Арбитраж drpalpatine $900

Отслеживать
FASTPRISONER

FASTPRISONER

Cat Is Good
Забанен
Регистрация
14.01.2020
Сообщения
327
Реакции
89
Гарант сделки
3
Депозит
0.0003
Пожалуйста, обратите внимание, что пользователь заблокирован
drpalpatine $900
forum profile - https://xss.pro/members/235794/

вливался в доверие долгое время в токсе втирая мне что он гуру кодер и пентестер и его приват проект OLLVM++ обходит все ТОП EDR включая CrowdStrike, Sentinel, Cortex, Trellix итп
в итоге стянул с меня $900 и ушел в офф как крыса последняя, а сейчас приплетает каких-то третих лиц, мотивируя что все это я и во всем виноват я =)

admin bratva лог переписки скину в лс по запросу
 
[22:44:31] drp: hi
drpalpatine, XSS
[22:45:20] drp: i provided my resume to fastPrisoner


low level programmer, compilers, exploitation, malware, patch diffing, also good but not strong experience with active directory, strong at powershell, group policy scripts, try to do everything in pshell without touching the disk, convenience with cobalt, msf,
there is little expertise with working with vsphere, proxmox, hypervisors in general + cloud backups
previous/current work
https://xss.pro/threads/102782/ Obfusctator-LLVM++
https://xss.pro/threads/87453/ CPU Exploitation (1) --> Noise Reduction Basics
https://xss.pro/threads/87261/ tried to port spectre to cuda kernels, failed but learned many interesting things
https://xss.pro/threads/86116/ windows sysclock
xss.pro/threads/72454/#post-651709 lodash arbitrary command exec 1day

strong with c/c++, llvm+clang(honestly i can code common algorithms directly in LLVM IR without compilation from a c/c++ frontend haha), x86 asm, python

US State Gov Access --> xss.pro/threads/55829/
Malaysia 2kkk+ --> xss.pro/threads/55789/
China 4kkk+ --> xss.pro/threads/56361/
USA 400kk+ --> xss.pro/threads/61151/
...
[22:49:18] BRAIN: Hi! Ok what tools do you have to start working with network accesses?
[22:51:14] drp: its been a long time since i worked with accesses --> delved into coding
i used to use brute ratel c4, cobalt

but now i will use cobalt the public edition, all powershell scripts i can code myself + github, mimikatz, everything is public from github
I need time to setup
[22:51:28] drp: i did not expect fastPrisoner to accept non Slavic guys
[22:54:11] BRAIN: Ok, I accept only honest specialists
[22:54:28] BRAIN: Because forums are full of LE, researchers, agents and etc shit
[22:54:53] BRAIN: But I see you are legit, old registered on exploit and xss
[22:55:20] BRAIN: So I can bring you into my team and share some accesses with you, let's see how you will work
[22:55:30] BRAIN: We have CS setup and even systembc
[22:55:46] BRAIN: All my teams are working in my private rocketchat
[22:56:24] BRAIN: Chat is configured with highest OPSEC, Proxmox VM > ssh off > ssd encrypted > logs off > fastflux domain > Bare Metal Servers
[22:56:54] drp: haha i like it
good --> can you offer some time for me to prepare everything on my side?
[22:57:18] BRAIN: no need to prepare we have everything ready ))
[22:57:41] BRAIN: are you ready to start working now ?
[22:58:27] drp: thanks
but can i take 2 hours? there's a shit team from RAMP i need to call off
[22:58:53] BRAIN: sure, take your time
[22:58:58] BRAIN: see u after 2 hours
[22:59:01] drp: +
[23:54:42] drp: hi
is there a place for a coder or at least a demand for software? sorry but i am not ready for this
there is decent knowledge in red teaming but mostly theoretical from constant reading of write ups --> not much practical
i am more of a systems coder and such if you can see my profile on the forum
[23:55:42] BRAIN: yes, we have such place also
[23:57:00] drp: i worked on the obfsucator myself
me and a friend from the forum recently discussed the possibility of working together on a custom c2
[23:57:28] drp: the obfuscator is not fully complete
[23:57:44] drp: but yes this will be done
and regarding the c2, this is a big task
[23:57:47] drp: for 4 hands
[23:58:54] BRAIN: Ok so you and your friend can work on this project in my rocketchat, right ?
[23:59:21] BRAIN: I can bring more developers in this project, if needed
[23:59:44] drp: he is also a sys coder like myself (himself mostly on windows)
myself mostly on (*nix systems)
[23:59:50] drp: you are interested in custom c2?
[pending] : 2023-11-25
[00:00:02] BRAIN: sure, interested
[00:01:37] drp: there are total 3 people that discussed the possibility of this --> i donot know who is serious to what level from the preliminary talks, but we/I will come with a interesting well formed technical proposal
[00:01:51] drp: i myself will continue to work on the llvm obfuscator
[00:19:28] BRAIN: ahh it takes long time to build a c2
[00:24:00] drp: exactly --> there is a project on https://github.com/WithSecureLabs/C3
this is like what LLVM is to compilers
essentially a modular way to quickly custom c2s

