Author: maldevel

Rootkits

Open source Windows kernel driver loader

Windows kernel driver loader If you write Windows kernel drivers, this GUI-based tool will allow you to register your kernel driver easily, by creating a new System service and makes it easy for you to start your driver without rebooting, during the development stage of your project. Tech stack C/C++ QT 5 (Visual Studio 2015 …

C/C++, Programming

Build Standalone Qt Application for Windows

Download Visit http://info.qt.io/download-qt-for-application-development Select “Get your open source package“ Click “View All Downloads“ Download source package for Windows users as a single zip file (565 MB) Build a static version of Qt using Microsoft Visual Studio Download and Install Perl (http://www.activestate.com/activeperl/downloads). Download and Install Python (https://www.python.org/downloads/). Make sure that Microsoft Visual Studio is installed. Create …

C/C++, IDE, Programming

Qt – Cross-platform software development

Download Visit http://info.qt.io/download-qt-for-application-development Select “Get your open source package“ Click “View All Downloads“ To build x86 binaries, download Qt 5.8.0 for Windows 32-bit (VS 2015, 1.0 GB) To build x64 binaries, download Qt 5.8.0 for Windows 64-bit (VS 2015, 1.0 GB) Beautifying Source Code Download Artistic Style Extract astyle to e.g. Documents Open qt creator …

Hacking, Malware

Some notes on rootkits – Part 1

Rootkit major features Maintain access Conceal existence through stealth Rootkit types User-mode Kernel-mode User-mode rootkit main injection techniques Windows hooks CreateRemoteThread + LoadLibrary() CreateRemoteThread + WriteProcessMemory() Hooking techniques Import Address Table hooking Inline function hooking Rings Ring 3 – user-mode Ring 0 – kernel-mode Ring -1 – hypervisor Bridging the rings SYSENTER System call Interrupt …

Hacking, Malware

Some notes on malware – Part 2

Keyloggers Software based. Hardware based. User/Kernel based. Windows/Linux based. Hook based. Typical install locations This is rather a long list, a few examples follow: Windows Application Data\Microsoft\ System\filename.dll Program Files\Internet Explorer\filename.dll Program Files\Movie Maker\filename.dll All Users Application Data\filename.dll Temp\filename.dll Linux /bin/login /bin/.login /bin/ps /etc/ /etc/rc.d/ /tmp/ /usr/bin/.ps /usr/lib/ /usr/sbin/ /usr/spool/ /usr/scr/ Local Drives installation Malware …

Hacking, Malware

Some notes on malware – Part 1

The Motivation Behind Malware these days This is rather a long list but it can be narrowed down to the following: Steal sensitive data (identity theft, illegal immigration, terrorism, drug trafficking, blackmail, etc). Banking fraud (credit card fraud, etc). Spamming. Espionage. Advertisements/Click fraud. Medical insurance fraud. Money. Propagation Techniques Social Engineering (emails, spamming, phishing, office …

Penetration Testing

Debugging Telegram

Debug Mode To enable debug mode, type debugmode in the settings page of Telegram desktop and confirm it. Log files * /home/username/.TelegramDesktop/log.txt * /home/user/.TelegramDesktop/DebugLogs/tcp_xx_xx.txt * /home/user/.TelegramDesktop/DebugLogs/mtp_xx_xx.txt * /home/user/.TelegramDesktop/DebugLogs/log_xx_xx.txt To disable the debug mode, type in debugmode again. Burp Proxy Intercept * Open Telegram settings -> Advanced settings -> Connection type -> HTTP with custom http-proxy. …

C/C++, libCurl

Send email with attachment using Gmail, C and libcurl – Part 3

Requirements * A Gmail account (Use a dedicated account! Do not use your personal one!) * Turn on “Access for less secure apps” under the security settings of the account. less secure apps * You may also have to enable IMAP in the account settings. The following code snippets is from Post-recon project. This project …

C++, libCurl

libcurl – Disable specific Protocols in Windows builds

libCurl – https://curl.haxx.se/docs/install.html The configure utility, unfortunately, is not available for the Windows environment, therefore, you cannot use the various disable-protocol options of the configure utility on this platform. However, you can use the following defines to disable specific protocols: HTTP_ONLY disables all protocols except HTTP CURL_DISABLE_FTP disables FTP CURL_DISABLE_LDAP disables LDAP CURL_DISABLE_TELNET disables TELNET …