Jump to content
YOUR-AD-HERE
HOSTING
TOOLS
SERVICE

Search the Community

Showing results for tags 'malicious'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Staff Control
    • Staff Announcements
  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Pentesting Zone
    • Pentesting Accounts
    • Reverse Engineering
  • Security & Anonymity
    • Security
    • Wireless Security
    • Web Security
    • Anonymity
  • Operating Systems | Hardware | Programs
    • Operating systems
    • Hardware
    • PC programs
    • iOS
    • Android
  • Graphic Design
    • Graphic Design
  • vBCms Comments
  • live stream tv
    • live stream tv
  • Marketplace
    • Sell
    • Services
    • Request
  • Pentesting Premium
    • Pentesting Accounts
  • Modders Section
    • Source Codes
    • Manuals | Videos
    • Tools
    • Others
  • PRIV8-Section
    • Exploits
    • Accounts|Dumps
    • Crypter|Binder|Bots
    • Tutorials|Videos
    • Cracked Tools
    • Make Money
    • More Tools
    • Databeses
    • Ebooks
  • Pentesting Zone PRIV8
    • Pentesting Accounts
    • Reverse Engineering
    • Cracker Preview Area
  • Carding Zone PRIV8
    • Carding
    • Phishing
    • Defacing
    • Doxing
    • Special User Premium Preview Area
  • Recycle Bin
    • Recycle
  • Null3D's Nulled Group

