Repositories (7)
It embeds the executable file or payload inside the jpg file. The method the program uses isn't exactly called one of the steganography methods. For this reason, it does not cause any distortion in the JPG file. The JPG file size and payload do not have to be proportional.The JPG file is displayed normally in any viewing application or web application. It can bypass various security programs such as firewall, antivirus. If the file is examined in detail, it is easier to detect than steganography methods. However, since the payload in the JPG file is encrypted, it cannot be easily decrypted. It also uses the "garbage code insertion/dead-code insertion" method to prevent the payload from being caught by the antivirus at runtime.
It embeds the executable file or payload inside the zip/rar file. It can use two different methods. The first method embeds the executable or payload in the zip/rar file without any action. In this way, it can be triggered and run by documents in the compressed file or in the same folder. The second method encrypts the executable file or payload and it also uses the "garbage code insertion/dead-code insertion" method to prevent the payload from being caught by the antivirus at runtime. Both methods do not damage the rar/zip file. It is not detected by users. However, the first method can be detected by the antivirus depending on the code embedded.
Based on the Shodan API, it displays the open ports and security vulnerabilities of the server related to the entered ip or hostname.
Blocking smartscreen, security center, forensic processes and 3rd party security applications on Windows Operating Systems
(On 06/04/2021) Local Keylogger software has been made for the latest up-to-date "Windows 7, 8 and 10" operatings systems. It managed to circumvent the "Windows Defender" program.
It is a program written in Python3 in order to facilitate process analysis and to easily access Windows process tools. In this way, it facilitates malware analysis processes. In addition, processes running in the background can be detected. After the program is started, it continues to run in the background. Afterwards, the tools can be accessed on the system tray.
Information stored in applications is decrypted using DPAPI. In this way, attacker passwords may be captured. For use in attack scenarios, two applications written in Python language have been developed that steal the information stored in internet browsers: 1-Browser Stealer, 2-Browser Stealer Report