"C3 (Custom Command and Control) is a tool that allows Red Teams to rapidly develop and utilise esoteric command and control channels (C2). It's a framework that extends other red team tooling, such as the commercial Cobalt Strike (CS) product via ExternalC2, which is supported at release. It allows the Red Team to concern themselves only with the C2 they want to implement; relying on the robustness of C3 and the CS tooling to take care of the rest. This efficiency and reliability enable Red Teams to operate safely in critical client environments (by assuring a professional level of stability and security); whilst allowing for safe experimentation and rapid deployment of customised Tactics, Techniques and Procedures (TTPs). Thus, empowering Red Teams to emulate and simulate an adaptive real-world attacker."

there is no point in writing a teamserver, add user, kick user blah blah garbage
so far i have not studied the API docs, its limitations

we are exploring technically interesting ideas for software, its pointless and technically boring for us to write RAT, stealer, HVNC with the same call to CreateDesktop
he is offline it seems
[00:41:04] drp: > yes, we have such place also
are there reverse engineers, specialists in code morphing who believe in its power and can technically convince you to allow for work on it, so i can work under your as well
a job request with a proposal
[00:42:32] drp: preferably who understands MBAs, flattening, opaque predicates, symbolic execution
and most importantly existing deobfuscation techniques
[00:44:56] drp: there's lots of untapped potential in this area + moreover APT groups, gangs everybody has a shitty private variant of flattening, blah blah nowadays
[00:53:32] BRAIN: write proper techincal task like for whitehat
[00:53:41] BRAIN: i will ask from my workers
[00:54:07] BRAIN: I have whitehats for work they are very cheap for me
[01:08:58] drp: from what i understood, I tried, lol -->

