var unreadAlerts = '1';
You have one unread private message from dkota titled Welcome to the Forum!

Newbie or experienced malware developer? read this
#1
 
Planning on making this a fun mini series, essentially I will make a thread for each topic about random things malware uses, and have everyone chime in with their alternatives ideas, newbie or experienced all is welcome to reply with their thoughts on other ways to do such things

The objective here is to learn together and encourage posting in this section as I believe it is the best section of OnniForums

I will start

Malware persistence!

I almost always use task scheduler to persist on infected systems as it seems the most reliable way to achieve persistence while still being hidden from task manager's "Startup programs" tab

Plenty of other ways to achieve persistence on infected systems I am interested in hearing your thoughts, alternative methods and such.
Report
#2
HeXsploit here,

No method of persistence will ever stop a competent admin from running Autoruns.exe from Sysinternals and finding your malware easy as pie. But, if you can't beat them, you might as well join them. I'd recommend to any new or intermediate malware developer to run that tool (as well procexp.exe) to find out the various ways that programs start automatically, and what legitimate processes/services/events look like.

From there, follow the scientific method. Build a hypothesis, test it, if it fails, figure out why, and try again until you craft a unique method that works well for you. Build lots of tools, most of them will become obsolete, or were never really anything to begin with, but at least you learned important stuff.

Also, look at threat feeds and threat exchanges. Read the latest cyber-crime news. Often times you can borrow the latest nice technique from your friendly neighborhood APT. I know I'm being a bit vague on specific methods, or the ones that I prefer, but that's just because part of the learning experience is finding out those things on your own, and building your own PoC as apposed to me stating what I has worked for me in the past.

Sincerely,
HeXsploit

P.S. Might release some new code soon to the mal-dev forum. Been playing around with some undocumented windows syscalls that might be useful ;)
Reply Quote // Report
#3
im still mid-transition to non-script kiddy (AKA im still fucking retarded) but I can code pretty well and learning quick just hard to find direct guides m shit. I specialize in cryptographic aspects and such im a numbers dude so if u guys need any help (AND vise versa. plz?<3)
Reply Quote // Report
#4
dkota Wrote: Planning on making this a fun mini series, essentially I will make a thread for each topic about random things malware uses, and have everyone chime in with their alternatives ideas, newbie or experienced all is welcome to reply with their thoughts on other ways to do such things

The objective here is to learn together and encourage posting in this section as I believe it is the best section of OnniForums

I will start

Malware persistence!

I almost always use task scheduler to persist on infected systems as it seems the most reliable way to achieve persistence while still being hidden from task manager's "Startup programs" tab

Plenty of other ways to achieve persistence on infected systems I am interested in hearing your thoughts, alternative methods and such.

sick
Reply Quote // Report
#5
HeXsploit Wrote: HeXsploit here,

No method of persistence will ever stop a competent admin from running Autoruns.exe from Sysinternals and finding your malware easy as pie. But, if you can't beat them, you might as well join them. I'd recommend to any new or intermediate malware developer to run that tool (as well procexp.exe) to find out the various ways that programs start automatically, and what legitimate processes/services/events look like.

From there, follow the scientific method. Build a hypothesis, test it, if it fails, figure out why, and try again until you craft a unique method that works well for you. Build lots of tools, most of them will become obsolete, or were never really anything to begin with, but at least you learned important stuff.

Also, look at threat feeds and threat exchanges. Read the latest cyber-crime news. Often times you can borrow the latest nice technique from your friendly neighborhood APT. I know I'm being a bit vague on specific methods, or the ones that I prefer, but that's just because part of the learning experience is finding out those things on your own, and building your own PoC as apposed to me stating what I has worked for me in the past.

Sincerely,
HeXsploit

P.S. Might release some new code soon to the mal-dev forum. Been playing around with some undocumented windows syscalls that might be useful

yup way to go...Trial Test Repeat Exploit
Reply Quote // Report


Quick Reply
Message
Type your reply to this message here.



Possibly Related Threads…
Thread Author Replies Views Last Post
  How to spread malware? nullcat 7 157 06-15-2023, 03:40 AM
Last Post: cyberiagu
  Malware & Tool creation service DerRoteMilan 0 54 06-06-2023, 02:17 AM
Last Post: DerRoteMilan
  whoami 'malware' malware 0 82 06-01-2023, 04:06 AM
Last Post: malware
  [PoC] Doing malware self-destruction elegantly KIARA 2 147 05-31-2023, 09:54 AM
Last Post: dkota
  Cookie Malware !67zIU 4 212 05-28-2023, 11:16 AM
Last Post: 167zIU



Users browsing this thread: purely_cabbage
var thread_deleted = "0"; if(thread_deleted == "1") { $("#quick_reply_form, .new_reply_button, .thread_tools, .inline_rating").hide(); $("#moderator_options_selector option.option_mirage").attr("disabled","disabled"); }