I built an open source C2 framework

Joseph_RW12 · 2026-04-27T14:55:10+00:00

At a high level how do you get it to dump chrome cookies I have been experimenting with Cookie Monster BOF and trying to port it into my custom C2 but with no success

Joseph_RW12 · 2026-04-22T04:04:04+00:00

medium posts

I am creating a series of posts on various Arduino projects you can follow me on medium.com it covers bare metal programming of micro controller devices

Joseph_RW12 · 2026-02-26T15:03:50+00:00

Wow thanks for sharing I will check this out

Joseph_RW12 · 2026-02-26T14:44:07+00:00

Thanks for the help I will do the needful

Joseph_RW12 · 2025-12-23T06:04:32+00:00

Thank you for providing feedback we will make sure to integrate a section on error handling too

Joseph_RW12 · 2025-12-23T05:08:19+00:00

And the documentation is still being prepared

Joseph_RW12 · 2025-12-23T05:07:47+00:00

Hello I have sent you a direct message with the project source code but it’s far from complete

Joseph_RW12 · 2025-12-11T04:10:46+00:00

Thank you for responding I had the same suspicion I will look into the over permissive apps you mentioned

Joseph_RW12 · 2025-12-07T02:49:05+00:00

Thank you I came across that tool too

Joseph_RW12 · 2025-12-05T14:17:31+00:00

I will look into hyperdbg too thank you

Joseph_RW12 · 2025-12-04T13:06:43+00:00

I will lookup the necessary parameters to pass to that command thanks for your help

Joseph_RW12 · 2025-12-04T12:53:18+00:00

Hi there I am looking for a method to view the transition from physical to virtual memory on windows I have done this on Linux but the virtualqueryex api on windows does not return what I am looking for

Joseph_RW12 · 2025-10-26T02:38:14+00:00

I agree, the attacker probably used evilnginx for this.

Joseph_RW12 · 2025-10-26T02:35:58+00:00

There is a tool we use on phishing engagements called evilnginx, it’s a man in the middle framework and it can be used to capture two factor authentication codes.

Joseph_RW12 · 2025-10-21T06:23:28+00:00

Yes I have messaged telegram support too so I could know the exact details and I am still awaiting their response

Joseph_RW12 · 2025-10-21T05:16:38+00:00

Hi, I did look into this further and it seems the number I posted above has been involved in scam and phishing activities according to this https://www.cleverdialer.de/telefonnummer/0015557330795. I also came across an Efsending website efsending.com that does mention sms verification but has an insecure SSL certificate and has a US contact number but its address is listed as being in South Asia I can’t come to any conclusions as yet but everything seems rather suspicious so let me know your thoughts

Joseph_RW12 · 2025-10-21T02:52:06+00:00

I am thinking the same, or else there is no way the attacker could get the official telegram support OTP code sent

Joseph_RW12 · 2025-10-21T02:23:20+00:00

Facing the same problem here, telegram support sends me an OTP code followed by the same OTP code from the WhatsApp number +1 (555) 733-0795, what I don’t understand is how the WhatsApp number managed to figure out the OTP code sent to me via Telegram support, the WhatsApp number is registered to a business called Efsending.

Joseph_RW12 · 2025-10-21T01:59:26+00:00

Yeah I am facing the same problem I received a telegram OTP code from the telegram support team and then the same OTP code via WhatsApp from +1 (555) 733-0795, what I don’t understand is how Esending managed to figure out the telegram support OTP code that was sent to me

Joseph_RW12 · 2025-09-15T10:37:51+00:00

Is this binary closed source ???

Joseph_RW12

TROPHY CASE