• XSS.stack #1 – первый литературный журнал от юзеров форума

⁶⁶⁶ | Malware shop | Cobalt Strike Shellcode loader | AV/EDR Evasion | SmartScreen bypass | Video proof | Tested in real AV/EDR environments | ⁶⁶⁶

В этой теме можно использовать автоматический гарант!

Новая сделка
Перейти к новому Отслеживать
Бафомет

Бафомет

⁶⁶⁶
Premium
Регистрация
23.07.2023
Сообщения
179
Реакции
469
Гарант сделки
20
Депозит
0.1192
Цена
PM
Контакты
Forum

Frame 2_000001.png

Sophos Endpoint Detection (EDR/XDR/MDR) Havoc bypass

Bitdefender Endpoint Detection and Response (EDR) Cobalt Strike bypass


Bitdefender Endpoint Detection and Response (EDR) Havoc bypass


ESET Endpoint Antivirus Cobalt Strike bypass


ESET Endpoint Antivirus Havoc bypass


Microsoft excel (.xll) Cobalt Strike


Microsoft excel (.xll) Havoc

Windows Defender + Smartscreen (Windows 11-23H2) Cobalt Strike (DLL sideloading, chrome binary)

Windows Defender + Smartscreen (Windows 11-23H2) Havoc (DLL sideloading, chrome binary)


c1.PNG
https://scanner.to/result_EDR/qzpMBWRv6B9e

c2.PNG
https://scanner.to/result_EDR/CCj3JHAxXG4G

CS.PNG

https://scanner.to/result_EDR/4FVc8d3qRVaL

cs2.PNG

https://scanner.to/result_EDR/dNv7z8AkzMZQ#

s2.PNG

https://scanner.to/result_EDR/Tq8AhX3E8Cb8

s3.PNG

https://scanner.to/result_EDR/LX9VuYjd8YHk

All tests on scanner.to are performed with an active internet connection and using small-sized files. Recently, there have been instances of individuals attempting to circumvent others' efforts by disabling their internet connection and using significantly large payloads, exceeding 100 MB. Please exercise caution.


Welcome to our shop! Please, make yourself comfortable and feel free to ask anything you need. I'm here to share my experience and knowledge with those who seek it. Rest assured, all our work has been conducted under real AV/EDR environments, utilizing the top tools available in the market. If you have any questions or need guidance, don't hesitate to reach out. For your peace of mind, we only take orders through a secure escrow or guarantor system. Looking forward to assisting you on your journey!



Technical information
  • Encrypt PE Files: Securely encrypt Portable Executable (PE) files for runtime decryption and execution, either as shellcode via Donut or directly through a syscall-enhanced Run-PE method.
  • Architecture Support: Compatible with x64 architecture.
  • Memory Execution: By default, all payloads execute in an RX memory region, with the option to switch to RWX.
  • C# Assembly Loading: Load C# assemblies with hardcoded arguments into the encrypted file (.exe/.dll).
  • More than 15 legitimate binaries for DLL Sideloading (Apple, Chrome, CiscoWebEx, GithubDesktop, Java, Microsoft, Obsidian, OperaBrowser, Oracle, Teams, Visual Studio, Windows R_Server, WinSDK...)

Features
  • Anti-sandbox and debugging resistance.
  • Auto-deletion post execution.
  • Use of pump values to confuse static analysis.
  • Injection into newly created processes, with customizable options.
  • Custom process spawning for remote injection.
  • Spoofing of process arguments for injection targets.
  • PPID spoofing to mimic the parent process.
  • Threadless injection for shellcode execution.
  • Module Stomping without memory allocation.
  • Customization of resource file information such as icons and descriptions.
  • Compiling the binary in debug mode for detailed output.
  • Creation of service binaries or DLLs for use in lateral movement or persistence strategies.
  • Steganographic embedding of encrypted payloads in image files.

