- Автор темы
- Добавить закладку
- #81
.Lnk exploit Builder - Spoof ANY extension AND icon - FUD - N-day exploit - Bypass Smartscreen - UAC Bypass & More
- Автор темы QuantumSoftware
- Дата начала
-
- Теги
- fud lnk exploit uac bypass
Is minimum 1 month ? Will you do a weekly subscription. We might like to test the software since you do not give free tests anymore
- Автор темы
- Добавить закладку
- #83
Sorry we do 1 month + only due to the fact that if a malware analyst buys the builder (and destroys the stub in the process) we can justify the loss with the price of the license.
And you are right initially we sent free samples too but there are way to many whitehat around these forums, check out the articles I link at the beginning of this thread. You will see most of the journalists actually bought a subscription.
On the other hand if you trust us we can test anything you might need to try out on your behalf.
- Автор темы
- Добавить закладку
- #84
Announcement
Some more articles are popping up about this builder, here's an example:
https://thehackernews.com/2022/09/cyber-criminals-using-quantum-builder.html
Update
Some more articles are popping up about this builder, here's an example:
https://thehackernews.com/2022/09/cyber-criminals-using-quantum-builder.html
Update
- Added the option to execute the payload when the victim's computer is idle after x amount of time. This feature will allow you to massively increase your stealth, especially if paired with the UAC bypass (the decoy file will be shown immediately just the payload execution will get postponed).
- Improved the UAC bypass: removed a few popups and increased the reliability.
- Decreased the amount of processes spawned by the builder.
- Автор темы
- Добавить закладку
- #85
Update
- Added the option to automatically extract .zip archives on the victim's machine (useful if your payload requires dlls, etc)
- Fixed some bugs related to the UAC bypass
кто нибудь использовал для ракуна?
- Автор темы
- Добавить закладку
- #87
This builder can run any payload that is either .exe/dll/msi/vbs/bat/js/ps1
- Автор темы
- Добавить закладку
- #88
Update
- Added the option to run additional powershell commands.
- Removed some unnecessary pop ups to increase stealth.
- Improved the compatibility for non pw protected zips.
call me on dm dude, it works for cobalt strike
- Автор темы
- Добавить закладку
- #90
Will check DMs
- Автор темы
- Добавить закладку
- #91
Update
- Added the option to run .exes from a zip, this way you can simply host an archive and the builder will extract it and run its content on the victim's machine.
- Fixed some startup-related bugs.
- Автор темы
- Добавить закладку
- #92
ANNOUNCEMENT
If you are considering buying this tool please don't be like this guy:
In some cases you will need to follow some instructions to bypass an AV, be prepared to do so.
I felt the need to share this to avoid misunderstanding in the future.
If you are considering buying this tool please don't be like this guy:
[15:38:00] r**: i send you proof, detected by both.. and my cobaltstrike beacon which is so much bad to clean bypassed easily.
[15:38:01] QuantumSoftware: the problem I see here are 1) not using it with the lnk 2) resuing the same machine
[15:38:23] QuantumSoftware: > clean bypassed easily.
[15:38:23] QuantumSoftware: I already told you that its a different execution method
[15:38:29] r**: i didn't get your point, what lnk to use ?
[15:38:38] QuantumSoftware: this is not an hta builder
[15:38:43] QuantumSoftware: but a lnk builder
[15:38:55] QuantumSoftware: htas should be used with lnks
[15:39:33] QuantumSoftware: also reusing the same machine is very bad, it will yield false positives
[15:39:51] QuantumSoftware: if you dont want to make a new vm every time use a scanner like checkzilla
[15:40:06] QuantumSoftware: (NOT one that distributes samples like virus toal)
[15:40:09] QuantumSoftware: total*
[15:40:36] QuantumSoftware: yes it might be obvious but some people still think scanners like VT are okay to use
[15:41:32] r**: im making my crypt in same machine every time.. this is not a reason.
> [19:39:30] QuantumSoftware: also reusing the same machine is very bad, it will yield false positives
[15:41:40] QuantumSoftware: it is
[15:41:45] QuantumSoftware: with these payloads
[15:42:55] r**: > if you dont want to make a new vm every time use a scanner like checkilla
checkzilla is not like real VM and testing.. i know how to crypt my payloads mate... you need to come and check yourself or do something, im not going to waste time on testing your software.. im welling to pay $2000k for saving my time in ready software.. not testing and following your instructure, sorry.
