tl;dr long written opinion on being new to cybersecurity, list my experience as a reference to a "jr" role requirement list, show how much of a noob i am, yapping like a yapper

funny_cat_picture_with_caption.png

Non-tldr:

Earlier someone made a comment on one of our posts about requirements for Juniors in cybersecurity. The list was pretty extensive. This isn't a diss to this person, but I strongly disagree with their opinion. Here is what they listed as a requirement to be a Junior in cybersecurity:

• Strong experience in Linux servers and AD
• Must hold at least CCNA, CCNP, CompTIA
• Strong knowledge of cloud computing like AWS, Azure, GCP
• Must have Security+, CEH, CISSP, Cisco CyberOps
• Knowledge of SQL, Oracle db, with Java, Python, C++

If these were required, I wouldn't have a job.

- Never attended a university. Never attended a college. Finished High School (primary school for nerds in UK, EU?) with average grades.

- I use Linux as a daily driver (Ubuntu), and I use Windows 11 for video games and doing C/C++ development. I would not consider myself "strong" in Linux — there are some seriously hardcore Linux nerds. I can use it, I can Google stuff, but I am not "strong" (in my opinion).

- Little to no experience with AD. I've used it in enterprise environments, I'm aware of basic concepts of exploitation of it and lateral movement, but I am nowhere near capable of doing anything serious or important with it. Shoutout the Network and/or System administrators who do stuff with Forests, or something, some buzzword I remember.

- I don't possess any certificates. My understanding of networking is limited to the TCP/IP model (can barely remember OSI model), and basics of headers. My knowledge of networking primarily revolves around using it when programming. I will instantly fail any Cisco related certificate. I can use Wireshark. Am I cool enough?

- I possess little to no knowledge on Cloud computing. I can upload and download files, I can copy and move things, I know how to list files. I know the basics of creating a bucket and doing permissions, but I am by no means an expert. I praise the nerds who do Cloud stuff and DevOps because I think it's boring.

- I've been coding in C for 19 years. I consider myself strong in it. However, I still don't know "everything". I've been studying and/or doing Windows internals stuff for over 10 years. I consider myself "strong", but there are some truly brilliant people who I believe can walk circles around me and make me look like an idiot. There are many, many, many times I realize I have a knowledge gap or make a really obvious and dumb mistake (probably like, every day)

I can code (without using AI like a total dork) in C, C++, Visual Basic .NET framework), C# (.NET framework), Python, AutoIT, Python, x86/x64 MASM, T-SQL. However, my usage of them is varied and many of them I'm extremely rusty.

My opinion is that if you want to do something in cybersecurity, do what you enjoy and do it well. If you want a job you need to apply places, talk to people, get involved, and try hard. You don't need to go to conferences, but cybersecurity is a rapidly evolving field and (similar to Doctors of Medicine), is it profoundly important to remain actively engaged (Continual Education*). Things change daily. You need to be somewhere, doing something, to pay attention and understand what is happening.

- smelly

Updates to the vx-underground collection:

- 2011-07-04 - Mixing x86 with x64 code
- 2018-04-11 - WoW64 internals
- 2023-04-19 - WOW64 Callback Table - FinFisher
- 2025-04-16 - Control Flow Hijacking via Data Pointers

Imma be real with you, Chat. I've been unfathomably busy IRL and it's brought me immense joy schizo-posting satirical nonsense to thousands of people.

The naming convention "Trojan" easily confuses people i.e. Remote Access Trojan. Unfortunately, due to successful media campaigns, the term Trojan is now closely affiliated to condoms.

Instead we petition to formally change the term to something which is reminiscent of the term "Trojan Horse", and carries the same meaning

Suggestion: Horse

Example(s):

- Remote Access Horse
- Sophisticated Horse
- "... The Threat Actors inserted a Horse payload into the Word document..."

Laymen can easily identify a horse and they will understand the concept of a horse on the loose is very dangerous. You can explain to customers there is a horse loose in their computer and the horse is causing serious damage.