"The goal is to write a code obfuscator, that works at the LLVM IR level so we can perform transforms at the lowest level we can without becoming platform specific. This has to use LLVM C++ API, not the C API and definitely not the llvmlite, llvmpy. Now regarding the core, the goal is to come up with obfuscation techniques that complicate reversing from both manual humans as well as automated tools. For example, OLLVM flattening, opaque predicates are all deobfuscatable by open source tools from github. And moreover the task becomes not so difficult, even the most advanced opaque predicates techniques that are not in any open source obfuscators are deobfuscatable by state of the art techniques published in research, this is true with MBA (mixed boolean expressions essentially a way to unfold constants that the compiler cannot optimize way), moreover advanced tools like SiMBA, GaMBA MBA-Blast, USENIX cannot solve. There are many problems to solve along the way, to minimize flop count etc. The goal is to come up with state of the art code morphing techniques."
[01:32:35] drp: https://research.checkpoint.com/202...inst-russians-state-owned-defense-institutes/
[01:49:07] BRAIN: Ok let me give a task
[02:24:51] drp: tell them there will be benchmarks
for example --> "i came up with a strong opaque predicates obfuscation than what lockbit uses to fuck the threat intelligence analysts", this is not allowed
"i came with an opaque predicate that caused Angr to delay symbolic execution by N seconds compared to lockbit x seconds, KLEE delay M seconds" --> this is allowed
in essence --> you cannot announce your obfuscation as top without some kind of deobfuscation testing, mathematical metrics blah blah
[02:55:52] BRAIN:
[02:57:39] drp: personally for me this was a hobby of mine for a long time and worked briefly in the white under this domain
[03:09:56] drp: i can confidently say i broke some of the strongest MBA-Solver
i even found sort of a mathematical exploit in GaMBA that itself extra delays any analyst using it to simplify the code
the control flow flattening is completely revised, no APT, locker gang so far uses a strong flattening, at least in my knowledge
there is interest to develop such morpher
perhaps anyone in your team is excited for this technical work --> we can work under you for the team
[03:11:47] drp: i contacted LockBitSupp on the forum for his interest on the topic of morphing --> somehow there was silence
[03:12:09] drp: the only person that showed such significant interest was mr Unknown
[03:12:15] drp: revils
[03:13:05] drp: xss /threads/34888/
[03:16:59] BRAIN: lockbit is asshole
[03:17:20] drp: haha gang wars
[03:18:03] drp: unknown was somewhat ahead of his time
[03:18:08] drp: first to use ecc in lockers
[03:18:31] drp: focused more on the exploits, new injection techniques
[03:18:48] drp: first person to understand the seriousness of obfuscators
[04:00:02] drp: > BRAIN: write proper techincal task like for whitehat
> BRAIN: i will ask from my workers
> BRAIN: I have whitehats for work they are very cheap for me

