What's new
By:
Filters
Runion

This is a sample guest message. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

0DAY /1DAY Dropper ++ Kill any AV - EDR's from USER PRIVILAGE ! Crowdstrike, SentinelOne ++ LSSAS Exploit ++ START FROM $1k Defender killer.

R

r1z

Midle Weight
Депозит
$0
Holla!

This is a new private DROPPER (Integrated with 0day/1day exploit's) wich kill & bypass old technique's of killing edr's and merged (All-in-one) tools to drop lsass + run any exe or dll + backdoor the system on reboot + and kill any antivirus or edr from "user low level" only! and this is the most modern style in this product! no need for admin privillage anymore!

UPDATE 15.11.23:
  • $10k offer price for limited time for 1 EDR + 3 AV's from client choise.
  • Monthly clean for 1 EDR or 1 AV only for $2k only
UPDATE 25.10.23:
  • Killer working without reboot ( moneyback guaranteed ).
  • run from user privillage to SYSTEM (LPE Integrated) optimized.
  • Add new discount for the client who order several anti-viruse's / EDR's as below:
1st AV/EDR (0%) discount.
2st AV/EDR (50%) discount.
3rd AV/EDR (100%) FREE AV/EDR.

Dump LSASS + Kill Windows Defender + SmartScreen + LPE Exploit ( USER low level ) ONLY!
Windows last update 12/09/23

Integrated exploit details:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36802

- PoC of this DAY:




Currenlty running 50% discount on several features of AV's killer "NOT EDR"!
Crowdstrike or BlackCarbon or SentinelOne or Cortex or Mcafee or Sophos or TrendMicro or BitDefender are not included in this offer.

-- Price's for dropper + av killer without any 0d4y/1d4y exploit:
  • Windows Defender + SmartScreen bypass price start from $1k ($500) + persistance backdoor for auto run + Log cleaner. ( No dropper + No elevate 0d4y/1d4y exploit's )
  • Additional 4 modern AV's from above + Windows Defender + SmartScreen bypass price start from $7k ($3500) + 1 dropper ( exe, dll ) + persistance backdoor for auto run + log cleaner. ( No elevate 0d4y/1d4y exploit's )

22.09.23 Falcon Sensor EDR Killed ( Local admin right's requsted ).



22.09.23 SentineOne EDR Killed ( Local admin right's requsted ).



Tested on latest Win 10 + Windows Server 2022 + WD 11.

The new dropper will work on specific EDR's, also you can customize it as you want.
ex: once executed kill edr, then choise where your backdoor to be installed, or use several different locations, run any kind of your choise exe or dll or vba, persistance your backdoor on boot through Windows API and more!

EDR's are completly FUD, and can run on specific EDR's, each client will have his own specific requriments and build.
Нажмите, чтобы раскрыть...
Click to expand...

List of supported vulnerable vendor's to this dropper.
  • CrowdStrike
  • Sentinel One
  • Cortex
  • Kaspersky
  • McAfee
  • ESET
  • Symantec
  • F-Secure
  • 360 Security
  • Trend Micro
  • Windows Defender
  • AhnLab
  • Avast
  • Avira
  • Bitdefender
  • Cylance
  • FireEye
  • Fortinet
  • G Data
  • Malwarebytes
  • Palo Alto Networks
  • Panda Security
  • Sophos
  • Webroot
  • Avira
  • Bitdefender
  • Cylance
  • FireEye
  • Fortinet
  • G Data
  • Malwarebytes
  • Panda Security
  • Sophos
  • Webroot
  • Cybereason
  • Darktrace
  • Fidelis Cybersecurity
  • Forcepoint
  • McAfee
  • Symantec (Norton)
  • Trend Micro
  • Carbon Black
  • Check Point
  • Cisco
  • ESET
  • McAfee
  • Microsoft
  • Symantec
  • Trend Micro
  • VMware

Lsass dump exploit it will get clear text of passwords through any copy of mimikatz, the exploit completely private and bypass all AV's, it will dump lssas file and decrypt file with specific arguments to get all clear network / local logins.