This is pretty much what it's like dealing with malware droppers

You're like, oh sweet, it's a kitty cat. But then you discover it's actually a barrage of kitty cats and that's fine but you didn't expect so many at once

It's so privacy focused, it takes images of what you're doing every 90 seconds to ensure you're not making any opsec mistakes.

It then saves it in a super secure location (APP DATA) so then you can review it later if you want

Windows 11 is the more secure and privacy focused Operating System

Only real privacy enthusiasts use it

Hello,

To work in IT and/or cyber security...

You don't like have to like Linux, you don't have to like C (or Assembly), you don't have to like Mr Robot, you don't have to go to conferences or meetups, you don't have to prefer IRC over Discord, you don't have to have a fancy setup

You can like or dislike whatever you want. Don't feel pressured to think or behave a certain way.

ok ttyl love u, kissies
- smelly

TeamSpeak is in the restroom, shadowboxing in their underwear, praying to God that Discord does something stupid(er) and results in a user base collapse

Discord CEO stepped down. The new upcoming CEO was previously the CEO of Activision. His resume includes the implementation of micro-transactions in Call of Duty.

Imagine if Discord suddenly introduces micro-transactions, like paying $10/month for unlimited call times 😂

Updates to the vx-underground collection:

- 2025-03-02 - Abusing IDispatch for Trapped COM Object Access Injecting into PPL Processes
- 2025-04-03 - CreateFileMapping to replace ReadFile
- 2025-04-08 - Notes on bypassing mailbox audit logs

No idea what's going on, but the bucket they reference has millions upon millions of malicious binaries.

How did miss the other 36,999,999 malwares

Today virus exchange was banned from our (other) hosting provider (Wasabi). They claim our domain virus-dot-exchange has malware on it.

They cited 1 specific file hash and stated virus exchange is disabled until we can explain why we have 1 malware on the server

What the fuck?

getting emotional right now, thinking of windows xp and listening to evanescence

https://www.youtube.com/watch?v=5anLPw0Efmo

Updates to the vx-underground collection:

Papers:
- 2004-06-06 - Execution redirection thru Image File Execution Options key
- 2025-04-07 - Bypass WDAC WinDbg Preview
- 2025-04-17 - Notes on RtlGetUnloadEventTraceEx

Malwares:
- InTheWild.0152
- InTheWild.0153
- InTheWild.0154
- InTheWild.0155
- InTheWild.0156
- InTheWild.0157
- InTheWild.0158
- InTheWild.0159

I hate seeing people write and/or say "cyber" in the context of cybersecurity i.e. "I'm studying for cyber right now".

The word "cyber" is an adjective — do you study big, tall, short, tiny, blue, stinky?

/me flips desk

April 14th, 2025, David M. Dorbish Jr., passed away as a result of a suspected drug overdose.

David M. Dorbish Jr. was a prolific online serial swatter who plead guilty to 15 charges in 2020.

wtf my cat has a computer virus

Cats 🤝 Malware

>be me
>work on crappy computer virus website
>uploading 200gb of bad computer programs
>bored
>listening to Primer 55
>looking at cat pictures

ok ttyl, gonna let stuff upload

ultra rare kitty cat

After we reassessed and improved our malware builders collection we've had a significant influx of people asking for the password.

Chat, the noobs are looking for malware

Hello,

Currently uploading 175,000 new malwares. We've also got some papers and other stuff we've gotta add.

cat_picture.png

4chans last words were, "Chicken Jockey"

wtf why this dissin us

Happy Easter

He has AMD Ryzen

We've seen a bunch of dorks on Twitter use this meme format to insert mathematics and physics stuff into the Chad thought bubble.

Hate to be the bearer of bad news, but if you've ever actually spent your day doing something "intellectual intensive", your brain requires brain rot. You physically cannot brain science non-stop everyday. Do gym bros stay in the gym 24/7? Do athletes train 24/7? No. You need down time. The brain is (in some capacity) a muscle too which requires training.

