Showing posts from April, 2018

The world is trivial

Once you stop believing everything is super complicated or drastically unique, you start to realize how hacking super sophisticated systems work. There is nothing in this world more complicated than solvable by patience. Everything from machine learning (rudimentary statistics over large data sets used to determine goals), or high tech machinery, or even quantum physics.

Often people hold themselves back thinking these things are unobtainable for them, or too difficult to learn. Yet the basics of physics are used in all weapons, the basics of electrical engineering are used in all electronics. it doesn't matter how in depth it goes, it matters how patient you are at resolving how many layers of easy stuff before it becomes what we know today.

The million layered onion.

Nothing in this world is not simply layers of rudimentary functions. Its just a matter of learning those first.

Like reverse engineering, its easy when you reverse everything in life. Its hard when its y…

Party on the malware bus

I've been playing with some ideas recently and it's actually kind of amusing the responses that I can get and identify the sources from. Lets start with one thing I generated with TheFatRat (basically wrapper for building metasploit compatible shells), testing the generation schemes I decided I would build some ways of doing this. Such as adding base64 of exec to one page and unicorn powershell script to another and using all that. Anyway, lets look:

5 minute easy mode analysis:
; Hashes unknown rahash2 -a all ./resume1.doc.exe ./resume1.doc.exe: 0x00000000-0x000041ff md5: 90f7ee1bf4451349dfa7c518a8c6202a ./resume1.doc.exe: 0x00000000-0x000041ff sha1: 0c214854fef6ac5c28f84bf07ee6d39eb3595d82 ./resume1.doc.exe: 0x00000000-0x000041ff sha256: ea2bb0a47fedb86127a59e71285f61036e1ff9c4e0a1d0fae6fe8f2931e4d5a6 ./resume1.doc.exe: 0x00000000-0x000041ff sha384: abfd2915e8b1bce3c871a8faec67b503599908c24ba08dfdcc8ca52c04560ec132328a31f53d4c8853ce12256488d0ad ./resume1.doc.exe: 0x00000000…