Jump to content
YOUR-AD-HERE
HOSTING
TOOLS
SERVICE

Search the Community

Showing results for tags '.net'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Staff Control
    • Staff Announcements
  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Pentesting Zone
    • Pentesting Accounts
    • Reverse Engineering
  • Security & Anonymity
    • Security
    • Wireless Security
    • Web Security
    • Anonymity
  • Operating Systems | Hardware | Programs
    • Operating systems
    • Hardware
    • PC programs
    • iOS
    • Android
  • Graphic Design
    • Graphic Design
  • vBCms Comments
  • live stream tv
    • live stream tv
  • Marketplace
    • Sell
    • Services
    • Request
  • Pentesting Premium
    • Pentesting Accounts
  • Modders Section
    • Source Codes
    • Manuals | Videos
    • Tools
    • Others
  • PRIV8-Section
    • Exploits
    • Accounts|Dumps
    • Crypter|Binder|Bots
    • Tutorials|Videos
    • Cracked Tools
    • Make Money
    • More Tools
    • Databeses
    • Ebooks
  • Pentesting Zone PRIV8
    • Pentesting Accounts
    • Reverse Engineering
    • Cracker Preview Area
  • Carding Zone PRIV8
    • Carding
    • Phishing
    • Defacing
    • Doxing
    • Special User Premium Preview Area
  • Recycle Bin
    • Recycle
  • Null3D's Nulled Group

Product Groups

  • PRIV8
  • Advertising
  • Access Basic
  • Seller
  • Services

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me

  1. Latest RPS420 RAT. dot NET Remote Administration Trojan. Fun to play with. Have fun. Note: I recommend you to always use this and any other cracked software in a VM or any other Sandbox Environment or RDP/VPS! [Hidden Content]
  2. ASoft .NET Version Detector is a lightweight tool that gives information on the different versions of Microsoft .NET and .NET Core that are installed on a machine. If a certain version isn't on the machine, you can simply follow the link that .NET Version Detector suggests, so it is easier for the novice user to find the runtimes. Detailed information is given of where the .NET Frameworks are installed with links to the directories. The details can easily be copied by a user, to paste in a mail. It supports commandline options to export data to file (txt/xml) and not show the user application. .NET Version Detector is a native application, which means it isn't dependent on any version of .NET or .NET Core to run. Vendors/software developers can use it to get information on the versions a user has installed and where they are located on the hard drive. This is free software from [Hidden Content] and did not require a crack. It is just sometimes useful when working with .NET to see the local installed versions. [Hidden Content] [hide][Hidden Content]]
  3. Features No malicious code Extremely stable Small stub size 7-11 KB No drop to disk ( Memory Execution ) No suspicious API calls 32-bit Native output (C++) Supports 32-bit .NET executables Tested with: .NET 2.0 .NET 3.0 - 3.5 .NET 4.0 - 4.8 Various EXEs Various RATs Various Bots Various Native Crypters [hide][Hidden Content]]
  4. dnSpy is a tool to reverse engineer .NET assemblies. It includes a decompiler, a debugger and an assembly editor (and more) and can be easily extended by writing your own extension. It uses dnlib to read and write assemblies so it can handle obfuscated assemblies (eg. malware) without crashing. Features Open Source (GPLv3) and Free Forever (:TM:) Assembly Editor Use C# or Visual Basic to edit any method, property and event Code editor has IntelliSense (code completion, signature help, quick info) Whole classes can be added to assemblies by adding C# and Visual Basic code Edit all metadata of types (classes), methods, properties, events, fields Add, remove, rename any type (class), method, property, event, field Edit, add, remove .NET resources and save them to disk The IL editor allows editing method bodies at the IL level: IL instructions, locals, exception handlers Debugger Debug any .NET assembly, no source code required Set breakpoints in any assembly, including framework assemblies, assemblies in the GAC and assemblies existing only in memory Memory window Output window Attach to process Locals window raw contents of locals (eg. decrypted byte arrays) can be saved to disk Call Stack window Threads window Modules window Modules (eg. decrypted in-memory modules) can be saved to disk Exception Settings Can debug dynamic assemblies Debugging CoreCLR assemblies is supported Decompile to C#, Visual Basic, IL Themes: blue, dark, light (and high contrast) Supports smaller screens (eg. laptops) Line height can be optimized for smaller screens Blank and non-alphanumeric lines are 75% the normal height No extra spacing between lines (saves 1 vertical pixel per line) Menu and toolbar share the same line Full screen mode (Shift+Alt+Enter) saves some vertical pixels High DPI support and per-monitor DPI-aware Translated to several languages Highly extensible Write your own extensions and add your own features All major features are already extensions (assembly editor, debugger, decompiler) Multiple tabs and tab groups Your screen is too big? Don’t cut it in half, add another vertical tab group and read two classes at once! The tabs and positions within the text editors are saved when you close dnSpy and restored at startup so you can continue where you left off Search assemblies Search for types (classes), methods, properties, events, fields Search for strings or numbers in code Assembly analyzer Find usages of types (classes), methods, properties, events, fields BAML to XAML decompiler Fast Highlighted references, keywords References under the caret are highlighted to make it easier to see all uses of the reference in the code Tab, Shift+Tab, Ctrl+Shift+Up, Ctrl+Shift+Down moves to the next or previous reference Alt+Down and Alt+Up moves to the next or previous definition (type (class), method, property, event, field) Structure visualizer Vertical guide lines shown between start and end of code blocks Different colors are used for different blocks, eg. loop, conditional, method, etc dnlib is used to read and write assemblies so it can handle obfuscated code (eg. malware) without crashing Go to commands: Entry point Assembly static initialization method (<Module>..cctor) Any metadata token Any metadata row Syntax highlighted tooltips with XML doc comments when hovering over a type (class), method, property, event, field Methods, properties