Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - EmilKXZ

Pages: [1] 2 3 ... 6
1
Hacking and Security / Re: Javascript or Java?
« on: May 07, 2014, 07:08:52 am »
Do not forget the "hackish" NodeJS.

It's not client side. Javascript is becoming the lingua franca for development. I am actually coding some sort of website with it, using ExpressJS.

2
Hacking and Security / Re: Needing Basic Botnet Function Knowledge
« on: February 22, 2014, 04:28:13 am »
Find and read this paper.

"An Advanced Hybrid Peer-To-Peer Botnet" by "Wang".

And buy: "Botnets The Killer Web App"

It is probably the background you were asking for. Hope it helps.  :)

3
Web Oriented Coding / Re: Object Oriented PHP
« on: February 11, 2014, 03:11:01 pm »
For framework suggestions: CodeIgniter or Laravel, nothing else.

But don't jump just right now. It sucks to have a framework when you don't know all the subleties of the language, so first learn php properly.

Most vulnerabilities in web applications come thanks to bad development practices, such as those cheap YouTube tutorials where they step by step spoon feed you, but it's all chewed and you ONLY end up knowing what they EXACTLY told you. I don't think nobody has ever audited these dudes btw for webdev industry's sake, so expect the worst from them. (Not to prejudice you, but that's what I've seen).

Stick to PHP.NET, and make no mistake: this is a security forum, so you'd be wise to also stick with OWASP learning programs or similar. Oh yeah, and a tenet of security: whatever you do, should be secure from the ground-up (from its architecture, design, whatever you call it), anything that has "an external plugin for security" will be most likely flawed. Not necessarily flawed, but most likely. Cheerio! :)

EDIT: My engrish suked.

4
Found it on the Webs / Re: Scientist banned from revealing codes used to start luxury cars
« on: August 11, 2013, 10:55:15 pm »
The judge doesn't think anybody, including myself, yourself, your 5-year-old son/daughter could repeat the work and sell it to the crooks.

5
Found it on the Webs / Re: http://prism-break.org/
« on: June 13, 2013, 09:01:57 pm »
Okay @namespace7, you're not a criminal, you don't do bad things... perhaps some day they'll put cameras in bathroom to watch for people who have been traveling in drugs inside their bodies... you don't carry drugs but you prefer your anus to not be watched.

I support the position of @Axon, it is never enough to be paranoid. We live in a half-good and half-evil planet. Surveillance will always exist, but... let's not leave it exceed.

EDIT: Check out this post. It explains it better than I could.
Quote
http://www.wired.com/opinion/2013/06/why-i-have-nothing-to-hide-is-the-wrong-way-to-think-about-surveillance/

6
Projects and Discussion / Re: Coding Hub
« on: May 27, 2013, 03:29:58 am »
You could use a PHP framework, unless you like to code your own functions that are otherwise well-tested and can save your time. My personal choice is EllisLab's CodeIgniter. Since it makes uses of classes, it's plain easy to divide the problem into "logic objects" which is of great help with modularization and scalability. I know your intention of making it "nothing too complicated", but even when simple, it could become a sort of complex task.

For the frontend... Bootstrap is being widely used along with jQuery.

"Large Web Apps" e-book helps with how you can come to an approach to this. "Fast Web Sites" too. I think both are from O'Reilly. Enjoy the path! Code is poetry.

7
Web Oriented Coding / Re: The mail function doesn't seem to work on WAMP :/ Help with SMTP ?
« on: April 29, 2013, 02:43:32 am »
Totally agree with @proxx. It's worth it. And if you don't want to partition your disk, and install a linux distro that could potentially break things at your bootloader... just get Virtualbox and install Ubuntu Server in the virtual machine, that way you can run both linux and windows at the same time, whilst developing in a near real-world environment. Upload whatever you are developing to the virtual machine and you're set.

8
Projects and Discussion / Re: Malware features
« on: February 15, 2013, 09:10:38 pm »
Delphi it's my strongest programming languaje, the one I'm most fluent with.

