Jjaemu will never get mad ever again.

> popular browser game in japan
> brush kitty cat
> wtf i love it
> play game
> lose
> get mad
> look inside
> html iframe
> loads index.pck
> gdpc header
> realize im reverse engineering html game
> html game for brushing kitty cat

im a loser dawg fr lmfao

exhausted, crawl into bed, put on weird esoteric youtube videos like elder scrolls lore, dark souls lore, history of religion, or 8 hour long youtube essay
04:00am: wake up randomly from nightmare or panic attack (no idea why), have cigarette to calm nerves

resume working (coding, reversing, reading documentation)
10:00pm: shower? (depends on mood tbh)
11:00pm: extremely hungry, eat random food in house. sometimes have ramen noodles mixed with random canned foods, sometimes order food, sometimes just eat more animal crackers
12:00am:

drinks
04:00pm: brain exhausted, need food, eat giant bag of animal crackers next to desk
04:30pm: frustrated about code, resume working (coding, reversing, reading documentation)
08:30pm: heart palpitations from excessive caffeine, take anti-depressants and sleep medication
09:00pm:

What's it like being a malware researcher? Here is my day.

09:30am: wake up (depends on how bad sleep is)
10:00am: drink energy drink, check news
10:30am: check MISP, see world imploding
11:30am: read random papers from MISP
12:30pm: continue malware research project, chug energy

Hello,

One of my colleagues is looking for a job.

She is a smart lady.

She is searching for a job doing one of the following:
- SecOps Leadership
- IR Leadership
- SOC Leadership
- Security Awareness Leadership
- CTI

Please let me know if you anyone is hiring.

Thanks.

Conversely, my resume is unironically like "lol i like malware and cats and stuff" and it's barely one page.

these fancy job titles mean? I have no idea.

She has a large and comprehensive resume with lots of big words and a Bachelors degree from a large university in the United States (no idea why).

Her resume is large, has lots of words, lots of experience, and jammed in two pages.

Hello,

One of my colleagues is looking for a job.

She is a smart lady.

Unfortunately, she does not do malware stuff (no idea why), she is searching for a job doing one of the following:
- SecOps Leadership
- IR Leadership
- SOC Leadership
- Security Awareness Leadership
- CTI

What do

give yourself unlimited verifications.

these conditions are true, you have far greater issues than someone modifying the PIN on your age verification app or... verify they're an adult using your stuff.

If you want to do this, for whatever reason, using this you can now reset the PIN on your age verification app arbitrarily or

The fundamental problem with this "hack" is it requires three things being true.

1. An attacker must possess the device
2. An attacker must be able to unlock the cell phone
3. The cell phone must be "rooted", all additional cell phone security already bypassed

In the event all three of

software design choice?

Why is it limited how times you can perform an age verification? But why is that also stored locally in the .xml file?

I don't understand

Big drama in the EU today.

I'm not a mobile device security nerd, so I can't comment too much. However, it seems extremely odd all configurations (including the "encrypted pin") are stored in a .xml file.

Mobile nerds, ... is this standard practice? Or did the EU make an incredibly poor

Another zero day exploit released by some nerd (can't remember name right now) because they're annoyed with Microsoft. It's been confirmed by other nerds. It is yet another legit zero day. Whew.

the general layout done... it's just typing out the code and debugging. It's tiring.

I also planned on stripping the headers and making the binary as lightweight as possible. Why? I have no idea. It is totally unnecessary and ass backward logic.

Notification callbacks. When "Update" is clicked my binary is notified and appropriate action is taken.

Again, this is all totally normal functionality, but it's being used for social engineering. The only caveat here is I am trying to do it as painful and convoluted as possible. I have

extremely easy. You literally can just specify "button go to website ooga booga" and that's it.

Because I couldn't find a URI to execute a binary my only option left is using INotificationActivationCallback. Basically, I have to register my malicious code in the registry to receive Toast

prevents FILE://, and I can't find a URI to abuse to deliver file execution (I tried).

I assume the inability to find a Windows URI to abuse for file execution is why the original authors ended up doing ToastNotification -> ClickFix. Making the Toast Notification go to a web domain is

RoInitialize (technically CoInitializeEx).

In the attached image I've successfully impersonated Windows Security. However, "update" doesn't work the way I'd like to. The easiest thing to do in this scenario is trying to abuse a Windows Scheme URI. Unfortunately, WinRT sandboxes and

the way Windows wants you to. I said, "well, I've done WinRT in C before, why not do this in C?" Why not make something mildly annoying 200% more difficult?

It has been a challenge. I decided to do EVERYTHING with the WinRT / COM. I didn't want to make ANY WinAPI invocations omit

to do registry entries so Windows knows where to send Toast stuff to. In C# or Powershell this is still relatively simple, just kind of annoying. In C, it still isn't too bad.

Unfortunately, I am a person who knows only pain. I didn't want to do C#, or .NET, or do anything with WindowsRT

well documented for something like C#. Making a simple notification on Windows which impersonates Windows Defender and runs a .exe (or whatever) is pretty shrimple. But.... there is a massive asterisk next to shrimple because it requires some* pain and suffering.

In extreme summary, need

their paper and code was in C# and Powershell. Their technique displayed a fake update and directed the user to a website which then did ClickFix

So it's like, WindowsClickFix -> ClickFix

I said, "wtf? why not just run program there?"

It turns out you can, it's totally possible and

Yeah, so basically I'm trying to make my own "ClickFix" but for Windows binaries by abusing the Windows Runtime, Component Object Model, and whatever Windows grants me from a limited user profile (see attached image)

I saw some research on Windows Toast Notifications by @ipurple, but

addicted to Phencyclidine a/k/a Angel Dust?

Find out on the next action packed episode of Dragon Ball Z

Is it the result of a different malware campaign? Did they actually steal internet projects and "secrets" from S&P Global? How bad is the Guesty compromise? Will these companies succumb to the ransom demands? What the fuck does PCP stand for in this context? Is TeamPCP suggesting they're

Say what you want about TeamPCP, but they have certainly made attribution much easier.

I can't recall a time a Threat Group specified the malware campaign and malware delivery mechanism that resulted in a compromise.

Is TeamPCP lying about how how they compromised these organizations?