> Ok let me give a task

i cannot parse your intentions from these, i am looking for an interesting team to work on the morpher hopefully on a permanent basis in silence
please let me know
[18:08:43] BRAIN:
[18:46:37] drp: first regarding LockBitSupp --> i will not even comment on this man --> I somehow magically convinced you this far --> I am not sure if I can do it with LockBitSupp or other team
perhaps easier with mr Unknown lol
[18:47:31] drp: second --> regarding more/right members to work --> i donot understand how the team hierarchy, structure will be but if there is need for more recruits (one or two byte lovers from the forum I can bring if this is necessary, but a technical goal needs to be set with your team, eisen?, for a competent obfusator, distribution of work, or if more large workforce is necessary at all)
[18:48:42] drp: in technical sense it will be hard to implement the transforms without experience with working of LLVM C++ API, experience with LLVM IR
in essence the most important is practical knowledge with compilers (most importantly LLVM)
for example --> i implemented such LLVM transforms, if there are interested applicants from the white hat, we can ask them simple questions/tasks
write a function that takes LLVM Function object and calculates its cyclomatic complexity or if a basic block is in a loop structure or something like that
[18:49:54] drp: depending on their code, they will themselves prove their compentence with compiler passes, LLVM API
also for example in a live interview you can immediately ask why is llvmlite is not suitable for this task? --> they can google, ask large language models, the answer can be sniffed out easily --> he wont be able to answer with examples such if he did not have practical experience of sitting down and actually coding and found all the shitcode, bugs, limits of llvmlite
[18:50:03] drp: code obfuscation is another thing we need to think about the evaluation --> perhaps show history? write a strong (meaningful, not schoolchildren) variant of flattening or something, research paper published?
[19:27:15] drp: in essence --> anyone who understood the OLLVM source code and understands the merits, demerits, deobfuscation against it, wants to improve it significantly (not just a simple variant that some APT groups use) is interesting to talk to
[19:28:36] drp: if they worked at the clang AST level instead of LLVM IR level --> well fuck, but this is fine as well
it will not be difficult for them to port to LLVM
[19:31:02] drp: > worked at the clang AST level instead of LLVM IR level
worked harder but not smart
[22:36:39] drp: here?
[22:39:15] BRAIN: yes, sorry was busy with teams
[22:40:03] BRAIN: we don't make things harder, because we are using systembc backconnect socks5 then proxychains - impacket + cme , it's usually fair enough to bypass edr and do all needed job with our private ransomware
[22:40:56] drp: yes, i know evasion is enough for you but what about reversing of binaries from those sitting at Kaspersky?
[22:41:43] BRAIN: just crypt systembc to evade this EDRs and it's fair enough
[22:42:04] BRAIN: when we got detected we just change server and make new crypt then continue our work
[22:42:59] BRAIN: it's fast and simple, we should economy our time because lot of time takes to find all admins, find/steal credentials to vritualization panels, backups, exfil data
[22:45:25] drp: thats fine --> perhaps only your internal team members could convince you lol
but please let me know if there is such a requirement with an interesting team to work with
meanwhile can i keep the tox contact?
[22:50:26] BRAIN: sure
[22:51:02] BRAIN: if you want to make money with me, you should go in short-profit direction - it's get domain admin on USA CA accesses
[22:54:31] drp: you are right --> i will go back to hackthebox, AD env emulation tools from github, restart practice
anything else? especially for the hypervisors, cloud backups?
there is strong knowledge but in theory mainly from writeups, DFIR reports, blah blah
[22:55:56] drp: > you are right --> i will go back to hackthebox, AD env emulation tools from github, restart practice
i will let you know, this is not a new field for me
[pending] : 2023-11-26
[00:20:23] BRAIN: Ok
[02:16:05] BRAIN:
[02:17:38] drp: give me few hours --> i will give make eisen understand the ollvm source code lol
he will then change his opinion --> llvm is the easiest there is
[02:18:02] drp: this is simpler than working at binary level or clang AST
[02:18:50] drp: at clang AST --> there are lots of trouble + not intuitive like LLVM IR SSA structure, plus only for C/C++, many complex nuances in the syntax
you cannot work it for other languages
[02:19:54] drp: at binary level --> you lose OS, architecture universality --> you have to do for each and every platform
[02:19:55] BRAIN: let me make account in my rocketchat I will make conference with eisen
[02:20:06] BRAIN: + I will add exploit dev
[02:27:49] drp: installing ...
[02:30:54] BRAIN: access is inside - https://r.rrbid.boston/PrivateBin/?6d5aa520ce24c423#GC6p6MHth7WEZRZkDLB1C7c6NMYQRmcvvKDpWbYTbtfa
you can connect trough TOR browser
[02:31:24] BRAIN: don't share access/domain/etc with any other 3rd parties, my admins always support my chat
[02:32:09] BRAIN: Chat is configured with highest OPSEC, Proxmox VM > ssh off > ssd encrypted > logs off > fastflux domain > Bare Metal Servers
 
Пожалуйста, обратите внимание, что пользователь заблокирован
drpalpatine пиши админу под хайдом а не на весь паблик
 
Пожалуйста, обратите внимание, что пользователь заблокирован
drpalpatine сказал(а):
[22:44:31] drp: hi
drpalpatine, XSS
[22:45:20] drp: i provided my resume to fastPrisoner


low level programmer, compilers, exploitation, malware, patch diffing, also good but not strong experience with active directory, strong at powershell, group policy scripts, try to do everything in pshell without touching the disk, convenience with cobalt, msf,
there is little expertise with working with vsphere, proxmox, hypervisors in general + cloud backups
previous/current work
https://xss.pro/threads/102782/ Obfusctator-LLVM++
https://xss.pro/threads/87453/ CPU Exploitation (1) --> Noise Reduction Basics
https://xss.pro/threads/87261/ tried to port spectre to cuda kernels, failed but learned many interesting things
https://xss.pro/threads/86116/ windows sysclock
xss.pro/threads/72454/#post-651709 lodash arbitrary command exec 1day

strong with c/c++, llvm+clang(honestly i can code common algorithms directly in LLVM IR without compilation from a c/c++ frontend haha), x86 asm, python

