What's new
By:
Filters
Runion

This is a sample guest message. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

⁶⁶⁶ | Malware shop | Cobalt Strike Shellcode loader | AV/EDR Evasion | SmartScreen bypass | Video proof | Tested in real AV/EDR environments | ⁶⁶⁶

Бафомет

Бафомет

Midle Weight
Депозит
$-59
Цена
999
Контакты
DM

Frame 2_000001.png

Sophos Endpoint Detection (EDR/XDR/MDR) Havoc bypass

Bitdefender Endpoint Detection and Response (EDR) Cobalt Strike bypass


Bitdefender Endpoint Detection and Response (EDR) Havoc bypass


ESET Endpoint Antivirus Cobalt Strike bypass


ESET Endpoint Antivirus Havoc bypass


Windows Defender + Smartscreen (W10-22H2) Cobalt Strike bypass: excel (.xll document)


Windows Defender + Smartscreen (W10-22H2) Havoc bypass: excel (.xll document)


Windows Defender + Smartscreen (W11-23H2) Cobalt Strike bypass (DLL sideloading, chrome binary)

Windows Defender + Smartscreen (Windows 11-23H2) Havoc (DLL sideloading, chrome binary)


c1.PNG
https://scanner.to/result_EDR/qzpMBWRv6B9e

c2.PNG
https://scanner.to/result_EDR/CCj3JHAxXG4G


All tests on scanner.to are performed with an active internet connection and using small-sized files. Recently, there have been instances of individuals attempting to circumvent others' efforts by disabling their internet connection and using significantly large payloads, exceeding 100 MB. Please exercise caution.


Welcome to our shop! Please, make yourself comfortable and feel free to ask anything you need. I'm here to share my experience and knowledge with those who seek it. Rest assured, all our work has been conducted under real AV/EDR environments, utilizing the top tools available in the market. If you have any questions or need guidance, don't hesitate to reach out. For your peace of mind, we only take orders through a secure escrow or guarantor system. Looking forward to assisting you on your journey!



Technical information
  • Encrypt PE Files: Securely encrypt Portable Executable (PE) files for runtime decryption and execution, either as shellcode via Donut or directly through a syscall-enhanced Run-PE method.
  • Architecture Support: Compatible with both x64 and x86 architectures.
  • Memory Execution: By default, all payloads execute in an RX memory region, with the option to switch to RWX.
  • C# Assembly Loading: Load C# assemblies with hardcoded arguments into the encrypted file (.exe/.dll).
  • More than 15 legitimate binaries for DLL Sideloading (Apple, Chrome, CiscoWebEx, GithubDesktop, Java, Microsoft, Obsidian, OperaBrowser, Oracle, Teams, Visual Studio, Windows R_Server, WinSDK...)

Features
  • Anti-sandbox and debugging resistance.
  • Auto-deletion post execution.
  • Use of pump values to confuse static analysis.
  • Injection into newly created processes, with customizable options.
  • Custom process spawning for remote injection.
  • Spoofing of process arguments for injection targets.
  • PPID spoofing to mimic the parent process.
  • Threadless injection for shellcode execution.
  • Module Stomping without memory allocation.
  • Customization of resource file information such as icons and descriptions.
  • Compiling the binary in debug mode for detailed output.
  • Creation of service binaries or DLLs for use in lateral movement or persistence strategies.
  • Steganographic embedding of encrypted payloads in image files.

Formarts supported
  • Standalone EXE (.exe)
  • MSI installers (.msi)
  • Microsoft Excel XLL (.xll)
  • Windows Control Panel CPL (.cpl)
  • DLL and DLL sideloading under legit signed certificates (Microsoft, Java, Google, Apple, Python...)
  • Powershell Output format, reflectively loading the packed binary. (.ps1)
  • Shellcode Output format.

