Jump to content
YOUR-AD-HERE
HOSTING
TOOLS
SERVICE

Search the Community

Showing results for tags 'encrypted'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Staff Control
    • Staff Announcements
  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Pentesting Zone
    • Pentesting Accounts
    • Reverse Engineering
  • Security & Anonymity
    • Security
    • Wireless Security
    • Web Security
    • Anonymity
  • Operating Systems | Hardware | Programs
    • Operating systems
    • Hardware
    • PC programs
    • iOS
    • Android
  • Graphic Design
    • Graphic Design
  • vBCms Comments
  • live stream tv
    • live stream tv
  • Marketplace
    • Sell
    • Services
    • Request
  • Pentesting Premium
    • Pentesting Accounts
  • Modders Section
    • Source Codes
    • Manuals | Videos
    • Tools
    • Others
  • PRIV8-Section
    • Exploits
    • Accounts|Dumps
    • Crypter|Binder|Bots
    • Tutorials|Videos
    • Cracked Tools
    • Make Money
    • More Tools
    • Databeses
    • Ebooks
  • Pentesting Zone PRIV8
    • Pentesting Accounts
    • Reverse Engineering
    • Cracker Preview Area
  • Carding Zone PRIV8
    • Carding
    • Phishing
    • Defacing
    • Doxing
    • Special User Premium Preview Area
  • Recycle Bin
    • Recycle
  • Null3D's Nulled Group