US State Gov Access --> xss.pro/threads/55829/
Malaysia 2kkk+ --> xss.pro/threads/55789/
China 4kkk+ --> xss.pro/threads/56361/
USA 400kk+ --> xss.pro/threads/61151/
...
[22:49:18] BRAIN: Hi! Ok what tools do you have to start working with network accesses?
[22:51:14] drp: its been a long time since i worked with accesses --> delved into coding
i used to use brute ratel c4, cobalt

but now i will use cobalt the public edition, all powershell scripts i can code myself + github, mimikatz, everything is public from github
I need time to setup
[22:51:28] drp: i did not expect fastPrisoner to accept non Slavic guys
[22:54:11] BRAIN: Ok, I accept only honest specialists
[22:54:28] BRAIN: Because forums are full of LE, researchers, agents and etc shit
[22:54:53] BRAIN: But I see you are legit, old registered on exploit and xss
[22:55:20] BRAIN: So I can bring you into my team and share some accesses with you, let's see how you will work
[22:55:30] BRAIN: We have CS setup and even systembc
[22:55:46] BRAIN: All my teams are working in my private rocketchat
[22:56:24] BRAIN: Chat is configured with highest OPSEC, Proxmox VM > ssh off > ssd encrypted > logs off > fastflux domain > Bare Metal Servers
[22:56:54] drp: haha i like it
good --> can you offer some time for me to prepare everything on my side?
[22:57:18] BRAIN: no need to prepare we have everything ready ))
[22:57:41] BRAIN: are you ready to start working now ?
[22:58:27] drp: thanks
but can i take 2 hours? there's a shit team from RAMP i need to call off
[22:58:53] BRAIN: sure, take your time
[22:58:58] BRAIN: see u after 2 hours
[22:59:01] drp: +
[23:54:42] drp: hi
is there a place for a coder or at least a demand for software? sorry but i am not ready for this
there is decent knowledge in red teaming but mostly theoretical from constant reading of write ups --> not much practical
i am more of a systems coder and such if you can see my profile on the forum
[23:55:42] BRAIN: yes, we have such place also
[23:57:00] drp: i worked on the obfsucator myself
me and a friend from the forum recently discussed the possibility of working together on a custom c2
[23:57:28] drp: the obfuscator is not fully complete
[23:57:44] drp: but yes this will be done
and regarding the c2, this is a big task
[23:57:47] drp: for 4 hands
[23:58:54] BRAIN: Ok so you and your friend can work on this project in my rocketchat, right ?
[23:59:21] BRAIN: I can bring more developers in this project, if needed
[23:59:44] drp: he is also a sys coder like myself (himself mostly on windows)
myself mostly on (*nix systems)
[23:59:50] drp: you are interested in custom c2?
[pending] : 2023-11-25
[00:00:02] BRAIN: sure, interested
[00:01:37] drp: there are total 3 people that discussed the possibility of this --> i donot know who is serious to what level from the preliminary talks, but we/I will come with a interesting well formed technical proposal
[00:01:51] drp: i myself will continue to work on the llvm obfuscator
[00:19:28] BRAIN: ahh it takes long time to build a c2
[00:24:00] drp: exactly --> there is a project on https://github.com/WithSecureLabs/C3
this is like what LLVM is to compilers
essentially a modular way to quickly custom c2s

"C3 (Custom Command and Control) is a tool that allows Red Teams to rapidly develop and utilise esoteric command and control channels (C2). It's a framework that extends other red team tooling, such as the commercial Cobalt Strike (CS) product via ExternalC2, which is supported at release. It allows the Red Team to concern themselves only with the C2 they want to implement; relying on the robustness of C3 and the CS tooling to take care of the rest. This efficiency and reliability enable Red Teams to operate safely in critical client environments (by assuring a professional level of stability and security); whilst allowing for safe experimentation and rapid deployment of customised Tactics, Techniques and Procedures (TTPs). Thus, empowering Red Teams to emulate and simulate an adaptive real-world attacker."

