UD

[eppik]

Hey hey! i'm back (bet ya miss me *cough*)

So Lets say you have a RAT or even a Trojan. Some of them come with the "Kill AV" "Block CMD" "Block Tsk Mngr" etc...

Thats all very pretty but the thing is i can´t get them into anything, some of them either are detected as they enter the system (via Floopy or USB disk) or get insta-blocked by the AV once they are double clicked.

I KNOW there is a way to make them UD agains the AV.

I can't find anything about this.

Ty guys.



(ahhh the smell of flaming in the mornin' ) lol

[bad_brain]

to be honest I've never seen a real UD trojan.....I've been able to bind sub7 once so it wasn't detected by AVG and Norton, but I am sure other AVs would have been able to identify it.
and this "kill AV" command is a joke imo....ever tried to kill Norton? even if you, as validated user, want to do it: no chance....so how could a trojan do this? and even to ALL AVs?
UDs exist, but they only work for a short timespan, and only for a single AV that has an unfixed flaw....but well, even then, it'll show up in the processes and connections, so it only hits a DPU imo (dumbest possible user).

but well, maybe I am not really up to date anymore....

[eppik]

lol, i remember in my golden age to have infected myself with a trojan that killed my AV (AVG)

Anyways....

You mentioned binders, wich binder you think, and what combination of files should be the most effective? (jpeg-exe, exe-exe, etc..)?

Yeah your right Norton is faav (fucking annoying anti virus) lol, cant be killed by user, and uses shitloads of memory (like that review from neo that stated it use like 900 MB of RAM doing a full scan, rofl, the only game that i seen using more than that is Fligh simulator (and dude thats 15 GB in HD lol))


Nice to hear from ya b_b

[bubzuru]

lol, i remember in my golden age to have infected myself with a trojan that killed my AV (AVG)

Anyways....

You mentioned binders, wich binder you think, and what combination of files should be the most effective? (jpeg-exe, exe-exe, etc..)?

Yeah your right Norton is faav (fucking annoying anti virus) lol, cant be killed by user, and uses shitloads of memory (like that review from neo that stated it use like 900 MB of RAM doing a full scan, rofl, the only game that i seen using more than that is Fligh simulator (and dude thats 15 GB in HD lol))


Nice to hear from ya b_b

just use a crypter or even better a PE protector
that way it wont be detected by av

[bad_brain]

sorry, can't recommend any binders, etc. because the last time I dealt with trojans and binders is 2 years ago...

[pseudo_opcode]

lol you're back after a long time and you're still stuck on skiddie tools,

All antivirus software have their own way of detecting things...
a common way is database, they match the signatures of the already known virus/trojans. This can be bypassed by hex editing... change the values of the strings and some other stuff, which is not significant, try not to change opcodes or your virus/trojan will crash most probably.

Also many antivirus softwares monitor system activity, for e.g. if some program is trying to access or write at MBR, some program is trying to mess with system files.. some program is trying to play with registry and shit..

in that case, you need to start a hidden process thread, or kill AV, one can kill AV from another program but one has to know what program is running and create the code to kill that.. or one can make a list of all the AVs and assume that system has any one of them.. thats what i think kill av buttons do. But then i dont give a damn to skiddie tools.. so only creaters know what they are doing...

but if one has those skills... he wont be binding trojans and distributing around.

[eppik]

lol you're back after a long time and you're still stuck on skiddie tools,

All antivirus software have their own way of detecting things...
a common way is database, they match the signatures of the already known virus/trojans. This can be bypassed by hex editing... change the values of the strings and some other stuff, which is not significant, try not to change opcodes or your virus/trojan will crash most probably.

Also many antivirus softwares monitor system activity, for e.g. if some program is trying to access or write at MBR, some program is trying to mess with system files.. some program is trying to play with registry and shit..

in that case, you need to start a hidden process thread, or kill AV, one can kill AV from another program but one has to know what program is running and create the code to kill that.. or one can make a list of all the AVs and assume that system has any one of them.. thats what i think kill av buttons do. But then i dont give a damn to skiddie tools.. so only creaters know what they are doing...

but if one has those skills... he wont be binding trojans and distributing around.