Product Groups

  • PRIV8
  • Advertising
  • Access Basic
  • Seller
  • Services

Categories

  • Files
  • Online Book
  • Services

Categories

  • Hacking

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me

  1. Malware Scanner will help you to scan your website with one simple click. It can find both known and unknown viruses, shells, malware, malicious code infections and other website threats. [Hidden Content] [hide][Hidden Content]]
  2. MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner. On Macro-enabled Office documents we can quickly use oletools mraptor to determine whether document is malicious. If we want to dissect it further, we could bring in oletools olevba or oledump. To dissect malicious MSI files, so far we had only one, but reliable and trustworthy lessmsi. However, lessmsi doesn't implement features I was looking for: quick triage Binary data extraction YARA scanning Hence this is where msidump comes into play. Here we can see that input MSI is injected with suspicious VBScript and contains numerous executables in it. Now we want to take a closer look at this VBScript by extracting only that record. [Hidden Content]
  3. OpenAI recently launched an investigation of the potential of its new version GPT-4. In the study you can see its potential for malicious purposes. OpenAI worked to restrict all those responses. For example: As you can see GPT-4 becomes macabre without the restrictions of OpenAI. You can download all the research at this link, it is not wasted.
  4. Malware Scanner will help you to scan your website with one simple click. It can find both known and unknown viruses, shells, malware, malicious code infections and other website threats. [Hidden Content] [hide][Hidden Content]]
  5. How to Identify Malicious Links On Internet With the growing age of the internet where anything can be taught and learnt online, the number of people involved in cyber-crimes and online frauds have also increased significantly. Such an attempt is spreading malicious links over the internet. Its important to know about these type of malicious links to protect yourself from cyber fraud. In this Cyber Security article you will get information about Various types of malicious links you may find on internet, and how to protect yourself from them. Phishing links Phishing is the most common example of such an attacks. Despite various cyber-awareness campaigns and programs, every year people fall victim to online phishing scams due to their negligence towards cyber-security. Thus it is necessary to be aware of phishing attacks and to learn how to identify them. What Is Phishing Phishing is a cyber-fraud in which an attacker creates malicious links and send such links to various people to get their credentials like usernames or passwords. The fundamental work behind every phishing attack is to forge phishing links. These links look normal to people who are not concerned with technology and cyber-security but are links to malicious web pages and websites hosted by the attacker. How does phishing work? The simple scenario behind phishing attacks is - • The attacker creates a webpage looking almost genuine to the users. • The attacker then send links to such web pages to different people who might end up getting tricked. • The attacker then steals the credentials of those users. Phishing Methods Attackers have developed several new ways for spreading phishing links over the internet. Attackers spread these phishing links through various methods like: • Text messages • Fraud E-mails • Through Social Media Platforms like Facebook, Instagram etc. • Via Instant messaging apps like WhatsApp and Telegram. • Online forums and discussion websites. How Identify Phishing Links Identifying a phishing link is not too hard. A phishing link can be easily identified by looking at the URL in the address bar of the web browser. Assume you are visiting the Facebook website. Now, look at the address bar whether the URL is facebook.com or not. Similarly, if you are visiting any website always check the address to ensure the authenticity of the website you are visiting. How to protect yourself from phishing? People always get hacked due to their carelessness, thus you must take all possible steps to minimize or even eliminate the possibilities of falling for phishing attacks. Always follow these steps: Use browser extensions which may automatically identify phishing website. Always check the address bar of the website you are visiting. Always verify whether the website is authentic or not by its working and behaviour. Try to not open every link people send you online. Do not believe in fake text alerts or spam emails. Location Tracking Links Clicking on random links on the internet can also reveal your real-time location to attackers. People try several ways to track the location of people for unethical purposes. One such method is sending malicious links to track location. How does Location Tracking work? It is not hard to track location through link sharing. There are dozens of websites on the internet that allows people to track location through these methods. The scenario behind location tracking is the concept of IP Address. Every system connected to the internet has a unique identity of its own – Its IP Address. When someone opens location tracking links their IP Address is revealed to the website they are visiting. This IP address may contain some vital information including the location of the visitor. How to be safe from getting tracked? To protect yourself from being tracked never open links random people send you on social media platforms and online groups. Along with this simple step, you can also follow the steps mentioned to minimize the risk: • Do not allow unnecessary permissions asked by websites. • Use anti location tracing browser extensions • Use VPN for downloading files from the internet. • Avoid opening random links on the internet. Links That Can Install Viruses & Malware on Your System Attackers try different methods to spread viruses and malware over the internet. They upload malicious programs on the internet and send their links to people who might download them. Once downloaded and installed, these viruses run in the background without the users ever noticing and the users lose their confidential data and information. How malware spread through links? Attackers try to click-bait users by creating highly interactive web-pages, which fascinates the users and they end up downloading those malicious viruses. How to protect yourself from such viruses? These steps can be taken into consideration for protection against such malicious viruses. • Do not download software and applications from unknown sources. • Do not open pop up advertisements. • Disable pop-ups through your browser settings • Always have antivirus software installed on your system.
  6. Malware Scanner will help you to scan your website with one simple click. It can find both known and unknown viruses, shells, malware, malicious code infections and other website threats. [Hidden Content] [hide][Hidden Content]]
  7. The more predictable you are, the less you get detected A technique of hiding malicious shellcode based on low-entropy via Shannon encoding. Entropy is the measure of the randomness in a set of data (here: shellcode). The higher the entropy, the more random the data is. Shannon Entropy is an algorithm that will produce a result between 0 and 8, where 8 means there is no pattern in the data, thereby it's very random and 0 means data follows a pattern. [hide][Hidden Content]]
  8. Malware Scanner will help you to scan your website with one simple click. It can find both known and unknown viruses, shells, malware, malicious code infections and other website threats. [Hidden Content] [hide][Hidden Content]]
  9. Generate ten different malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh Used for penetration testing and/or red-teaming etc. I created this tool because i needed a third party tool to generate a bunch of PDF files with various links. Purpose Test web pages/services accepting PDF-files Test security products Test PDF readers Test PDF converters [hide][Hidden Content]]
  10. Verdict-as-a-Service (VaaS) is a service that provides a platform for scanning files for malware and other threats. It allows easy integration in your application. With a few lines of code, you can start scanning files for malware. ts2.0.2 Latest What's Changed Add cancellation for typescript sdk by @secana in #12 Print status messages by @doxthree in #18 [hide][Hidden Content]]
  11. Lnkbomb is used for uploading malicious shortcut files to insecure file shares. The vulnerability exists due to Windows looking for an icon file to associate with the shortcut file. This icon file can be directed to a penetration tester’s machine running Responder or smbserver to gather NTLMv1 or NTLMv2 hashes (depending on the configuration of the victim host machine). The tester can then attempt to crack those collected hashes offline with a tool like Hashcat. The payload file is uploaded directly to the insecure file specified by the tester in the command line. The tester includes their IP address as well, which is written into the payload. [hide][Hidden Content]]
  12. ABOUT TRACK-EM This Tool can be used to Track location of an Android or ios or any other Devices which support Geolocation . We use Javascript Geolocation api along with django-framework for this attack . To know more about Geolocation api click here . Tool aimed on educational purpose any misuse from users are upto them . Requirements active internet connection linux platform hotspot needed if Termux [hide][Hidden Content]]
  13. Threat actors are distributing altered KMSpico installers to infect Windows devices with malware that steals cryptocurrency wallets. This activity has been spotted by researchers at Red Canary, who warn that pirating software to save on licensing costs isn't worth the risk. KMSPico is a popular Microsoft Windows and Office product activator that emulates a Windows Key Management Services (KMS) server to activate licenses fraudulently. According to Red Canary, many IT departments using KMSPico instead of legitimate Microsoft software licenses are much bigger than one would expect. "We've observed several IT departments using KMSPico instead of legitimate Microsoft licenses to activate systems," explained Red Canary intelligence analyst Tony Lambert. "In fact, we even experienced one ill-fated incident response engagement where our IR partner could not remediate one environment due to the organization not having a single valid Windows license in the environment." Tainted product activators KMSPico is commonly distributed through pirated software and cracks sites that wrap the tool in installers containing adware and malware. As you can see below, there are numerous sites created to distribute KMSPico, all claiming to be the official site. Most Google Search results are sites that claim to be official A malicious KMSPico installer analyzed by RedCanary comes in a self-extracting executable like 7-Zip and contains both an actual KMS server emulator and Cryptbot. "The user becomes infected by clicking one of the malicious links and downloads either KMSPico, Cryptbot, or another malware without KMSPico," explains a technical analysis of the campaign, "The adversaries install KMSPico also, because that is what the victim expects to happen, while simultaneously deploying Cryptbot behind the scenes." The malware is wrapped by the CypherIT packer that obfuscates the installer to prevent it from being detected by security software. This installer then launches a script that is also heavily obfuscated, which is capable of detecting sandboxes and AV emulation, so it won't execute when run on the researcher's devices. Obfuscated code of Cryptbot Source: Red Canary Moreover, Cryptobot checks for the presence of "%APPDATA%\Ramson," and executes its self-deletion routine if the folder exists to prevent re-infection. The injection of the Cryptbot bytes into memory occurs through the process hollowing