there is no point in writing a teamserver, add user, kick user blah blah garbage
so far i have not studied the API docs, its limitations

we are exploring technically interesting ideas for software, its pointless and technically boring for us to write RAT, stealer, HVNC with the same call to CreateDesktop
he is offline it seems
[00:41:04] drp: > yes, we have such place also
are there reverse engineers, specialists in code morphing who believe in its power and can technically convince you to allow for work on it, so i can work under your as well
a job request with a proposal
[00:42:32] drp: preferably who understands MBAs, flattening, opaque predicates, symbolic execution
and most importantly existing deobfuscation techniques
[00:44:56] drp: there's lots of untapped potential in this area + moreover APT groups, gangs everybody has a shitty private variant of flattening, blah blah nowadays
[00:53:32] BRAIN: write proper techincal task like for whitehat
[00:53:41] BRAIN: i will ask from my workers
[00:54:07] BRAIN: I have whitehats for work they are very cheap for me
[01:08:58] drp: from what i understood, I tried, lol -->

"The goal is to write a code obfuscator, that works at the LLVM IR level so we can perform transforms at the lowest level we can without becoming platform specific. This has to use LLVM C++ API, not the C API and definitely not the llvmlite, llvmpy. Now regarding the core, the goal is to come up with obfuscation techniques that complicate reversing from both manual humans as well as automated tools. For example, OLLVM flattening, opaque predicates are all deobfuscatable by open source tools from github. And moreover the task becomes not so difficult, even the most advanced opaque predicates techniques that are not in any open source obfuscators are deobfuscatable by state of the art techniques published in research, this is true with MBA (mixed boolean expressions essentially a way to unfold constants that the compiler cannot optimize way), moreover advanced tools like SiMBA, GaMBA MBA-Blast, USENIX cannot solve. There are many problems to solve along the way, to minimize flop count etc. The goal is to come up with state of the art code morphing techniques."
[01:32:35] drp: https://research.checkpoint.com/202...inst-russians-state-owned-defense-institutes/
[01:49:07] BRAIN: Ok let me give a task
[02:24:51] drp: tell them there will be benchmarks
for example --> "i came up with a strong opaque predicates obfuscation than what lockbit uses to fuck the threat intelligence analysts", this is not allowed
"i came with an opaque predicate that caused Angr to delay symbolic execution by N seconds compared to lockbit x seconds, KLEE delay M seconds" --> this is allowed
in essence --> you cannot announce your obfuscation as top without some kind of deobfuscation testing, mathematical metrics blah blah
[02:55:52] BRAIN:
[02:57:39] drp: personally for me this was a hobby of mine for a long time and worked briefly in the white under this domain
[03:09:56] drp: i can confidently say i broke some of the strongest MBA-Solver
i even found sort of a mathematical exploit in GaMBA that itself extra delays any analyst using it to simplify the code
the control flow flattening is completely revised, no APT, locker gang so far uses a strong flattening, at least in my knowledge
there is interest to develop such morpher
perhaps anyone in your team is excited for this technical work --> we can work under you for the team
[03:11:47] drp: i contacted LockBitSupp on the forum for his interest on the topic of morphing --> somehow there was silence
[03:12:09] drp: the only person that showed such significant interest was mr Unknown
[03:12:15] drp: revils
[03:13:05] drp: xss /threads/34888/
[03:16:59] BRAIN: lockbit is asshole
[03:17:20] drp: haha gang wars
[03:18:03] drp: unknown was somewhat ahead of his time
[03:18:08] drp: first to use ecc in lockers
[03:18:31] drp: focused more on the exploits, new injection techniques
[03:18:48] drp: first person to understand the seriousness of obfuscators
[04:00:02] drp: > BRAIN: write proper techincal task like for whitehat
> BRAIN: i will ask from my workers
> BRAIN: I have whitehats for work they are very cheap for me