and events are decompiled in source code order or a custom user-defined order Source code order means that related methods are usually next to each other, just like the programmer wanted Background images can be shown in the text editor Export to project decompiles all selected assemblies and creates a Visual Studio solution Multiple assemblies can be exported at the same time Creates a Visual Studio solution (supports VS2005 – VS-latest) and project files Supports WinForms and WPF classes (creates a code-behind .cs/.vb file and a WinForms .resx / WPF .xaml file) Converts .NET resources to .resx files Open from GAC Command line decompiler Supports Windows, Linux and Mac Syntax highlights output to the screen Scripting with C# REPL Call public dnSpy methods from scripts Script the debugger and other extensions Hex editor Method tokens and addresses are shown in comments and can be clicked to go to the raw metadata or IL bytes Metadata editor Collapse Assembly Explorer nodes command to quickly collapse unused nodes And more… Dependency updates: Updated dnlib to 3.5.0 Updated Iced to 1.17.0 Roslyn compiler to 4.1.0 Ookii.Dialogs.Wpf to 5.0.1 VS MEF to 16.9.20 ILSpy to 2.4 Mono.Debugger.Soft was updated to the latest commit. [hide][Hidden Content]]
  5. dnSpy is a tool to reverse engineer .NET assemblies. It includes a decompiler, a debugger and an assembly editor (and more) and can be easily extended by writing your own extension. It uses dnlib to read and write assemblies so it can handle obfuscated assemblies (eg. malware) without crashing. Features Open Source (GPLv3) and Free Forever (:TM:) Assembly Editor Use C# or Visual Basic to edit any method, property and event Code editor has IntelliSense (code completion, signature help, quick info) Whole classes can be added to assemblies by adding C# and Visual Basic code Edit all metadata of types (classes), methods, properties, events, fields Add, remove, rename any type (class), method, property, event, field Edit, add, remove .NET resources and save them to disk The IL editor allows editing method bodies at the IL level: IL instructions, locals, exception handlers Debugger Debug any .NET assembly, no source code required Set breakpoints in any assembly, including framework assemblies, assemblies in the GAC and assemblies existing only in memory Memory window Output window Attach to process Locals window raw contents of locals (eg. decrypted byte arrays) can be saved to disk Call Stack window Threads window Modules window Modules (eg. decrypted in-memory modules) can be saved to disk Exception Settings Can debug dynamic assemblies Debugging CoreCLR assemblies is supported Decompile to C#, Visual Basic, IL Themes: blue, dark, light (and high contrast) Supports smaller screens (eg. laptops) Line height can be optimized for smaller screens Blank and non-alphanumeric lines are 75% the normal height No extra spacing between lines (saves 1 vertical pixel per line) Menu and toolbar share the same line Full screen mode (Shift+Alt+Enter) saves some vertical pixels High DPI support and per-monitor DPI-aware Translated to several languages Highly extensible Write your own extensions and add your own features All major features are already extensions (assembly editor, debugger, decompiler) Multiple tabs and tab groups Your screen is too big? Don’t cut it in half, add another vertical tab group and read two classes at once! The tabs and positions within the text editors are saved when you close dnSpy and restored at startup so you can continue where you left off Search assemblies Search for types (classes), methods, properties, events, fields Search for strings or numbers in code Assembly analyzer Find usages of types (classes), methods, properties, events, fields BAML to XAML decompiler Fast Highlighted references, keywords References under the caret are highlighted to make it easier to see all uses of the reference in the code Tab, Shift+Tab, Ctrl+Shift+Up, Ctrl+Shift+Down moves to the next or previous reference Alt+Down and Alt+Up moves to the next or previous definition (type (class), method, property, event, field) Structure visualizer Vertical guide lines shown between start and end of code blocks Different colors are used for different blocks, eg. loop, conditional, method, etc dnlib is used to read and write assemblies so it can handle obfuscated code (eg. malware) without crashing Go to commands: Entry point Assembly static initialization method (<Module>..cctor) Any metadata token Any metadata row Syntax highlighted tooltips with XML doc comments when hovering over a type (class), method, property, event, field Methods, properties and events are decompiled in source code order or a custom user-defined order Source code order means that related methods are usually next to each other, just like the programmer wanted Background images can be shown in the text editor Export to project decompiles all selected assemblies and creates a Visual Studio solution Multiple assemblies can be exported at the same time Creates a Visual Studio solution (supports VS2005 – VS-latest) and project files Supports WinForms and WPF classes (creates a code-behind .cs/.vb file and a WinForms .resx / WPF .xaml file) Converts .NET resources to .resx files Open from GAC Command line decompiler Supports Windows, Linux and Mac Syntax highlights output to the screen Scripting with C# REPL Call public dnSpy methods from scripts Script the debugger and other extensions Hex editor Method tokens and addresses are shown in comments and can be clicked to go to the raw metadata or IL bytes Metadata editor Collapse Assembly Explorer nodes command to quickly collapse unused nodes And more… Changelog v6.2 RC2 Add support for searching by full name by @mobile46. Improvements to GitHub Actions workflow by @Gorialis. Optimized search module by reducing memory allocations. Use .NET Standard instead of .NET Framework for Roslyn projects by @mobile46 fixing #84. Micro-optimizations in various places. Fixed decompiler creating incorrect checked regions for some post increments. dnSpy now reads assembly resolution probe paths from .config files. [hide][Hidden Content]]
