Jump to content

Leaderboard

Popular Content

Showing content with the highest reputation on 09/16/20 in all areas

  1. A document obtained by Motherboard provides more detail on the malware law enforcement deployed against Encrochat devices. IMAGE: YOUTUBE The malware that French law enforcement deployed en masse onto Encrochat devices, a large encrypted phone network using Android phones, had the capability to harvest "all data stored within the device," and was expected to include chat messages, geolocation data, usernames, passwords, and more, according to a document obtained by Motherboard. The document adds more specifics around the law enforcement hack and subsequent takedown of Encrochat earlier this year. Organized crime groups across Europe and the rest of the world heavily used the network before its seizure, in many cases to facilitate large scale drug trafficking. The operation is one of, if not the, largest law enforcement mass hacking operation to date, with investigators obtaining more than a hundred million encrypted messages. "The NCA has been collaborating with the Gendarmerie on Encrochat for over 18 months, as the servers are hosted in France. The ultimate objective of this collaboration has been to identify and exploit any vulnerability in the service to obtain content," the document reads, referring to both the UK's National Crime Agency and one of the national police forces of France. As well as the geolocation, chat messages, and passwords, the law enforcement malware also told infected Encrochat devices to provide a list of WiFi access points near the device, the document reads. "This command from the implant will result in the JIT receiving the MAC address which is the unique number allocated to each Wi-Fi access point and the SSID which is the human readable name given to that access point," the document adds. A JIT is a joint investigation team, made up of various law enforcement bodies. Encrochat was a company that offered custom-built phones that sent end-to-end encrypted messages to one another. Encrochat took a base Android device, installed its own software, and physically removed the GPS, microphone, and camera functionality to lock down the devices further. These modifications may have impacted what sort of data the malware was actually able to obtain once deployed. Encrochat phones had a panic wipe feature, where if a user entered a particular PIN it would erase data stored on the device. The devices also ran two operating systems that sat side by side; one that appeared to be innocuous, and another that contained the users' more sensitive communications. In a previous email to Motherboard a representative of Encrochat said the firm is a legitimate company with clients in 140 countries, and that it sets out "to find the best technology on the market to provide a reliable and secure service for any organization or individual that want[s] to secure their information." The firm had tens of thousands of users worldwide, and decided to shut itself down after discovering the hack against its network. Encrochat's customers included a British hitman who assassinated a crime leader and an armed robber, and various violent gangs around Europe including those who used so-called "torture chambers." Some of the users may have been legitimate, however. Since the shutdown, police across Europe have arrested hundreds of alleged criminals who used the service. Motherboard previously obtained chat logs that prosecutors have presented as evidence against one drug dealer. Running an encrypted phone company is not typically illegal in-and-of-itself. The U.S. Department of Justice charged Vince Ramos, the CEO of another firm called Phantom Secure with racketeering conspiracy and other charges after an undercover investigation caught him saying the phones were made for drug trafficking. Phantom Secure started as a legitimate firm before catering more to the criminal market. Ramos was sentenced to nine years in prison in May 2019. French authorities said at the time of the Encrochat shutdown that they had legal authority to deploy the mass hack, which they described as a "technical tool." Via vice.com
    2 points
  2. 1 point
  3. # O persoana simpla , care vrea sa invete mai mult si ambitios ..... # Cu intenti bune .... # La inceput de drum ...
    1 point
  4. VMprotect este un anti-debugger sa nu il poti rula in Olly sau in VM. Nu este chiar simplu sa gasesti un unpacker pentru VMprotect care sa si functioneze dar sunt tutoriale. Daca nu vrei sa crackuiesti" softul ci doar sa aflii stringuri poate ai succes. https://vmpsoft.com/ nu stiu daca este acesta deoarece vmprotector pot fi multe daca este detectat de un exe-scope sau alt scanner ce nu indica si versiunea. Si Themida avea functie de VMProtect.
    1 point
  5. /*spune ceva despre tine*/
    1 point
  6. 1 point
  7. Zolom C# Executable with embedded Python that can be used reflectively to run python code on systems without Python installed Usage zolom.exe --script:"from random import seed; from random import random; seed(1); print 'getting random number'; print random();" zolom.exe --b64script:"ZnJvbSByYW5kb20gaW1wb3J0IHNlZWQ7IGZyb20gcmFuZG9tIGltcG9ydCByYW5kb207IHNlZWQoMSk7IHByaW50ICdnZXR0aW5nIHJhbmRvbSBudW1iZXInOyBwcmludCByYW5kb20oKTs=" Building Using Visual Studio restore the nuget packages and then click build. Adding more modules Unzip the Lib.zip file and add your modules, rezip the file and embed as a resource, finally recompile and your new lib should be available Sursa: https://github.com/checkymander/Zolom
    1 point
  8. Asta vorbeam si eu cu un baiat, nu stiu daca are cont pe rst. C# are o chestie foarte puternica: poate rula scripting engine, gen fara sa ai limbajul de scripting instalat pe masina, vezi cazul de fata python. ScriptEngine engine = Python.CreateEngine(); Da. Si fix de zolom era vorba. ;)))) Recomand si cartea https://www.manning.com/books/metaprogramming-in-dot-net
    1 point
  9. Atunci e mai nasol decat ma asteptam. Dar pana la urma nu e nevoie sa gaseasca parola daca vrea doar fisierele. Ar trebui sa incerce Process Monitor sa se uite la scrierile de fisiere, e posibil sa fie scrise undeva in %TEMP%. Daca se face totul din memorie, teoretic e nasol, practic tot se pot pune breakpoint-uri pe WriteFile(Ex) sau chiar NtWriteFile si acolo sa se poata vedea continutul fisierelor.
    1 point
  10. print ("Welcome to", end = ' ') print ("RSTforums", end = '!')
    1 point
  11. https://www.raymond.cc/blog/tracking-registry-and-files-changes-when-installing-software-in-windows/ https://www.itechtics.com/monitor-system-file-registry-changes/ https://www.nirsoft.net/utils/folder_changes_view.html https://www.diskpulse.com/diskpulse_monitoring_directory.html 1.parola nu cred ca o vei gasi asa, doar in codul programului. 2.sunt pe net parolele la unele firmware si ce a postat @gigiRoman este bun.
    1 point
  12. Salut, Da link cu aplicatia sau posteaza aici. Descrie si pasii. Din ce stiu sysmon monitoriza binisor windowsul: https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon
    1 point
×
×
  • Create New...