> Ok let me give a task

i cannot parse your intentions from these, i am looking for an interesting team to work on the morpher hopefully on a permanent basis in silence
please let me know
[18:08:43] BRAIN:
[18:46:37] drp: first regarding LockBitSupp --> i will not even comment on this man --> I somehow magically convinced you this far --> I am not sure if I can do it with LockBitSupp or other team
perhaps easier with mr Unknown lol
[18:47:31] drp: second --> regarding more/right members to work --> i donot understand how the team hierarchy, structure will be but if there is need for more recruits (one or two byte lovers from the forum I can bring if this is necessary, but a technical goal needs to be set with your team, eisen?, for a competent obfusator, distribution of work, or if more large workforce is necessary at all)
[18:48:42] drp: in technical sense it will be hard to implement the transforms without experience with working of LLVM C++ API, experience with LLVM IR
in essence the most important is practical knowledge with compilers (most importantly LLVM)
for example --> i implemented such LLVM transforms, if there are interested applicants from the white hat, we can ask them simple questions/tasks
write a function that takes LLVM Function object and calculates its cyclomatic complexity or if a basic block is in a loop structure or something like that
[18:49:54] drp: depending on their code, they will themselves prove their compentence with compiler passes, LLVM API
also for example in a live interview you can immediately ask why is llvmlite is not suitable for this task? --> they can google, ask large language models, the answer can be sniffed out easily --> he wont be able to answer with examples such if he did not have practical experience of sitting down and actually coding and found all the shitcode, bugs, limits of llvmlite
[18:50:03] drp: code obfuscation is another thing we need to think about the evaluation --> perhaps show history? write a strong (meaningful, not schoolchildren) variant of flattening or something, research paper published?
[19:27:15] drp: in essence --> anyone who understood the OLLVM source code and understands the merits, demerits, deobfuscation against it, wants to improve it significantly (not just a simple variant that some APT groups use) is interesting to talk to
[19:28:36] drp: if they worked at the clang AST level instead of LLVM IR level --> well fuck, but this is fine as well
it will not be difficult for them to port to LLVM
[19:31:02] drp: > worked at the clang AST level instead of LLVM IR level
worked harder but not smart
[22:36:39] drp: here?
[22:39:15] BRAIN: yes, sorry was busy with teams
[22:40:03] BRAIN: we don't make things harder, because we are using systembc backconnect socks5 then proxychains - impacket + cme , it's usually fair enough to bypass edr and do all needed job with our private ransomware
[22:40:56] drp: yes, i know evasion is enough for you but what about reversing of binaries from those sitting at Kaspersky?
[22:41:43] BRAIN: just crypt systembc to evade this EDRs and it's fair enough
[22:42:04] BRAIN: when we got detected we just change server and make new crypt then continue our work
[22:42:59] BRAIN: it's fast and simple, we should economy our time because lot of time takes to find all admins, find/steal credentials to vritualization panels, backups, exfil data
[22:45:25] drp: thats fine --> perhaps only your internal team members could convince you lol
but please let me know if there is such a requirement with an interesting team to work with
meanwhile can i keep the tox contact?
[22:50:26] BRAIN: sure
[22:51:02] BRAIN: if you want to make money with me, you should go in short-profit direction - it's get domain admin on USA CA accesses
[22:54:31] drp: you are right --> i will go back to hackthebox, AD env emulation tools from github, restart practice
anything else? especially for the hypervisors, cloud backups?
there is strong knowledge but in theory mainly from writeups, DFIR reports, blah blah
[22:55:56] drp: > you are right --> i will go back to hackthebox, AD env emulation tools from github, restart practice
i will let you know, this is not a new field for me
[pending] : 2023-11-26
[00:20:23] BRAIN: Ok
[02:16:05] BRAIN:
[02:17:38] drp: give me few hours --> i will give make eisen understand the ollvm source code lol
he will then change his opinion --> llvm is the easiest there is
[02:18:02] drp: this is simpler than working at binary level or clang AST
[02:18:50] drp: at clang AST --> there are lots of trouble + not intuitive like LLVM IR SSA structure, plus only for C/C++, many complex nuances in the syntax
you cannot work it for other languages
[02:19:54] drp: at binary level --> you lose OS, architecture universality --> you have to do for each and every platform
[02:19:55] BRAIN: let me make account in my rocketchat I will make conference with eisen
[02:20:06] BRAIN: + I will add exploit dev
[02:27:49] drp: installing ...
[02:30:54] BRAIN: access is inside - https://r.rrbid.boston/PrivateBin/?6d5aa520ce24c423#GC6p6MHth7WEZRZkDLB1C7c6NMYQRmcvvKDpWbYTbtfa
you can connect trough TOR browser
[02:31:24] BRAIN: don't share access/domain/etc with any other 3rd parties, my admins always support my chat
[02:32:09] BRAIN: Chat is configured with highest OPSEC, Proxmox VM > ssh off > ssd encrypted > logs off > fastflux domain > Bare Metal Servers
admin скройте пожалуйста переписку и скрины из паблика, нето там видно много конфиденс инфы
 