dump_lssas_1.png



dump_lssas_2.png



-- Sales Terms:
  • The sales will be as explained above, each client will have his own specific requriments.
  • No source code or any details about the code.
  • The seller have a right to dont sell dump client's, after 4 years i have good experiance to who can be called a good client, or dump skid client.
  • Additional EDR killer / modification cost $2k.
  • Aditional requirement / modification on the dropper cost $1k.
  • Any order client must provided his own hosting service for the mimikatz loader, must end with mimikatz.exe in the url.
  • After confirm the product, you cannot ask refund. Now available --> (Moneyback guaranteed)

-- Intellgence EDR's:
Crowdstrike or BlackCarbon or SentinelOne or Cortex or Mcafee or Sophos or TrendMicro or Kaspersky.

l - Price start from $10k for above EDR's + 1 dropper ( exe, dll, vba, etc ) + LSASS exploit + persistance backdoor for auto run + Log cleaner. ( Without 0d4y/1d4y exploit's ).
ll - Price start from $15k for above EDR's + 1 dropper ( exe, dll, vba ) + LSASS exploit + persistance backdoor for auto run + Log cleaner. ( 0d4y/1d4y exploit's Included ).

NOTE:
  • Buyer's for 0D4Y/1D4Y LPE's alone cannot be sold, must buy dropper with exploit's in the build.
  • Buyer's for LSASS exploit alone cannot be sold, must buy dropper with or without exploit's.
  • NO demo, NO sample, PoC video added and guaranteed moneyback, XSS Escrow are welcome!
Contact PM or TOX only.
A5852A300E402AD8AA973E1147D024FFE7DCF34BCC203C7B9DFB8560A3B10361000000000003
 
Быстро решили все вопросы, продавец как всегда приятный и сполна ответивший на все вопросы. Товар работает без каких-либо проблем.
 
Взял, есть несколько моментов по ФУД АВ, но все в процессе решения, а так все работает
 
The product works without any problems, trustable to deal and bypass LSA protection, i recommend.
 
You show at least one demo of the work
How should it be known that what you say is true? :|
 
-- UPDATE:
  • Integrate 0day (LPE) or almost 1day exploit in the dropper; now from low privillage to system.
  • dump lsass exploit from user privillage.

Security Update Guide - Microsoft Security Response Center

msrc.microsoft.com
PoC kill MS defender from user account:


-- TERM OF WORK:
The dropper FUD on most EDR's, guarantee rebuild in case of detection for one month "FREE";
  • Payment of $2k per new build/crypt after one month of purchase;
  • Payment of $1k per new change configuration in the dropper ( exe or dll );
  • Any kind of customization; Integration is possible, details in PM or TOX.
./r1z
A5852A300E402AD8AA973E1147D024FFE7DCF34BCC203C7B9DFB8560A3B10361000000000003
 
r1z said:
r1z сказал(а):
-- UPDATE:
  • Integrate 0day (LPE) or almost 1day exploit in the dropper; now from low privillage to system.
  • dump lsass exploit from user privillage.

dropper-r1z-xss hosted at ImgBB

Image dropper-r1z-xss hosted in ImgBB
ibb.co
ibb.co

-- TERM OF WORK:
The dropper FUD on most EDR's, guarantee rebuild in case of detection for one month "FREE";
  • Payment of $2k per new build/crypt after one month of purchase;
  • Payment of $1k per new change configuration in the dropper ( exe or dll );
  • Any kind of customization; Integration is possible, details in PM or TOX.
./r1z
A5852A300E402AD8AA973E1147D024FFE7DCF34BCC203C7B9DFB8560A3B10361000000000003
Нажмите, чтобы раскрыть...
Click to expand...
++
 
-- UPDATE:
Currently running 50% discount on several features "NOT EDR"!
  • Windows Defender + SmartScreen bypass price start from $1k ($500) + persistance backdoor for auto run + Log cleaner. ( No dropper + No 0d4y/1d4y exploit's )
  • Additional 4 modern AV's + Windows Defender + SmartScreen bypass price start from $7k ($3500) + 1 dropper ( exe, dll ) + persistance backdoor for auto run + log cleaner. ( No 0d4y/1d4y exploit's )
Enjoy!
./r1z
 
Vinki said:
Vinki сказал(а):
Работает убивалка. Но было бы лучше если UAC не кричал. Нужно запускать от Админа

+rep
Нажмите, чтобы раскрыть...
Click to expand...
Админ права нужны для запуска уязвимого драйвера, который завершает процессы, без админа не будет работать
 
You must log in or register to reply here.
Top