Time to fight back and remind to everyone…

Posted in General Articles on November 16th, 2016 by kyREcon

Lately, I have been constantly attacked on twitter at a personal level by these two guys: @harmj0y and @christruncer.
They are both co-authors of veil. Unfortunately it seems that other people like @mattifestation joined them. Why matti?

This made me realize two things.

Either people don’t know the backstory of what is going on and/or these people have their own crew of supporters that will keep coming back against me, whatever happens.
Personally, I don’t like any of the two.

For that reason it’s about time to remind to people who these people are, how they keep attacking me at a personal level and how they attacked my project Shellter with lies. Remember, these people have no limits. They had even published their lies, yes they even made a youtube video, but we will go back to that.

Good thing is, I kept this video, because I knew they would come back to me.

First of all, I want to make clear that I accept that I am not the guy that always uses kind words, however this is lights of years away from attacking someone personally.

A few days ago, I posted on my @shellterproject account a tweet saying that “Shellter eats for breakfast veil, backdoor factory, and any other tool in this category.”

Now, if you are a co-author of any of those tools and you see a personal insult there, just because I am saying that my tool performs better, then something doesn’t fit.

I believe that anyone with some common sense can understand that something is totally wrong with these people.

If you think I am wrong, and your tool performs better than mine, then please come to me with your tests and results and give me the time to analyze them and give you some results back.

Instead of trying to defend their work at a technical level, these people started throwing insults at me at a personal level.

Here they are:

christruncer

 

 

 

harmj0y

 

 

 

 

 

 

 

 

Again, these people unable to keep the discussion at a technical level and defend their tool veil by those means, they started attacking me at a personal level.

It seems that for them, if someone makes something better, then they have to make him look like he is a bad guy. That’s their only way of defending their work, by making people look bad through the power they have on social media.

I am not an angel, but my comments much or little harsh, were not personal. I have the right to say my tool ‘tastes’ better than yours. If you think I am wrong, then please prove me wrong, but whatever the outcome is, trying to make this personal is what really is unacceptable.

Now The backstory!

This is were everything begun: July 23 2015.

That day, with the help of @midnite_runr, the author of backdoor factory, these people created a youtube video showing a vulnerability in Shellter that didn’t exist in order to defame my project.

Now you tell me how low that is, and yet these people count thousands of followers on twitter.

Yes these people did that to me!

Here is the video they created:

What these sad people did, was to give to Shellter to execute a binary that they previously infected with a reverse connection stager, and then they used that to throw lies and defame my project.

Yes, these people did that to me, all of them together as a team: @harmj0y, @christruncer, and @midnite_runr

All of them together, created, published, and/or fully endorsed this framing of my project, trying to embarass me.

Little did they know!

To make things clear Shellter’s tracer acts as a debugger that executes and logs the execution flow of an application.

This is fully documented, and it’s not a secret. It’s how this tool gets all the necessary information to achieve dynamic PE infection. So basically it acts like a debugger, it executes programs.

Well maybe, these people don’t know what a debugger is, but I don’t believe that, if you know what I mean.

Obviously, I had immediately realised what these people were doing so I had put all the details of their supposed vulnerability in this very blog.

Then, I did the mistake to decide to give them a break from complete embarassement. I contacted one of them and tried to make peace, mostly to protect them from their own actions.

Now I regret about that, and I hardly regret about anything!

I regret about it, because they don’t deserve it and because these people are so good at forgetting and completely ignoring their own actions that now they came back attacking me just because I said that my tool performs better with AV evasion.

If you are one of their followers, this is what these people are: Shameless!

Take care,
kyREcon

Share
Tags: , ,

Getting a job in cybersecurity

Posted in General Articles on November 5th, 2015 by kyREcon

I see a lot of young people that want to get a job in cybersecurity, and whenever possible I am trying to talk with them in order to understand what makes them  to want to get into this industry. Is it passion for IT security or is it just the growing salaries in this market? Unfortunately, it seems that getting a job into this area is becoming a trend while there is no real motivation for knowledge.
It really makes me sad when I see a person in his early 20s to only think about money. On the other hand, I also appreciate the fact that not everyone wants the same things from life, and for that reason I am not judging anyone. What is however important in any case, is how you get there. Putting things in the right order is the best way to go. These are just personal points of view. I am not trying to tell anyone what is right or wrong. I am only expressing my opinions, and you can agree or disagree. :)
The following are some of the things I hear quite often from people that come straight of the university. Read more »

Share

The HackingTeam and the Infosick White Angels

Posted in General Articles on July 13th, 2015 by kyREcon

What have we really learned from the recent data leak regarding the operations of the so called HackingTeam?

Did we learn that there are some companies/people out there selling exploits?

Was it that the infosec industry is full of white angels that would never do so?

Maybe it was the fact that our industry is not so open-minded as we think?

Let’s see…

There are companies and individuals selling exploits. WOW, what a fucking surprise!!!
Sorry for disturbing your sweet dreams. Reality check! If you didn’t know, then you are reading the wrong article. I suggest you continue
reading –>here <–.
If you did know that shit happens, you may be interested in reading the rest of it.

Deamonizing the phrase “selling exploits” is like saying manufacturing cars is evil.
Just because some people will misuse either of them, doesn’t mean that both are necessarily bad.
Is it that bad to sell an exploit that might help the authorities to breach into a terrostists organization?
Is it more bad than driving drunk or high? Oh yes, you never do that!!!

