Runion
This is a sample guest message. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!
TOX, get out now
- Thread starter The CaT
- Start date
achillesec
Light Weight
- Депозит
- $0
most of members use it , some stop using it just after the 0day shared here , tox was good way to contact other members ..
do you have any option better than tox ?!
Tox is a protocol, there are at least few different clients working with different platforms: qTox (Linux, FreeBSD, OS X, Windows), aTox (Android), Toxic (Linux, FreeBSD, OpenBSD, DragonflyBSD, NetBSD, Solaris, macOS, Android), TRIfA (Android).
All listed have had updates at least once this year but qTox rep is archived now. If the problem is with one client: then you can still deal w Tox (isolated in virtual evironment) because I doubt that this issue is multi-platform (e.g. RCE from this thread was supposedly only for Windows qTox). But if the problem is with protocol then it is critical and we all appreciate is you can share more information (here or privately).
Thank you!
All listed have had updates at least once this year but qTox rep is archived now. If the problem is with one client: then you can still deal w Tox (isolated in virtual evironment) because I doubt that this issue is multi-platform (e.g. RCE from this thread was supposedly only for Windows qTox). But if the problem is with protocol then it is critical and we all appreciate is you can share more information (here or privately).
Thank you!
achillesec
Light Weight
- Депозит
- $0
the RCE from the old post here in xss it's about windows , but the problem is if they can devlop the vulnerability to work with others or even if you suggest isolated the windows in virtual eviromnet there is another problem " getting the real location + seeing what are you doing using tox " when they get insid the VM
If all noise is only about exposing ip-address of TOX-contact - then it is not so interesting (at least for me, as I always keep this risk in my mind with any kind of online-activity) but what are you writing now - e.g. exploitation of VM thru TOX (supposedly protocol) - that is a way more interesting; as I do not see (for this moment) any kind of possible technical realisation to make a universal exploit to all platforms and clients. May be I'm wrong, if I'm wrong it means that PoC will be public quite soon
achillesec
Light Weight
- Депозит
- $0
it's not about exploit for all platforms it's about if they want to play the game for long term they can know ! with good social engineering like paying him for his service and make him trust them , the platform he use for tox it's will be to normal for him to share , I did see people wors than that sharing things you can't even imagin
achillesec
Light Weight
- Депозит
- $0
Also not all members has the book of rules you have to be anon , you are to old in this field with better experience and when you be old in this field you will be more serious about OPSEC
achillesec
Light Weight
- Депозит
- $0
Telegram is to wors than you can even imagin my friend , jabber is better at this moment , or you can use Tox following what bratva said " meaning using tox with more securty options "
netu7777777
Light Weight
- Депозит
- $0
what about telegram over the TOR?
achillesec
Light Weight
- Депозит
- $0
even with tor still useless , if you are doing somthing serious with hacking and using something like telegram this to bad , but just talking and selling something like database etc , i dont think big agencies will care about that ( I mean telegram is to secure for third world countries agencies not the big ones )
PlagueMalware
Light Weight
- Депозит
- $0
Anything serious you should have your own custom hidden service only known to you and collaborators. Other than that, use TOX in a VM