.

My new article

<<

cyber.spirit

User avatar

Sr. Member
Sr. Member

Posts: 356

Joined: Sun Feb 26, 2012 8:07 am

Location: in your heart!

Post Fri Aug 24, 2012 2:35 am

My new article

Hi guys,
I have a question about my new artile or its better to say i wanna put it in vote so here is the idea:

Im writing an article about how to create undetectable viruses and trojan without knowing any programming language and i dont want to use malware builders like prorat too,

So what do u think about my article is it a good field to research ? Thanx
ICS Academy Network Security Certified
<<

cyber.spirit

User avatar

Sr. Member
Sr. Member

Posts: 356

Joined: Sun Feb 26, 2012 8:07 am

Location: in your heart!

Post Fri Aug 24, 2012 3:40 am

Re: My new article

i forgot to say i wanna publish my article here so give some guide about my idea and what do u wanna read in it please
ICS Academy Network Security Certified
<<

cyber.spirit

User avatar

Sr. Member
Sr. Member

Posts: 356

Joined: Sun Feb 26, 2012 8:07 am

Location: in your heart!

Post Fri Aug 24, 2012 11:31 am

Re: My new article

No ideas????
ICS Academy Network Security Certified
<<

unicityd

User avatar

Full Member
Full Member

Posts: 170

Joined: Wed Sep 03, 2008 5:33 pm

Post Fri Aug 24, 2012 3:43 pm

Re: My new article

Research what interests you.  Malware is a pretty hot topic, especially because of Stuxnet, Duqu, and Gauss.  I'm sure you can find some cool things to research and write about.

If and when you do write an article, take the time to polish your writing: spell-check, re-read, revise, etc.  Make sure everything is accurate and clear.  If your writing is sloppy, people will have trouble understanding you and may not bother to read it.
BS in IT, CISSP, MS in IS Management (in progress)
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Sun Aug 26, 2012 6:54 pm

Re: My new article

as far as your topic goes, well creating custom code is certainly one way to get past signature based scanners.  If it is new code, with new hashes and new behavior, well you will certainly be able to hide from the average home AV.  Enterprise AVs will run things like App control and heuristic scanning.  Both of which are tougher to bypass.

And don't submit your own samples to Virustotal :D
Certs: GCWN
(@)Dewser
<<

Jamie.R

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Mon Aug 06, 2012 9:57 am

Location: UK

Post Mon Aug 27, 2012 6:02 am

Re: My new article

I think any article written about security will be good.  There are so many areas of security that there will always be people that find your article interesting. As they maybe an expert in one area but no one is expert in all area of security and its a constant battle to learn more and more.
| OSWP | eCPPT Silver and Gold | eWPT |

I'm an InterN0T'er
<<

sternone

Full Member
Full Member

Posts: 129

Joined: Tue Aug 07, 2012 1:31 am

Post Sun Sep 09, 2012 2:31 am

Re: My new article

Let me get this straight.

You are going to write an article about how to code virus code without knowing any coding language and the goal is to bypass the smartest coders in this world with you knowing no coding language. That's not even funny anymore.

In what language is it going to be then ? L33t v3.0 ?

Please stop trolling, you won the price last month of the poster with the most posts and got the free training, there's no need to post like a mad man saying NOTHING anymore.

Thank you.
Try harder....hmpf!!
<<

SephStorm

User avatar

Hero Member
Hero Member

Posts: 570

Joined: Sat Apr 17, 2010 12:12 pm

Post Sun Sep 09, 2012 3:43 am

Re: My new article

sternone wrote:Let me get this straight.

You are going to write an article about how to code virus code without knowing any coding language and the goal is to bypass the smartest coders in this world with you knowing no coding language. That's not even funny anymore.

In what language is it going to be then ? L33t v3.0 ?

Please stop trolling, you won the price last month of the poster with the most posts and got the free training, there's no need to post like a mad man saying NOTHING anymore.

Thank you.




Ignore this ^. I am interested in seeing the article Cyber spirit.
sectestanalysis.blogspot.com/‎
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Sun Sep 09, 2012 6:25 am

Re: My new article

ouch, yeah ignore that comment man.  Though there is something to consider, I've looked at some pretty advanced samples that made it past the typical checks, one may even call them "persistent" :D.  So you may not be able to avoid the coding part.  What you can do is write a defensive article on how one protects against this type of malware.  That will be some good research for you.
Certs: GCWN
(@)Dewser
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Sun Sep 09, 2012 9:08 am

Re: My new article

Please do write the article. It's alot easier to tear folks down that to actually do something constructive.

I'm not entirely sure where you would go with your research on this, if you're not custom coding and you're not using a builder. I suppose you could talk about how people tweak existing malware in order to create a variant, invalidate the existing signatures, and get past the scanners. There are certainly alot of example of this out there to look at.
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Sun Sep 09, 2012 10:48 am

Re: My new article

@cyber.spirit - I think you should definitely put the time / research in, and write your article.  Regardless of sternone's remarks or thinking, IF you learn from the experience, then it's a worthwhile effort.  If others learn, too, then all the better.