  6. dnSpy is a tool to reverse engineer .NET assemblies. It includes a decompiler, a debugger and an assembly editor (and more) and can be easily extended by writing your own extension. It uses dnlib to read and write assemblies so it can handle obfuscated assemblies (eg. malware) without crashing. Features Open Source (GPLv3) and Free Forever (:TM:) Assembly Editor Use C# or Visual Basic to edit any method, property and event Code editor has IntelliSense (code completion, signature help, quick info) Whole classes can be added to assemblies by adding C# and Visual Basic code Edit all metadata of types (classes), methods, properties, events, fields Add, remove, rename any type (class), method, property, event, field Edit, add, remove .NET resources and save them to disk The IL editor allows editing method bodies at the IL level: IL instructions, locals, exception handlers Debugger Debug any .NET assembly, no source code required Set breakpoints in any assembly, including framework assemblies, assemblies in the GAC and assemblies existing only in memory Memory window Output window Attach to process Locals window raw contents of locals (eg. decrypted byte arrays) can be saved to disk Call Stack window Threads window Modules window Modules (eg. decrypted in-memory modules) can be saved to disk Exception Settings Can debug dynamic assemblies Debugging CoreCLR assemblies is supported Decompile to C#, Visual Basic, IL Themes: blue, dark, light (and high contrast) Supports smaller screens (eg. laptops) Line height can be optimized for smaller screens Blank and non-alphanumeric lines are 75% the normal height No extra spacing between lines (saves 1 vertical pixel per line) Menu and toolbar share the same line Full screen mode (Shift+Alt+Enter) saves some vertical pixels High DPI support and per-monitor DPI-aware Translated to several languages Highly extensible Write your own extensions and add your own features All major features are already extensions (assembly editor, debugger, decompiler) Multiple tabs and tab groups Your screen is too big? Don’t cut it in half, add another vertical tab group and read two classes at once! The tabs and positions within the text editors are saved when you close dnSpy and restored at startup so you can continue where you left off Search assemblies Search for types (classes), methods, properties, events, fields Search for strings or numbers in code Assembly analyzer Find usages of types (classes), methods, properties, events, fields BAML to XAML decompiler Fast Highlighted references, keywords References under the caret are highlighted to make it easier to see all uses of the reference in the code Tab, Shift+Tab, Ctrl+Shift+Up, Ctrl+Shift+Down moves to the next or previous reference Alt+Down and Alt+Up moves to the next or previous definition (type (class), method, property, event, field) Structure visualizer Vertical guide lines shown between start and end of code blocks Different colors are used for different blocks, eg. loop, conditional, method, etc dnlib is used to read and write assemblies so it can handle obfuscated code (eg. malware) without crashing Go to commands: Entry point Assembly static initialization method (<Module>..cctor) Any metadata token Any metadata row Syntax highlighted tooltips with XML doc comments when hovering over a type (class), method, property, event, field Methods, properties and events are decompiled in source code order or a custom user-defined order Source code order means that related methods are usually next to each other, just like the programmer wanted Background images can be shown in the text editor Export to project decompiles all selected assemblies and creates a Visual Studio solution Multiple assemblies can be exported at the same time Creates a Visual Studio solution (supports VS2005 – VS-latest) and project files Supports WinForms and WPF classes (creates a code-behind .cs/.vb file and a WinForms .resx / WPF .xaml file) Converts .NET resources to .resx files Open from GAC Command line decompiler Supports Windows, Linux and Mac Syntax highlights output to the screen Scripting with C# REPL Call public dnSpy methods from scripts Script the debugger and other extensions Hex editor Method tokens and addresses are shown in comments and can be clicked to go to the raw metadata or IL bytes Metadata editor Collapse Assembly Explorer nodes command to quickly collapse unused nodes And more… Changelog v6.2 RC1 New features: dnSpy now runs under .NET 6 and .NET Framework 4.8. Move to VS2022 icons for UI and exe files (by @InKahootz and @SychicBoy) Support for tilt/horizontal scrolling in the UI. Added support for editing custom attributes on module resources. Added support for modifying the Log2Rid value when saving the module. Add support for ARM64 target architecture in the assembly editor. Add an enum for PE Magic field in the PE editor (by @riQQ) Show debugged process’s name in the title bar (by @InKahootz) Add support for writing VS2022 compatible .sln files. Added back the Save Code, Save BAML, and Save XAML options in the File context menu which save the contents of the currently open document tab. Debugger: Display a warning message before starting to debug a target file with a different bitness than the current dnSpy version running. Add a new option that allows to automatically break on <Module>::.cctor when starting to debug. Display the exception’s HResult property when an unhandled exception is hit. ILSpy decompiler: Added jump to reference support for jmp() expressions created when the jmp CIL opcode is present. CIL disassembler now includes information about generic parameter attributes and constraints. Add more information to the output when disassembling the module node when using the CIL disassembler. The decompiler now splits up long method call chains using a new line. Generate debug info for yield break; statements. Improvements and bug fixes: Fix the .NET 6 console executable having the incorrect subsystem set in the PE options resulting in a crash. Fixed escaping of namespaces in tooltips. Fixed syntax highlighting for structs in tooltips. Improved RVA <-> FileOffset conversions in PE editor to fix a crash with invalid values being passed in. Improved assembly resolution for .NET Standard, .NET Core, .NET 5, .NET 6. Read probe paths from .config files when searching for satellite assemblies during project export. Fixed incorrect label in the Save Module dialog. ILSpy Decompiler Optimized the variable naming step in the decompiler by reducing memory allocations. Improved insertion of checked() blocks. Improved decompilation of query expressions. Prevent delegate construction decompilation from crashing the entire decompiler if it failed. Improved