Buying non public persistence source.

[0x33]

Цена

50-150

Контакты

PM

Buying persistence mechanism (Go or C#) that is not public and currently undetected. Only through escrow. Before release I will check if AV checks in that REG / location specifically.

 

[valhalla]

For 150 you might find someone who is willing to write you a powershell script that stores to and pulls your payload from a novel area on disk using some custom obfuscation methods and a task scheduled event to execute your script on startup but the idea would not be unique, only enough to static pass detections on a PC that already whitelisted the first stage.

If you are more of a professional look on MITRE for which groups use which techniques, you can steal from their own to make yours (it's free) if you know what you're doing.

Keep in mind that with most of these AV the more advanced malware families and fileless scripts are more elusive as it is, so a slight change in the obfuscation or where the payload is stored, or deobfuscated upon being called is usually enough to throw off the static scanning ability of such protections and its ability to truly remove the payload.

Achieving runtime on hardened systems so that your script executes all the way as you intended, undetected is the truly difficult part but can still be achieved via SE in other more creative steps to even installing anything if you're smart about it.

That's why you if you seeking something more, you should be considering adding a few more zeros to your initial offer.

In any event, best of luck finding what you're after.

 

[0x33]

For 150 you might find someone who is willing to write you a powershell script that stores to and pulls your payload from a novel area on disk using some custom obfuscation methods and a task scheduled event to execute your script on startup but the idea would not be unique, only enough to static pass detections on a PC that already whitelisted the first stage.

If you are more of a professional look on MITRE for which groups use which techniques, you can steal from their own to make yours (it's free) if you know what you're doing.

Keep in mind that with most of these AV the more advanced malware families and fileless scripts are more elusive as it is, so a slight change in the obfuscation or where the payload is stored, or deobfuscated upon being called is usually enough to throw off the static scanning ability of such protections and its ability to truly remove the payload.

Achieving runtime on hardened systems so that your script executes all the way as you intended, undetected is the truly difficult part but can still be achieved via SE in other more creative steps to even installing anything if you're smart about it.

That's why you if you seeking something more, you should be considering adding a few more zeros to your initial offer.

In any event, best of luck finding what you're after.

Thanks for your constructive reply my friend.

 

[black-codes]

For 150 you might find someone who is willing to write you a powershell script that stores to and pulls your payload from a novel area on disk using some custom obfuscation methods and a task scheduled event to execute your script on startup but the idea would not be unique, only enough to static pass detections on a PC that already whitelisted the first stage.

i agree , but he can also use memory execution obfuscation in c# this is easily in c# with a little big delay time execution also some junk codes to pump the exe file size , i agree that powershell would be easier but in many systems running powershell scripts completely disabled even with -ExecutionPolicy Bypass still runing ps script blocked, not alot but some systems completely block ps scripts to run at all