Time to fight back and remind to everyone…

Posted in General Articles on November 16th, 2016 by kyREcon

Lately, I have been constantly attacked on twitter at a personal level by these two guys: @harmj0y and @christruncer.
They are both co-authors of veil. Unfortunately it seems that other people like @mattifestation joined them. Why matti?

This made me realize two things.

Either people don’t know the backstory of what is going on and/or these people have their own crew of supporters that will keep coming back against me, whatever happens.
Personally, I don’t like any of the two.

For that reason it’s about time to remind to people who these people are, how they keep attacking me at a personal level and how they attacked my project Shellter with lies. Remember, these people have no limits. They had even published their lies, yes they even made a youtube video, but we will go back to that.

Good thing is, I kept this video, because I knew they would come back to me.

First of all, I want to make clear that I accept that I am not the guy that always uses kind words, however this is lights of years away from attacking someone personally.

A few days ago, I posted on my @shellterproject account a tweet saying that “Shellter eats for breakfast veil, backdoor factory, and any other tool in this category.”

Now, if you are a co-author of any of those tools and you see a personal insult there, just because I am saying that my tool performs better, then something doesn’t fit.

I believe that anyone with some common sense can understand that something is totally wrong with these people.

If you think I am wrong, and your tool performs better than mine, then please come to me with your tests and results and give me the time to analyze them and give you some results back.

Instead of trying to defend their work at a technical level, these people started throwing insults at me at a personal level.

Here they are:

christruncer

 

 

 

harmj0y

 

 

 

 

 

 

 

 

Again, these people unable to keep the discussion at a technical level and defend their tool veil by those means, they started attacking me at a personal level.

It seems that for them, if someone makes something better, then they have to make him look like he is a bad guy. That’s their only way of defending their work, by making people look bad through the power they have on social media.

I am not an angel, but my comments much or little harsh, were not personal. I have the right to say my tool ‘tastes’ better than yours. If you think I am wrong, then please prove me wrong, but whatever the outcome is, trying to make this personal is what really is unacceptable.

Now The backstory!

This is were everything begun: July 23 2015.

That day, with the help of @midnite_runr, the author of backdoor factory, these people created a youtube video showing a vulnerability in Shellter that didn’t exist in order to defame my project.

Now you tell me how low that is, and yet these people count thousands of followers on twitter.

Yes these people did that to me!

Here is the video they created:

What these sad people did, was to give to Shellter to execute a binary that they previously infected with a reverse connection stager, and then they used that to throw lies and defame my project.

Yes, these people did that to me, all of them together as a team: @harmj0y, @christruncer, and @midnite_runr

All of them together, created, published, and/or fully endorsed this framing of my project, trying to embarass me.

Little did they know!

To make things clear Shellter’s tracer acts as a debugger that executes and logs the execution flow of an application.

This is fully documented, and it’s not a secret. It’s how this tool gets all the necessary information to achieve dynamic PE infection. So basically it acts like a debugger, it executes programs.

Well maybe, these people don’t know what a debugger is, but I don’t believe that, if you know what I mean.

Obviously, I had immediately realised what these people were doing so I had put all the details of their supposed vulnerability in this very blog.

Then, I did the mistake to decide to give them a break from complete embarassement. I contacted one of them and tried to make peace, mostly to protect them from their own actions.

Now I regret about that, and I hardly regret about anything!

I regret about it, because they don’t deserve it and because these people are so good at forgetting and completely ignoring their own actions that now they came back attacking me just because I said that my tool performs better with AV evasion.

If you are one of their followers, this is what these people are: Shameless!

Take care,
kyREcon

Share
Tags: , ,

Mitigating the NULL SecurityDescriptor Kernel Exploitation Vector

Posted in Research on October 14th, 2016 by kyREcon

This article describes a new mitigation in the latest Windows 10 v1607 against a common attack vector user by many kernel exploits until today.

Read more here.

Enjoy,
kyREcon

Share

Detecting KMDs with a single instruction

Posted in Research on May 19th, 2016 by kyREcon

tl;dr: Just finished an article about detecting a kernel-mode debugger in Windows from userland by using a single instruction.
Portable across all latest Windows versions, both x86/x64 builds.

Read more here.

Enjoy,
kyREcon

Share

Advisory – Avast SandBox Escape via IOCTL Requests

Posted in Research on April 21st, 2016 by kyREcon

Click here to read more about this epic fail from Avast.

The vulnerability is still unpatched, even though almost 5 months have passed since the day Avast was informed.

Enjoy,
kyREcon

Share

Extracting zip archives passwords in Win8.x/10

Posted in Research on April 18th, 2016 by kyREcon

tl;dr: When you open a password protected zip archive using Windows Explorer (“Extract All…”), in Windows 8.x/10 the password is automatically cached in the Credentials Manager for the life of the logon session.

Read more here.

Cheers,
kyREcon

Share