The only people we've seen brain science hardcore non-stop are one of the following (sometimes multiple):

1. Autistic nerds (not memeing), some autistic people have God levels of focus
2. ADHD nerds, if you get them on that weird hyper-focus stuff they'll lock in for like, 4 days and not bathe or eat
3. Nerds on drugs, more common than you'd think, but the nerds abusing amphetamines (or nootropics in general) lock in pretty hard too, until they crash out and they're worthless slabs of meat for like, a week or more

Anyway, the entire point of this micro-rant is to tell some of you to not be brain washed by pseudo-intellectual grifters on social media. The entire part of braining is to have fun, explore, and learn. It isn't a competition, it isn't a "lOoK hOw SmaRt i Am" competition, it isn't a race to who can do the newest and coolest research.

When you're bored of a video game do you force yourself to like it? Same as brain stuff — you might try to force yourself through the boring parts, but eventually you'll be like, "this shit is lame", and move onto something you like more.

Look at cat pictures, laugh at edgy memes, understand there is time for braining and there is time for brain rot.

Okay, talk to you later, love you, mwah kissies kissies
-smelly smellington

One of my fondest memories of Lockbit ransomware group was when Lockbit ransomed a small nonprofit healthcare clinic in South America.

They begged him to decrypt the machines so they can provide treatment to people in need. They primarily provided healthcare to people in remote areas who have little to no money, education, or work.

Lockbit said: "If you have money for computers, you have money to pay me"

Wow, truly a heartwarming moment. Very cool.

Please drink and drive responsibly

Removed weird balloon thing from car. Now can safely store beer in car

Hello,

We've removed the post on the Bubble zero day. The purpose of the post was to draw attention to the issue — which was indeed addressed.

As a recap, 2 researchers published a paper on Bubble-dot-io and how to exploit it. Bubble ignored them. We were requested to relay the issue loudly so it was addressed. It was addressed. Bubble asserts they do not consider this an exploit because this is the result of users failing to RTM and follow the Bubble security guidelines.

I will personally take the L that it was a stretch to classify this as zero day when this is the result of users not following the Bubble best practices guide. It does not impact Bubble in totality.

tl;dr 2 guys 1 bubble

They also called us an embarrassment and said our post is borderline malicious because it is misleading because (or the researchers, whoever), did not read the security guidelines.

Bubble-dot-io employees have responded.

Bubble (or individuals representing the company) assert the code we shared yesterday is not a zero day exploit and we (or the researchers mentioned) failed to take appropriate measures to read the documentation provided by Bubble

In summary, they state each user is responsible for the security of their data and users must follow the appropriate Bubble-dot-io security guidelines. The issues we relayed yesterday do not impact Bubble-dot-io in totality, rather these are customers who failed to follow the guidelines

After we made this post several companies listed here contacted us (or rather, employees).

Every single one who contacted us correctly identified Bubble and were able to assess what we would release

Some of these big companies do NOT play games with security 😂

https://github.com/demon-i386/pop_n_bubble

In 2024, 2 security researchers discovered a flaw in Bubble-dot-io, a self-described AI-based app development and publishing service.

Upon discovering the vulnerability, these 2 researchers notified Bubble. Unfortunately, for whatever reason, this fell on deaf ears.

These individuals subsequently did a talk on the vulnerability, published a proof-of-concept, and even wrote a paper on it. The code and paper show how easy it is to compromise websites and/or applications on Bubble. Despite all of this, Bubble still did nothing.

These 2 individuals then contacted me to request I relay the message loud and clear: you need to fix your software immediately.

In essence, this exploit allows the execution of arbitrary requests to the applications Elastic search which allows data dumping and/or exfiltration.

The applications encryption workflow is performed in the front-end, because Bubble-dot-io uses fixed IV's (shared between ALL clients), exploiting Bubble-dot-io is possible due to the creation of arbitrary payloads by abusing the recovery keys.

All tables can be dumped, including custom tables defined as "custom.(table_name)".

Furthermore, it's possible to attack other clients from Bubble-dot-io because the application does all hosting internally (shared).

