This "Prince Ransomware" just showed up on my GitHub recommendation feed, and the disclaimers are kinda diabolical.
You can't claim that you're "providing researchers with valuable insights into techniques used by TAs" when you're not bringing anything "insightful" to the table.
You're not doing anything new besides using a different encryption scheme. You're just creating yet another ransomware snippet that TAs can lazily modify from.
It sounds like whoever wrote this just slapped on the disclaimer to make themselves feel better.
With some open-source C2 frameworks, you can argue that they do provide valuable alternatives to both the TAs and the researchers, because they do use something new and not readily detectable, sometimes even innovative.
If your project doesn't do any of that - that's fine, you could say it's a fun little side project that you wanted to do to learn how things work or oh I just thought it's a fun weekend project, but making stupid disclaimers like the ones listed in the README genuinely make you sound like you're looking for excuses.
=> View attached media | View attached media
=> More informations about this toot | View the thread | More toots from still@infosec.exchange
text/geminiThis content has been proxied by September (3851b).