Leaderboard

Salut, Am pont de facut bani: munca. Incercati, si dupa 1an veniti sa-mi spuneti daca a functionat.

Romtelecom avea niste servicii de tot cacatul, de toata pula, muite, futute, gaozarite, slobozite in gura, cred ca Telekom doar a preluat infrastructura si nu a imbunatatit nimic.

Monday, March 14, 2016 Bypassing Antivirus With Ten Lines of Code or (Yet Again) Why Antivirus is Largely Useless I had originally set out to write a long winded blog post on different antivirus bypass techniques. I went through what was supposed to be step 1 of my guide and uploaded my resultant binary to virustotal. To my complete and utter shock, the binary got a 0/56 detection rate. I decided to throw out my long winded idea and move forward with this quick, dirty, and unbelievably easy method. I believe that most of my readers would agree with me that bypassing most antivirus based solutions is rather trivial, however I do occasionally bump in to some people who solely rely on tools that generate binaries that can easily be fingerprinted and flagged by antivirus solutions. This article is largely intended for that audience. Before I dive in to this small tidbit of C++ code, I'd like to touch on a tool that is really good at producing binaries that almost always evade detection, Veil-Evasion (part of theVeil-Framework). This tool is awesome (many thanks to @harmj0y and others for creating and contributing to this awesome project) and in almost all instances I have had to use it has not let me down. If it has, I blame people who keep generating binaries and then testing them on virustotal. If you people could stop doing that, that would be great. At any rate, this begs the question, if tools like Veil Evasion are so epic, why should you care about knowing how to slap togother a binary with a shellcode payload yourself? Well there are a number of reasons: People get busy and tools become deprecated The binaries generated by tools become fingerprintable; not the payload necessarily, but the compiled structure of the binary. As a penetration tester, you should really know how to do this. Ups your leet cred.. or so I hear. Before you take a look at the below code, it's worth noting that this is targeting the windows platform; as obviously noted with the reference to windows.h #include <windows.h> #include <iostream> int main(int argc, char **argv) { char b[] = {/* your XORd with key of 'x' shellcode goes here i.e. 0x4C,0x4F, 0x4C */}; char c[sizeof b]; for (int i = 0; i < sizeof b; i++) {c = b ^ 'x';} void *exec = VirtualAlloc(0, sizeof c, MEM_COMMIT, PAGE_EXECUTE_READWRITE); memcpy(exec, c, sizeof c); ((void(*)())exec)(); } Quite simply, the above code creates a character array with shell code you can add, performs an XOR operation with the incredibly sophisticated key of lowercase 'x', allocates some memory, copies the character array in said allocated memory, and executes it. It may be worth highlighting that you will need to XOR your shellcode with your key of choosing (in this case 'x') before you put it in the above code and compile. So you are probably looking at that and thinking 'really?' - I know how you feel. This is how I felt after I intended this to be step 1 of my tutorial and I ran it through virustotal and it returned 0/56 detection. I'd like to stress that this is an incredible simple and most basic technique, yet its success is still rather astonishing. I originally wrote this example and tested it on virus total a while ago, but I did reanalyze the executable on virustotal at the time of publishing this post and found it still had a 0 detection rate. The binary you generate will very likely not match the SHA256 of the binary I have tested; the binary I uploaded contained shellcode generated with the metasploit framework. Final Comments Alright, so antivirus is dead. We all know that. That being said, we can't argue that over 95% of organizations are still depending on antivirus to protect endpoints. Is there a better way? certainly. A number of vendors, which I shall not name, have launched products that take a new approach to protecting endpoints primarily focusing on identification of known exploit techniques. This is usually performed by way of injecting DLLs in to processes that will monitor for these known techniques and prevent the exploit from working successfully. Is this fool proof technique? I would be inclined to say no. The bar will be raised, but a new type of cat and mouse game will begin. Final note: The above may not work on _all_ antivirus solutions. I figure that was obvious, but thought I would mention it before the pitch forks come after me! Sursa: http://www.attactics.org/2016/03/bypassing-antivirus-with-10-lines-of.html

Bai frate, sunt banat de ceva timp , dar cand ti-am citit postul nu m-am abtinut sa nu-ti dau replica . Cat de ... prost ? incult ? prost crescut ? Nu cred , cel mai probabil egoist , cocalar poti fi ? Acest om , pe care nu-l cunosc , pur si simplu a cerut ajutorul nostru , comunitatii , care e problema ? Nu fura , nu da in cap , daca a cerut ajutorul , ce rau a facut ? In loc sa-l jignesti asa , ai fi putut sa-i spui o vorba buna , dar in nici un caz sa incerci sa ne intorci impotriva lui ( eu unul nu am ajutat cu nimic, dar din cate am citit , sunt mai multi membrii ce l-au ajutat ) . Mai mult ca sigur esti un copil , cu sau fara probleme , imatur , probabil ai sa-ti aduci aminte de cuvintele mele , fiecare dintre noi , o sa-si piarda persoanele dragi , cand le vine vremea , dar , in momentul acela , ai incerca sa ii ajuti cu orice , absolut orice . Prea multe randuri pentru o persoana ca tine , am pierdut 30 de secunde si asta doar din rautate . @alexu Multa sanatate !!!