Product Groups

  • PRIV8
  • Advertising
  • Access Basic
  • Seller
  • Services

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me

Found 10 results

  1. i2pd (I2P Daemon) is a full-featured C++ implementation of I2P client. I2P (Invisible Internet Protocol) is a universal anonymous network layer. All communications over I2P are anonymous and end-to-end encrypted, participants don't reveal their real IP addresses. I2P client is a software used for building and using anonymous I2P networks. Such networks are commonly used for anonymous peer-to-peer applications (filesharing, cryptocurrencies) and anonymous client-server applications (websites, instant messengers, chat-servers). I2P allows people from all around the world to communicate and share information without restrictions. Features Distributed anonymous networking framework End-to-end encrypted communications Small footprint, simple dependencies, fast performance Rich set of APIs for developers of secure applications Supported systems: GNU/Linux (Debian, Ubuntu, etc) - Build on Ubuntu CentOS, Fedora, Mageia - Build Status Alpine, ArchLinux, openSUSE, Gentoo, etc. Windows - Build on Windows Mac OS - Build on OSX Docker image - Build containers Snap - i2pd i2pd FreeBSD - Build on FreeBSD Android - Android CI iOS [Hidden Content]
  2. Threat actors are distributing altered KMSpico installers to infect Windows devices with malware that steals cryptocurrency wallets. This activity has been spotted by researchers at Red Canary, who warn that pirating software to save on licensing costs isn't worth the risk. KMSPico is a popular Microsoft Windows and Office product activator that emulates a Windows Key Management Services (KMS) server to activate licenses fraudulently. According to Red Canary, many IT departments using KMSPico instead of legitimate Microsoft software licenses are much bigger than one would expect. "We've observed several IT departments using KMSPico instead of legitimate Microsoft licenses to activate systems," explained Red Canary intelligence analyst Tony Lambert. "In fact, we even experienced one ill-fated incident response engagement where our IR partner could not remediate one environment due to the organization not having a single valid Windows license in the environment." Tainted product activators KMSPico is commonly distributed through pirated software and cracks sites that wrap the tool in installers containing adware and malware. As you can see below, there are numerous sites created to distribute KMSPico, all claiming to be the official site. Most Google Search results are sites that claim to be official A malicious KMSPico installer analyzed by RedCanary comes in a self-extracting executable like 7-Zip and contains both an actual KMS server emulator and Cryptbot. "The user becomes infected by clicking one of the malicious links and downloads either KMSPico, Cryptbot, or another malware without KMSPico," explains a technical analysis of the campaign, "The adversaries install KMSPico also, because that is what the victim expects to happen, while simultaneously deploying Cryptbot behind the scenes." The malware is wrapped by the CypherIT packer that obfuscates the installer to prevent it from being detected by security software. This installer then launches a script that is also heavily obfuscated, which is capable of detecting sandboxes and AV emulation, so it won't execute when run on the researcher's devices. Obfuscated code of Cryptbot Source: Red Canary Moreover, Cryptobot checks for the presence of "%APPDATA%\Ramson," and executes its self-deletion routine if the folder exists to prevent re-infection. The injection of the Cryptbot bytes into memory occurs through the process hollowing method, while the malware's operational features overlap with previous research findings. In summary, Cryptbot is capable of collecting sensitive data from the following apps: Atomic cryptocurrency wallet Avast Secure web browser Brave browser Ledger Live cryptocurrency wallet Opera Web Browser Waves Client and Exchange cryptocurrency applications Coinomi cryptocurrency wallet Google Chrome web browser Jaxx Liberty cryptocurrency wallet Electron Cash cryptocurrency wallet Electrum cryptocurrency wallet Exodus cryptocurrency wallet Monero cryptocurrency wallet MultiBitHD cryptocurrency wallet Mozilla Firefox web browser CCleaner web browser Vivaldi web browser Because Cryptbot’s operation doesn’t rely on the existence of unencrypted binaries on the disk, detecting it is only possible by monitoring for malicious behavior such as PowerShell command execution or external network communication. Red Canary shares the following four key points for threat detection: binaries containing AutoIT metadata but don’t have “AutoIT” in their filenames AutoIT processes making external network connections findstr commands similar to findstr /V /R “^ … $ PowerShell or cmd.exe commands containing rd /s /q, timeout, and del /f /q together In summary, if you thought that KSMPico is a smart way to save on unnecessary licensing costs, the above illustrates why that's a bad idea. The reality is that the loss of revenue due to incident response, ransomware attacks, and cryptocurrency theft from installing pirated software could be more than the cost of the actual Windows and Office licenses. Source
  3. Invisible Internet Protocol: Network without borders We are building network which helps people to communicate and share information without restrictions. i2pd (I2P Daemon) is a full-featured C++ implementation of I2P client. I2P (Invisible Internet Protocol) is a universal anonymous network layer. All communications over I2P are anonymous and end-to-end encrypted, participants don't reveal their real IP addresses. I2P client is a software used for building and using anonymous I2P networks. Such networks are commonly used for anonymous peer-to-peer applications (filesharing, cryptocurrencies) and anonymous client-server applications (websites, instant messengers, chat-servers). I2P allows people from all around the world to communicate and share information without restrictions. Features Distributed anonymous networking framework End-to-end encrypted communications Small footprint, simple dependencies, fast performance Rich set of APIs for developers of secure applications [Hidden Content]
  4. Huan is an encrypted PE Loader Generator that I developed for learning PE file structure and PE loading processes. It encrypts the PE file to be run with different keys each time and embeds it in a new section of the loader binary. Currently, it works on 64 bit PE files. [hide][Hidden Content]]
  5. Huan is an encrypted PE Loader Generator that I developed for learning PE file structure and PE loading processes. It encrypts the PE file to be run with different keys each time and embeds it in a new section of the loader binary. Currently, it works on 64 bit PE files. [hide][Hidden Content]]
  6. Sharperner is a tool written in CSharp that generate .NET dropper with AES and XOR obfuscated shellcode. Generated executable can possibly bypass signature check but I cant be sure it can bypass heuristic scanning. Features PE binary Process Hollowing PPID Spoofing Random generated AES key and iv Final Shellcode, Key and IV are translated to morse code :) .NET binary AES + XOR encrypted shellcode APC Process Injection (explorer.exe) Random function names Random generated AES key and iv Final Shellcode, Key and IV are translated to morse code :) [hide][Hidden Content]]
  7. xeca is a project that creates encrypted PowerShell payloads for offensive purposes. Creating position independent shellcode from DLL files is also possible. How It Works Identify and encrypt the payload. Load encrypted payload into a powershell script and save to a file named “launch.txt” The key to decrypt the payload is saved to a file named “safe.txt” Execute “launch.txt” on a remote host The script will call back to the attacker defined web server to retrieve the decryption key “safe.txt” Decrypt the payload in memory Execute the intended payload in memory Changelog v0.3 ETW and Script Block Logging bypass added to all payloads. The bypasses can be disabled with –disable-etw and –disable-script-logging. [hide][Hidden Content]]
  8. xeca xeca is a project that creates encrypted PowerShell payloads for offensive purposes. Creating position independent shellcode from DLL files is also possible. How It Works Identify and encrypt the payload. Load encrypted payload into a powershell script and save to a file named “launch.txt” The key to decrypt the payload is saved to a file named “safe.txt” Execute “launch.txt” on a remote host The script will call back to the attacker defined web server to retrieve the decryption key “safe.txt” Decrypt the payload in memory Execute the intended payload in memory [hide][Hidden Content]]
  9. Info: [HIDE][Hidden Content]] # Current Version: 1.2.0.0 ############################################## # ############################################## 1.2.0.0 - Added the Assembly Changer and Icon Changer. - Updated installation method. - Updated dynamic stub library. 1.1.0.0 - Added process manager protection. - Added ip logger function. - Added dynamic stub library. 1.0.0.1 - Fix single instance issue. - Fix the encryption error on mutex. Server Scan [Hidden Content]
  10. ThunderShell ThunderShell is a C# RAT that communicates via HTTP requests. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network detection on the target system. RC4 is a weak cipher and is employed here to help obfuscate the traffic. HTTPS options should be used to provide integrity and strong encryption. Advantage against detection The "core" RAT doesn't require a second stage to be injected / loaded in memory. Version 2.1.2 (11/01/2019) [HIDE][Hidden Content]]
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.