I've got this malware proof-of-concept cooking, but I haven't been able to summon the energy to actually work on it. I'm going to share it with you nerds hoping someone will experiment with it.

Or no one will and I'll do it myself later on, whatever.

Either way, you can do some pretty silly shenanigans with the Windows registry but it requires some tom foolery.

C:\Windows\System32\config\SYSTEM is the actual file (and full file image path) for the Windows registry. The registry is loaded into memory when your OS boots (some fancy Windows internals stuff, whatever).

This file is locked and requires administrative privileges (and a few other things to access it). Even then, it cannot be modified. However, you can do two mildly interesting things:

1. Load it into memory using NtLoadKey. Any changes made will not be present until the OS is restarted (over simplifying, some edge cases exist).

2. Read it into memory with NtOpenFile and NtReadFile (read-only).

This can be a little tricky, depending on where your payload is executing, but you can abuse some Windows components to access these files without a UAC prompt.

ICMLuaUtil!AllowAccessToTheWorld is an undocumented method. I have discussed it in the past (no one else has, no idea why), and using this method you can make any directory "global" to all users on the machine. My hypothesis is that you can abuse ICMLuaUtil!AllowAccessToTheWorld to change the ACL of C:\Windows\System32\config\ to allow your payload to access SYSTEM (offline registry) without triggering UAC.

For case one, using NtLoadKey and using an offline registry hive for registry modification and AV/EDR evasion isn't a new concept. But basically, use ICMLuaUtil!AllowAccessToTheWorld to access SYSTEM offline registry hive, make any modifications using RegSetValue, then "flush" the hive back to disk with NtUnloadKey and restart the machine.

For case two, use ICMLuaUtil!AllowAccessToTheWorld to access SYSTEM and read the file into memory with NtOpenFile and NtReadFile. Once loaded into memory, manually parse the registry (REGF parsing) to query registry keys without using any Windows registry API calls. However, this would be limited to read-only procedures. Case two would be very sneaky and would bamboozle security products.

this thingie

There is this strange phenomena where people new to cybersecurity go way overboard trying to look cool and badass to give the facade of being really technical.

I'll tell you something right now. You probably won't like to hear it, but it is important.

Nobody cares about:
- Your certificates
- The conferences you've attended
- Your vendor swag
- What OS you're using
- How many LED's your computer has

Here is what your peers admire the most:
- If you're polite
- If you're willing to admit if you're wrong
- If you're easy to get along with

If you're just a chill nerd who is nice, easy going, willing to admit when you're wrong, you will go further than the big mean nerd with the galaxy brain

There is literally no reason to live anymore

NASA astronauts having problems with Microsoft Outlook while in space

It's like some shit straight out of a horror movie

Oracle is such a terrible, evil, slime company it borders some sort of twisted black comedy skit.

During the beginning of the Trump administration Larry Ellison discussed building some sort of super-AI system and said it would create as much as 100,000 jobs in the United States

Fast forward, March 2026, Oracle lays off 30,000 people. 30,000 people is an absolutely insane number. Oracle sent out at email at 6am to 30,000 people which were selected using some sort "selective process", which was a computer program, or something, I don't know.

You go online and see people who have worked at Oracle for over 30 years being terminated. People who have had great reviews, sacrificed for the company, ... someone there was terminated and began working at Oracle in 1993.

1993 - 2026 and then terminated by a decision from a computer program while the United States economy is already sliding into the pisser, with inflation, housing crisis, government assistance cuts, gas prices raising, and companies creating hiring freezes

Then today it's announced Oracle has put in H1B requests for approx. 3,000 employees from overseas

What a fucking piece of shit fucking company.

The Iranian government bombed Oracles infrastructure in the UAE today.

This is absolutely terrible news. My heart aches for Oracle.

Iran, please do not destroy this places infrastructure:

The United States government: The Iranian government is bombing data centers that we use for AI!!!!

The American people:

Experiencing some pretty hardcore burn out in malware.

However, a word of advice for the noobs, or less-er experienced people in cybersecurity, "burn out" is part of the natural progression of this ecosystem and it happens to everyone.

Your brain is a muscle (not literally, but brains have this dumb stuff called neuroplasticity, some nerd stuff, whatever), and just like a muscle, you need down time to heal, and science, or something.