[15:43:08] QuantumSoftware: > not testing and following your instructure, sorry.
[15:43:11] QuantumSoftware: ok then no support
[15:43:14] QuantumSoftware: this is what I do
[15:43:22] QuantumSoftware: I give oyu instructions
[15:43:25] QuantumSoftware: you*
[15:43:28] r**: plz send me good working build, as im following your demo in the video, or make refund and i don't need your software.
[15:43:45] QuantumSoftware: this build is good working, I tested it
[15:44:14] r**: and i say it's not working, i send you proof.. you want more ? i can make xss admin between us, but you are losing in this stage.. think twice before.
[15:44:20] QuantumSoftware: also man in my TOS I clearly write that if you dont follow my instructions I can refuse to provide this service
[15:44:29] QuantumSoftware: bro Im telling you what to do
[15:44:32] QuantumSoftware: to bypass
[15:44:50] QuantumSoftware: if you dont want to follow the instructions its up to you
[15:45:00] QuantumSoftware: what to do you want me to do
[15:45:03] r**: I follow your video mate, im not newbie here, plz don't keep chasing here and there.. im asking you come anydesk or let me come to your desk and make test on my build with you.
[15:45:28] QuantumSoftware: bro I have way more experience than you with this tool, you need to follow my instructitons
[15:45:39] QuantumSoftware: otherwise ill contact an admin
[15:45:47] QuantumSoftware: > 1) not using it with the lnk 2) resuing the same machine
[15:45:47] r**: > [19:44:57] QuantumSoftware: what to do you want me to do
+ come and support your software, i think im clear in my reason.. your software not bypassing kasper and ESET, my service is bypassing.
[15:46:01] QuantumSoftware: bro Im telling you what you have to do to bypass
[15:46:05] QuantumSoftware: 1) not using it with the lnk 2) resuing the same machine
[15:46:06] r**: ok,make refund.. i don't need your support and your software.
[15:46:12] QuantumSoftware: no way man
[15:46:12] r**: no no
[15:46:19] QuantumSoftware: all sales are final
[15:46:30] QuantumSoftware: and again
[15:46:38] QuantumSoftware: to bypass just follow my instructions
[15:46:45] r**: fuck off.. im not going to waste time on your fucking instruction.. i know my test, and your running from facing your test.
[15:46:47] QuantumSoftware: why dont you want to do that
[15:47:07] r**: final in your ass, you will lose your repution now.. wait my black post now stupid ass.
[15:47:20] QuantumSoftware: alright ill just contact an admin
[15:47:33] r**: fuck off, im not looking to waste more time with skids.
[15:47:40] QuantumSoftware: im telling you what to do and you refuse
[15:47:43] QuantumSoftware: alright
[15:38:01] QuantumSoftware: the problem I see here are 1) not using it with the lnk 2) resuing the same machine
[15:38:23] QuantumSoftware: > clean bypassed easily.
[15:38:23] QuantumSoftware: I already told you that its a different execution method
[15:38:29] r**: i didn't get your point, what lnk to use ?
[15:38:38] QuantumSoftware: this is not an hta builder
[15:38:43] QuantumSoftware: but a lnk builder
[15:38:55] QuantumSoftware: htas should be used with lnks
[15:39:33] QuantumSoftware: also reusing the same machine is very bad, it will yield false positives
[15:39:51] QuantumSoftware: if you dont want to make a new vm every time use a scanner like checkzilla
[15:40:06] QuantumSoftware: (NOT one that distributes samples like virus toal)
[15:40:09] QuantumSoftware: total*
[15:40:36] QuantumSoftware: yes it might be obvious but some people still think scanners like VT are okay to use
[15:41:32] r**: im making my crypt in same machine every time.. this is not a reason.
> [19:39:30] QuantumSoftware: also reusing the same machine is very bad, it will yield false positives
[15:41:40] QuantumSoftware: it is
[15:41:45] QuantumSoftware: with these payloads
[15:42:55] r**: > if you dont want to make a new vm every time use a scanner like checkilla
checkzilla is not like real VM and testing.. i know how to crypt my payloads mate... you need to come and check yourself or do something, im not going to waste time on testing your software.. im welling to pay $2000k for saving my time in ready software.. not testing and following your instructure, sorry.