- Cryptography keys do not rotate, hence an attacker can reuse the same keys in new Elastic searches
- Timestamps are not verified
- Attackers can enumerate customer subdomains by fuzzing *.bubbleapps-dot-io domain, making identification of targets easier
- If domain doesn't match target, response header will return correct target in 'X-BUBBLEAPP-NAME'

Please note the time date stamp in the attached images.

See subsequent post for link to paper and proof-of-concept.

Chat, it's Friday.

Please hold.

We've got a 0day exploit.

The 0day impacts an organization which provides managed services for Danone, SeaGate, Unity, Shopify, Paramount Pictures, HubSpot, Amazon, PWC, Yamaha, L'Oreal

The exploit was reported, but the vendor ignored it.

Chat, do we drop a 0day on a Friday?

Oh, it's UK underground, the font is just weird.

Font is illegal and for nerds

Someone found this in an antique store today.

Before us there was another vx-underground (apparently) and they were also cool and badass

Use TorGuard VPN.

I didn't have to append this is this post, but they're our hosting provider and the owner uses his company resources and time to collect cat pictures with us.

Hello, how are you?

tl;dr doing stuff

Right now we've got 250GB+ of new malwares we need to push. We're in the process of syncing it, making local backups, etc. We also temporarily stopped migrating virus-dot-exchange, but it's still on the todo list.

As many of you have noticed, updates on things have been volatile and shakey. I greatly miscalculated the difficulty of preparation and deployment of mini-human. I had thought, to some degree, it was an exaggeration that it would require a great deal of effort — it turns out the entire planet (past, and present) was not lying.

Despite the deployment of Smelly Smellington Jr, the general plan will be as follows:

- Continue daily ingests and malware sample distribution from petikvx, JaffaCakes118, and Neiki__. These 3 act as the back bone of our malware ingestion cycle.

- If or when _BradleyVX returns from his family duties: continual archival of The Old New Thing, cat picture collection (semi-joking), and his work on malware collection. Bradley has primarily been responsible for the malware family collection and he will continual doing so.

- Cryakl will continue working on the malware builder collection. Cryakl has done an excellent job ensuring we're up-to-date on malware builders historically and present...ly (?)

- f0wlsec will continue his work on the APT malware samples and papers collection. If you do not see an update in a significant period of time, feel free to poke him with a stick.

My request to anyone who reads this: PLEASE do not hesitate to contact me (or whoever) regarding malware papers (reverse engineering, development, history, whatever). Even if the paper doesn't make it into the collection it is super-duper appreciated when someone notifies us of a potential paper. It makes my life so much easier. If you've written a paper for yourself, or your group, or your company — DON'T hesitate to notify me (or whoever in our group) so it can be archived.

How to send us a paper: literally just send the link on Discord, Twitter, Telegram, e-mail. That's all you have to do. If you send me enough cool stuff maybe you can take my job and be given a pretty staff sticker and I can focus more on other administrative tasks.

Anyway, i'll be AFK. You'll see a spike in silly posts and cat pictures. If this upsets you, I don't know bro, we're busy and this is all for free. You gotta deal with it for awhile.

Love you
- smelly smellington

Anyway, let that echo in your head tonight when you're trying to sleep. 2007 was 18 years ago.

People who are 18 years old, as of 2025, were born the same year as the release of Halo 3 — the same year the original iPhone was released when Steve Jobs was alive.

The people you will be interviewing in the next couple of years do not know a world without smart phones.

For those young ones reading this: XChat is an IRC client

For those young ones reading this: IRC is kind of like Discord, except way slimmed down, way less features but way more flexible and you can host a server yourself

X employees shared online they're rewriting the X DM system and naming it 'XChat' — which is strange because I recall using XChat sometime in the late 90's, or early 2000's

hello tiny people living inside my computer

If we had $1,000,000/yr, Bradley and I would travel to Russia to physically meet Lockbit in person and challenge him to a Yu-Gi-Oh duel to end his operations

If we got $1,000,000/yr (never will happen), vx-underground would transcend space and time, pull malware from the 4th dimension — we'd be producing malware content like we were in the Dragon Ball Z hyperbolic time chamber

We've been surviving for almost 6 years by begging nerds for spare change, sucking the dicks (and clits) of small business owners, and praying X payouts give us more than $50/month

For $500,000/yr we'd be a fuckin' MALWARE REPO MACHINE (3,000 years to spend $1,500,000,000)

According to USASpending, MITRE has received approx. $1,500,000,000 since 2008 from the United States government.