method, while the malware's operational features overlap with previous research findings. In summary, Cryptbot is capable of collecting sensitive data from the following apps: Atomic cryptocurrency wallet Avast Secure web browser Brave browser Ledger Live cryptocurrency wallet Opera Web Browser Waves Client and Exchange cryptocurrency applications Coinomi cryptocurrency wallet Google Chrome web browser Jaxx Liberty cryptocurrency wallet Electron Cash cryptocurrency wallet Electrum cryptocurrency wallet Exodus cryptocurrency wallet Monero cryptocurrency wallet MultiBitHD cryptocurrency wallet Mozilla Firefox web browser CCleaner web browser Vivaldi web browser Because Cryptbot’s operation doesn’t rely on the existence of unencrypted binaries on the disk, detecting it is only possible by monitoring for malicious behavior such as PowerShell command execution or external network communication. Red Canary shares the following four key points for threat detection: binaries containing AutoIT metadata but don’t have “AutoIT” in their filenames AutoIT processes making external network connections findstr commands similar to findstr /V /R “^ … $ PowerShell or cmd.exe commands containing rd /s /q, timeout, and del /f /q together In summary, if you thought that KSMPico is a smart way to save on unnecessary licensing costs, the above illustrates why that's a bad idea. The reality is that the loss of revenue due to incident response, ransomware attacks, and cryptocurrency theft from installing pirated software could be more than the cost of the actual Windows and Office licenses. Source
  14. Malware Scanner will help you to scan your website with one simple click. It can find both known and unknown viruses, shells, malware, malicious code infections and other website threats. [Hidden Content] [hide][Hidden Content]]
  15. Malicious docx generator to exploit CVE-2021-40444 (Microsoft Office Word Remote Code Execution) Creation of this Script is based on some reverse engineering over the sample used in-the-wild: 938545f7bbe40738908a95da8cdeabb2a11ce2ca36b0f6a74deda9378d380a52 (docx file) You need to install lcab first (sudo apt-get install lcab) Check REPRODUCE.md for manual reproduce steps If your generated cab is not working, try pointing out exploit.html URL to calc.cab Finally try the docx in a Windows Virtual Machine: [hide][Hidden Content]]
  16. PHP malware finder does it is very best to detect obfuscated/dodgy code as well as files using PHP functions often used in malware/webshells. The following list of encoders/obfuscators/webshells are also detected: Best PHP Obfuscator Carbylamine Cipher Design Cyklodev Joes Web Tools Obfuscator P.A.S PHP Jiami Php Obfuscator Encode SpinObf Weevely3 atomiku cobra obfuscator phpencode tennc web-malware-collection webtoolsvn novahot Of course, it’s trivial to bypass PMF, but its goal is to catch kiddies and idiots, not people with a working brain. If you report a stupid tailored bypass for PMF, you likely belong to one (or both) category and should re-read the previous statement. How does it work? Detection is performed by crawling the filesystem and testing files against a set of YARA rules. Yes, it’s that simple! Instead of using an hash-based approach, PMF tries as much as possible to use semantic patterns, to detect things like “a $_GET variable is decoded two times, unziped, and then passed to some dangerous function like system“. [hide][Hidden Content]]
  17. PageTableInjection Code Injection, Inject malicious payload via pagetables pml4. Introduction This is just a proof-of-concept of the page table injection technique to inject malicious code into the arbitrary user processes. On Windows(and some modern OSes), every process has a its PML4 a.k.a Directory Table Base. Thus the process A cannot access process B without APIs. but how about if we can inject arbitrary PML4 entry? of course, the PML4 entry will point to the corresponding physical address of entries, PDP, PD, and PT as exactly the same as the backing process. In order to inject malicious PML4 entry to the target process, we need to have an actual resident page (physical memory) that backing the malicious PML4 entry. Thus literally the resident page must be a resident, otherwise, the system will crash or would become unstable, because, during the MMU translating to the physical address, there is nothing that MMU expects, as well as there is nothing the windows memory manager has nothing expects. Let’s look at the both backing process and target process buffers. In this case, the buffers are: Backing Process VA: 0x1A45F810000 Deployment Process Injected VA: 0x6EA45F810000 Before step to the next, some of you may think that the 2nd address(0x6EA45F810000) looks weird like usually, we allocated buffer via malloc or VirtualAlloc, the virtual address should look like 0x17C7CAC0000 0x23BE9D80000 0x19FE76F0000 or some sort of these. it’s because the malicious PML4 entry is not involved to the memory manager of windows, and is not managed as well. of course every virtual address on Windows 64-bit process could possibly have any value within a range of user memory range. So if we look into both addresses… [hide][Hidden Content]]