Let’s now go back to those loud infosick people that started sharing lists, and putting labels on people that worked for the HackingTeam.
They even started saying to blacklist all those people from working again in IT. Shame on you!!!
You are not a judge, and you certainly won’t decide for anyone’s life. If you don’t like someone and his actions, you are free to say so.
However, organizing a witch hunting belongs to another era, and I wasn’t expecting to see people going down to that level.
Again, if you did that, shame on you!!!

So selling an exploit is evil. All white angels came out and said that out loud.
I am not really surprised. People do try to get attention by someone else’s failures. Sad creatures!
What these angels never said to us, is what they would have done if they had the skills to build an exploit that someone would happily
buy for $30k or more. I am pretty sure they would never sell that evil thing, because they are nice people!!!
I can understand people with the skills for doing so, that never did, to go out and critisize these actions. However, looking at the mass
shouting under the cross, it is really sad…,and at times even funny.

Now, I know people will come and say that I have connections with the HackingTeam and that I am trying to defend them. I am sorry to
disappoint you, but you are wrong!
They will pay for their mistakes when the time comes, but won’t be you who will decide how and when.
It makes me feel sick being part of a community that is ready at any time to blacklist and label people.
Today it’s them. Tomorrow it might be you, for whatever reason that might be.
At the end of the day, that’s just my opinion, and you don’t have to like it.

Just out of curiosity. Before wearing your superhero mask going out on tweeter saving the world with your (mostly) useless tweets,
did you ever consider what might be the real motivation behind this breach?
How do you know this was done for ethical reasons? How can you be so sure that someone didn’t get paid just to take them out of the game?
I am pretty sure this never occured to you. Surprise! Yeh, I know…shit happens. I don’t imply that I know what really happened, so don’t
pretend you do know that all this happened for a good reason. Just saying…

Apparently HackingTeam, did a lot of mistakes. They fucked up. However, I am pretty sure not all of their actions were evil, and if they were only time will tell.

Finally, I want to send my respects to all of them that handled things responsibly. That is, by sharing the information without judging the
people behind it. To those that spent some time analyzing the leaked data, extracting the exploits and helping the affected vendors to fix
those vulnerabilities, I have to say congrats! That’s what should be all about.

Don’t judge someone just because they sin differently than you.

kyREcon

Share

Angry Spy-Birds

Posted in General Articles on March 22nd, 2012 by kyREcon

I recently decided to “upgrade” myself by buying a new cool mobile phone, and get rid of the old msgs-and-calls capable only one.

Yesterday, I decided to download the famous angry birds game, it’s free so why not?!?

Well, money-free doesn’t really mean spy-on-me-free right?
This is not something new of course. This is how Facebook, youtube and other social sharing websites work for the last few years.
Oh come on, don’t tell me you really believe that only you and your friends have access to all that information you post about yourself uh??!

Anyway, back to the angry-birds download.
Unfortunately, by installing angry birds and for sure many other games you actually give the permission to someone to spy on you 24/7.
A part from the fact that the application will be able to send and receive information regarding where you are, it can also view the information about the wi-fi state and other networks, communicate with the internet (of course) and in addition, it can also access the phone features of the device, including phone number,serial number, whether a call is active and WTF?!? the number that call is connected to…

I don’t understand why an application such as angry birds requires all this, unless the WWF does some kind of research on those birds…

The following picture shows an instance of all this:

Angry_Spy_Birds

However, if anyone for any reason believes that I am wrong, please let me know and I will be more than happy to delete this post.
Till then, enjoy your Angry Spy-Birds application…

Cheers,
kyREcon

Share

Anti-Piracy For Everyone…

Posted in General Articles on December 23rd, 2010 by kyREcon

Nowadays, there are lots of discussions regarding software availability. There are people that scream against the commercialization and others that believe that it is needed.

Well, demanding to have any type of software for free and/or open source is at least pointless. Let’s don’t forget that employees in companies that do software development, are not robots. They have families and they must earn money to support them.

Furthermore, paying for a software is not necessarily bad. Money is a good motivation to work harder and produce better results. If everything was free, then why bother?

On the other hand, what it should be free, is the idea and an example of it so that a single developer could study it and use it for his own purposes. Of course you don’t need to provide all the details, just the idea and a proof that it works.

Anyway, this is one of those discussions that will never end since every person has its own point of views for everything.

However, what it should be free too, is anti-piracy! Yes, make anti-piracy available for everyone. Think about single developers. Do you really think that every single developer has the money to go through all the available commercial software protections or even more that he has the knowledge to code his own custom software protection?

The A.R.F Project has been inspired through all these thoughts. Those who claim that they crack software in order to force companies to make software free are either liars or incompetents.

Nobody cracks for that reason! People crack software protections for knowledge, for fun, for fame, and unfortunately some of them for profit. Do you really think that Mr. Cracker from the other side of our planet gives a damn if you can have an application for free or not?  Trust me, he doesn’t! If he decides to crack your software is for personal satisfaction so that in the end he will be able to say “Yeah, eat that bitch”.

In any case, the purpose of this blog is not to give an answer if software should be free or not, but to give the possibility to everyone to have an understanding of many anti-reversing tricks and how they can be implemented so that everyone will have a chance against software piracy.

Of course, developing a custom software protection is not easy, but through The A.R.F Project it can be easier and that’s what I really wish to accomplish. I hope that in the days to come, many people will be helped and even inspired through articles of this blog in order to create their own custom software protections.

Cheers,

kyREcon

Share