Jump to content

Recommended Posts

be very careful when downloading stuff from that site or even sharing it here, they have cool cracked stuff, but most of it is full with hidden viruses and exploits that won't be recognized by your av. sometimes it's better not to have something than having your computer compromised. (i am talking about software and pdf, even though it is also possible to create malicious video files). my recommendation to people here is to think twice if they really need something and if so be very careful about using it (some malware for instance knows how to detect and sometimes escape virtualization software for instance).
i hope that the power of this community is that we're sharing safe stuff and helping each other, not like what's going on there

  • Like 1
  • Thanks 2

Share this post


Link to post
Share on other sites
1 hour ago, tester1337 said:

be very careful when downloading stuff from that site or even sharing it here, they have cool cracked stuff, but most of it is full with hidden viruses and exploits that won't be recognized by your av. sometimes it's better not to have something than having your computer compromised. (i am talking about software and pdf, even though it is also possible to create malicious video files). my recommendation to people here is to think twice if they really need something and if so be very careful about using it (some malware for instance knows how to detect and sometimes escape virtualization software for instance).
i hope that the power of this community is that we're sharing safe stuff and helping each other, not like what's going on there

Oh, I didn’t think about that, thank you. 

I didn’t actually check the files guys so please don’t take them as 100% secure.

I would be very interested in seeing what you mentioned above in action, do you have any sample? All 3 types actually:
-    Malicious PDF
-    Malicious video
-    Any kind of malware that can escape standard VM installation (sounds scary, never heard of it, how does this work in theory?)
 

  • Like 2

Share this post


Link to post
Share on other sites

luckily, i really really hope that my computer is safe and i am ok.
what i try to do is run problematic stuff on cuckoo, i try to search with strings to find malicious intentions(though doesn't help with obfuscation and anti reversing things) and i try to get md5 hashes of files and then check them with virustotal to see if a threat had been already recognized.
however, it still doesn't guarantee anything.

some people there are very experienced hackers and crackers, but unlike us that we only look for study material because we cannot afford it, in order to learn and advance, they deal with money, and sometimes a lot of it. they can give you a software and a crack, and a few other additions you wouldn't have believed they succeed implementing in a stealthy way. some of them should really write security courses(without viruses!) to help us get better.

regarding vm escaping: https://web.archive.org/web/20130202223332/http://www.darkreading.com/security-services/167801101/security/application-security/217701908/hacking-tool-lets-a-vm-break-out-and-attack-its-host.html , though it's really hard and you need to be very skilled to catch and abuse a bug to get that result

pdf and videos are easier, but they require knowledge of operating systems, common defense mechanisms and the software being used. the goal for the bad guys is that you run your file and nothing breaks, so you don't suspect anything, and when looking for handles or using procmon or similar, you won't see something strange.
basically it's exploit development, but being an asshole and using it in an offensive way against people instead of reporting a vulnerability or participating in some kind of bug bounty.

my point is if they can crack $$$$ software with their eyes closed, have access to ""confidential" things as they claim and trade/sell modern security courses/software(that they probably got by hacking someone who participated in those lol), they have no "computational limitation" to abuse the people who download their stuff. i think that infosec should be used to help other people, not to *** other people.

  • Like 1

Share this post


Link to post
Share on other sites

Reading all the above statements , I deleted the file  from my Mega account . Its better to be safe than sorry. 😅

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...