Plus it has some memory administration module quite different from other compilers. Makes it harder to detect.
Quote
http://docwiki.embarcadero.com/RADStudio/XE3/en/Using_the_RTL_(Run-Time_Library)

9
Projects and Discussion / Re: Malware features
« on: February 12, 2013, 09:40:06 pm »
Count with me man, I've this code:
  • Copy to USB itself.
  • Very basic client server architecture, just needs commands programmed.
  • Very basic HTTPd. (For pushing exploits).
I'm developing more "snippets" when time allows me (I have a real life too!), all of those in Delphi, willing to contribute for this project. Just pm me, let's organize a group of some kind. Those that have anything to contribute, are invited to join, I guess.  ;D

10
Found it on the Webs / Re: This guys youtube is freaking amazing
« on: February 12, 2013, 09:38:55 pm »
Is it the same "Rapture" from this music album?

You'll find these are in a pseudo-MIDI format called "FastTracker II", soundtrack of an old game called "Flux LE".

When RealNetworks published games. Btw, enjoy this music.

Pro-tip: It's known that Winamp plays the format of the files attached here.

11
Projects and Discussion / Re: Malware features
« on: February 12, 2013, 03:12:55 am »
Yeah, a dropper is a good idea, a dropper that determines if it's a honeypot of some sort before pulling the real deal.

Something like a silent VNC? btw, starting a back-connection to the mothership has the problem of revealing where it all goes to. Unless you manage so "open the VNC" only when needed and use a pwned box for that purpose. Oh yeah, you can open ports on home routers on-the-fly with UPnP (in case you didn't know).  :D

12
Projects and Discussion / Re: Malware features
« on: February 11, 2013, 11:56:27 pm »
I like the idea of stealing private photos (if you mean, stealing naked female pictures for example), but that's unlikely to happen nowadays if you can send pictures with your mobile phone... photos are going to remain there. Unless you exfiltrate those from the phone (e.g. when it is plugged), you're not going to do anything with those that are stored.

Webcam snooping? You can turn it on, the problem is making it stealth... can it be turned on *without* the LED that most laptops have that indicate when it is recording or taking pictures?

I'd add a remote file explorer, that's nice to hunt for files, not only private pictures, who knows if you can find something "leakable". :-)

What do people here say? Sounds like a nice project to start and host here?  ;D

13
Projects and Discussion / Re: Malware features
« on: February 09, 2013, 08:27:29 pm »
Nice ideas have been posted here!

Yeah, I'd block or somehow redirect social networking sites, I'd inject a small banner "Social networking kills your brain" and marquee it constantly.

@Kulverstukas: Why image manipulation?

@Fur: You mean an interpreter? Something like adding new functionality/modules on the fly? without pulling a new executable to infect again.

The Tuxissa idea is not bad at all, I think it could get far undetected given it never infects subliminal messages experts. It is a strange idea, though.

It could use a polymorphic engine like some malware around had. Cloud polymorphism, the executable downloaded a "new entire body" during propagation, processed in cloud.

I also did my task finding ideas on my own, I read somewhere that Koobface used solved CAPTCHAs grabbed from infected people, in order to maintain its propagation routine. Not that is clever, but it's self-sustainable and that's a detail I like.  :D

14
Projects and Discussion / Malware features
« on: February 09, 2013, 03:52:39 am »
Greetings,

What would your perfect malware would have? Which functions? Features?

I found myself with the desire to code something, I want a final aim, and then I can build a path to reach there. Would you use it for making money? Would you use it to spy on organizations, but avoiding governments? (So you don't touch the wrong asses and then get hunt). Would you use it for a cause?

I want to know general opinion, to retrieve ideas. I have this energy of coding and I must rush and make it true, before it gets spoiled and then I do nothing.  ;D

Oh yeah, I do like botnets. Specially P2P. I hate DDoS-related stuff. IMHO, that makes it lame.

BTW, I kinda know how to code in Delphi (heard Kulver also does  :) ), if we ever start a project on this, it would be fine to put all ideas here and then move on another thread, place snippets in there, improving, etc.

15
Scripting Languages / Re: Dynamic number of loops
« on: February 08, 2013, 07:08:08 pm »
Sure, just do a loop, like "for (i=0; i=random(from,to); i++):"

The random in that place should find the last execution of the loop, and then execute the loop that quantity of times.

I don't know the actual implementation because I have not learned Python yet, but that's the basic structure of what you want to do... I guess...

Off-topic: Sorry for the bad english, still not fully awaken.

Pages: [1] 2 3 ... 6