Other services
  • Customizable Malleable C2 Profiles.
  • Stealers, HVNC, Rootkits, AV/EDR killer...
  • APT simulation chains.
  • UAC Bypass/LPE.
  • Technical support.
  • Custom Cobalt Strike and Havoc scripts. (Auto-persistance, auto execution of commands, etc...).
  • We have support for any c2 tool (Havoc, Cobalt Strike, Merlin, Sliver, Brute Ratel...).

Спойлер: FAQ
¿Do you work with X software?
- Yes, we support a wide range of tools available on the market, including Stealers, RATs, HVNC, and more.

¿Does this product will work with Mimikatz or any C# assembly?
- Yes, it does.

Could you please conduct a test for me?
- Yes, we can conduct a test after you place your order and demonstrate a serious commitment to proceeding with the work.

¿Do you have Telegram?
- No, we do not use Telegram. Please contact us directly via DM. After placing an order, we can communicate through Jabber or Tox.

Спойлер: TERMS & CONDITIONS
  1. The buyer holds full responsibility for their actions. We do not take any responsibility for your actions.
  2. By purchasing this service, you acknowledge that there is a no-refund policy.
  3. The product is intended exclusively for educational purposes.
  4. We guarantee a money-back refund if we are unable to successfully complete a deployment or if the specified conditions are not met.
  5. We reserve the right to refuse service to specific users at our discretion.
  6. All orders are processed through an escrow service.
  7. The testing phase includes a verbose mode and displays a CMD console to ensure transparency and prevent fraudulent activities by scammers and rippers.

Спойлер: ARTISTIC CREDIT TO:
BazarJackson
 
ElektraEmber said:
ElektraEmber сказал(а):
wow 🤩
Нажмите, чтобы раскрыть...
Click to expand...

For being the first person to post here and showing support, I'm going to offer this service to you for free the first time. :) :smile10:

Feel free to contact me, choose your preferred command and control framework, and I will set it up for you.

You can select a C2 profile from any of these options: Amazon, Bing Maps, Chrome, Meeting, Office365 Calendar, Reddit, Slack, YouTube, Zoom. While some C2 framework may not be as customizable as Cobalt, I will ensure you have a functional malleable profile by the end.. 🤗


Поскольку я был первым, кто разместил здесь сообщение и проявил поддержку, я впервые собираюсь предложить вам эту услугу бесплатно. :) :smile10:

Не стесняйтесь обращаться ко мне, выберите предпочитаемую систему управления и контроля, и я настрою ее для вас.

Вы можете выбрать профиль C2 из любого из следующих вариантов: Amazon, Bing Maps, Chrome, Meeting, Calendar Office365, Reddit, Slack, YouTube, Zoom. Хотя некоторые профили C2 могут быть не такими настраиваемыми, как Cobalt, к концу я позабочусь о том, чтобы у вас был функциональный и гибкий профиль.🤗
 
Deposit has been done x2 the amount requested.

"They will hate you. They will love you. Keep only the love, drive away hate. The glory is at the end"

We are here for work. Big love for everyone.

-

Депозит был сделан x2 запрошенной суммы.

"Они будут ненавидеть вас. Они будут любить тебя. Оставь только любовь, отгоняй ненависть. Слава в конце"

Мы здесь для работы. Большая любовь ко всем.
 
Благословлю... после теста. Желательно бесплатного, ибо Мамонна нам друг, но денег нету)))
Как можно связаться? Оставь контакты плиз.
 
v1ct0ry said:
v1ct0ry сказал(а):
price is for just 1 time fud file or some little subs ?
Нажмите, чтобы раскрыть...
Click to expand...

The price is for one time job, I don't take subscriptions. But I provide different dll sideloading binaries and different extensions in one time.

It also depends on the interest. If the buyer is serious we can manage a different approachment. For curious it is what it is.
 
Бафомет said:
Бафомет сказал(а):
The price is for one time job, I don't take subscriptions. But I provide different dll sideloading binaries and different extensions in one time.

It also depends on the interest. If the buyer is serious we can manage a different approachment. For curious it is what it is.
Нажмите, чтобы раскрыть...
Click to expand...
How its you telegram please i will contact in dm
 
You must log in or register to reply here.
Top