@sternone - I'm happy to see you advancing in Offsec's labs, however, I think your 'play-by-play', as someone called it, is borderline on giving other students too much information.  The post where you pointed out the multi-NIC machine, for instance, OS and all (even without giving the IP's) is enough to have people openly going looking for that box.  While yes, there is something to hitting the other parts of the network, if they start focusing on that, there's a lot of other machines that they might 'skip', thinking the importance of reaching the admin network, for instance, is of utmost importance.  They'll miss out on learning topics from the remaining lab boxes.

I know you didn't give away the proverbial 'keys to the kingdom' or anything, but I think you're teetering on the fencepost.  Also, please note the next bit, here, is not an attack, but...  In addition, attacking cyber.spirit's article idea, when 'tooting your own horn', constantly, after every exploit you achieve in the OSCP lab, leaves me thinking you're out for self-promotion and glory.  Doesn't leave me much more interested in your future writings, either.

Be tactful and respectful, please.
Last edited by hayabusa on Sun Sep 09, 2012 10:56 am, edited 1 time in total.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

SephStorm

User avatar

Hero Member
Hero Member

Posts: 570

Joined: Sat Apr 17, 2010 12:12 pm

Post Sun Sep 09, 2012 12:45 pm

Re: My new article

You mentioned ProRat, I am thinking about trying it out, I know this a borderline stupid question, but is it "safe" it download and run the program? I assume most commercial type malware programs dont infect the "customer" machines...
sectestanalysis.blogspot.com/‎
<<

sternone

Full Member
Full Member

Posts: 129

Joined: Tue Aug 07, 2012 1:31 am

Post Sun Sep 09, 2012 2:46 pm

Re: My new article

hayabusa wrote:@sternone - I'm happy to see you advancing in Offsec's labs, however, I think your 'play-by-play', as someone called it, is borderline on giving other students too much information.  The post where you pointed out the multi-NIC machine, for instance, OS and all (even without giving the IP's) is enough to have people openly going looking for that box.  While yes, there is something to hitting the other parts of the network, if they start focusing on that, there's a lot of other machines that they might 'skip', thinking the importance of reaching the admin network, for instance, is of utmost importance.  They'll miss out on learning topics from the remaining lab boxes.

I know you didn't give away the proverbial 'keys to the kingdom' or anything, but I think you're teetering on the fencepost.  Also, please note the next bit, here, is not an attack, but...  In addition, attacking cyber.spirit's article idea, when 'tooting your own horn', constantly, after every exploit you achieve in the OSCP lab, leaves me thinking you're out for self-promotion and glory.  Doesn't leave me much more interested in your future writings, either.

Be tactful and respectful, please.


Thanks for your reaction.

I really watch out not to disclose anything that would blow it for future lab customers. You know that very well.

About the multihomed machine, well, if they don't get that, they are not in the right place. It's Offensive's own document who shows the network layout, not my posts. I don't need any glory. I would like you to explain me what all the other posts on the forums are for, are they only done for Glory ? Please elaborate. I learn from other's people posts and maybe some would do the same from my posts. Are you affiliated with Offensive Security ? You sure sound like it after I gave 'some small' critical remarks about it your tone completely changed.

About cyber.spirit, he's allowed to post whatever he wants to. I would say that counts both ways, People can say whatever they want to in reply to my posts, again, that works both ways. If you don't like it, well then you shouldn't go on a 'forum' at all.
Try harder....hmpf!!
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Sun Sep 09, 2012 5:28 pm

Re: My new article

SephStorm wrote:You mentioned ProRat, I am thinking about trying it out, I know this a borderline stupid question, but is it "safe" it download and run the program? I assume most commercial type malware programs dont infect the "customer" machines...


Hey Seph, well malware is malware.  Always treat it with caution.  Even if software/samples have been "cleansed" for learning, they can still potentially harm your system.  Even though ProRat is a a tool to build it, the source supplying it may have another agenda.

May not even hurt to toss it in a VM and do some behavioral analysis before using it further.
Certs: GCWN
(@)Dewser
<<

cyber.spirit

User avatar

Sr. Member
Sr. Member

Posts: 356

Joined: Sun Feb 26, 2012 8:07 am

Location: in your heart!

Post Sun Sep 09, 2012 6:06 pm

Re: My new article

sternone wrote:Let me get this straight.

You are going to write an article about how to code virus code without knowing any coding language and the goal is to bypass the smartest coders in this world with you knowing no coding language. That's not even funny anymore.

In what language is it going to be then ? L33t v3.0 ?

Please stop trolling, you won the price last month of the poster with the most posts and got the free training, there's no need to post like a mad man saying NOTHING anymore.

Thank you.




Hey hey hey sternone i'm not going to publish this article just because of the prize because i already won it. I'm always active in this forum and i'll publish alot of my articles  here soon because i do love this great forum no mattar if you like it or not.

No man your a specialist in l33t programming not me!!! If you dont know how to create useful or harmful programs without using any programming language it dosent mean its impossible. 
Last edited by cyber.spirit on Sun Sep 09, 2012 6:15 pm, edited 1 time in total.
ICS Academy Network Security Certified
Next

Return to Malware

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software