7 - 14 days. The person who found the exploit is doing a writeup. Upon release, the exploit will not be patched.
Finally, we've got lots of updates to vx-underground. I haven't pushed any to prod yet (despite the pile up from petik, Bradley, and GuessThePwd), because I've been sick.
Have a nice day,
- smelly
tl;dr tl;dr I'm sick, update on ransomware leak, update on video game 0day, stuff
Apologies for so many delayed communications β I have contracted some sort of viral infection. My sinus' have begun draining fluid into my esophagus. tl;dr Sinusitis. As this post is being written, I have consumed enough Robitussin to kill an Elephant.
Anyway, regarding the ransomware leaks, the data is a result of an unknown person(?) compromising ransomware threat actor VPS'. Once the individual compromised the VPS' they decided to forfeit the data over to law enforcement (anonymously) which they believe resulted in the apprehension of individuals and the takedown of several onion domains. Following the takedown and arrests, this person (people?) decided to gift the data to us to study or distribute to others. They believed that, due to the size of our audience, us announcing it and sharing it would disseminate information faster. Because this person(s) compromised a VPS, it has a great deal of victim PII present β it appears they compromised some of their hosts mid-ransomware campaign or attack. In order for us to share it, we need to scrub the victim PII. We still haven't done that (see why in first paragraph).
However, we have decided we will share the data to Threat Intelligence vendors, or anti-virus vendors, or whomever to study, review, blah blah blah. We believe these companies, which typically offer anti-ransomware services, will make good use of this information and data. Truthfully, we ourselves have not reviewed the data in totality. Our domain of study typically revolves around malware development β reviewing VPS data is kind of a Threat Intel / DFIR thing, so there is a lot someone could probably find that we would probably miss. If your organization is interested in the data to do a review, or write-up, or whatever, shoot us an e-mail or a DM or something. You'll need to show us proof you're from a legitimate vendor.
We have no timeline on a public release. I don't feel like scrubbing the PII, maybe someone else in our group feels like it, I don't know, I haven't asked because I've been sick. I could probably ask right now, but I'm not.
About the video game 0day, very few people are aware of its existence and we believe it will cause a mini-shit storm online. It's high severity, but it's impact is limited to a relatively small userbase. I've sworn on the Old Robitussin bottle and the New Robitussin bottle (Game of Thrones reference) to not disclose more information. Regardless, you'll all have a nice chuckle. It's disclosure timeline is roughly 7 - 14 days. The person who found the exploit is doing a writeup. Upon release, the exploit will not be patched.
Finally, we've got lots of updates to vx-underground. I haven't pushed any to prod yet (despite the pile up from petik, Bradley, and GuessThePwd), because I've been sick.
Have a nice day,
- smelly
β€118π€£16π8π€8π€6π4π’2
vx-underground
> "smelly can i have {free merch} for {thing}? " > "sure" > "nice try u fuckn fed ur never gettin my dox"
Why even ask us for merchandise, or stickers, if you're going to freak out when we say yes? How are we going to physically mail you something if you can't provide us a physical address?
real world things require real world address, the real world isnt the internet ok
real world things require real world address, the real world isnt the internet ok
π€76π€£51π8β€7π5π5β€βπ₯1π’1
Good evening,
We've got a bunch of malware in queue. Some has already been pushed to prod. It is over 1,000,000 malwares.
Additionally, please give us time to review the over 700 animal pictures we received. We didn't anticipate so many critter pictures.
Thanks,
We've got a bunch of malware in queue. Some has already been pushed to prod. It is over 1,000,000 malwares.
Additionally, please give us time to review the over 700 animal pictures we received. We didn't anticipate so many critter pictures.
Thanks,
π€58β€βπ₯15π₯°7π₯4π’3π1