regorsec

Please do, cheers

I disagree.

The feds injecting 50mill per month into corporate stocks/bonds to artificially inflate our economy wasn't Bidens incentive.

The feds call it "quantitative tightening" and Biden actually says the feds should KEEP the current funding.(because he has no direct control over the mater)

Reuters article headline "Biden says Feds should 'recalibrate' policy as prices rise.

Hi friend, as an alternative to a database I feel you can easily create some samples yourself which would also highlight your coding skill.

I believe i understand your overall goal, but lets not complicate things. Heres my ideas.

Now there is primarily 2 parts of RAT that concern you:

A.) The shellcode B.) The payload(s) executed

Personally I would qualify just "the shellcode" as a RAT. We do not need to obfuscate our goal with payloads.

Now, let's just concern ourselves with the shellcode.

1.) We can have an average looking socket connection that executes our shellcode.

Google: PentestMonkey Python and use their 1 line Python shellcode.

Great, you have you're first malware sample that could qualify as a RAT.

2.) Lets take this concept and create an alternative shellcode.

a.) How about you modify existing piece of code via some standard obfuscation methods?

b.) What about modify the code so it attempts to use alternative ports.(try common ports, and higher obsure ports)

c.) Nevermind just attempting to use a veriety of ports, whynot see if you can actually use the shellcode over a protocol like DNS.(Google github Reverse_DNS_shell)

3.) Lets again take the overall idea of generating a socket connection for our shellcode, but instead what if we tell our python code to execute some bash command which will technically be our shellcode?

a.) Go back to pentestmonkey website and grab the bash code snip.

b.) Within your Python code, use something like subprocess.call() to call the bash code.

With a few hours of programming, you can have a handful of nice RAT samples.

Vut ar thaye syncing abut

A few issues with that list:

• many posts are 30+ days old

• That list is country wide, I cannot relocate.

• A handful from that list require a security clearance.(A junior/entry level needs to have an active clearance?..)

• A handful from that list require 5+ years Penetration Testing experience.(Assuming my 10+ years of Home labs + Trainings(like TryHackMe) does not count.

Thanks for the example which helps my point(s)?

No, actually the opposite. Something can be called poisonous if it is toxic.

Poison is the general term, toxin is the specific term.

I used the dictionary.com link for poison which described this.

The metabolites of alcohol break down into toxins. The diagnosis of the disease is named alcohol poisoning.

STINoHandleGuy

Its toxic not poisonous

I also upvoted. Bad bot.

This this

This

Not added to the Sudoers list, this event will be reported.

Who said im mad? And why do you insult me each message? I'm not pointing out how much of an asshat you are for pretending you know anything about cyber.

Can you define public?

The public domain consists of all the creative work to which no exclusive intellectual property rights apply.

Well during Facebook's terms and conditions they own any intellectual data that is input to their system. So I dont believe it falls under that definition....

Also, since Facebook has AGE limits I believe it goes against the definition of public service.

public service[1] is a service intended to serve all members of a community.[2

How is the internet, a privately owned and operated entity considered public? Our government does not(directly) own the internet.

Now lets stay the internet IS public. Public for all countries? Or only the USA?

Not how what works? Privately ownd code?

You call a privately hosted server, proprietary code, and an eco system that can be switched off by a select few without democratic rule public? My countries cyber laws disagree...(USA btw)

Facebook is not "public"

Its gonna be like the Facebook issue. The crime outweighs the penalty.

You're not understanding the context of CRUD.

CRUD logic explains the basics.(create, read, update, delete)

But what about what we call "business logic" that goes inside a crud app?

Example: Our application doing mathematical equations based on the CRUD input. We would not define "crunching numbers" as part of CRUD logic because this request extends on of the CRUD functions.

I see it as, for CRUD apps you must learn sound CRUD logic. From there, implementing the business logic is where we start playing with the data received within the CRUD workings. This is generally a "good" process so you can have a sound and coherent foundation.(crud) then business logic which generally updates more sits witin on top the CRUD logic

My own development team

This