Mare prost mare om .. daca taicato sau un părinte ar pății asta tu ce chef de munca ai cand afli ca taicato are cancer ... sau daca nu ai terminat inca școlile ?

E prima oara cand aud de tutoriale pentru avansati. Daca vrei cauta proiecte sa faci. Asta e singura solutie.

MicrosoftLumiaRO are redirect catre MicrosoftLumia. Numarul de like-uri intre cele doua pagini este aproape identic. Probabil din cauza redirectului a fost modificat numarul de like-uri? (astfel incat sa indice numarul like-urilor paginii MicrosoftLumia, in loc de MicrosoftLumiaRO) EDIT: https://www.facebook.com/business/help/331800410323820 tl;dr: Global Pages allow advertisers to provide localized versions of their content for their customers all over the world, but with one universal brand name, total fan count, vanity URL, and global insights across their entire fan base.

@Sveratus: Mai lasa-ne coaie cu offtopicul tau si du-te la sapat. Hai, restricted la postat pe-aici pana se indura ceva mod de tine ca mie mi-e scarba de ratati.

Te fute grija de forum, de parca ai contribuit cu ceva. Si... da esti prost, prost rau ba!

Pentru limba romana , apasă tasta X

@aelius parca il banasi pe pulifricul asta... iar a aparut creatura.. @Sveratus esti mai prost decat prevede legea

Am primit, astazi, rezultatul tomografiilor: 1, 2 si 3. @Che te-a rugat tata sa-i spui si lui ce scrie pe acolo si ce inseamna ca trebuie sa faca IRM pelvin. Tomografiile astea le iei de la receptie si nu-ti spune nimeni nimic. Abia pe 21 trebuie sa mearga la a patra sedinta de chimio, unde ar mai putea sa afle cate ceva. Tata se simte bine in continuare, mai ales ca deocamdata nu mai ia citostatice, asa cum i-a zis doctorul oncolog. Merci AGSQ pentru ajutor. Mai am achitata in avans inca o luna de hosting (4 euro) deci si aprilie. Daca ma mut la tine, te anunt. Imi pare bine ca nu ai uitat.

Asta spune multe,puscatiar aorta.

@walker

De ce nu faci public sa invatam toti,sau matale cauti referali ori sclavi cibernetici.ceva e putred in Danemarca,cum zicea un mare nene.

Ce s-a mai intamplat: A terminat cele 25 de sedinte de radioterapie. Acum trebuie sa faca pauza o luna de zile de la citostatice, deoarece a continuat sa le ia si dupa radioterapie, atunci cand trebuia sa se opreasca si incepuse sa-i fie rau. Daca nu le mai ia, momentan se simte foarte bine. Nu-i mai e rau si este vioi. Luna asta doar fructe, sa mai scape de toxicitatea creata de radioterapie si chimio. Acum trebuie sa faca iar tomografie, insa problema a fost sa-i gasesc un spital unde sa o faca pe asigurare. Am dat zeci de telefoane si mi se spunea ca s-au epuizat fondurile si ca sa fie pus pe lista de asteptare sau sa plateasca. De platit nu se pune problema, mai ales ca trebuie sa faca in patru locuri (cap, plamani, abdomen, pelvis) si ar fi costat prea mult. Pana la urma, i-am gasit pe undeva pe la Baneasa, pe asigurare. Miercuri trebuie sa mergem. Sper sa iasa bine, sa nu se mai fi intins cancerul pe undeva. Va tin la curent cu rezultatul tomografiei. PS: chiar daca s-a retras de pe forum, spiritul lui AGSQ inca este pe aici si ii multumesc pentru ajutor.

Man, eu si silent citim carti... Scriem carti :))))))) SEriously?!

In loc de copypaste pune linkul daca totusi vrei sa pui copypaste pune o descriere mai scurta sau tradusa

Ia zi moldovene care e numarul tau de la masina sau esti atat de sarac ca n-ai masina?Virginule daca te prind in strada te iau pe capota saracule.Taran basit ai venit o zi in capitala si te crezi scapatat ,tot un moldovean prost ai ramas.Cand ai venit prima oara la oras,tia-i asezat mamaliga pe capacul de la WC credeai ca-i masa de la bucatarie cu cos.Mars la tara moldovene dute sa te stergi la cur cu frunze de bostan crezi ca ma impresionezi ,ai crescut in porumb tot taran esti duten mm nu ma faci tu pe mn taran,tu care tea facut ma-ta in fanarie.

La scanat cineva ?

Eu va spun ca nu o sa mai scapati de milogi astia spammeri daca nu inchideti postariile astea de milogii si sai banatii , adica ce plm tiai gasit aici sa ceri bitcoin pt tactu duteb plm la munca si intretinel tu sti cati mortii mati au cancer in tara asta?