Myself personally, I tend to go through waves of absurd productivity with little to no pacing. I get extremely excited, rip through code, ... and then lose control and crash and burn.

Then it takes me anywhere between a few days, ... or few weeks, ... or worse case a few months to recompose myself and get back in the game.

This is a good opportunity to switch it up a little bit. Instead of going schizo on malware, I've been exploring the internet, reading about current geopolitical stuff, and reading some psychology stuff.

I personally think it's important to keep "exercising" the muscle (plus I like learning), but some of my peers decompress altogether and switch to consuming high quality brain rot.

Anyway, the point being, if you've been going hard and suddenly you feel disappointed, or sad, or don't feel that "spark", or feel yourself struggling to even do a few lines of code, it is almost certainly burn out. I know some nerds are kind of hard on themselves, so don't beat yourself up if you feel this way. It happens to all of us (unless you're abusing narcotics to stay locked in).

Take this as a sign and use the opportunity to do something else. One day you'll be doing something and out of seemingly nowhere you'll feel that "spark" again and be like HOLY FUCK, I WANT TO CODE (or whatever you do).

"whats it like working in cybersecurity?"

Something nerds don't want to admit: they low-key enjoy the chaos

Yeah, yeah, ransomware is bad, state sponsored threat actors are bad, but deep down when shit hits the fan it is exciting.

Even though it's just a beep boop computer your adrenaline gets pumping

Why is the President of the United States schizo posting on main

"Praise be to Allah" sent me, not going to lie. I audibly laughed. I don't know what bro is doing anymore

Lost over 400 followers on social media after I made a comment about the President of the United States and his posts on Truth Social

The leader of a country (literally any country) writing "open the fuckin' strait, you crazy bastards, or you'll all be living in Hell" and "Praise be to Allah" when living in a predominantly Christian nation, on Easter Sunday, is genuinely hysterical.

Like, imagine if Claudia Sheinbaum said that, or if Volodymyr Zelenskyy said that

It made me audibly laugh out loud. I'm still laughing about it.

Around 2 hours ago (01:22EST) it appears ILSpy WordPress domain was compromised to deliver malware.

Someone caught it on video. ILSpy WordPress domain (as of this writing) is currently returning 502.

Attempting to download ILSpy, instead of directing to GitHub, redirected to a domain saying you needed to install a browser extension to continue.

I'll share the video I was sent and IoCs later. I'm not home at the moment.

Thank you to "RootSuccess" for sharing this with me via e-mail and all the evidence you provided.

the tl;dr of the drift protocol shenanigans

> be drift protocol
> decentralized trading thingy
> built on solana or something
> april 1st
> april fools
> jk $280,000,000 (approx.) stolen
> rewind
> fall, 2025
> drift people at conference
> crypto nerds approach them
> crypto nerds say theyre at some fancy place
> want to integrate with drift
> crypto nerds sneeky
> crypto nerds only talk to specific people
> wtf how they know who is who?
> crypto nerds hang out in person
> meet at multiple conferences
> crypto nerds smart af, know crypto fr
> these_guys_are_chill.jpeg
> december, january comes around
> setup private group chat
> long meetings about strategy and stuff
> contracts and on-boarding stuff
> fancy_meetings.mp4
> crypto nerds put up $1m in cash for investment
> these_guys_are_legit.mp3
> hang out more in person
> start collaborating with coding projects
> april 1st
> $280,000,000 missing
> cool bros missing
> wtf?
> all chat logs gone
> all software sharing stuff gone
> wtf?
> 1-800-help-us-mandiant
> digital forensic and incident response time
> mandiant looks inside
> 1 drift person compromised from code sharing stuff
> 2nd drift person compromised from some test thingy
> wtf who is this
> look inside
> UNC4736
> unironically north korean spies
> sent abroad to do in-person social engineering
> crypto forensic nerds tie it to radiant capitol hack
> mandiant still investigating right now

tl;dr north korean nerds leave north korea, act like total bros, hang out at conferences, have tons of money, bamboozle people in long-term social engineering and espionage stuff to steal hundreds of millions of dollars

Frustrated nerd drops zero day exploit after Microsoft vulnerability bug bounty people annoy him, or something, I don't know.

Stinky nerds confirm its legit

https://deadeclipse666.blogspot.com/2026/04/public-disclosure.html