User Controls
Sophie's Remote Access Trojan(Build 0.95) Modular Framework Integration
-
2015-09-30 at 11:30 AM UTCI remember this old trojan constructor kit from the early 2000's which used HEX code to obfuscate the shellcode. It built a standalone .html file which, when loaded locally or remotely in the browser, executed a driveby script which contained mostly HEX code and javascript, which built an executable .HTA file on-the-fly in the viewer's TEMP folder, which then used the obfuscated shell code in the HEX to build the trojan .EXE and start it. It was really cool the way it worked. Trying to find the POC for it, but it appears to be lost to time now.
_________________________
[FONT=sans-serif][SIZE=14px]An [/SIZE][/FONT]HTML Application[FONT=sans-serif][SIZE=14px] ([/SIZE][/FONT]HTA[FONT=sans-serif][SIZE=14px]) is a [/SIZE][/FONT]Microsoft Windows[FONT=sans-serif][SIZE=14px] program whose source code consists of [/SIZE][/FONT]HTML[FONT=sans-serif][SIZE=14px], [/SIZE][/FONT]Dynamic HTML[FONT=sans-serif][SIZE=14px], and one or more scripting languages supported by [/SIZE][/FONT]Internet Explorer[FONT=sans-serif][SIZE=14px], such as [/SIZE][/FONT]VBScript[FONT=sans-serif][SIZE=14px] or [/SIZE][/FONT]JScript[FONT=sans-serif][SIZE=14px]. The HTML is used to generate the user interface, and the scripting language is used for the program logic. An HTA executes without the constraints of the internet browser security model; in fact, it executes as a "fully trusted" application.[/SIZE][/FONT] -
2015-09-30 at 4:19 PM UTCThe cloud is on a local area network. LIKE A ROUTER.
-
2015-09-30 at 5:10 PM UTC
The cloud is on a local area network. LIKE A ROUTER.
But a router can be exploited, and therefore, so can a cloud. Nothing is "safe". -
2015-10-01 at 3 AM UTCPeople still using "the cloud" without scare quotes and a dollop of sarcasm deserve to be shot. It's pretty much the most meaningless word I can think of.
-
2015-10-01 at 2:18 PM UTCI like how no one responded ontopic ITT.