analysis for unsafe modifier. Ignore invalid prefixes when constructing the ILAst. This prevents a common method used to crash the decompiler from working. Many improvements and fixes to the async method decompilation logic. Optimized the removal of dead nop instructions when building the ILAst. This deficiency was a known method to crash dnSpy’s decompiler by filling a method body with huge amounts of useless code. Fixed a rare case where field initializers would not be detected properly. Fixed a rarely occurring bug that resulted in incorrect ILAst being built. Optimized construction of ILAst by calculating the stack behavior of instruction only once and by caching the result of MethodDef.HasReturnType. Improved required parenthesis analysis. Debugger: Fixed a bug that caused the infamous ??? exception to occur when debugging. Improved debugging support for newer mono runtimes. Fixed a crash that occurred in the .NET Framework version of dnSpy when a module loaded into memory during debugging would contain an invalid file path resulting in a crash. BAML decompiler Resolve namespaces of properties. Fix Name attribute for properties incorrect in rare circumstances. Fix missing x:Static and x:Type (by @wwh1004) Dependency updates: Updated dnlib to 3.5.0 Updated Iced to 1.17.0 Roslyn compiler to 4.1.0 Ookii.Dialogs.Wpf to 5.0.1 VS MEF to 16.9.20 ILSpy to 2.4 Mono.Debugger.Soft was updated to the latest commit. [hide][Hidden Content]]
  7. An open source (GPLv3) deobfuscator for Eziriz .NET Reactor. May 07, 2022 (version 4.0) Latest Welcome to the May 07, 2022 release of .NETReactorSlayer. As always there are few bug fixes and improvements in this version, some of these changes are listed below: 🔧 Changed: Improve & Fix Control Flow Deobfuscator. Improve & Fix Token Decrypter. Improve & Fix Cleaner. Fix Boolean Decrypter. ✨ New: Remove strong name removal protection. [hide][Hidden Content]]
  8. NimPackt is a Nim-based packer for .NET (C#) executables and shellcode targeting Windows. It automatically wraps the payload in a Nim binary that is compiled to Native C and as such harder to detect and reverse engineer. There are two main execution methods: Execute-Assembly re-packs a .NET executable and runs it, optionally applying evasive measures such as API unhooking, AMSI patching, or disabling ETW. Shinject takes raw a .bin file with raw, position-independent shellcode and executes it locally or in a remote process, optionally using direct syscalls to trigger the shellcode or patching API hooks to evade EDR. Currently, NimPackt has the following features. Uses static syscalls to patch execute to evade EDR Unhooks user-mode APIs for the spawned thread by refreshing NTDLL.dll using ShellyCoat Patches Event Tracing for Windows (ETW) Patches the Anti-Malware Scan Interface (AMSI) AES-encrypts payload with a random key to preventing static analysis or fingerprinting Compiles to exe or dll Supports cross-platform compilation (from both Linux and Windows) Integrates with CobaltStrike for ezpz payload generation 😎 A great source for C#-based binaries for offensive tooling can be found here. It is highly recommended to compile the C# binaries yourself. Even though embedded binaries are encrypted, you should obfuscate sensitive binaries (such as Mimikatz) to lower the risk of detection. [hide][Hidden Content]]
  9. AA Restaurant POS is a Restaurant Management System with Point of Sale. This software is specifically designed for Restaurant or Fast Food Shop. You can define recepy for each food item with ingredients.It is a modern, simple, and easy-to-use restaurant management system which is developed in C# using SQLite database. Visual Studio 15 Solution AA Restaurant POS Project with source code Licensing Tool Project with source code Visual Studio Install Project - Main Features Customers Customer Sales Suppliers Supplier Purchases Purchase Invoice Purchase History Sale Invoice Sale History On Hold Sales Stock Management Recepy Management Multiple Warehouses Stock Transfers Weekly Purchase Summary Weekly Sale Summary Overall Summary Cheque and Bank Cash Register Item Requireds Staff Management User Access Control Recepy Ingredients Purchase Invoice Settings Sale Invoice Settings Multiple Sale & Purchase invoice designs Item Units Settings Multiple Date & Time Formates Sale Reconciliations Items Average Cost Expense Management Manage Users Settings Default Username and Password User/Password for Login Username: master Password: master Download: [hide][Hidden Content]] Password: level23hacktools.com
  10. A deobfuscator for Eziriz .NET Reactor Currently Supported .NET Reactor Versions: 6.0.0.0 6.2.0.0 6.3.0.0 6.5.0.0 6.7.0.0 Features: Deobfuscate Control Flow Restore Hidden Calls Remove Proxy Calls Decrypt Strings Remove Anti Tamper Remove Anti Debugger Decrypt Resource Dump Embedded Assemblies Decrypt Methods (NecroBit) Unpack Native... [hide][Hidden Content]]
  11. A .NET file Dump tool based on KsDumper. The way it works is similar to KsDumper. This tool works well for those who don't know how to use KsDumper / can't run KsDumper on their computer. Talking about smooth operation? Of course, it's very good. Much better than KsDumper. [hide][Hidden Content]]
  12. TRY ON VM ONLY. Ryuk .Net Ransomware overwrites all files on the computer (It means nobody can ever return files back) and makes it at least 2 times faster than other ransomwares.It drops read_it.txt for startup folder and all folders which files has been encrypted. This project depends on your donation. Please donete if you want to see next releases in the future This ransomware can change file extension randomized or you can type your own extension. Write your own message and victim will see only that note. readme.txt wil be dropped on every folder which files has been encrypted Encrypted File seems like this [Hidden Content]