Formarts supported
  • Standalone EXE (.exe)
  • MSI installers (.msi)
  • Microsoft Excel XLL (.xll)
  • Windows Control Panel CPL (.cpl)
  • DLL and DLL sideloading under legit signed certificates (Microsoft, Java, Google, Apple, Python...)
  • Powershell Output format, reflectively loading the packed binary. (.ps1)
  • Shellcode Output format.

Other services
  • Customizable Malleable C2 Profiles.
  • Rootkits, AV/EDR killer...
  • APT simulation chains.
  • UAC Bypass/LPE.
  • Technical support.
  • Custom Cobalt Strike and Havoc scripts. (Auto-persistance, auto execution of commands, etc...).
  • We have support for any c2 tool (Havoc, Cobalt Strike, Merlin, Sliver, Brute Ratel...).

  1. The buyer holds full responsibility for their actions. We do not take any responsibility for your actions.
  2. By purchasing this service, you acknowledge that there is a no-refund policy.
  3. The product is intended exclusively for educational purposes.
  4. We guarantee a money-back refund if we are unable to successfully complete a deployment or if the specified conditions are not met.
  5. We reserve the right to refuse service to specific users at our discretion.
  6. All orders are processed through an escrow service.
  7. The testing phase includes a verbose mode and displays a CMD console to ensure transparency and prevent fraudulent activities by scammers and rippers.

BazarJackson
 
Последнее редактирование:
ElektraEmber сказал(а):
wow 🤩

For being the first person to post here and showing support, I'm going to offer this service to you for free the first time. :) :smile10:

Feel free to contact me, choose your preferred command and control framework, and I will set it up for you.

You can select a C2 profile from any of these options: Amazon, Bing Maps, Chrome, Meeting, Office365 Calendar, Reddit, Slack, YouTube, Zoom. While some C2 framework may not be as customizable as Cobalt, I will ensure you have a functional malleable profile by the end.. 🤗


Поскольку я был первым, кто разместил здесь сообщение и проявил поддержку, я впервые собираюсь предложить вам эту услугу бесплатно. :) :smile10:

Не стесняйтесь обращаться ко мне, выберите предпочитаемую систему управления и контроля, и я настрою ее для вас.

Вы можете выбрать профиль C2 из любого из следующих вариантов: Amazon, Bing Maps, Chrome, Meeting, Calendar Office365, Reddit, Slack, YouTube, Zoom. Хотя некоторые профили C2 могут быть не такими настраиваемыми, как Cobalt, к концу я позабочусь о том, чтобы у вас был функциональный и гибкий профиль.🤗
 
Последнее редактирование:
Redstar224 сказал(а):
perfect! looks like a good tool. good luck with sales

Thank you so much Redstar224. ;)

Feel free to ask anything if you need it.


Огромное спасибо Redstar224. ;)

Не стесняйтесь спрашивать что-нибудь, если вам это нужно.
 
Deposit has been done x2 the amount requested.

"They will hate you. They will love you. Keep only the love, drive away hate. The glory is at the end"

We are here for work. Big love for everyone.

-

Депозит внесен в двойном размере от запрошенной суммы.

«Они будут ненавидеть тебя. Они будут любить тебя. Держись только за любовь, гони прочь ненависть. Слава ждет в конце».

Мы здесь, чтобы работать. Большая любовь для всех.
 
Последнее редактирование:
Тренд на демонические лоадеры задан😈
 
Последнее редактирование:
Один демон желает другому удачи! Ave
 
v1ct0ry сказал(а):
price is for just 1 time fud file or some little subs ?

The price is for one time job, I don't take subscriptions. But I provide different dll sideloading binaries and different extensions in one time.

It also depends on the interest. If the buyer is serious we can manage a different approachment. For curious it is what it is.
 
Бафомет сказал(а):
The price is for one time job, I don't take subscriptions. But I provide different dll sideloading binaries and different extensions in one time.

It also depends on the interest. If the buyer is serious we can manage a different approachment. For curious it is what it is.
How its you telegram please i will contact in dm
 
admin


Напишите ответ...
Верх