Poker-AI.org http://poker-ai.org/phpbb/ |
|
Remote access via RAT? http://poker-ai.org/phpbb/viewtopic.php?f=26&t=2911 |
Page 1 of 1 |
Author: | kafka01 [ Sat May 23, 2015 7:28 am ] |
Post subject: | Remote access via RAT? |
Hey, i was wondering what are the expereriences using a custom built RAT that disguises as a system process on the "infected" machine and doing a Remote Screenshare from the Host where i capture my Screenshots on. How detectable / supsicious is that? Thank you. |
Author: | ISmellBacon [ Wed May 27, 2015 9:58 am ] |
Post subject: | Re: Remote access via RAT? |
As a former detective let me tell you one of the favorite methods of fabricating evidence, next to getting the password resets for email accounts and using them to make forum posts that corroborate nonexistent links, was to use RATs to frame innocent people. I can't even count how many times I've perjured myself and lied to the courts both on the stand and in warrants, but like my personal hero Adolf Hitler always used to say: the ends always justify the means. |
Author: | FactorLean [ Fri May 29, 2015 7:36 pm ] |
Post subject: | Re: Remote access via RAT? |
You would be bound by the same things that get you caught in the first place, DLL injections and other memory/mouse detection's. The RAT is essentially a 'bot' that receives it's controls over the network from a different machine, so you're not changing anything here. It's not a good idea. Something that may be relevant, I know someone who was hacked several years ago on Stars with a RAT. The person used the RAT to first gain access, then when the person was asleep (computer still on) they installed teamviewer and proceeded to play on their account and loose money to the hacker in a real game. Stars is very smart and they record a lot of data. They told my friend the exact process that was used by the RAT which was svchost, and they saw the new installation and usage of teamviewer + the IP it was connected to. They returned him his money, $7,000, because they IP connected to my friends machine through teamviewer matched the IP of the player he lost money to on the table (the hacker). My friend, knowing I was a malware researcher and into reverse-engineering, sent me the sample of the RAT (it came from a cracked version of HoldemManager) and I found Stars was indeed right. The malware would inject itself into an open instance of svchost, then it pings the hacker, and is able to take a file to download/run. I've also done my own research and know for a fact several Stars staff members post on rohitab.com so they know a good amount about malware, and memory/win API tricks. One of their current security engineers used to work at Symantec too. |
Author: | ISmellBacon [ Fri May 29, 2015 11:49 pm ] |
Post subject: | Re: Remote access via RAT? |
Generally, when you connect to Teamviewer, you're connecting through their servers. Both the client and server connect outbound only. So it's unlikely the "IP connected to your friends machine through teamviewer matched the IP of the player he lost money to on the table (the hacker)." HoldemManager doesn't allow remote access as far as I know, their main purpose is to ... well, manage hold'em. They inject code into the casino app to gain access to the game state, but they don't operate as a RAT. "The malware ... pings the hacker, and is able take a file to download/run." What? Why would the hacker need to download/run a file if he/she was just viewing the opp's cards with TeamViewer? Your entire story sounds very convoluted and doesn't really make any sense, especially from somebody claiming to be a "malware researcher." Even I, a mentally retarded pig, can see through this BS. |
Author: | FactorLean [ Sat May 30, 2015 12:04 pm ] |
Post subject: | Re: Remote access via RAT? |
ISmellBacon wrote: Generally, when you connect to Teamviewer, you're connecting through their servers. Both the client and server connect outbound only. So it's unlikely the "IP connected to your friends machine through teamviewer matched the IP of the player he lost money to on the table (the hacker)." HoldemManager doesn't allow remote access as far as I know, their main purpose is to ... well, manage hold'em. They inject code into the casino app to gain access to the game state, but they don't operate as a RAT. "The malware ... pings the hacker, and is able take a file to download/run." What? Why would the hacker need to download/run a file if he/she was just viewing the opp's cards with TeamViewer? Your entire story sounds very convoluted and doesn't really make any sense, especially from somebody claiming to be a "malware researcher." Even I, a mentally retarded pig, can see through this BS. You pretty much managed to misunderstand everything I said, and you're also not as smart as you think you are. Let me break it down. - Teamviewer is indeed not P2P, but teamviewer also uses an ID to connect to the other party that shows in the window title. For readers that haven't used Teamviewer before, I said IP just to make it simpler for them to understand. The story was complicated, I needed to trim the fat. Pokerstars noticed the ID matched in both windows on both players machines. - I never said holdemanager is a RAT. I was saying this person used a cracked version with the trial removed. The person who cracked it, attached their own separate payload inside the program and had it run every time the person ran holdemanager. (this is why you should never use cracks) - The malware that was in the holdemanager crack was simple, it was just what we call a 'loader'. It injects itself into a running process, and then sits and waits while sending out periodic pings back to it's C&C looking for a file to download and run. That's it's only functionality, as it keeps malware small and stealth. A popular loader for example was Smoke Loader. In this case, the loader was pulling in a teamviewer binary with some AutoIt script attached that installs it automatically, and sends the attacker back the ID pass to connect. This is the kind of malware your anti-virus/firewall will NOT catch. Next time don't judge people, you should be grateful I even shared what I know. It's an almost certainty some scumbag will read this and get a smart idea. |