  13. A Beginner's Course on Reverse Engineering and Analyzing Malicious .NET and Java Executable Files What you'll learn Decompiling .NET and Java Binaries De-obfuscation of .NET and Java Code Analyzing .NET and Java Malware Detecting Malware Artifacts and Indicators of Compromise Using Flare-VM Malware Analysis Tools Disassembling .NET binary to IL language Decompiling .NET binary to C# or VBNET Static Analysis of .NET and Java Executable Dynamic Analysis and Debugging using dnSpy Setting up Malware Analysis Lab Analyzing Ransomware Analyzing Spyware Trojans and Info-Stealers Identifying Native Files vs .NET and Java Files Decompiling Java Bytecode to Java Source Reverse Engineering Analyzing Cross Platform RATs and more... Requirements Windows PC Interest in Malware Analysis Knowledge of C# and Java would be helpful Description New malware are being created everyday and poses one of the greatest threat to computer systems everywhere. In order to infect Windows, Linux and Mac OSX, malware authors create cross-platform malware using .NET and Java. This course will introduce you to the basics of how to analyze .NET and Java malware - one of the most common and popular ways to create cross platform malware. If you are a beginner just starting out on malware analysis and wish to gain a fundamental knowledge to analyze .NET or Java malware, then this course is for you. It is a beginner course which introduces you to the technique and tools used to reverse engineer and also analyze .NET and Java binaries. In this course, you will learn how to check and analyze malicious .NET and Java executables for signs of malicious artifacts and indicators of compromise. This is a beginners course and targeted to those who are absolutely new to this field. I will take you from zero to proficient level in analyzing malicious .NET and Java binaries. You will learn using plenty of practical walk-throughs. We will learn the basic knowledge and skills in reverse engineering and analyzing malware. All the needed tools and where to download them will be provided. By the end of this course, you will have the fundamentals of malware analysis of .NET and Java under your belt to further your studies in this field. Even if you do not intend to take up malware analysis as a career, still the knowledge and skills gained would enable you to check executables for dangers and protect yourself from these attacks. We will use Flare-VM and windows virtual machine. Flare-VM is a popular Windows based Malware Analyst distribution that contains all the necessary tools for malware analysis. All the essential theory will be covered but kept to the minimum. The emphasis is on practicals and lab exercises. Go ahead and enroll now and I will see you inside. Who this course is for: Anyone who has no background in malware analysis and just starting out in this field Hobbyist who just like to learn how to analyze .NET and Java malware Students who like to get started on the career path to become malware analysts Anyone eager to learn how to detect new malware [Hidden Content] [hide][Hidden Content]]
  14. Sharperner Sharperner is a tool written in CSharp that generates a .NET dropper with AES and XOR obfuscated shellcode. A generated executable can possibly bypass signature check but I can’t be sure it can bypass heuristic scanning. Features PE binary Process Hollowing PPID Spoofing Random generated AES key and iv Final Shellcode, Key, and IV are translated to morse code 🙂 .NET binary AES + XOR encrypted shellcode APC Process Injection (explorer.exe) Random function names Random generated AES key and iv Final Shellcode, Key, and IV are translated to morse code 🙂 [hide][Hidden Content]]
  15. Lists of .NET Deobfuscator and Unpacker (Open Source) [hide][Hidden Content]]
  16. Analyze and view assembly dependencies on the .NET platform. NET Regular Expression Designer Integrated Help Syntax Highlighting Formatted Results The .NET Regular Expression Designer is a free download that helps you learn, develop and test regular expressions. .NET Dependency Walker Assembly Dependencies Native Calls Imported Types The .NET Dependency Walker is a powerful developer tool that allows you to analyze and view .NET assembly dependencies. 23 Dec, 2020 .NET Dependency Walker 1.9 New update to our dependency walker tool fixing known bugs, security and performance issues. [Hidden Content] [hide][Hidden Content]]
  17. Introduction dnSpy is a tool to reverse engineer .NET assemblies, including .NET debugger, a decompiler and an assembly editor. This tool can be easily extended by writing custom and your own plugin. It uses dnlib to read and write assemblies so it can handle obfuscated assemblies without crashing. dnSpy: .NET debugger, decompiler & assembly editor This amazing tool is open source, forever free and has very modern and intuitive design, kinda similar to Visual Studio. It uses many open source libraries: ILSpy decompiler engine: C# and Visual Basic decompilers Roslyn: C# and Visual Basic compilers dnlib: .NET metadata reader/writer which can also read obfuscated assemblies VS MEF: Faster MEF equals faster startup ClrMD: Access to lower level debugging info not provided by the CorDebug API Features Debug .NET Framework, .NET Core and Unity game assemblies, no source code required Edit assemblies in C# or Visual Basic or IL, and edit all metadata High DPI support (per-monitor DPI aware) Extensible, write your own extension BAML decompiler Blue, light and dark themes (and a dark high contrast theme) Bookmarks C# Interactive window can be used to script dnSpy Search assemblies for classes, methods, strings etc Analyze class and method usage, find callers etc Multiple tabs and tab groups References are highlighted, use Tab / Shift+Tab to move to next reference Go to entry point and module initializer commands Go to metadata token or metadata row commands Code tooltips (C# and Visual Basic) Export to project Debugger Debug .NET Framework, .NET Core and Unity game assemblies, no source code required Set breakpoints and step into any assembly Locals, watch, autos windows Variables windows supports saving variables (eg. decrypted byte arrays) to disk or view them in the hex editor (memory window) Object IDs Multiple processes can be debugged at the same time Break on module load Tracepoints and conditional breakpoints Export/import breakpoints and tracepoints Call stack, threads, modules, processes windows Break on thrown exceptions (1st chance) Variables windows support evaluating C# / Visual Basic expressions Dynamic modules can be debugged (but not dynamic methods due to CLR limitations) Output window logs various debugging events, and it shows timestamps by default 🙂 Assemblies that decrypt themselves at runtime can be debugged, dnSpy will use the in-memory image. You can also force dnSpy to always use in-memory images instead of disk files. Public API, you can write an extension or use the C# Interactive window to control the debugger [hide][Hidden Content]]
