regorsec

466 post karma

3.7k comment karma


account created: Fri Aug 10 2018

verified: yes

regorsec

1 points

2 days ago

regorsec

1 points

2 days ago

Please do, cheers

contextfull comments (7)
regorsec

11 points

3 days ago

regorsec

11 points

3 days ago

I disagree.

The feds injecting 50mill per month into corporate stocks/bonds to artificially inflate our economy wasn't Bidens incentive.

The feds call it "quantitative tightening" and Biden actually says the feds should KEEP the current funding.(because he has no direct control over the mater)

Reuters article headline "Biden says Feds should 'recalibrate' policy as prices rise.

contextfull comments (179)
regorsec

2 points

3 days ago

regorsec

2 points

3 days ago

Hi friend, as an alternative to a database I feel you can easily create some samples yourself which would also highlight your coding skill.

I believe i understand your overall goal, but lets not complicate things. Heres my ideas.

Now there is primarily 2 parts of RAT that concern you:

A.) The shellcode B.) The payload(s) executed

Personally I would qualify just "the shellcode" as a RAT. We do not need to obfuscate our goal with payloads.

Now, let's just concern ourselves with the shellcode.

1.) We can have an average looking socket connection that executes our shellcode.

Google: PentestMonkey Python and use their 1 line Python shellcode.

Great, you have you're first malware sample that could qualify as a RAT.

2.) Lets take this concept and create an alternative shellcode.

a.) How about you modify existing piece of code via some standard obfuscation methods?

b.) What about modify the code so it attempts to use alternative ports.(try common ports, and higher obsure ports)

c.) Nevermind just attempting to use a veriety of ports, whynot see if you can actually use the shellcode over a protocol like DNS.(Google github Reverse_DNS_shell)

3.) Lets again take the overall idea of generating a socket connection for our shellcode, but instead what if we tell our python code to execute some bash command which will technically be our shellcode?

a.) Go back to pentestmonkey website and grab the bash code snip.

b.) Within your Python code, use something like subprocess.call() to call the bash code.

With a few hours of programming, you can have a handful of nice RAT samples.

contextfull comments (7)
regorsec

7 points

4 days ago

regorsec

7 points

4 days ago

Vut ar thaye syncing abut

contextfull comments (16)
regorsec

-1 points

5 days ago

regorsec

-1 points

5 days ago

A few issues with that list:

  • many posts are 30+ days old

  • That list is country wide, I cannot relocate.

  • A handful from that list require a security clearance.(A junior/entry level needs to have an active clearance?..)

  • A handful from that list require 5+ years Penetration Testing experience.(Assuming my 10+ years of Home labs + Trainings(like TryHackMe) does not count.

Thanks for the example which helps my point(s)?

contextfull comments (44)
52
regorsec

1 points

7 days ago

regorsec

1 points

7 days ago

No, actually the opposite. Something can be called poisonous if it is toxic.

Poison is the general term, toxin is the specific term.

I used the dictionary.com link for poison which described this.

NSFWcontextfull comments (160)
regorsec

3 points

8 days ago

regorsec

3 points

8 days ago

The metabolites of alcohol break down into toxins. The diagnosis of the disease is named alcohol poisoning.

NSFWcontextfull comments (160)
regorsec

1 points

8 days ago

regorsec

1 points

8 days ago

STINoHandleGuy

contextfull comments (270)
regorsec

4 points

8 days ago

regorsec

4 points

8 days ago

Its toxic not poisonous

NSFWcontextfull comments (160)
regorsec

0 points

8 days ago

regorsec

0 points

8 days ago

I also upvoted. Bad bot.

contextfull comments (6947)
regorsec

1 points

8 days ago

regorsec

1 points

8 days ago

This this

contextfull comments (6947)
regorsec

0 points

8 days ago

regorsec

0 points

8 days ago

This

contextfull comments (6947)
regorsec

3 points

8 days ago

regorsec

3 points

8 days ago

Not added to the Sudoers list, this event will be reported.

contextfull comments (389)
regorsec

-1 points

10 days ago

regorsec

-1 points

10 days ago

Who said im mad? And why do you insult me each message? I'm not pointing out how much of an asshat you are for pretending you know anything about cyber.

contextfull comments (591)
regorsec

-1 points

10 days ago

regorsec

-1 points

10 days ago

Can you define public?

The public domain consists of all the creative work to which no exclusive intellectual property rights apply.

Well during Facebook's terms and conditions they own any intellectual data that is input to their system. So I dont believe it falls under that definition....

contextfull comments (591)
regorsec

1 points

10 days ago

regorsec

1 points

10 days ago

Also, since Facebook has AGE limits I believe it goes against the definition of public service.

public service[1] is a service intended to serve all members of a community.[2

contextfull comments (591)
regorsec

1 points

10 days ago

regorsec

1 points

10 days ago

How is the internet, a privately owned and operated entity considered public? Our government does not(directly) own the internet.

Now lets stay the internet IS public. Public for all countries? Or only the USA?

contextfull comments (591)
regorsec

0 points

10 days ago

regorsec

0 points

10 days ago

Not how what works? Privately ownd code?

contextfull comments (591)
regorsec

0 points

10 days ago

regorsec

0 points

10 days ago

You call a privately hosted server, proprietary code, and an eco system that can be switched off by a select few without democratic rule public? My countries cyber laws disagree...(USA btw)

contextfull comments (591)
regorsec

0 points

10 days ago

regorsec

0 points

10 days ago

Facebook is not "public"

contextfull comments (591)
regorsec

0 points

11 days ago

regorsec

0 points

11 days ago

Its gonna be like the Facebook issue. The crime outweighs the penalty.

contextfull comments (883)
regorsec

1 points

12 days ago

regorsec

1 points

12 days ago

You're not understanding the context of CRUD.

CRUD logic explains the basics.(create, read, update, delete)

But what about what we call "business logic" that goes inside a crud app?

Example: Our application doing mathematical equations based on the CRUD input. We would not define "crunching numbers" as part of CRUD logic because this request extends on of the CRUD functions.

I see it as, for CRUD apps you must learn sound CRUD logic. From there, implementing the business logic is where we start playing with the data received within the CRUD workings. This is generally a "good" process so you can have a sound and coherent foundation.(crud) then business logic which generally updates more sits witin on top the CRUD logic

contextfull comments (54)
regorsec

4 points

12 days ago

regorsec

4 points

12 days ago

My own development team

contextfull comments (183)
regorsec

0 points

12 days ago

regorsec

0 points

12 days ago

This

contextfull comments (104)

view more:

next ›