Modern OpenGL in C++, really interesting I would recommend trying if your into gamedev

(July 12, 2022, 12:16 AM)h4mmyy Wrote: p2p malware with rsa code signing to prevent malicous peers and data transmission handled in a way similar to bittorrent, it will also only target machines with a specific hardware id, if the hardware id is not in the list in other peers then the malware destroys itself and the machine it is on but before it does that it exfiltrates all info on it. it will be equipped with vm detection and wont run in one, it will also have rootkit functionality for and can be loaded as a loadable kernel module and or a driver for windows, it's written in go so it can cross compile.

mate, can you recommend any introductions to malware design

(July 17, 2022, 09:22 AM)m0st Wrote:

(July 12, 2022, 12:16 AM)h4mmyy Wrote: p2p malware with rsa code signing to prevent malicous peers and data transmission handled in a way similar to bittorrent, it will also only target machines with a specific hardware id, if the hardware id is not in the list in other peers then the malware destroys itself and the machine it is on but before it does that it exfiltrates all info on it. it will be equipped with vm detection and wont run in one, it will also have rootkit functionality for and can be loaded as a loadable kernel module and or a driver for windows, it's written in go so it can cross compile.

Well, P2P malwares fall short on being stealth because of their network traffic. How are you going to hide network packets?

Using RSA won't prevent malicious peers. Let's say I'm a security researcher and I got my hands on your binary. I inspected it, ran it, watched the network traffic and RE'd it. And if I want to basically traverse your whole botnet, getting all of your bots' IPs, I can do that easily and it wouldn't even matter if you used RSA or anything like that. I can extract the private key from the binary and use that for communication.

What you can do is put a rate limit on how often that call can be made and return only a single randomly selected peer. This still wouldn't "prevent" it but would definitely slow me and others a lot.

I don't get the HWID part. So you're saying you are going to infect computers only if those computers' HWID is on other bots' HWID list in the network?
How would that even work? How would other peers know HWID of the computers they've never been to? I just don't understand, and I honestly think you do not too.

Also, if a malware is on a computer that its HWID not in the list it "destroys" itself and the machine, how are you going to do that? What do you mean by "destroy"? And how are you planning on destroying the machine? And why would you want to destroy the machine?

And here's the part I don't get at all: cross-platform kernel module. What the fuck is that? I mean, you do realize that Windows and Linux kernels are different, right? They use different KM structure, different loading mechanisms, etc. You can't just write a KM in Go and expect it to work everywhere because Go can "cross-compile".

You can't even load the kernel module properly without doing signing magick. Please learn your stuff before writing a harmful malware.

Note I said similar to bit torrent, ever hear of DHT(Distributed Hash Tables)? You won't be able to index my entire botnet since it does not store each infected machine on all of the peers(that is also not scalable), it will store data of each infected machine in a very organized manner in a very easily recoverable way, and it will only run on devices I specifically target hence the hwid detection, and by destroying the machine I mean clear all ram and then wipe the drive(very simple), if it detects a virtual machine such as virtual box it will also destroy itself, I still have to do more stuff for the virtual machine detection though so that's on hold, majority of my focus is on finishing the DHT and routing protocol like you mentioned, packet hiding will be hard(did not think about the traffic and you are right about that) but why do you need to worry about packet monitoring if you only intend to target specific people?(goal was not really to make a huge botnet but a easily manageable rat system that does not require me spinnning up several cloud c2's) also when I say cross platform I am specifically talking about the architecture for each linux machine(arm, arch64 etc) not the operating system. I am aware of windows internals and know u cannot just load a damn kernel module for Linux into a windows machine, so again working on making a windows DRIVER version too(separate to the linux LKM version) "it will also have rootkit functionality for and can be loaded as a loadable kernel module and or a driver for windows" I didn't mean to word it like this but I was lazy when typing and slaving all night working on it, also this is not completely full proof and I do appreciate the feedback, if you any more ideas on improvement I would like some recommendations.

(July 19, 2022, 01:36 PM)xinwong Wrote:

(July 12, 2022, 12:16 AM)h4mmyy Wrote: p2p malware with rsa code signing to prevent malicous peers and data transmission handled in a way similar to bittorrent, it will also only target machines with a specific hardware id, if the hardware id is not in the list in other peers then the malware destroys itself and the machine it is on but before it does that it exfiltrates all info on it. it will be equipped with vm detection and wont run in one, it will also have rootkit functionality for and can be loaded as a loadable kernel module and or a driver for windows, it's written in go so it can cross compile.

mate, can you recommend any introductions to malware design

I just read write ups from either vx underground or I read a few books such as blackhat go, blackhat python, the art of assembly. First start off with the anatomy, then get into features and how to secure and maintain opsec etc.

(July 21, 2022, 12:12 AM)h4mmyy Wrote:

(July 19, 2022, 01:36 PM)xinwong Wrote:

(July 12, 2022, 12:16 AM)h4mmyy Wrote: p2p malware with rsa code signing to prevent malicous peers and data transmission handled in a way similar to bittorrent, it will also only target machines with a specific hardware id, if the hardware id is not in the list in other peers then the malware destroys itself and the machine it is on but before it does that it exfiltrates all info on it. it will be equipped with vm detection and wont run in one, it will also have rootkit functionality for and can be loaded as a loadable kernel module and or a driver for windows, it's written in go so it can cross compile.

mate, can you recommend any introductions to malware design

I just read write ups from either vx underground or I read a few books such as blackhat go, blackhat python, the art of assembly. First start off with the anatomy, then get into features and how to secure and maintain opsec etc.

Thanks mate

Scripts to make my life easier, bash.

Been working on a Python library to pull various things from GitHub Orgs (users associated to orgs, repos in orgs, private repos from users that belong to an org). Then I pipe that into TruffleHog and other shit to find that sweet sweet log hanging fruit.

I have been working on a lot of web development recently. I firmly believe that it is the easiest form of programming there is and I have decided that I should learn the industry standards. I have gone and done that and then moved onto paid gigs since everyone and their mum seems to want a website for some form of scam, game cheat, malware, forum, etc. I have basically been using my skills to generate some financial gain whilst learning new languages at the same time. 

On another note, using C++ to make a Discord bot seems like a proper bearded dragon move.

Neural networks

too lazy to code something i always get project ideas and I know like the skeleton code to make them but I am too lazy to apply them all the bugs and the writing and thinking about it
DUH