  18. Features Small Stub 15kb Support Multiple Files [hide][Hidden Content]]
  19. what is Themida Unpacker for .NET? Themida Unpacker for .NET is a tool developed to quickly and easily unpack packed .NET files. Support all version! (Tested in 1.x, 2.x, 3.x) How to use? goto SuspendProcess/bin/Release/ folder Just drag .NET file and select pd.exe! (32bit to 32bit, 64bit to 64bit) pd.exe will dump file! if not, just manual dump with SCYLLA!!!!! you have to install vbruntime and .NET runtime etc.... JUST INSTALL VISUAL STUDIO .NET, C++, Universal Windows Platform!!!!!! :) [hide][Hidden Content]]
  20. dnSpy is a tool to reverse engineer .NET assemblies. It includes a decompiler, a debugger and an assembly editor (and more) and can be easily extended by writing your own extension. It uses dnlib to read and write assemblies so it can handle obfuscated assemblies (eg. malware) without crashing. Features Open Source (GPLv3) and Free Forever (:TM:) Assembly Editor Use C# or Visual Basic to edit any method, property and event Code editor has IntelliSense (code completion, signature help, quick info) Whole classes can be added to assemblies by adding C# and Visual Basic code Edit all metadata of types (classes), methods, properties, events, fields Add, remove, rename any type (class), method, property, event, field Edit, add, remove .NET resources and save them to disk The IL editor allows editing method bodies at the IL level: IL instructions, locals, exception handlers Debugger Debug any .NET assembly, no source code required Set breakpoints in any assembly, including framework assemblies, assemblies in the GAC and assemblies existing only in memory Memory window Output window Attach to process Locals window raw contents of locals (eg. decrypted byte arrays) can be saved to disk Call Stack window Threads window Modules window Modules (eg. decrypted in-memory modules) can be saved to disk Exception Settings Can debug dynamic assemblies Debugging CoreCLR assemblies is supported Decompile to C#, Visual Basic, IL Themes: blue, dark, light (and high contrast) Supports smaller screens (eg. laptops) Line height can be optimized for smaller screens Blank and non-alphanumeric lines are 75% the normal height No extra spacing between lines (saves 1 vertical pixel per line) Menu and toolbar share the same line Full screen mode (Shift+Alt+Enter) saves some vertical pixels High DPI support and per-monitor DPI-aware Translated to several languages Highly extensible Write your own extensions and add your own features All major features are already extensions (assembly editor, debugger, decompiler) Multiple tabs and tab groups Your screen is too big? Don’t cut it in half, add another vertical tab group and read two classes at once! The tabs and positions within the text editors are saved when you close dnSpy and restored at startup so you can continue where you left off Search assemblies Search for types (classes), methods, properties, events, fields Search for strings or numbers in code Assembly analyzer Find usages of types (classes), methods, properties, events, fields BAML to XAML decompiler Fast Highlighted references, keywords References under the caret are highlighted to make it easier to see all uses of the reference in the code Tab, Shift+Tab, Ctrl+Shift+Up, Ctrl+Shift+Down moves to the next or previous reference Alt+Down and Alt+Up moves to the next or previous definition (type (class), method, property, event, field) Structure visualizer Vertical guide lines shown between start and end of code blocks Different colors are used for different blocks, eg. loop, conditional, method, etc dnlib is used to read and write assemblies so it can handle obfuscated code (eg. malware) without crashing Go to commands: Entry point Assembly static initialization method (<Module>..cctor) Any metadata token Any metadata row Syntax highlighted tooltips with XML doc comments when hovering over a type (class), method, property, event, field Methods, properties and events are decompiled in source code order or a custom user-defined order Source code order means that related methods are usually next to each other, just like the programmer wanted Background images can be shown in the text editor Export to project decompiles all selected assemblies and creates a Visual Studio solution Multiple assemblies can be exported at the same time Creates a Visual Studio solution (supports VS2005 – VS-latest) and project files Supports WinForms and WPF classes (creates a code-behind .cs/.vb file and a WinForms .resx / WPF .xaml file) Converts .NET resources to .resx files Open from GAC Command line decompiler Supports Windows, Linux and Mac Syntax highlights output to the screen Scripting with C# REPL Call public dnSpy methods from scripts Script the debugger and other extensions Hex editor Method tokens and addresses are shown in comments and can be clicked to go to the raw metadata or IL bytes Metadata editor Collapse Assembly Explorer nodes command to quickly collapse unused nodes And more… [hide][Hidden Content]]
  21. Tested Gray Keylogger v3 capture all keystrokes and screenshot and send it via provided gmail. Features Easy Graphical User Interface Auto Startup as system starts Low size + Low memory/CPU consompsion Added Stealth mode (hides after running) Run only when any keyboard key is pressed Whats new added ? Capture keystrokes in memory Window title also added with keystrokes Sends JPEG screenshot in specified quality as attachment Stub in multple languages (VB,C#) Multiple Compilation Modes (Winexe,Console,Library) ErrorReporting (Helpfull for developers or Turn off if not needed) Added Icon support [HIDE][Hidden Content]] Server Scan [Hidden Content]