We could survive approx. 30,000 years with that much money 😂😂😂

Hi,

We've archived the MITRE CVE database. The CVE DB is free and open source on GitHub. However, we're providing a backup location for the data. We doubt it'll magically disintegrate in ash, but if it does we have a copy.

https://vx-underground.org/Archive/CVE

Hold up — let 4chan speak. They're onto something here

Slop as a Service

MoistCritical will probably name it, "The 4Chan situation is crazy". He'll open the video with a weird reference to semen, erections, or anime, then say "I'm not an expert on the subject". It'll conclude with "That's pretty much it, see ya".

Here is what's going to happen

SoyJak nerds will meme 4chan mods for awhile. In the midst of it YouTubers will make videos discussing it (MoistCritical, MeatCanyon, TurkeyTom, etc).

Then in like, a year, it'll kind of be back to normal

what do u mean a website historically used for memeing and trolling forked and the memesters and trollsters decided to meme and troll?? how could this have happened???

This random document fell off the back of a bus. Weird.

This random document which randomly fell off the back of a bus (randomly) says MITRE is no longer supporting the CVE program as of April 16th, 2025. Which is crazy, because this random document is dated April 15th, 2025.

BreachForum domain not seized. I misread something from my daily drama nerds cycle I go through.

BreachForums is offline — nerds speculated it will be seized. Or maybe it's just infra problems, or something.

No one knows anything. I can't read

tl;dr nerds from /qa/ raided /lgbt/, mods got irritated, shut down /qa/. Nerds migrated to SoyJak Party instead.

SoyJak Party nerds discovered 4chan was using a dangerously outdated version of PHP and compromised the site. They were able to get access to virtually everything on the site. There is a thread on SoyJak Party about it

Drama escalated when moderators were discovered using emails as firstname-lastname with a .edu because it made it very easy for SoyJak Party nerds to find and meme 4chan moderators.

Drama only intensified more when SoyJak Party nerds memed and forged fake .gov email's into the 4chan moderator images shared. It result in hysteria as conspiracy theory nerds went off the deep end.

tldr tldr nerds raid some gay place, mods get mad, nerds go ballistic and all hell breaks loose

4chan compromised by SoyJak Party people over some conflicts with raiding LGBT image boards — databases dumped, emails leaked, source code leaked

It's Tuesday

We have discovered the krabby patty secret formula for making people give a fuck about cybersecurity research and news.

If you make a brief post explaining what has happened, or what a paper and/or code is doing, it will be ignored — even if you share a link.

However, if you make a post explaining what has happened, basically spoon feeding the subject or paper to the readers, your engagement rate will skyrocket.

SOME of you are really, really, REALLY lazy and can't be bothered to click a link. You want the information hyper-compressed and delivered on a golden-plate with little rose petals and cool and badass cat pictures.

me on the internet

Hasherezade just unveiled another process injection method. There are probably 20 or 30 different process injection methods now, and nerds are still using CreateRemoteThread like it's 2005

Hello,

For several years we've had people ask us something along the lines of, "what's your favorite paper?". Well, today I've begun putting together a "Best Of" list.

This isn't a complete list, I'll add more later.

https://vx-underground.org/Best%20Of

"North Korea has ceremonially opened its first computer club — with Kim Jong Un himself attending the event.

Now, North Korean hackers will be able to comfortably steal billions of dollars from “Western capitalists” for their leader." — Nexta TV

... Based and/or cyber criminal pilled?

This generation was the first to be raised online

Google harvested my data
Tumblr harvested my data
YouTube harvested my data
Vine harvested my data
DeviantArt harvested my data
Blogger harvested my data
Facebook harvested my data
Instagram harvested my data
Etsy harvested my data
Twitter harvested my data

April 11th, 2025, Waylon Wilcox of Dillsburg, Pennsylvania, United States, plead guilty to two (2) counts of filing false individual income tax returns to the United States Internal Revenue Service.

