My divide RAT - Suite can now point a domain on hjiacked machine on check in to c2 and point the domain to it self so i can use hacked machines as proxys. ...
Hacker --> VPN --> TOR --> Hacked Computer --> Target
and it support all protocols so you can use like sqlmap or rdesktop to connect to the target.
so the domain points to every hacked machine that checks in so it keep chaning all the time
so work like fast-flux like system ...
POC . the dropper exec the opencl code into the gpu kernel.
and then it read out the result into CPU and injects it into RAM (DLL) (remote process)
then it unloads it self and the reinject the payload evry 10sec so the payload is just inejcted few seconds
TADA! a ghost in the GPU ...
and it keep hiden from tools/users ....
Hi was able to crawl blockchain tx and get result of the data text (op_return) tx
and use it to distribute c2 commands to my bots(slaves) to control botnets
with this you dont need a c2 server and can stay 100% anonymous
for more info pleas contact me at claes.spett@gmail.com
access violation .... lets see if its possible to exploit , i will update the blog asap when i know ... BRB
pleas contact me at claes.spett@gmail.com for more info!
Now have a RING0 hidden driver and injects its x64 dll payload into running process to talk back to the c2 using APC to talk back to RING3, ..
my SCADA RAT now have support for screen mirroring (mirror the infected machine)
it using rc4 encryption commutation.
right now i will work on mouse control , so stay tuned!
My SCADA killer rat can now wipe over SCADA configure file and flood the PLC after the attacker reconfigure the plc via reverse desktop in the hmi system
and show the operator everything run as normal
OLD DEMO ---> https://www.youtube.com/watch?v=EcpdlEKkegY&t=5s&ab_channel=Claes
My RAT can now shutdown SCADA env and tell the operator everything is normal
DEMO---> https://www.youtube.com/watch?v=EcpdlEKkegY&feature=youtu.be&ab_channel=Claes
