Let’s start with our first interview,
This week we have:
A very Gentlemanly kind man for his name “pryx”
One of the things that brought me the attention from this gentleman was his “X” bio that sounds like this:
“cybercrime is cool and badass”
Il ike it, yeahhhhh.
That was one of them, I’ll save the others for the interview.
stay, you will learn a lot, you will see….
We talk about motivation, cybercrime as industry, future of cybercrime, techniques, metodologies, operational, and many more.
Let’s deep dive into the interview:
The Motivation
Stega: What led you to get involved in hacking? Was it curiosity, financial gain, challenge, or something else?
Pryx: It started with inspiration and financial gain. I initially joined the field as a white hat, but after observing how cybercriminals were operating and the impact they were making, I got inspired and decided to switch sides.
Stega: Do you consider yourself a black hat? How would you define your moral boundaries in this field?
Pryx: I don’t consider myself anything, that’s for security researchers to decide. I operate based on my own set of rules and goals, not labels.
Stega: How would you define your moral boundaries in this field?
Pryx: I have clear limits. I don’t target hospitals, orphanages, or similar institutions. Unlike some ransomware groups like LockBit, who only care about money and have ransomed many hospitals, I draw the line at causing harm to vulnerable people.
Stega: Were there any socioeconomic or cultural factors that influenced your decision to become and dedicate yourself to cybercrime?
Pryx: Nope, I don’t think so.
Techniques and Methodologies
Stega: What do you think are the most common techniques to use to compromise systems?
Pryx: I think the most used method now is stealer logs, and honestly, that’s disappointing. The new generation of hackers and ransomware groups are constantly searching for cloud and VPN access logs, and that’s messed up. There’s no real hacking involved, no real skills. Personally, I have no respect for those who rely entirely on public stealer logs for their attacks.
Stega: Which techniques do you find most effective?
Pryx: I personally used to conduct spear phishing attacks frequently under an old alias that I can’t disclose for security reasons. Nowadays, I’m focused on malware development and pentesting. Both areas are fascinating, and I’ve had some success in discovering web vulnerabilities.
Stega: What type of infrastructure or tools do you prefer to use?
Pryx: I primarily work with malware and ransomware.
Stega: How do you select targets? What do you look for first? Are you guided by specific opportunities, vulnerabilities, or do you follow a particular profile?
Pryx: Sometimes it’s just based on luck and fun. If I feel like trolling a government, I’ll focus on them until I cause some damage. Other times, it’s more strategic, based on specific vulnerabilities or opportunities that present themselves. It really depends on the situation and my mood at the time.
Operational and Organization
Stega: Do you work alone, or are you part of a group or a network of cybercrime?
Pryx: I mostly work alone. But if I gain access and need help exfiltrating something or don’t have the time to handle it myself, I can rely on some friends. If I decide to do an organized breach, I’ve got people I can call on.
I want to clarify something, I am not a group I’m a single person, since some threat Intel companies do think pryx is a group.
Stega: How do you protect yourself from being tracked or caught? How do you view personal opsec, especially in light of recent examples like the poor opsec from Usdod?
Pryx: I wouldn’t claim to have perfect opsec, but I take my anonymity seriously. Unlike the blatant mistakes we’ve seen recently, like Usdod linking his Instagram bio to his alias, I make it a point to avoid obvious errors. I keep my identity hidden and try to stay as anonymous as possible.
Stega: What kind of data or assets do you find most valuable in operations?
Pryx: Confidential documents and databases filled with personal information are the most valuable. People can’t get enough of that stuff.
Cybercrime as an Industry
Stega: How do international regulations and changes in legislation affect your activities?
Pryx: They don’t, really. I operate in a way that’s independent of those changes. Regulations might affect others, but they don’t have much impact on how I conduct my operations.
Stega: How are you being affected by new laws and regulations? What would happen if platforms like Telegram were shut down or banned?
Pryx: If regulations get in the way or platforms like Telegram are shut down, I can just switch to Signal or another platform that suits my needs. There are always alternatives available.
Future of Cybercrime
Stega: Do you think cybersecurity is becoming harder to evade in the last few years?
Pryx: Not really. While there have been tragic stories like the Usdod dox and Baphomet arrest those were indeed sad and depressing, it mainly came down to poor opsec. As long as I maintain my own strong operational security, I don’t see myself facing such issues. I’m confident that, at least for this year, I won’t end up in jail.
Stega: How do you see the future of cybercrime evolving?
Pryx: I think the future of cybercrime will likely see more trolling and scamming. I don’t expect much radical change in the near future, to be honest. It seems like we’re heading towards more of the same rather than any groundbreaking shifts.
Stega: Do you believe artificial intelligence and machine learning are impacting both security and threats in some way?
Pryx: Yes, AI is definitely having an impact. Many are increasingly relying on AI for everything, which I think is problematic. As AI continues to evolve, there’s a risk that essential skills and knowledge could diminish over time.
Stega: Do you think AI helps or worsens the situation in cybersecurity? Have they caused more than just collateral damage to the industry, especially with many cybercriminals using them?
Pryx: AI and machine learning are definitely used by cybercriminals, but only the skilled ones see real success. Many newcomers just use AI to generate simple Python malware and think they’re real hackers, which is problematic. It’s contributing to a decline in actual skill and understanding in the field.
Stega: What do you think attracts most actors to breach forums? Is it the fame, the admin, the security, or something else?
Pryx: Most are drawn to the community. I’ve made many friends in breach forums who are pretty cool and share a mutual understanding. That’s why forums like BreachForums remain active even after it gets seized by law enforcement or breached there’s no other forum with the same strong sense of community.
Stega: Do you think BreachForums will remain active until the end of the year?
Pryx: Yes, for sure. I have a lot of faith in IntelBroker.
Personal Questions
Stega: How do you see yourself in a few years? Will you still be doing it?
Pryx: Yeah, I plan to keep hacking until I get arrested. It’s a path I’m committed to for now.
Stega: What do you think are the biggest risks or fears you face as a hacker (blackhat)?
Pryx: One of the biggest risks is losing your reputation. In this community, respect is earned through a solid reputation. For me, maintaining my image as Pryx is crucial. I need to stay clear of allegations like scams to keep my standing intact.
Stega: How do you stay motivated in a field that can be both highly stressful and unpredictable?
Pryx: The competition drives me, seeing who can pull off the biggest breach keeps me motivated. While the field can be quite stressful and sometimes depressing, it also provides a significant dopamine rush. That thrill is a big part of why we continue to engage in it.
Stega: Do you feel a sense of power or control from hacking (cybercrime), or is it more about personal satisfaction and curiosity?
Pryx: It’s more about personal satisfaction. The sense of accomplishment is what drives me.
Stega: Has hacking changed your worldview? Do you see the world differently now from your current perspective?
Pryx: Definitely. It’s made me more paranoid and somewhat schizophrenic due to the nature of cybercrime. It changes how you perceive everything around you.
Stega: If you could go back and change your path, would you?
Pryx: No, I don’t regret anything. The path I’ve chosen has been worthwhile.Advice
Stega: What advice would you give to someone thinking of getting into cybercrime or dedicating themselves to it?
Pryx: Just don’t get caught.
And yeah, end is here…
It was very vibrant to talk to him, also very distracting and very interesting I must say.
As a final point we have learned a lot of things from this intriguing and gentlemanly guy.
Thanks for your time pryx, I hope to see you soon on the “good” side.
Best regards Stega”
pryx is around:
https://x.com/holypryx
Cool blog:
c2mdhim6btaiyae3xqthnxsz64brvdxsnbty4tvos65zb565y4v55iid.onion