ransomware except in addition to encrypting data it plays a 10 hour supercut of all yotubes worst jarjar binks impressions and zingers forever until they pay
-
ransomware except it leaks c-suite and board member browser histories for the last 90 days
@Viss I would sponsor this activity
-
ransomware except it signs absolutely every single person in the company who has an email address up to the elon musk fan club
ransomware except that it specifically finds any machines that still have diskette drives in them and plays the mexican hat dance, the imperial march, or the mario theme on them either until their stepper motors burn out, or the ransom is paid
-
@winterknight1337 wow its been a while since i had to use a real c2. i didnt even know these were a thing! i guess ive been lolling too hard in various clouds and posessing the still-living semi-corpses of github workflows too long
@Viss they’re super nice! Only issue is that they’re written in C, so if they crash they take your payload down with it, but they’re designed to avoid cobalt strike’s fork and run behaviors. But generally speaking, it’s a stealthier way to expand C2 payloads.
-
ransomware except it signs absolutely every single person in the company who has an email address up to the elon musk fan club
@Viss oof. too far. just encrypt the drives with a randomised hash at this point.
-
ransomware except it volunteers you to be a CEH exam proctor
@Viss oh this is awful
-
ransomware except that it specifically finds any machines that still have diskette drives in them and plays the mexican hat dance, the imperial march, or the mario theme on them either until their stepper motors burn out, or the ransom is paid
ransomware except, stuxnet style, specifically looks for any computers that are interfaces to mainframes, are mainframe adjacent, or otherwise in a critical workflow path, pauses all the queues in the mainframe, empies them, then rms all the regular computers. doesnt even aim for a ransom. overwrites the bootloader with the nyancat one, except instead of a cat its the fight club bar of soap
-
@Viss oh this is awful
@winterknight1337 it gets worse
-
ransomware except that it specifically finds any machines that still have diskette drives in them and plays the mexican hat dance, the imperial march, or the mario theme on them either until their stepper motors burn out, or the ransom is paid
@Viss How about
import subprocess
import timeCMD = ["eject", "-t"]
DELAY_SECONDS = 1.0def main():
while True:
try:
subprocess.run(CMD, check=False)
except Exception:
# ignore errors and continue
pass
time.sleep(DELAY_SECONDS)if __name__ == "__main__":
main() -
@Viss they’re super nice! Only issue is that they’re written in C, so if they crash they take your payload down with it, but they’re designed to avoid cobalt strike’s fork and run behaviors. But generally speaking, it’s a stealthier way to expand C2 payloads.
@winterknight1337 oh.. some shit crashing your payload you say?
and it takes down some more shit with it you say?
OH WHAT EVER DO YOU MEANhttps://github.com/EmpireProject/Empire/issues/589
-
ransomware except, stuxnet style, specifically looks for any computers that are interfaces to mainframes, are mainframe adjacent, or otherwise in a critical workflow path, pauses all the queues in the mainframe, empies them, then rms all the regular computers. doesnt even aim for a ransom. overwrites the bootloader with the nyancat one, except instead of a cat its the fight club bar of soap
@Viss we’ve got new bootloader overwrites now too!
-
@Viss we’ve got new bootloader overwrites now too!
@winterknight1337 show me
-
@Viss How about
import subprocess
import timeCMD = ["eject", "-t"]
DELAY_SECONDS = 1.0def main():
while True:
try:
subprocess.run(CMD, check=False)
except Exception:
# ignore errors and continue
pass
time.sleep(DELAY_SECONDS)if __name__ == "__main__":
main()@scottwilson can ... can laptops do the pc speaker beep anymore? is that even still a thing?
-
ransomware except it signs absolutely every single person in the company who has an email address up to the elon musk fan club
@Viss I'll fork it to make it even worse. Not only do you get signed up for the Elmo fan club, you'll also get texted a different photo of Ian Miles Cheong every day.
-
@scottwilson can ... can laptops do the pc speaker beep anymore? is that even still a thing?
@Viss Oooh that would be great. I don't know!
-
@scottwilson can ... can laptops do the pc speaker beep anymore? is that even still a thing?
@Viss @scottwilson I don't know about laptops, but my ali-express chinesium pfSense router can.
-
R relay@relay.infosec.exchange shared this topic
-
@Viss I'll fork it to make it even worse. Not only do you get signed up for the Elmo fan club, you'll also get texted a different photo of Ian Miles Cheong every day.
@Viss please, for your own mental health, don't attempt to visualize what this might be like.
-
@Viss @scottwilson I don't know about laptops, but my ali-express chinesium pfSense router can.
@da_667 @scottwilson HOLY FUCK YES OH MY GOD
-
ransomware except that it specifically finds any machines that still have diskette drives in them and plays the mexican hat dance, the imperial march, or the mario theme on them either until their stepper motors burn out, or the ransom is paid
h/t @da_667
da_667 (@da_667@infosec.exchange)
@Viss@mastodon.social @scottwilson I don't know about laptops, but my ali-express chinesium pfSense router can.
Infosec Exchange (infosec.exchange)
malware except it only infects networking appliances that can make pc speaker beeps and boops and forces them to loop through a cacophany of all the shit we used to play on the pc speaker as kids.
mario, doom music, heretic music, descent, star wars, various shit from the mod days -
@winterknight1337 show me
@Viss the only one I have a picture of is we found a payload that overwrites a bootloader with flappy bird, I’ve got it as a one liner (and more) that I can send you
-
@Viss the only one I have a picture of is we found a payload that overwrites a bootloader with flappy bird, I’ve got it as a one liner (and more) that I can send you
@winterknight1337 this is fucking spectacular