Thats the thing, i trie to hex edit the server file, but AVDEVIL (or smthing) doesnt work, gives an error message in german i believe, so i dont know wich code to alter (yes i read the hexing tut arround here)

and i aint stuck with skiddie toolz, just im w8ting till i get permission to test a company's network (server with 10 pc linked to it, has some thing i dont remember in the server, that makes a natural firewall using 2 netword cards (bridge i think?) I like that kinda stuff and i keep asking lots of people and local businesses to let me temper with stuff, i follow the "learn by doing rule", i like to spend half a day trying new stuff. Very educative...(i dont use trojans for that lol)


and bubzuru:

just use a crypter or even better a PE protector
that way it wont be detected by av

Crypter? PE Protector?

Wtf is that lol im kind outdated.

[G-Brain]

Wtf is that lol im kind outdated.

They use Google back in your time?

[floodhound2]

You could program an original. I programed a Trojan that was not detected by AV software, it was tricky to do, but effective. I figure it gives you a few weeks or even a month to get what you want. Then again i did not use mine to cause damage just to monitor the teenager at one of my computers. Of course after i handed it out to a few people here in Suck-o it became detected by AV, at least that is what i was told.

P.s. Trojans are weak in my opinion.

[pseudo_opcode]

trojans are easy to code, if you're looking for something interesting, try rootkits, but then nothing is better than exploiting a system. Where's the challenge in sending trojans and waiting for them to execute.
Its ok.. knowledge is never harmful.. but trojans are for people, who are looking for a vulnerable user, it doesnt matter who is he.

Where as if you enjoy exploiting a specific target, you need excercise those cells, you'll realize, that trojans/viruses are out of question.. and securityfocus bugs just wont do, all applications have vulnerabilities waiting to be exploited, its just that no one has thought about, it, and those who do become famous...lol.

Ofcourse that requires time and commitment, you have to keep yourself motivated and initially you get that feeling that nothing is working out and you're wasting your time unless you get fruits for your hardwork.
So never say die....lol

[bubzuru]

Crypter? PE Protector?

Wtf is that lol im kind outdated.

a PE Protector is a program that coders
use to stop crackers from cracking there programs
but ppl like you also like you use them because they
have lots of options like

memory guard
metamorph security
anti dumpers
resources encryption
monitor blockers ( file monitors , registry monitors )
entry point obfuscation
advanced api wrapping
advanced anti-debugger
and many more

i just coped them from the PE protector i use

so basically it just stops the av from detecting the signatures
and monitoring your files so then it becomes ud

[Big-E]

You could program an original. I programed a Trojan that was not detected by AV software, it was tricky to do, but effective. I figure it gives you a few weeks or even a month to get what you want. Then again i did not use mine to cause damage just to monitor the teenager at one of my computers. Of course after i handed it out to a few people here in Suck-o it became detected by AV, at least that is what i was told.

P.s. Trojans are weak in my opinion.

Hey, what language did you code this in? I might be interested in it for POC type deal. I am interested in getting in Network Security, thus I am interested in how things work - available source code of an undetected trojan would be pretty decent to study.

[eppik]

Wtf is that lol im kind outdated.

They use Google back in your time?

Nah, i've been away since ARPAnet...

lol

You could program an original. I programed a Trojan that was not detected by AV software, it was tricky to do, but effective. I figure it gives you a few weeks or even a month to get what you want. Then again i did not use mine to cause damage just to monitor the teenager at one of my computers. Of course after i handed it out to a few people here in Suck-o it became detected by AV, at least that is what i was told.

P.s. Trojans are weak in my opinion.

lol only programing i ever did was a pearl program that calculated areas and volumes lol. (I started learning HTML using that "defenitive guide to html in Suck-o DL section. i finally gathered the guts to do that lol)

a PE Protector is a program that coders
use to stop crackers from cracking there programs
but ppl like you also like you use them because they
have lots of options like

memory guard
metamorph security
anti dumpers
resources encryption
monitor blockers ( file monitors , registry monitors )
entry point obfuscation
advanced api wrapping
advanced anti-debugger
and many more

You using yoda's protector?

[bubzuru]

You using yoda's protector?

no Yoda's Protector is free

[floodhound2]

Hey, what language did you code this in? I might be interested in it for POC type deal. I am interested in getting in Network Security, thus I am interested in how things work - available source code of an undetected trojan would be pretty decent to study.

Well i did this in Visual basic and i did one in C