  22. dnSpy is a tool to reverse engineer .NET assemblies. It includes a decompiler, a debugger and an assembly editor (and more) and can be easily extended by writing your own extension. It uses dnlib to read and write assemblies so it can handle obfuscated assemblies (eg. malware) without crashing. Features Open Source (GPLv3) and Free Forever (:TM:) Assembly Editor Use C# or Visual Basic to edit any method, property and event Code editor has IntelliSense (code completion, signature help, quick info) Whole classes can be added to assemblies by adding C# and Visual Basic code Edit all metadata of types (classes), methods, properties, events, fields Add, remove, rename any type (class), method, property, event, field Edit, add, remove .NET resources and save them to disk The IL editor allows editing method bodies at the IL level: IL instructions, locals, exception handlers Debugger Debug any .NET assembly, no source code required Set breakpoints in any assembly, including framework assemblies, assemblies in the GAC and assemblies existing only in memory Memory window Output window Attach to process Locals window raw contents of locals (eg. decrypted byte arrays) can be saved to disk Call Stack window Threads window Modules window Modules (eg. decrypted in-memory modules) can be saved to disk Exception Settings Can debug dynamic assemblies Debugging CoreCLR assemblies is supported Decompile to C#, Visual Basic, IL Themes: blue, dark, light (and high contrast) Supports smaller screens (eg. laptops) Line height can be optimized for smaller screens Blank and non-alphanumeric lines are 75% the normal height No extra spacing between lines (saves 1 vertical pixel per line) Menu and toolbar share the same line Full screen mode (Shift+Alt+Enter) saves some vertical pixels High DPI support and per-monitor DPI-aware Translated to several languages Highly extensible Write your own extensions and add your own features All major features are already extensions (assembly editor, debugger, decompiler) Multiple tabs and tab groups Your screen is too big? Don’t cut it in half, add another vertical tab group and read two classes at once! The tabs and positions within the text editors are saved when you close dnSpy and restored at startup so you can continue where you left off Search assemblies Search for types (classes), methods, properties, events, fields Search for strings or numbers in code Assembly analyzer Find usages of types (classes), methods, properties, events, fields BAML to XAML decompiler Fast Highlighted references, keywords References under the caret are highlighted to make it easier to see all uses of the reference in the code Tab, Shift+Tab, Ctrl+Shift+Up, Ctrl+Shift+Down moves to the next or previous reference Alt+Down and Alt+Up moves to the next or previous definition (type (class), method, property, event, field) Structure visualizer Vertical guide lines shown between start and end of code blocks Different colors are used for different blocks, eg. loop, conditional, method, etc dnlib is used to read and write assemblies so it can handle obfuscated code (eg. malware) without crashing Go to commands: Entry point Assembly static initialization method (<Module>..cctor) Any metadata token Any metadata row Syntax highlighted tooltips with XML doc comments when hovering over a type (class), method, property, event, field Methods, properties and events are decompiled in source code order or a custom user-defined order Source code order means that related methods are usually next to each other, just like the programmer wanted Background images can be shown in the text editor Export to project decompiles all selected assemblies and creates a Visual Studio solution Multiple assemblies can be exported at the same time Creates a Visual Studio solution (supports VS2005 – VS-latest) and project files Supports WinForms and WPF classes (creates a code-behind .cs/.vb file and a WinForms .resx / WPF .xaml file) Converts .NET resources to .resx files Open from GAC Command line decompiler Supports Windows, Linux and Mac Syntax highlights output to the screen Scripting with C# REPL Call public dnSpy methods from scripts Script the debugger and other extensions Hex editor Method tokens and addresses are shown in comments and can be clicked to go to the raw metadata or IL bytes Metadata editor Collapse Assembly Explorer nodes command to quickly collapse unused nodes And more… [HIDE][Hidden Content]]
  23. dnSpy is a tool to reverse engineer .NET assemblies. It includes a decompiler, a debugger and an assembly editor (and more) and can be easily extended by writing your own extension. It uses dnlib to read and write assemblies so it can handle obfuscated assemblies (eg. malware) without crashing. Features Assembly Editor Use C# or Visual Basic to edit any method, property and event Code editor has IntelliSense (code completion, signature help, quick info) Whole classes can be added to assemblies by adding C# and Visual Basic code Edit all metadata of types (classes), methods, properties, events, fields Add, remove, rename any type (class), method, property, event, field Edit, add, remove .NET resources and save them to disk The IL editor allows editing method bodies at the IL level: IL instructions, locals, exception handlers Debugger Debug any .NET assembly, no source code required Set breakpoints in any assembly, including framework assemblies, assemblies in the GAC and assemblies existing only in memory Memory window Output window Attach to process Locals window raw contents of locals (eg. decrypted byte arrays) can be saved to disk Call Stack window Threads window Modules window Modules (eg. decrypted in-memory modules) can be saved to disk Exception Settings Can debug dynamic assemblies Debugging CoreCLR assemblies is supported Decompile to C#, Visual Basic, IL Themes: blue, dark, light (and high contrast) Supports smaller screens (eg. laptops) Line height can be optimized for smaller screens Blank and non-alphanumeric lines are 75% the normal height No extra spacing between lines (saves 1 vertical pixel per line) Menu and toolbar share the same line Full screen mode (Shift+Alt+Enter) saves some vertical pixels High DPI support and per-monitor DPI-aware Translated to several languages Highly extensible Write your own extensions and add your own features All major features are already extensions (assembly editor, debugger, decompiler) Multiple tabs and tab groups Your screen is too big? Don’t cut it in half, add another vertical tab group and read two classes at once! The tabs and positions within the text editors are saved when you close dnSpy and restored at startup so you can continue where you left off Search assemblies Search for types (classes), methods, properties, events, fields Search for strings or numbers in code Assembly analyzer Find usages of types (classes), methods, properties, events, fields BAML to XAML decompiler Fast Highlighted references, keywords References under the caret are highlighted to make it easier to see all uses of the reference in the code Tab, Shift+Tab, Ctrl+Shift+Up, Ctrl+Shift+Down moves to the next or previous reference Alt+Down and Alt+Up moves to the next or previous definition (type (class), method, property, event, field) Structure visualizer Vertical guide lines shown between start and end of code blocks Different colors are used for different blocks, eg. loop, conditional, method, etc dnlib is used to read and write assemblies so it can handle obfuscated code (eg. malware) without crashing Go to commands: Entry point Assembly static initialization method (<Module>..cctor) Any metadata token Any metadata row Syntax highlighted tooltips with XML doc comments when hovering over a type (class), method, property, event, field Methods, properties and events are decompiled in source code order or a custom user-defined order Source code order means that related methods are usually next to each other, just like the programmer wanted Background images can be shown in the text editor Export to project decompiles all selected assemblies and creates a Visual Studio solution Multiple assemblies can be exported at the same time Creates a Visual Studio solution (supports VS2005 – VS-latest) and project files Supports WinForms and WPF classes (creates a code-behind .cs/.vb file and a WinForms .resx / WPF .xaml file) Converts .NET resources to .resx files Open from GAC Command line decompiler Supports Windows, Linux and Mac Syntax highlights output to the screen Scripting with C# REPL Call public dnSpy methods from scripts Script the debugger and other extensions Hex editor Method tokens and addresses are shown in comments and can be clicked to go to the raw metadata or IL bytes Metadata editor Collapse Assembly Explorer nodes command to quickly collapse unused nodes And more… [HIDE][Hidden Content]]
  24. RzyFixer - A .NET Unpacker tool A .NET Unpacker tool, with many features. Using dnlib assembly & cui for the design. Credits Me for the code Developer of Dnlib XSilent for CUI (Console design). Someone else helped me on the anti de4dot fixer, but i forgot who. feel free to get in contact. [hide][Hidden Content]]
  25. dnSpy is a tool to reverse engineer .NET assemblies. It includes a decompiler, a debugger and an assembly editor (and more) and can be easily extended by writing your own extension. It uses dnlib to read and write assemblies so it can handle obfuscated assemblies (eg. malware) without crashing. Features Open Source (GPLv3) and Free Forever (:TM:) Assembly Editor Use C# or Visual Basic to edit any method, property and event Code editor has IntelliSense (code completion, signature help, quick info) Whole classes can be added to assemblies by adding C# and Visual Basic code Edit all metadata of types (classes), methods, properties, events, fields Add, remove, rename any type (class), method, property, event, field Edit, add, remove .NET resources and save them to disk The IL editor allows editing method bodies at the IL level: IL instructions, locals, exception handlers Debugger Debug any .NET assembly, no source code required Set breakpoints in any assembly, including framework assemblies, assemblies in the GAC and assemblies existing only in memory Memory window Output window Attach to process Locals window raw contents of locals (eg. decrypted byte arrays) can be saved to disk Call Stack window Threads window Modules window Modules (eg. decrypted in-memory modules) can be saved to disk Exception Settings Can debug dynamic assemblies Debugging CoreCLR assemblies is supported Decompile to C#, Visual Basic, IL Themes: blue, dark, light (and high contrast) Supports smaller screens (eg. laptops) Line height can be optimized for smaller screens Blank and non-alphanumeric lines are 75% the normal height No extra spacing between lines (saves 1 vertical pixel per line) Menu and toolbar share the same line Full screen mode (Shift+Alt+Enter) saves some vertical pixels High DPI support and per-monitor DPI-aware Translated to several languages Highly extensible Write your own extensions and add your own features All major features are already extensions (assembly editor, debugger, decompiler) Multiple tabs and tab groups Your screen is too big? Don’t cut it in half, add another vertical tab group and read two classes at once! The tabs and positions within the text editors are saved when you close dnSpy and restored at startup so you can continue where you left off Search assemblies Search for types (classes), methods, properties, events, fields Search for strings or numbers in code Assembly analyzer Find usages of types (classes), methods, properties, events, fields BAML to XAML decompiler Fast Highlighted references, keywords References under the caret are highlighted to make it easier to see all uses of the reference in the code Tab, Shift+Tab, Ctrl+Shift+Up, Ctrl+Shift+Down moves to the next or previous reference Alt+Down and Alt+Up moves to the next or previous definition (type (class), method, property, event, field) Structure visualizer Vertical guide lines shown between start and end of code blocks Different colors are used for different blocks, eg. loop, conditional, method, etc dnlib is used to read and write assemblies so it can handle obfuscated code (eg. malware) without crashing Go to commands: Entry point Assembly static initialization method (<Module>..cctor) Any metadata token Any metadata row Syntax highlighted tooltips with XML doc comments when hovering over a type (class), method, property, event, field Methods, properties and events are decompiled in source code order or a custom user-defined order Source code order means that related methods are usually next to each other, just like the programmer wanted Background images can be shown in the text editor Export to project decompiles all selected assemblies and creates a Visual Studio solution Multiple assemblies can be exported at the same time Creates a Visual Studio solution (supports VS2005 – VS-latest) and project files Supports WinForms and WPF classes (creates a code-behind .cs/.vb file and a WinForms .resx / WPF .xaml file) Converts .NET resources to .resx files Open from GAC Command line decompiler Supports Windows, Linux and Mac Syntax highlights output to the screen Scripting with C# REPL Call public dnSpy methods from scripts Script the debugger and other extensions Hex editor Method tokens and addresses are shown in comments and can be clicked to go to the raw metadata or IL bytes Metadata editor Collapse Assembly Explorer nodes command to quickly collapse unused nodes And more… [HIDE][Hidden Content]]
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.