Recent Posts

Pages: [1] 2 3 ... 10

General Chatting / Really, Google Drive?

« Last post by MineDweller on Today at 07:43:57 AM »

So, I just downloaded Google Drive so that I can get to my Docs files when I'm not connected to the internet, which is Drive's advertised purpose. I download it, and sync it with my Google account. It takes all of thirty seconds to sync, but I just figured that was due to my connection speed (see signature).

Nope.

Turns out that the files are NOT stored on your computer. They're just shortcuts, each of which is only 150-200 bytes in size. If you open the file with Google Drive, it opens your web browser and the document. If you open it in your web browser, up pops a URL referer and a resource id. That's it.

Is this what's supposed to happen, or what?

Network Security / Re: Best Dos tool Tutorial ever

« Last post by letshavepie on Today at 07:34:59 AM »

OMGZ S0 1337!

Network Security / Re: Best Dos tool Tutorial ever

« Last post by TheCheeseDemon on Today at 07:23:03 AM »

hurr durr

Network Security / Best Dos tool Tutorial ever

« Last post by rockcraft on Today at 07:07:00 AM »

Hey guys here is a link to the best dos tool ever on Youtube I didn't know where to post this I really wanted it submited so it is on the main page but ahhwel haha

http://www.youtube.com/watch?v=jv05hLd7Fxc

Introduction / Re: whats up! just getting started and trying to learn fast.....

« Last post by Hypertext on Yesterday at 09:10:12 PM »

Happy Hacking...

Remote Malware / Re: run exe files from anyother file

« Last post by Hypertext on Yesterday at 08:52:09 PM »

Quote from: peewster on Yesterday at 10:59:51 AM

just wondering, you can easily hide any file withing other files like picture or what ever. Now let's say you have a rat, you can: copy /b image.jpg rat.exe image2.jpg

This will hide the exe file within the image2.jpg

I dont think it will hide the exe inside any jpg. It will merely alter the extension. Now, Dont think this .jpg is useless. There was a nice little thread on this.
http://www.enigmagroup.org/forums/undetection-techniques/false-jpg-txt-log/msg37359/#msg37359

But you are right. This doesnt work on opening the file the regular way. As the Evil1 said, you have to exploit the jpg viewer. But there will be plenty of them out there.

Remote Malware / Re: List of Trojan Creation Programs or Software, can anyone help?

« Last post by Evil1 on Yesterday at 07:14:13 PM »

To answer your first question, making trojan's undetectable is beating the heuristic analysis engine of an AV.
Malware lives in the wild for up to 6 months before its found and analyzed by an AV company and a signature is produced and sent out as part of the AV signature definition database.

The better way around this is just make a new one. New Trojan == New Signature.

The most used approach however is to modify the original trojan in such a way that its no longer a threat or contains none of the original AV signature when being analyzed. This is done either by encryption, or simply modifying enough of the original code to make it still functional, yet obfuscated.

The trouble with encryption is - the key has to reside in the exe. Also, this particular encryption itself when used from some of the various trojan packers is usually found in AV definition tables. The best way around this is to develop your own encryption, however this only protects static analysis, memory scanning AV's will pick you out.

The solution? Open the trojan in a debugger and patch the shit out of it. Make long jumps to meaningless code sections, then jump back. Nop out useless areas such as error handling (thats what SEH is for amirite?), re-align the executable image. Move sections around. Make some spaghetti code.

I still think making your own trojan is easier, but that's just me.

Good luck.

Remote Malware / Re: run exe files from anyother file

« Last post by Evil1 on Yesterday at 06:58:28 PM »

Why not hide your program inside another program? I see where you're going with hiding something inside an image...but....images aren't inherently executable. Far gone is the jpeg exploit of GDI32, as such you can't exactly execute things with a jpeg unless you exploit the picture viewer.

I can hide any program in the '.resources' as a line of text then add a call to the specific memory location to initialize.
You could do it from any section in the binary really as long as its set to execute (resources is =])

For tools, I recommend LordPE which is an awesome PE editor, and also ResHacker which allows you to edit resources of other exe's. Find a stand alone exe game and edit that. What you'd need to do then is some minor binary editing to make the long jmp / far call into the entry point of your executable. For that, I recommend either Olly or Immunity Debugger to patch.