koreliani
Framework Developer
LEVEL 1
300 XP
Zip password:
hack1ngt0ols
https://cdn.jsdelivr.net/joypixels/...ts/6.6/png/unicode/64/1f451.pngQuantumBuilder will make your payload look like any file format (.png, .pdf, .mp4, .doc, ...), you can even disguise them as a folder.
Macros are for the most part dead, this is the best method to deliver malicious code (apart from expensive 0-days)
This technique is currently being used by APT groups and botnets like Emotet.
https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f7e2.pngSpoofANY extension
https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f7e2.png300+different icons available (Microsoft Office ones included)
https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f7e2.pngBypassWindows Smartscreen, EV certs are thing of the past
https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f7e2.pngDecoy (upon opening your .lnk a file of your choosing will be displayed on your victim's pc)
https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f7e2.pngMultiplepayloads per .lnk file. Even if one gets detected the rest will still run
https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f7e2.pngSupportedpayload formats: .exe/.js/.vbs/.bat
99% FUD, even if you spread your stub. Every build is unique
https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f7e2.pngExecuteyour exes with admin privileges by prompting UAC with a Microsoft signed binary (powershell.exe)
https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f7e2.pngRunyour payload at startup or with a delay
https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f7e2.pngHideyour payloads after executing them
https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f7e2.pngMelt.lnk after execution.
https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f7e2.pngChoosewhere your payload is dropped on your victim's computer
https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f7e2.pngCompressyour shortcut in a .iso/.img to send it as an attachment with ease
hack1ngt0ols
https://cdn.jsdelivr.net/joypixels/...ts/6.6/png/unicode/64/1f451.pngQuantumBuilder will make your payload look like any file format (.png, .pdf, .mp4, .doc, ...), you can even disguise them as a folder.
Macros are for the most part dead, this is the best method to deliver malicious code (apart from expensive 0-days)
This technique is currently being used by APT groups and botnets like Emotet.
Loading…
cdn.jsdelivr.net
https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f7e2.png300+different icons available (Microsoft Office ones included)
Loading…
cdn.jsdelivr.net
https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f7e2.pngDecoy (upon opening your .lnk a file of your choosing will be displayed on your victim's pc)
https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f7e2.pngMultiplepayloads per .lnk file. Even if one gets detected the rest will still run
https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f7e2.pngSupportedpayload formats: .exe/.js/.vbs/.bat
Loading…
cdn.jsdelivr.net
https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f7e2.pngExecuteyour exes with admin privileges by prompting UAC with a Microsoft signed binary (powershell.exe)
https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f7e2.pngRunyour payload at startup or with a delay
https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f7e2.pngHideyour payloads after executing them
https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f7e2.pngMelt.lnk after execution.
https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f7e2.pngChoosewhere your payload is dropped on your victim's computer
https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f7e2.pngCompressyour shortcut in a .iso/.img to send it as an attachment with ease
Loading…
mega.nz