Jump to content
Tuts 4 You

All Activity

This stream auto-updates     

  1. Yesterday
  2. Last week
  3. I really don't really remember, after the very first login using "log in with facebook" or "log in with google", if they force users to enter a password for their account, but if this is true then the account is affected. If they are not forcing users to enter after the very first OAuth login then account is likely affected but not in a serious way, since users can invalidate OAuth tokens through removal of the Facebooks Apps as well as for Google, but I also think that this operation is already done by Quora themselves.
  4. What if we logged there using the "log in with facebook" or "log in with google" ?
  5. https://www.bleepingcomputer.com/news/security/quora-hacked-100-million-users-data-exposed/ bonus - Czech Republic says its foreign ministry was hacked for more than a year - hxxps://www.theregister.co.uk/2018/12/03/czech_russia_hacking/
  6. Techlord

    Want to develop Antivirus

    These days, I would say that without proper heuristics checking in place, the AV would be of very limited use. While I agree that pattern matching is still used, it is far less useful than it was several years ago. We also need to implement solutions to bypass malware techniques that would try to shut down the AV processes and lot more. I agree with the general ideas of the others in this thread that creating a new AV software is not something that a beginner should embark upon. If they are doing it for their own learning and understanding then it is fine but not as a commercial venture or to use it in production. A much better first step would be to dissect existing AV software and see how they function.
  7. DelphiMan

    Want to develop Antivirus

    NOTHING IMPOSSIBLE "BUT" YOU NEED A STRONG TEAM WITH HUGE EFFORT AND EXPERIENCE AND LONG TIME TO SEE THE FIRST RESULTS.
  8. evlncrn8

    Want to develop Antivirus

    @Peter Ferrie - are there any cuda based scanners ? i was considering doing cuda for pid, i got the loading pe into memory bit done, but then i hit a little hurdle trying to do everything in asm.. so delayed it for pid 7
  9. Peter Ferrie

    Want to develop Antivirus

    This is a worthy idea and should be encouraged. To write a simple anti-virus program requires only some checksumming or pattern-matching. You can checksum an entire file and compare the sum to a list of known bad sums, and report if you find a match. However, this will detect only that single file and will miss all variants of it. You can use pattern-matching to look for sequences of bytes in the file, and report if you find a match. This will detect some variants of the file, if only other bytes are changed. This will get you started. As you add more sums and patterns, you'll see that the performance degrades quickly. At that point, you might begin to research different ways to perform multiple pattern-matching simultaneously, instead of one-at-a-time. Pattern-matching can be made faster if you parse the file format to locate specific areas of interest (like the entrypoint of the file, for example). There are also checksumming algorithms that are faster but weaker - there can be many common files that have the same sum - or slower but stronger (fewer files found easily with the same sum).
  10. XenocodeRCE

    Best Protection for .net Exe

    Depending of what your software is doing, you can protect it without the need of any obfuscation tool
  11. evlncrn8

    Best Protection for .net Exe

    nope, if it was out there i'd have seen it.. and then if i wanted it so much, like you claim it exists, but you dont post here, but will show me an example in a pm (example?).. whats then to stop me posting it.. you make no sense, and sorry, i stand by what i said.. you're full of it
  12. HostageOfCode

    Best Protection for .net Exe

    You are too rude but if you want so much send me a pm and will send you an example.
  13. h4sh3m

    PE File Format question

    Hi For 16-Bit files this source can help you(delphi/freePascal) : https://0x2a.wtf/files/pesp.zip For PE32/PE64 field "e_lfanew" point to Nt header offset so you can do something like this: gap = e_lfanew- Sizeof(Dos_header) BR, h4sh3m
  14. null_endian

    PE File Format question

    In the PE file format, there is the DOS_HEADER and then right after that, there is a section called doscode which is by default 64 zero bytes. However, sometimes it is filled with an arbitrary number of bytes. Some PE files have a lot of bytes here, others don't. How can I calculate the number of bytes that doscode will be? There doesn't seem to be any field in the DOS header which specifies this. Thanks.
  15. MacMike

    Want to develop Antivirus

    Sure, Thanks. Meanwhile if i need any help i will post here. thanks
  16. evlncrn8

    Best Protection for .net Exe

    then i'll just assume you are talking out your rear end and dont have a clue what you are talking about then.. which is what i assumed from the start.. you are full of it
  17. Kurapica

    Want to develop Antivirus

    I think it's the best idea, you can later share your findings with the rest of the community, I'm sure we can learn from this.
  18. HostageOfCode

    Best Protection for .net Exe

    Its private info sorry.
  19. MacMike

    Want to develop Antivirus

    What if i reverse engineer an existing antivirus and develop my own. Thanks for your comment.
  20. evlncrn8

    Want to develop Antivirus

    did you read ANY of what atom0s or Kurapica said at all ? finishing your data structure and algo is POINTLESS as it will most likely change once you learn more c/c++, asm, drivers, and os stuff internals.. also bear in mind that there are already existing very good anti virus products out there already, so how on earth do you think you'll even be able to compete with those ? dont run before you can walk
  21. MacMike

    Want to develop Antivirus

    i think i must finish algorithm and data structure first and then learn internal of windows.
  22. evlncrn8

    Best Protection for .net Exe

    like the nointegritychecks setting ? i'll try and be clearer.. how about, tell me a way to load an unsigned driver without having to use bcdedit or similar to alter system settings globally, that can lower the security of the system
  23. atom0s

    Want to develop Antivirus

    You have a long way to go before you will even come close to writing any type of anti-virus that has any real usage/purpose. Simple understandings of C are not going to get you that far. You need to have a very good understanding of a low-level language such as C and C++ in general and ASM. Along with that, you need to take the time to really learn the inner workings of Windows and the much lower level aspects of the OS. Your AV is going to need to do kernel level things (drivers), hooks, etc. if you expect to handle any type of real detections and protections today. With how low-level things have gotten with things like rootkits and other forms of virus/malware, doing things in user-mode is never going to be enough. Based on your post, you are really far from any of this. Take the time to learn what you are doing otherwise you are going to produce garbage that no one will want to use.
  24. HostageOfCode

    Best Protection for .net Exe

    Kernel driver can be installed on 64bit system without the need test mode to be activated or disabled driver signature enforcement. Workarounds are for normal 64bit system even with secureboot enabled.
  25. evlncrn8

    Best Protection for .net Exe

    yeh, and how many end users would you imagine would allow a protection to disable security on their machines in such a way ?...
  26. Kurapica

    Want to develop Antivirus

    Man, I love you, in a manly way of course ! What you mentioned that you have learned is not enough to do that, you need more experience before jumping to a complicated project like an AV.
  27. Hello Everyone, I am almost finish learning Algorithm in C programming language. My Goal is and i wanna develop antivirus software. My Question is where should i start? I am looking for your valuable opinion. Thanks
  1. Load more activity
×