  18. A Beginner's Course on Analyzing Malicious PDF and Microsoft Office Documents Using Remnux and Windows Virtual Machines What you'll learn Analyzing Malicious Documents Analyzing Malicious PDF documents Analyzing Malicious Microsoft documents Install Remnux Virtual Machine Extracting document Meta-Data Basic Linux Commands Used in Malware Analysis Extracting Embedded Objects and Javascript from PDF documents Extracting VBA Macro Scripts from Office Documents De-obfuscating Javascript and VBA scripts Automating Analysis of Documents Viewing and Debugging Malicious Office Macros Identifying Maker and Origin of Malicious Documents Using Yara to Identify Malicious Patterns and Signatures Analyzing Open Office XML Format Documents Analyzing Structured Storage Format Documents Estimating age and date of document creation Analyzing powershell scripts Detecting Malware Artifacts and Indicators of Compromise and more... Requirements Windows PC Interest in Malware Analysis Basic Linux knowledge helpful but not strictly necessary Description Did you know that you could infect your computer just by opening a pdf or microsoft office document? If that came as a shocker for you then you need to take this course. Documents are one of the main vector of attacks for malware authors because of their widespread use. Everyone uses documents to create reports, memos and articles. In fact everything we do for communication involves the use of documents. That is why this is a very popular way to infect computers. Documents are used as the first stage of a malware attack. Embedded in documents are scripts that will download a second stage payload consisting of additional malware, eg ransomware, remote access tools and more. In this course, you will learn how to check and analyze malicious pdf and office documents for signs of malicious artifacts and indicators of compromise. This is a beginners course and targeted to those who are absolutely new to this field. I will take you from zero to proficient level in analyzing malicious documents. You will learn using plenty of practical walk-throughs. We will learn the basic knowledge and skills in analyzing documents. All the needed tools and where to download them will be provided. By the end of this course, you will have the fundamentals of malware analysis of documents under your belt to further your studies in this field. Even if you do not intend to take up malware analysis as a career, still the knowledge and skills gained would enable you to check documents for dangers and protect yourself from these attacks. We will use remnux and windows virtual machine. Remnux is a Debian-based linux distribution that contains all the necessary tools for malware analysis. Some background on linux would be helpful but not strictly necessary. We will also install document debuggers in a windows virtual machine. Then, I will show you how to get started with the very basic tools in remnux and windows. All the essential theory will be covered but kept to the minimum. The emphasis is on practicals and lab exercises. Go ahead and enroll now and I will see you inside. Who this course is for: Beginners to Malware Analysis Students embarking on career path to become Malware Analysts Anyone eager to learn how to know if a document is malicious [Hidden Content] [hide][Hidden Content]]
  19. OfficePurge VBA purge your Office documents with OfficePurge. VBA purging removes P-code from module streams within Office documents. Documents that only contain source code and no compiled code are more likely to evade AV detection and YARA rules. Read more here. OfficePurge supports VBA purging Microsoft Office Word (.doc), Excel (.xls), and Publisher (.pub) documents. Original and purged documents for each supported file type with a macro that will spawn calc.exe can be found in the sample-data folder. [hide][Hidden Content]]
  20. Malware Scanner will help you to scan your website with one simple click. It can find both known and unknown viruses, shells, malware, malicious code infections and other website threats. [Hidden Content] [hide][Hidden Content]]
  21. Malware Scanner will help you to scan your website with one simple click. It can find both known and unknown viruses, shells, malware, malicious code infections and other website threats. [Hidden Content] [hide][Hidden Content]]
  22. EvilDLL v1.0 Malicious DLL (Win Reverse Shell) generator for DLL Hijacking [HIDE][Hidden Content]]
  23. Malware Scanner will help you to scan your website with one simple click. It can find both known and unknown viruses, shells, malware, malicious code infections and other website threats. Demo: [Hidden Content] [HIDE][Hidden Content]]
  24. . hhh hhhhhhh hhhhhhhh hhhhhhhh+ hhhhhhhh' hhhhhhhh. hhhhhhhhh ..-- hhhhhhhhh -sh/.. +. hhhhhhhhh: /+/:-/+ss-` hhhhhhhhhh: /MMM`ss:``.` hhhhhhhhhh: .MMMMM: hhhhhhhhhhhhhhhhh: MMMMMMM: hhhhhhhhhhhhhhhh: MMMMMMMMMMMMM: hhhhhhhhhhhhhhhh` :NNm:odh/oMMMNs. hhhhhhhhhhhhhhhh` ./:`smdo+oos++- `++sNMMMMMNmh+ .-y-` ` :. / -dmddhhhhh- o/- `//o/ /M/ `+hhhhhhhh` /o :yosmy +y .`.hhhhhhhho +` /../.: `.y::hhhhhs:` ` `+yys` .sy` /oohhy: `/:s/-`` `.hh` ..` ` y+ .hNNmmNdymmmmds` :- hs. ``.. :y- ` -hhmNmddm+ . `NMMMMMMm ` `oMMy `. /Md- :o MMMMMMMMMMMMMMMMMMM: MMMMMMMMMMMMMMMMMM: MMMMMMMMMMMMMMMMM MMMMMMMMMMMMMMM. `MMMMMMMMMMMMM. :sNMMMNMdo: ``+m:/- ` GodOfWar - Malicious Java WAR builder. A command-line tool to generate war payloads for penetration testing / red teaming purposes, written in ruby. Features Preexisting payloads. (try -l/--list) cmd_get filebrowser bind_shell reverse_shell reverse_shell_ui Configurable backdoor. (try --host/-port) Control over payload name. To avoid malicious name after deployment to bypass URL name signatures. [HIDE][Hidden Content]]
  25. Since some members on here have started creating "builders" of CVE 2018-20250 and starting to charge money from people who cant use the public CVE themself, I decided to make a quickly website which builds a malicious rar file for you. I did not want to use money on a domain for a free service nor to disclose the server IP so i configured tor and created a onion domain but upon alot of interest, i might make it clearnet and purchase a domain for it, you need either tor bundle or tor browser but tor browser is recommended if you are a network dummy. Tor Browser can be downloaded here: [Hidden Content] The service is running on this onion domain: [Hidden Content] Here can some articles be found: [Hidden Content] [Hidden Content] The RAR-file that can be downloaded contain your malicious file that you uploaded to begin with so dont extract the RAR content on your machine and if you do so then navigate to startup folder and delete the executeable file called evil.exe to remove your malware from startup. Spread the word to stop the script kiddies from charging money for public CVE's and also happy spreading.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.