i recommend private Rat's + HVNC if you want make real money from rats but still async rat is good also Quasar rat is goodVecna9 сказал(а):
Hi there!
I'd like to get back into RATs but it's been a while since I've been into this thing.
What do you recommend as a RAT? (async rat, remcos, private RATs)
Do you have any good techniques for making money with RATs?
Нажмите, чтобы раскрыть...
I agree with you, as most of the RATs do the same birch tree with some functionality.Wiz сказал(а):
Hello and welcome.
This question has become very popular nowadays simply because there are tons of tools available. However, I want to emphasize that all tools are merely bridges to achieving a successful operation. Remember, there is no greatest tool, but rather the greatest minds behind their utilization.
Нажмите, чтобы раскрыть...
Thanks, I'll check it out. Do you have a site or telegram to buy it?Tragedy сказал(а):
If we are talking about public and at the same time good RATs there is probably nothing better than remcos for cheap. Don't waste your time with free malware its often unfinished and unstable.
Нажмите, чтобы раскрыть...
i don't recommend spacific rat , but i see Async rat is very good specially if you updated it as i did on my side , also HVNC not for Mac's it's hidden vnc i mean it works for Windows also and linuxVecna9 сказал(а):
Volcan
you recommend she rat private?
HVNC I'll see later, because it's only for MACs.
Нажмите, чтобы раскрыть...
You're probably misunderstanding this thread, command and control frameworks are not RATs, they have a completely different usage (especially HVNCs)домкрат сказал(а):
Why expending money on something that will create on your process a bunch of RWX privileges memory, is hard to crypt and is written by who ever know?
Нажмите, чтобы раскрыть...
This is very relative, for example quasar rat does not use HTTP(s) to send screen buffers, it uses TCP.домкрат сказал(а):
For HVNC there are many other options where you can load them with execution-assembly if they are a BOF from cobalt strike for example. If not you can add exclusions and drop another rat with HVNC purposes. HVNCs are very noisy, they send hundreds of http get post request so watch out.
Нажмите, чтобы раскрыть...
Again, relative, C# binaries (without dependencies) are very easy to crypt (crypters are useless now days anyways)домкрат сказал(а):
It is difficult to work on encryption with this basic and unsafe tools
Нажмите, чтобы раскрыть...
s0nus сказал(а):
You're probably misunderstanding this thread, command and control frameworks are not RATs, they have a completely different usage (especially HVNCs)
Normally RATs are programmed using C# with uses CLR, it is totally fine have RWX memory maps, since it has a JIT engine and JIT engines uses RWX a lot.
From my perspective, is a lot better use a software designed to what you're looking for instead of a software with a lot of abstractions.
OBS: A lot of other C2 are very unstable with CLR loading and executing (especially cobalt strike) they wait for the result of command and make the beacon unstable after sometime because they wait for output but there is no output.
Нажмите, чтобы раскрыть...
s0nus сказал(а):
This is very relative, for example quasar rat does not use HTTP(s) to send screen buffers, it uses TCP.
Нажмите, чтобы раскрыть...
s0nus сказал(а):
Again, relative, C# binaries (without dependencies) are very easy to crypt (crypters are useless now days anyways)
OBS: Public source command and control frameworks have a lot of known TTPs (meaning that will be easy to detect), one example is sleep obfuscation from havoc.
Stop spraying misinformation to users
Нажмите, чтобы раскрыть...
Depending on the operation, zero stage command and control frameworks could be used before dropping the HVNC or RAT, doing less noise and preserving the access.домкрат сказал(а):
Honesly I didnt see any good recomendation I will try one by your good words. I stick for what works well for me, so I just can recommend this toolset, under my point of view, you just need a little code knowledge to develop your own stealer + hvnc functions apart from your initial access.
Нажмите, чтобы раскрыть...
This depends on the tool to be honest, for example, lumma stealer (or lumma c2) could be run without crypters/packers, since they designed their code in a way that it is fud.домкрат сказал(а):
You are right, is good to save time and stick to full operative tools but at the end you need a crypt/packer so you can save this money and invest here which is the really main important deal. To get an initial access.
Нажмите, чтобы раскрыть...
Me too, but thinking better, TCP is a lot more reliable and fast compared to sending a lot of HTTP(s) requests (an rat using websocket would be great :0)
Would be a lot better use something already "fud", that doesn't have detections (like a private stub or smth like that) from RATs/HVNCs like brute ratelдомкрат сказал(а):
You are true with that, actually these frameworks have lot of them but with a little bit of care and love are easy to modify them.
Нажмите, чтобы раскрыть...
s0nus сказал(а):
Depending on the operation, zero stage command and control frameworks could be used before dropping the HVNC or RAT, doing less noise and preserving the access.
Create your own stealer or hvnc is great too, but take a lot of time and effort, and doesn't looks like the people on this thread wanna to.
Нажмите, чтобы раскрыть...
s0nus сказал(а):
This depends on the tool to be honest, for example, lumma stealer (or lumma c2) could be run without crypters/packers, since they designed their code in a way that it is fud.
Crypters and packers are pretty much useless (at least from my point of view), since the original binary being runned in memory could be easily detected because of malware behavior.
Нажмите, чтобы раскрыть...
s0nus сказал(а):
Me too, but thinking better, TCP is a lot more reliable and fast compared to sending a lot of HTTP(s) requests (an rat using websocket would be great :0)
Нажмите, чтобы раскрыть...
s0nus сказал(а):
Would be a lot better use something already "fud", that doesn't have detections (like a private stub or smth like that) from RATs/HVNCs like brute ratel
Нажмите, чтобы раскрыть...
how do you monetize hvncVolcan сказал(а):
i recommend private Rat's + HVNC if you want make real money from rats but still async rat is good also Quasar rat is good
Нажмите, чтобы раскрыть...
no stealers can't do what you can do from rat/hvnc it give full control over the victimpierre777reborn сказал(а):
is hvnc really needed for that? A regular infostealer does the same
Нажмите, чтобы раскрыть...
e-mail spamming and gads and tg ads
is hvnc really needed for that? A regular infostealer does the same