So I just saw the deleted video of the Discord rat and I wanted to test it out, but it says it has a virus. It's from the same guy and ebola downloaded it too so. Did I maybe accidentally install the rat?
Dude what a RAT is a form of malware Man wtf is this discord CnC shit though, if you guys ever get a red teaming role and try to CnC to discord theyβll laugh at you
I tried making something with windows batch, every time I open the batch file it opens then quickly closes. Please help me here I have no idea what to do.
@Deleted User python is ass for malware dev lmao, if you pack it into an executable then run it itβll unpack the interpreter on the system and thatβll make legit every antivirus pretty angry I personally use C with a lot of inline assembly
@Deleted User same mate, I been using a lot more x86-64 recently though and been enjoying it a lot, C is the OG though and probably the go to for malware development across pretty much any OS, except maybe for windows I guess C++ may be a better option, though I prefer C a lot more
@Ben Rom LLMβs are based on learning from training data and answering questions and summarising that data theyβve been trained on, they arenβt good at problem solving hence why you shouldnβt let them write code for you
No such thing as FUD lol, also youβre using virustotal and itβs being caught by 3 av on scantime, just because it bypasses most avβs on scan time doesnβt mean itll bypass their heuristic detection Also your evasion sucks, youβre literally just disabling their antivirus, thatβs not evasion lmfao if anything EDR or AV is more likely to catch you trying to do that, this RAT is terrible, no offence I donβt get why everyone seems to think that disabling the av is evasion, thatβs a terrible way to try get around defences lol theyβll see you trying to do that shit, Also the sysadmin or owner of the computer will see that their antivirus has been disabled and then theyβll know theyβve been infected And your persistence is through a task schedular, this is really basic stuff Antiviruses often monitor processes and attempts at messing with the antivirus is a massive red flag, antiviruses usually also have kernel hooks to protect against you from trying to mess around with the antivirus like disabling it from userland, A lot of av also run as kernel modules, the antivirus im writing is a kernel module which uses ioctl to communicate with the CLI, av also have integrity checks, research process hardening too as av also use techniques like control flow enforcement technology which is at hardware level to protect against runtime tampering, av also usually use a technique called non privileged process protection to protect against this, av also use a list of trusted processes and only allow them to interact with specific av components, I can go on and on and on but you get the idea disabling av is the most stupid form of βstealthβ I have ever seen Legit just look into living off the land techniques and memory based attacks also help a lot, in my multi stage malware I always loadup a lot of shit from memory Good malware usually focus on kernel level evasion rather than trying to get around the av in userspace, in userspace most av are really good with their heuristics and its really hard to get passed these kernel antiviruses from userspace, a userspace malware against kernel antivirus is like a cat against a lion
@Deleted User no point doing courses for malware lmao, malware is a cat and mouse game, itβs about innovating and using techniques never seen before Iβm writing a kernel Rootkit right now for my GitHub, also working on a solid sophisticated linux APT toolkit, and then hopefully soon a MBR or GUID PT bootkit