+'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''+ | #xmrgang _______________ | | | undoxed ELITE MONERO HACKERZ! | __________ | | | `'\___/ ********************* | | beep | | | | elite | #htp ALL UR BASE R BELONG | | boop | | | | \__/'|'__/ 2 US. | \__________/ | | | \_|_/ ********************* \_______________/ | | | | XMR XMR XMR XMR!! | +---------------------------------------------------------------+ | #moneromonarchy | | * Table of Contents | | .-----------------. | | - 0x01 (toc) | p.s fux these | | | - 0x02 (malware) | kids: | | | - 0x03 (fun or profit) | | #wtfux | | | * hades | | | * Shoutouts | * whitehats | | | | * doxbin | | | - whoremail '-----------------' | | - modbroker | | - moleman (swatnet)<-pikachu packetz | | \_[packet]->BRRR | | [010101 010101110 10010100] | | rw init=/bin/bash<-[payload]_/ | | \_[method]->zeroday_execution | | | | * ac1d_burn joined #xmr | | | | ac1d_burn: what's the score? | | zer0cool: let's hax the mufqn gibson! | | | | * sd joined #xmr | | | | sd: the gibson? nah let's hack the mufqn planet. | | | | #hacktheplanet. | +---------------------------------------------------------------+ | xmrxmrxmrxmrxmrxmrxmrxmrxmrxmrxmrxmrxmrxmrxmrxmrxmrxmrxmrxmr :| '---------------------------------------------------------------' | | | * malware. | | | | In this edition of eZine #2, I will be writing about | | malware and why it can be fun & profitable. | | | | Firstly, malware development is always expanding and | | always moving forward. With new threat actors and new | | techniques always appearing. | | | | Writing malware for fun should always be a task that | | you enjoy. Exploring the inner workings of the Win API | | or the fundamentals of the Linux kernel. Your computer | | is a canvas and your keyboard is your paint stick. | | | | I have not yet finished this article so this will be | | here as a "placeholder". | | | +---------------------------------------------------------------+ | | | * fun / profit. | | | | Writing malware for fun is probably your best way of | | learning. Humans tend to enjoy things more if they are, | | well, enjoyable. Writing for profit is something you | | should only really do if you are proficient in malware | | development. It's not a trivial task to make malware. | | | | Regardless, writing malware is much like an art. | | You must practice and learn by writing it. While malwa- | | re development is fun, it is insanely important to rem- | | ber that it requires a high level of programming skill | | and intelligence to master. | | | | Malware is such a unique and diverse topic to cover so | | I will only be covering basics/fundamentals. | | | | | | * introduction to windows malware. | | | | The first technique I would like to cover is process | | injection. This is one of the main fundamentals of mal- | | ware and it's important to understand how this works. | | | | To begin, let me say that this is a vanilla method. | | The general steps for this type of injection are: | | | | - Get a handle on process. | | - Allocate a buffer in the process memory. | | - Write the contents of your shellcode into | | the buffer. | | - Create a thread that will run the surgically | | allocated contents of the buffer you wrote. | | | | To do this we need to use a language that can interact | | with the Windows API or Kernel. | | C is preferred by most developers but me and my pals, | | are big fans of D. [https://dlang.org] | | | | You will need to learn how to use these functions: | | | | - OpenProcess (HANDLE) | | - VirtualAllocEx (LPVOID) | | - WriteProcessMemory (BOOL) | | - CreateRemoteThreadEx (HANDLE) | | | | | | Read the Win32 API documentation to learn the syntax. | | https://learn.microsoft.com/en-us/windows/win32/api/ | | | +---------------------------------------------------------------+ | | | * profiting from malware | | | | To profit from malware (which you should never do), | | all you need to do is write something effective and | | undetectable. Stealers sell stealer logs which contain | | emails, usernames, passwords etc. Botnet's convert | | "zombies" or infected devices into DDoS power and sell | | it as a service. | | | | Alternatively, you may also indulge in ransomware. | | (not a recommendation, as this is highly illegal) | | | | However, ransomware is extremely profitable from a | | blackhat's perspective. It does require a lot of skill | | but I have seen a lot of idiots/skids social engineer | | their way onto servers to ransomware them. | | | +---------------------------------------------------------------+ | | | * exotic malware | | | | What is exotic malware? Essentially it is malware that | | is written in an obscure language. Meaning a language, | | that doesn't have many libraries, isn't a regular lang, | | or just isn't really known to many people. | | | | Some of these languages are: | | - DLang [https://dlang.org] | | - Zig [https://ziglang.org] | | - Elixir [https://elixir-lang.org] | | - Nim [https://nim-lang.org] | | - VLang [https://vlang.io] | | | | These languages are used to hinder analysis as they | | are not as analysed as more commonly used languages | | such as C or Python or Go. | | | | Take "HawkLoader" as an example. | | [https://github.com/dk0m/HawkLoader] | | | | This is an indirect system call based shellcode loader | | written fully in DLang. It utilize's the well known | | method SysWhispers which was ported to DLang by mod- | | broker. | | | +---------------------------------------------------------------+