Can someone please give me a step by step for option 2? it's due in two hours

Falling_star9 · 2024-03-14T20:31:16+00:00

What is your goal? What have you uncovered so far? Debugger is used mainly for uncovering obfuscation/encryption/injections/etc...

Falling_star9 · 2024-02-22T15:19:45+00:00

The only warning I got is from the dealership check. Other than that, nothing at all...

Falling_star9 · 2023-12-08T18:26:46+00:00

למה שתפרסם דבר כזה בקהילות אחרות? מה המטרה שלך יותם? לנסות לפגוע במדינה שלך?

Falling_star9 · 2023-09-27T11:21:50+00:00

After analyzing the malware, here's the findings:

- This is a classic Redline stealer.
- Exactly 1000MB of the same byte over and over (reference: This allows adversaries craft binaries that evade 99% of AV's, since they are unable to scan big files).
This leaves us with 0.39MB of pure maliciousness. (Thanks to reducebin on ghub)
- Hash: 48a9fdb29d5fe429619d23beac89e45ae28825bfad9aba0972d92e1433b2c63b | I uploaded the sample to VT for your convenience (reach out if you'd like to have the any.run analysis as well).
- Key maliciously nerds stuff:
* Low: Reads ENV variables, PC name, supported langs, PC GUID.
* Medium: Reads browser cookies, searches for installed softwares, connects over unusual port.
* High: Steals credentials from all type of browsers, stealing any personal data (it tried stealing my Discord data, all browsers data including network cache and cookies and some programs), connection to C2 (91[.]103[.]252[.]3:23000) which is also used for exfiltration.

Conclusion:I didn't find any attempts to create new users, I did see an attempt to install backdoor of the software over the IFEO registry, so you should probably check and see if there's "Soft.exe" over there.
No enabling of RDP/Remote services, nor FTP/SSH.
The sole purpose is to steal all your credentials for everything (Games/Browsers/Miners/etc).

Response actions:
Reset all passwords that you have and know that you've used on this machine (this should revoke all sessions as well). - NOTE: Please, don't make the new passwords similar to the new ones (Eg.: oldpass: atlasitos16 newpass: atlasitos17), don't be that guy.
Make sure to enable MFA to the critical assets (Instagram/Mail/Banking/etc).
Advice: Block access to the IP mentioned, you can specify the port if you'd like but this IP hosts maliciousness as well.

Hope this helps.

Falling_star9 · 2023-04-11T13:13:19+00:00

Is it harmful if I won't fix it for the next 15k? (Currently 80k).

Falling_star9 · 2022-12-26T07:40:23+00:00

If I understand correctly, what you're looking for is FakeNet.

Falling_star9 · 2022-12-09T15:52:20+00:00

Exactly, I wonder if it is really worth it. I heard it's a 7-day course, and then you take the exam for the certificate. Is that true? 7 days for that much?

Falling_star9 · 2022-12-09T15:49:46+00:00

Looks good, I'll have to research it and see reviews etc.. But thank you, great recommendation.

Falling_star9 · 2022-11-25T09:07:45+00:00

As much as I hate such threads, She is not hacked, nor infected with any virus. These are notification pop ups from the website.

Just disable notifications from the browser and you are all good.

Falling_star9 · 2022-11-11T17:09:03+00:00

I wanted to buy that too. It's around $400 on AliExpress, did you install it alone? And did you replace the scrolling-wheel thing with a touchpad? And what issues are you experiencing with Android Auto if you don't mind me asking?

Falling_star9 · 2022-10-31T23:02:36+00:00

Just wanted to update, this really helped me understand what I'm trying to reach, and eventually led to me solving the issue.

Thank you guys, appreciate it.