drpalpatine сказал(а):
Chat is configured with highest OPSEC, Proxmox VM > ssh off > ssd encrypted > logs off > fastflux domain > Bare Metal Servers
🤔

bc1q5ea85duy6cksfrcyfygwqrtdetuq25p48rr4v5
адрес действительно пустой. подозреваю, что у призонера клиппер и бабки ушли не туда.
 
Пожалуйста, обратите внимание, что пользователь заблокирован
admin требую удалить скриншоты которые палят приват переписки в чате и забанить drpaplatine за слив конфиденциальной даты в паблик
 
Почитал. В претензии отказано. drpalpatine, если можете, удалите лишние логи из публичного доступа, заявитель попросил об этом выше. Я прикасаться к арбитражу и логам не могу.
 
kf6piOV.png


paFPnB9.png

9LB28MS.png


i upload the imgur photos in case the plantiff removes them somehow

Dread Pirate Roberts сказал(а):
🤔


адрес действительно пустой. подозреваю, что у призонера клиппер и бабки ушли не туда.
thanks for attention + this is a whole new story on its own
the address was sent through the privatebin --> he sent money --> unfortunately i donot have screenshots of further chat but
it was an unpleasant conversation + apparently i had a clipper on my debian) as the plantiff --> everything went as you would expect
 
admin сказал(а):
Почитал. В претензии отказано. drpalpatine, если можете, удалите лишние логи из публичного доступа, заявитель попросил об этом выше. Я прикасаться к арбитражу и логам не могу.
admin
i donot have anything to prove for, he can destroy accounts with years of age on the forum with friends, contacts, some reputation in a matter of words
"gained confidence for a long time in toxicity, telling me that he is a guru coder and pentester and his private project OLLVM++ bypasses all TOP EDR including CrowdStrike, Sentinel, Cortex, Trellix, etc.
in the end he took $900 from me and went off like the last rat, and now he’s dragging in some third parties, arguing that it’s all me and it’s all my fault =)"
he donot understand what many people come to this forum for, how much work they spent into building connections
i stand by my logs, there is no one to defend me, hence the logs prove their way
i request for a ban of the plantiff or anyone who tries to scam others or destroy reputation of others
moreover there are many people from both the forums working or previously worked in his rocketchat + i ask everyone to voice their opinion, this is the time.

i want to make this important that the logs are necessary to prove my point but more importantly his attitude
 
Пожалуйста, обратите внимание, что пользователь заблокирован
s
Dread Pirate Roberts сказал(а):
🤔



адрес действительно пустой. подозреваю, что у призонера клиппер и бабки ушли не туда.
слушай а подделать скриншоты тяжело по твоему ? у него не было доступа к чату уже около нескольких месяцев откуда у него скриншоты вдруг появились ни с того ни с сего? значит он их подделал заранее зная что я начну писать на него блек
 
admin


Напишите ответ...
Верх