[15:43:08] QuantumSoftware: > not testing and following your instructure, sorry.
[15:43:11] QuantumSoftware: ok then no support
[15:43:14] QuantumSoftware: this is what I do
[15:43:22] QuantumSoftware: I give oyu instructions
[15:43:25] QuantumSoftware: you*
[15:43:28] r**: plz send me good working build, as im following your demo in the video, or make refund and i don't need your software.
[15:43:45] QuantumSoftware: this build is good working, I tested it
[15:44:14] r**: and i say it's not working, i send you proof.. you want more ? i can make xss admin between us, but you are losing in this stage.. think twice before.
[15:44:20] QuantumSoftware: also man in my TOS I clearly write that if you dont follow my instructions I can refuse to provide this service
[15:44:29] QuantumSoftware: bro Im telling you what to do
[15:44:32] QuantumSoftware: to bypass
[15:44:50] QuantumSoftware: if you dont want to follow the instructions its up to you
[15:45:00] QuantumSoftware: what to do you want me to do
[15:45:03] r**: I follow your video mate, im not newbie here, plz don't keep chasing here and there.. im asking you come anydesk or let me come to your desk and make test on my build with you.
[15:45:28] QuantumSoftware: bro I have way more experience than you with this tool, you need to follow my instructitons
[15:45:39] QuantumSoftware: otherwise ill contact an admin
[15:45:47] QuantumSoftware: > 1) not using it with the lnk 2) resuing the same machine
[15:45:47] r**: > [19:44:57] QuantumSoftware: what to do you want me to do
+ come and support your software, i think im clear in my reason.. your software not bypassing kasper and ESET, my service is bypassing.
[15:46:01] QuantumSoftware: bro Im telling you what you have to do to bypass
[15:46:05] QuantumSoftware: 1) not using it with the lnk 2) resuing the same machine
[15:46:06] r**: ok,make refund.. i don't need your support and your software.
[15:46:12] QuantumSoftware: no way man
[15:46:12] r**: no no
[15:46:19] QuantumSoftware: all sales are final
[15:46:30] QuantumSoftware: and again
[15:46:38] QuantumSoftware: to bypass just follow my instructions
[15:46:45] r**: fuck off.. im not going to waste time on your fucking instruction.. i know my test, and your running from facing your test.
[15:46:47] QuantumSoftware: why dont you want to do that
[15:47:07] r**: final in your ass, you will lose your repution now.. wait my black post now stupid ass.
[15:47:20] QuantumSoftware: alright ill just contact an admin
[15:47:33] r**: fuck off, im not looking to waste more time with skids.
[15:47:40] QuantumSoftware: im telling you what to do and you refuse
[15:47:43] QuantumSoftware: alright
I felt the need to share this to avoid misunderstanding in the future.
Последнее редактирование:
You Mofo skid !
Stupid scammer, follow your complain and answer there.
https://xss.pro/threads/74833/
- Автор темы
- Добавить закладку
- #94
Update
- Fixed some bugs
I never recommended this software or this guy, he will not make refund or any guarantee.. nothing bypass as he claim or promised, even if you have FUD strub or beacon it will not bypass because the software or lnk is already detected from all Ava’s!
This is my personal experience.
This is my personal experience.
- Автор темы
- Добавить закладку
- #96
Well how your message is formatted is enough to ponder how real what you are stating is, that being said even in you own thread some random people started calling you out so there is not much else to say.
Also here's an old video but still relevant to "detected from all Ava's"
Also here's an old video but still relevant to "detected from all Ava's"
- Автор темы
- Добавить закладку
- #97
Update
- Added the option to replace the .lnk with the decoy file (a real .pdf/.whatever) once executed, with some neat tricks this feature is able to replace .lnks even inside non-extracted zip archives. This option is great to massively increase the stealth of the payload. (Private license only)
- Changed domain name.
- Автор темы
- Добавить закладку
- #98
Update
- Added registry persistence.
- Fixed some bugs.
Very useful tool. I will probably buy it
- Автор темы
- Добавить закладку
- #100
I'm glad to hear that