Mr. Wilcox lied to the United States Internal Revenue Service regarding his profit from non-fungible tokens (NFTs).

Mr. Wilcox answered "no" to the United States Internal Revenue Service when asked: “At any time in 2021, did you receive, sell, exchange, or otherwise dispose of financial interest in any virtual currency?” (and any and/or all relevant questions in 2022)*

Mr. Wilcox in actuality collected 97 of 10,000 unique characters of CryptoPunks NFTs* (corrected, edit). He under-reported $8,511,238 in 2021 and $4,599,532 in 2022 in income — far beyond his actual income.

This was in sharp contrast to his (now private) social media which displayed luxurious travels.

Mr. Wilcox owes the United States Internal Revenue Service approx. $3,200,000. He is also facing 6 years in prison.

tl;dr guy makes millions from nfts, clicks "no" on checkbox to tax collection on monies, lies and says doesnt have a lot of monies, doesnt launder money and has millions, the us gov was like "lolwtf how this guy spending so much but says hes broke", looks inside, sees nft monies

me on the internet

Chat, why are Law Enforcement agencies happy people are staying on Telegram? 🤔

April 9th, EUROPOL did a press release regarding the arrest of affiliates using IcedID, SystemBC, PikaBot, Smokeloader, and Bumblebee.

EUROPOL memes the malware authors databases for not being 'GDPR compliant' and (in some capacity) reaching out to and identifying affiliates via Telegram.

Furthermore, EUROPOL put out a warning for customers of 'Superstar' and state they're actively doing arrests, home searches, issuing arrest warrants, doing 'knock-n-talks'.

5 unnamed individuals have been apprehended and are being 'interrogated' (quite literally the words used by EUROPOL, the connotation sounds like they're sending people to Guantanamo Bay).

They also released another mini-anime episode

¯\_(ツ)_/¯

Yeah bro, it's super cool a bunch of cat pictures is more widely shared, appreciated, and praised than 6 years of work of archiving malware related educational material

Oh, and based on seeds and stuff, a guesstimate is over 1 petabyte of cat pictures have been distributed. Cat pictures are x100 more popular than anything we've ever shared or produced

Due to insanely high-demand, we will be working on a kitty cat picture repack. The repack will have non-cat images removed. We will also increase the number of kitty cat pictures present.

Special thanks to DiffeKey for fixing the entire thing.

A visual representation of cybersecurity

Malware 🤝Cat girls

Still not as oopsie-doopsie as when the Indian military left the PDB data present which displayed the developers first name and last name, but making the path "hack" is pretty oopsie too.

Congratulations to APT "Stately Taurus".

Throughout 2021 and 2022 Palo Alto was tracking their activity because they left debug symbols in their DLLs.

They've since learned to remove the debug symbols. Good job, buddy. It took a few years, but you're getting better!

The National Police Agency (NPA) of Japan recent documentation of state-sponsored Threat Actors from China is interesting.

A group they believe to be a subset of APT10, abuses WSB (Windows Sandbox) by creating a .wsb configuration file and using it to spin up an instance of the Windows Sandbox.

This is interesting because Windows Defender cannot access the Windows Sandbox (image 1).

The payload enables folder sharing, network access, clipboard access, microphone access, and video access.

tl;dr abusing the sandbox, sandbox as a c2

Hello,

We would like to speak with the administrative staff at RussianMarket.

Thanks,

Windows 10 support ends October 14th, 2025. It is the calling of the Linux nerds.

> wants to add to blocklist
> tweets it

uhhh ok

"Nothing is certain except computer viruses and cat pictures" — Benjamin Franklin

Someone contacted us and said they 0day'd their school, infected every machine with a custom RAT, and displayed a MessageBox to everyone in the school at the same time. After that, the school hired him to be in charge of cybersecurity

What the fuck are you talking about

Nintendo ransomware group

doing some work in the backyard today, what kind of tree roots are these???

me trying to have a rational conversation about computers with someone on twitter