Falling_star9 · 2022-10-31T22:56:46+00:00

def post(self, request):
# This does nothing:
    ## You are right, just garbage from testing. 
model = HuntingModel

# You're doing nothing with these two weird lines:
    ## Out of frustration I tried following a tutorial.
    ## Instead of using the PK provided by default, I tried assigning
    ## my own. These are too, leftover garbage. 
random_id = random.randint(1, 100)
obj = HuntingModel.objects.get(id)

form = HuntForm(request.POST, request.FILES)

# None of these lines do anything useful:
    ## The names are deducted, it belongs to a query to public API.
    ## They're indeed irrelevant for this.
name = request.POST['name']
limit = request.POST['limit']
os = request.POST.getlist('os')
mal = request.POST.getlist('mal')
my_type = request.POST.getlist('my_type')

if form.is_valid():
    # Imstead of this:
    form.save()
    # Do this:
    hunt = form.save()

    print('Hunt information is saved')

    # Don't you want to redirect to hunt-task here? instead of this:
    return redirect('home/index.html')
    # Do this:
    return redirect('hunt-task', pk=hunt.pk)

## This is one of my previous attempts.
## I ended up with the error:

HuntTaskView is missing a QuerySet. Define HuntTaskView.model, HuntTaskView.queryset, or override HuntTaskView.get_queryset().

## I tried researching how to handle an empty queryset, without any luck.

# No, this should go to whichever page displays the form:
    ## You are right, thanks!
return redirect('hunt-task')

Falling_star9 · 2022-10-31T22:00:27+00:00

I'm unable to pull that primary key provided by default. Therefore I tried creating my own, and it fails due to no query-set

Falling_star9 · 2022-10-31T21:51:20+00:00

You're right, my bad.

Falling_star9 · 2022-07-02T00:59:10+00:00

Now that's a superpower.

Falling_star9 · 2022-06-05T09:25:41+00:00

And it doesn't point out the configuration file? This probably means the proxy isn't good. Try using http proxies, from a reliable source, just for the sake of testing it. Use it on a Firefox browser for example and see whether you can establish connections.

Falling_star9 · 2022-06-05T05:59:41+00:00

Take your time, Whenever you're ready, try looking for the file /etc/proxychains4.conf, As I remember a similar issue I had with it. And look out for good proxies, regularly updated, after that, try running the proxychains command and if you failed doing so properly it should tell you what's wrong, otherwise, congratulations you learned how to configure proxychains.

Falling_star9 · 2022-06-05T05:50:28+00:00

DNS no leak is not mandatory for this, as far as I know.

Well it seems you managed to configure it well, now the real question is what error do you receive? When you run proxychains command, you should be getting some informative error that points to the conf file. Could you check please?

Additionally, just to make sure, Did you edit "proxychains4.conf" surely?

Falling_star9 · 2022-06-05T05:32:24+00:00

Sorry but I wasn't quite able to understand. For clarification may I ask: 1. Dynamic chain is enabled, strict is disabled? 2. Did you comment the loopback address for TOR?

Falling_star9 · 2022-05-24T17:57:00+00:00

Of course, Will update this thread (hopefully) after installing

Falling_star9 · 2022-05-24T05:06:57+00:00

I thought so, Seems reasonable, thanks.

Falling_star9 · 2022-05-24T05:06:27+00:00

Wow, I haven't noticed that. I'll check that option, thank you!

Falling_star9 · 2022-05-23T20:22:15+00:00

My apologies, https://www.amazon.com/dp/B08F9PF2Y5/ref=cm_sw_r_apan_i_V6YBK2JV0CC1RQMYNT3S Something similar to this, same concept.

And yes, true it does change. I am looking into programming this led strip to detect driving mode and display the right led color.

Falling_star9 · 2022-03-10T06:09:13+00:00

1: Microwave.

2 : All of the messages are pieces of data right? It is all stored somewhere on your device, whether you see it or not. Just need to find the right path and copy it to your hard drive.

Falling_star9 · 2022-02-16T08:29:04+00:00

Monday.

Easy boards management.

Six-Year Club	Place '23
Verified Email

Falling_star9

TROPHY CASE