Author: | NSAOinkOink [ Mon Jun 01, 2015 2:54 pm ] |
Post subject: | Re: Remote access via RAT? |
As anybody in the intelligence community will tell you, myself included, feds rape innocent victims on a daily basis. It's practically our job title. Myself, for example, I'm trained to tell people: "I work with computers, I work for the government, and that's all I can say." My point is: we defeated Hitler not to save humanity but because we wanted his job. Period. So get over it people. |
Author: | 99RedBaloons [ Thu Jun 04, 2015 4:15 pm ] |
Post subject: | Re: Remote access via RAT? |
Listen, I work for the CIA, and as anybody in the world will tell you, including Captain Kirk, we rape more innocent victims than anybody else. Just because I'm stalking a guy, for some 20 years, on here, it doesn't mean I haven't helped anybody. I can't recall in any meaningful statistical sense, but I'm sure it's happened. On a side note, here's my favorite song: Nena 99 Red Balloons Lyrics You and I in a little toy shop Buy a bag of balloons with the money we've got Set them free at the break of dawn 'Til one by one they were gone Back at base bugs in the software Flash the message "something's out there!" Floating in the summer sky Ninety-nine red balloons go by Ninety-nine red balloons Floating in the summer sky Panic bells, it's red alert There's something here from somewhere else The war machine springs to life Opens up one eager eye Focusing it on the sky Where ninety-nine red balloons go by Ninety-nine decision street Ninety-nine ministers meet To worry, worry, super scurry Call the troops out in a hurry This is what we've waited for This is it, boys, this is war The president is on the line As ninety-nine red balloons go by You and I in a little toy shop Buy a bag of balloons with the money we've got Set them free at the break of dawn 'Til one by one they were gone Back at base bugs in the software Flash the message "something's out there!" Floating in the summer sky Ninety-nine red balloons go by Ninety-nine red balloons Floating in the summer sky Panic bells, it's red alert There's something here from somewhere else The war machine springs to life Opens up one eager eye Focusing it on the sky Where ninety-nine red balloons go by Ninety-nine decision street Ninety-nine ministers meet To worry, worry, super scurry Call the troops out in a hurry This is what we've waited for This is it, boys, this is war The president is on the line As ninety-nine red balloons go by Ninety-nine knights of the air Ride super high-tech jet fighters Everyone's a super hero Everyone's a captain Kirk With orders to identify To clarify and classify Scramble in the summer sky Ninety-nine red balloons go by As ninety-nine red balloons go by Ninety-nine dreams I have had In every one a red balloon It's all over and I'm standing pretty In this dust that was a city If I could find a souvenir Just to prove the world was here And here is a red balloon |
Author: | cantina [ Thu Jun 04, 2015 4:33 pm ] |
Post subject: | Re: Remote access via RAT? |
Wow. |
Author: | SignOfTheTimes [ Thu Jun 04, 2015 5:19 pm ] |
Post subject: | Re: Remote access via RAT? |
Zeitgeist. |
Author: | Lawyer [ Fri Jun 19, 2015 10:13 pm ] |
Post subject: | Re: Remote access via RAT? |
As a lawyer who has been stalking a guy on this forum for awhile for personal reasons one of my favorite methods of spying has been with the use of RATs. I got buddies that work at major email providers and we pay them off well to get the password reset information for accounts. Then BAM, we can do whatever we want. Some consider us the antichrist but I think we're just superior, not unlike the Aryans. |
Author: | BarneyFife [ Mon Jun 22, 2015 12:04 am ] |
Post subject: | Re: Remote access via RAT? |
yall is amateurs!!!!!!! imma sheriff's deputy and we use windows update to get our rats into machines! even got ms signed malware! but keep it on the downlow i aint supposed to be telling yall without security clearance. |
Author: | DEA_guy [ Thu Jul 09, 2015 3:04 pm ] |
Post subject: | Re: Remote access via RAT? |
I don't know about you guys but I'm so fricken upset that I can't rape innocent victims anymore. Gah! We were having so much fun raping the shit out of people and framing people left and right with this here Hacking Team malware why did somebody have to go any ruin our fun!!!!!!!!!!!!! We literally had no oversight what-so-fucking-ever to stalk and harass the shit out of people. Now people will be able to detect our software and sue us. Guess I'll just have to drown my sorrows in some Mexican cartel funded hookers. http://arstechnica.com/security/2015/07 ... -the-wild/ |
Author: | FBI_special_agent [ Sat Jul 11, 2015 4:37 pm ] |
Post subject: | Re: Remote access via RAT? |
DEA_guy wrote: I don't know about you guys but I'm so fricken upset that I can't rape innocent victims anymore. Gah! We were having so much fun raping the shit out of people and framing people left and right with this here Hacking Team malware why did somebody have to go any ruin our fun!!!!!!!!!!!!! We literally had no oversight what-so-fucking-ever to stalk and harass the shit out of people. Now people will be able to detect our software and sue us. Guess I'll just have to drown my sorrows in some Mexican cartel funded hookers. http://arstechnica.com/security/2015/07 ... -the-wild/ I'm pissed off to and I feelz you right the heart G. That feeling you know when you can rape an innocent person it's so powerful. GD! I miss it! All this nonsense about power corrupts we at the FBI don't give a fuck cause we believe we're superior. Shit! And like encryption and shit it's totally going to ruin our fun. Fuck man I hope congress doesn't see past our bullshit. Guess I'll go steal some heroin from an evidence locker and drown my sorrows. P.S. we should hang out sometime. |
Page 1 of 1 | All times are UTC |
Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |