Video yükleniyor...

Video Yüklenemedi

Ana Sayfaya Dön

‼️ A threat actor is advertising a “ClickFix” payload delivery method that allegedly stores malware within browser cache to evade detection and bypass EDR, claiming it avoids suspicious web requests and executes via disguised commands in File Explorer. The offer includes source code, a builder, setup instructions, and a...

23,376 görüntüleme • 5 ay önce •via X (Twitter)

0 Yorum

Yorum bulunmuyor

Orijinal gönderinin yorumları burada görünecek

Benzer Videolar

‼️A malware binder tool branded "Universal File Binder 2026" is being sold on a popular cybercrime forum, advertised as fully undetectable and designed to disguise executable payloads as common file types including documents, images, and videos. ⠀ ‣ Threat Actor: Davina Keenan ‣ Category: Malware Tool Sale / Payload Binder ‣ Product: Universal File Binder 2026 ‣ Industry Impact: Phishing, Social Engineering, Initial Access ⠀ The tool is marketed as a payload binder, a category of malware used to attach executable code to a legitimate looking file so that opening the file triggers both the decoy document and the hidden payload. A video demo is attached to the listing and this post. ⠀ Advertised features: ⠀ ▪️ Claimed "100% FUD" (Fully Undetectable) against major antivirus engines including Windows Defender, Avast, and Kaspersky, at both scantime and runtime ▪️ Bind payloads to .jpg, .png, .pdf, .docx, .pptx, .mp4, and .mp3 files ▪️ Icon and extension spoofing, including double extension tricks ▪️ Lightweight stub with small footprint ▪️ Stated compatibility with Windows 10 and Windows 11 ⠀ Pricing: ⠀ ▪️ Single build: $100 ▪️ Lifetime access with updates: $1,000 ⠀ Binders of this type are a common component of commodity phishing kits, used primarily to deliver RATs, stealers, and ransomware via email attachments or messaging platforms. "FUD" claims on public forums are typically short lived and degrade within days or weeks of release as antivirus vendors collect samples.

Dark Web Informer

25,017 görüntüleme • 2 ay önce

⚠️ A defense evasion tool called ExEngine is being sold as a service, marketed as an AV/EDR killer that disables mainstream consumer security software including Windows Defender, Malwarebytes, Bitdefender, and Avast. The tool combines AV termination with a Ring-3 rootkit, UAC bypass, and decoy payload delivery to support stealthy initial access operations. ⠀ ‣ Threat Actor: ryewx1 ‣ Category: Defense Evasion Tool / Killer ‣ Offering: ExEngine AV/EDR Killer ‣ Industry: Malware Tooling ⠀ The seller claims ExEngine actively terminates security software rather than only obfuscating payloads, granting attackers a longer window of undetected operation. The tool supports Windows 10 and 11 builds and is sold per-build at $150 to $250. ⠀ Advertised capabilities: ⠀ ▪️ AV/EDR termination with primary and fallback techniques ▪️ UAC bypass with automatic privilege escalation ▪️ Ring-3 rootkit functionality to hide files, processes, registry keys, and network connections ▪️ Discord webhook logging for victim machine info and execution status ▪️ Secondary decoy payload (game/document/installer) to keep targets unaware ▪️ Persistence across reboots and logouts ▪️ Anti-VM and anti-debug detection with fake error message exit ▪️ Universal Windows 10/11 support, all payload types ⠀ Risk to defenders: ⠀ ▪️ Active termination of consumer AV products including Windows Defender means traditional endpoint protections cannot be relied on once ExEngine executes successfully ▪️ Decoy payload pattern is designed to delay user-driven incident reporting, lengthening attacker dwell time ▪️ Ring-3 rootkit hiding of files, processes, and network connections complicates incident response triage on compromised hosts ▪️ Discord webhook telemetry indicates the operator is targeting consumer and SMB victims at scale rather than running individual targeted campaigns ▪️ Sold per-build at low cost ($150 to $250), making it accessible to low-skill operators who can pair it with commodity stealers, RATs, or loaders

Dark Web Informer

23,210 görüntüleme • 2 ay önce

Obsidian 1.8.3 is now available to all for desktop and mobile! - Web viewer. New core plugin lets you open external links within Obsidian on desktop. This makes it easier to read linked content without leaving the app and improves multitasking for web research. The plugin can be enabled manually in settings. - Improved iCloud sync. Obsidian no longer waits to confirm that configuration files have synced. - New mobile onboarding. This guided flow helps new mobile users create and sync a vault. - New "Download attachments for current file" command. Downloads all externally embedded images and replaces the external links with internal embeds. A few notable improvements: - When modifying a numbered list, the numbers are now updated automatically. - Pressing Enter in a multi-line list item now continues the list properly. - New "Insert footnote" command. Footnote autocomplete now provides a fallback to create a new footnote if no match is found. - Tags view now includes search. - File Explorer now includes an option to automatically reveal the active file. - Outline now has an "Auto-scroll to current section" option. - Sync now has a new view option, "Hide my changes," which hides your own file changes in a shared Obsidian sync vault. - Recently used commands now appear at the top of the command palette. - "Search current file" search bar now displays the total number of results. - "Insert template" command now sorts templates by file path and displays folder names. - , , and tags with relative src paths are now rendered in Live Preview and Reading mode. - Graph view no longer considers Canvas files as attachments. See the changelog for dozens more improvements and bug fixes.

Obsidian

118,704 görüntüleme • 1 yıl önce

How do you create your payloads in 2025? At MSec Operations we prefer to use DLL sideloading for EDR evasion. This technique allows our malicious code to run within a signed, legitimate executable. Combining this technique with other useful techniques will provide stable execution to fly under the radar. 🛸 The following video demonstrates the use of #RustPack to create such a payload in just a few seconds. The command line usage shows that our input payload is a simple unmodified Apollo C2 executable. We want to clone all the exported functions from the original Windows wininet.dll to create our own library with the same name. The execution of the payload will be delayed by ~5 seconds in this case, without using the Win32 sleep function, but by performing random calculations. ⏲️ Hardware breakpoints are used to bypass the Antimalware Scan Interface (AMSI). Without an AMSI bypass, Apollo would be flagged as a C# assembly when loaded. 🎓 Our payload will only fire on a domain joined system, this basically prevents it from running in e.g. sandbox environments. 🤠 Last but not least, in this example, the encrypted payload itself is stored in a separate file on the target system and not even in the same folder as our malicious DLL. Anyone analysing just the DLL will never be able to find out what the payload is. Automatic sample submissions for cloud analysis usually only upload the executable or DLL, emulators won't see the real payload either. 🤠 Tired of creating such payloads yourself? With #RustPack it's really easy, and payloads always look completely different, even if the same payload is packed twice to avoid signature-based detection Contact us via info[at] for more information! 👍

MSec Operations

26,003 görüntüleme • 1 yıl önce