Reverse Engineering

Our efforts in Reverse engineering aids in identifying vulnerabilities, understanding threats, and formulating robust defense mechanisms, making it integral to maintaining a secure and resilient digital environment.

Malware Research

Our focus in malware research involves dissecting and understanding the operation of malicious software. By documenting their behavior and impact, we provide crucial insights that aid in devising effective defensive strategies, contributing to a better understanding and stronger defense against emerging cyber threats.

Penetration Testing

We offer penetration testing services, identifying vulnerabilities by simulating real-world attacks on your digital infrastructure. Our process uncovers potential threats, providing actionable insights for improved security measures, ensuring robust defense and resilience for your business operations.

Open-Source

Our involvement in open-source focuses on offensive security techniques and tools. We utilize and contribute to community-driven projects. This collaborative approach promotes innovative solutions, ultimately strengthening defense against evolving cyber threats.

I’m currently overwhelmed with commitments and unable to dedicate time to my public research and tools. Unfortunately, I can't predict when I’ll be more available. However, I’m still addressing bug fixes and urgent requests. I appreciate your understanding and continued support!

We are excited to announce that a new Snippets resource category has been implemented on the website. This addition will gradually provide a wide range of code snippets covering various topics related to Microsoft Windows. These snippets will offer valuable insights and practical examples to enhance your understanding of different aspects of Windows programming. Stay tuned as we continue to expand this resource with more code snippets in the future.

2 months, 3 weeks ago

  • A bug fix has been implemented for the execution of shell commands. All commands should now execute without causing the entire application to hang.
  • Protocol version checking between the Command and Control (C2) and Agent(s) has been incorporated. If a protocol version mismatch is detected, the agent will be disregarded by the C2.

The release of version "3.0 Final" signifies the culmination of this project. I will not be adding any further features; the objective of this PoC was to demonstrate the creation of a reliable and secure C2 utilizing FTP(S). You're encouraged to develop your own version with tailored functionalities. As an exercise, you might consider implementing multi-threading tasking to prevent the application from hanging during long-duration tasks.

I will, however, continue to provide support for the project in terms of addressing potential bugs or opportunities for optimization.

3 months ago

  • Enumerate COM Object (Method & Properties) - File only (not in-memory yet)
  • Possibility to select which items user want to enumerate (exported function, com properties or methods)
  • Few application icons updated for more confort.
  • Virtual TreeView component updated to version 7.6.4.
  • Compiled with Delphi 11.3.

3 months ago

  • Code Optimization: The codebase has been optimized for better performance.
  • Protocol Improvement: The communication protocol has been enhanced and is now more modular, allowing for greater flexibility.
  • Support for Different RSA Key-Pairs: C2 and agents can now operate with different RSA key-pairs, enabling them to coexist without conflict on the same FTP server.
  • Implementation of Dangerous Action Validation Delegate: A validation delegate has been implemented to prompt users for confirmation before executing potentially dangerous actions.

3 months ago

Support for encryption has been introduced, utilizing RSA and AES-GCM 256-bit algorithms, to safeguard the integrity and confidentiality of communications between agents and the C2 server.

3 months, 1 week ago

The complete project is now fully open-source! This includes the previously withheld SubSeven Server Service.

5 months, 3 weeks ago

  • Introduction of an option to keep certain information when process debug stops.
  • Program title is now dynamic (display debugged process id and elevation status).
  • Introduction of worker internal thread handling system.
  • Possibility to enumerate loaded modules.
  • Possibility to support child process inspection.
  • Memory map now support child process inspection.
  • Possibility to dump and partially reconstruct a portable executable image from memory (main and loaded modules).
  • Several code improvements.

10 months, 2 weeks ago

  • Possibility to view debugged process memory map.
  • Possibility to dump debugged process memory region(s).
  • Exception handling system added (beta).
  • Logging system added.
  • UX Theme support.

11 months, 1 week ago

I'm excited to announce that SubSeven Legacy, the remake of the iconic SubSeven 2.2, is now open-source! This is a great opportunity for enthusiasts and developers alike to dive deep into the intricate code that defined an era in InfoSec history. Please note, however, that only the SubSeven Server Service remains closed for the time being. Stay tuned for further updates and happy exploring!

1 year ago

  • Streaming performance considerably increased. FPS rate increased by 65% and can be optimised further by tweaking available options.
  • Streaming desktop resolution is now controlled by the viewer.
  • FastResize option was removed.
  • Code optimisation.
  • Windows key is now supported.
  • Virtual Desktop window will show above terminal window.
  • Beta support of LogonUI (Winlogon Protected Desktop).

1 year, 6 months ago

  • Invoke-RemoteDesktopServer error fixed during module import.

1 year, 7 months ago

  • Code improvement.
  • Streaming performance increased.
  • X509 Certificate password supported.

1 year, 7 months ago

  • Option to prevent server computer to enter sleep mode.
  • Streaming performance increased by using dirty region detection (motion update). Only the part of Remote Desktop that changed are sent to viewer.
  • Mouse control improved.
  • Keyboard control improved.
  • Code improvement.

1 year, 7 months ago

  • Application protocol redesigned to be more fast, stable and modular.
  • Session concurrency now supported. Multiple viewers can connect to the same server at the same time.
  • Possibility to shutdown server using CTRL+C
  • Streaming quality is now controlled by the viewer.
  • Desktop image size is now requested server-side.
  • Bug fix in virtual desktop alignement.
  • Timeout implement during protocol negotiations to avoid possible dead locks.
  • Virtual desktop can now be set on top of other windows.
  • Server supports SecureString for authentication password.

1 year, 8 months ago

  • Deprecated TransportMode option removed.
  • Streaming performance improved.
  • Code improvement, release stability is good enough to mark release as stable.

1 year, 8 months ago

  • Code improvement.
  • Ingress / Egress event support.
  • Bug fix for password generation algorithm.
  • Bug fix for virtual keyboard.
  • Clipboard synchronisation implemented.
  • View only option added. If used remote viewer cannot control remote server.

1 year, 8 months ago

  • Viewer now support SecureString to handle password.
  • Certificate fingerprint validation implemented server-side.
  • Trust a remote server temporarily or definitively (can be revoked)
  • Server-trust management system.

1 year, 8 months ago

  • Possibility to control desktop streaming image quality.
  • Support multiple monitors. You can choose which monitor to stream.

1 year, 8 months ago

  • HDPI is completely supported for both viewer and server.

1 year, 8 months ago

  • Desktop streaming is now sent in raw rather than base64 encoded thus increasing streaming performance. Base64 streaming encoding is still available as an option but marked as deprecated.
  • Application protocol revisited.
  • TLS v1.3 now optionally supported.
  • Code improvements.
  • Password complexity is enforced to avoid hosting a dangerous Remote Desktop server.
  • Console verbosity can be disabled.
  • Versions synchronisation implemented. Viewer version must fit with remote server and vis versa.

1 year, 8 months ago