fraud Chetan Nayak puts his reputation on the line! Watch him squirm :)

[zen]

This is a great opportunity for Chetan's career and reputation - he has volunteered to provide proof of a backdoor (let alone "backdoors") in any Pwn3rzs "leak". How exciting! A real-life "malware analyst" with all sorts of bragging rights ought to knock this one out of the park! :) Right?

Fortunately this forum is wide open to anyone who wants to join, and the resource section is filled with files for him (and the entire community of malware analysts and security experts) to analyze. The telegram channel https://t.me/pwn3rzs is likewise open for anyone to join, and if you click on the files section there, it has 267 files! Golly, that is an awful lot of "leaks"! Should be pretty easy for a superstar gooner like Nayak to find just even one single file that is "backdoored" and show the world his proof. No problem! We are here with popcorn, watching each day to see his progress. Maybe he'll have some excuses or a slow start because he has to hurry up and learn a little about reversing? Maybe learn how to fire up a network sniffer and then install the so-called "backdoored" releases and then capture some packets? It's ok, we're sure he'll figure out how to use basic tools eventually. After all, he worked for Crowdstrike, and Mandiant, and now makes an overpriced c2. Maybe there is a reason he no longer works for Crowdstrike or Mandiant? Could it be he are wasn't smart enough to understand when something was actually backdoored or not? Or.. maybe he knows all about backdooring things, like he had claimed to backdoor Brute Ratel? Maybe he fiddled some customer data at Crowdstrike or Mandiant? Companies should take care in hiring companies that have the poor judgement of hiring people like this.

Looking forward to your malware analysis, Chetan "NinjaParanoid" Nayak! .. waiting ..

edit: for those that don't use twitter/x like me, one way to watch that thread:
https://nitter.net/NinjaParanoid/status/1711578873912299589#m
pdf capture attached (2023, Oct 11)

 

[zen]

Although I was trying to take a light sarcastic tone in the above, I should clarify a couple things just because it'll make me feel better to do so:

1. pwn3rzs has never backdoored anything
2. bruteratel has a lot wrong with it but price isn't really part of that, personally 3k is cheap for security software if it has any use at all to you

That is all.

 

[6100mLGBTQ]

When he posted his cat stuff I thought he was cool. Nope, he's just a skid, just as much as kyrecon is.
Just goes to show that even the coolest* tools have nothing really honorable about them.

 

[sky]

Can't believe i was missing this post



LMFAO
From Linux L3 Admin to senior research? lol

Apart from that, this is very funny, since he should know "malware" reversing
" After serving 3 years as a Linux L3 Systems Engineer, Chetan provided trainings as a freelancer on Cyber Security and the Secure Programming with C and Assembly. "
Pretty funny i'd say

One of his feedbacks:
"""
Chetan is a really good trainer and he takes up every question as a challenge. He taught us Malware reverse engineering in great detail by going walking us through every section in the process memory, performing memory dumps and extracting metadata to hunt malwares. The best part of the course was he not only taught us attacks, but also every possible detection artefacts for every attack technique he performed.
"""

Remember to save those SHELLCODE_BUFFERS and SHELLCODE_SIZE in your dll

We will wait for his very deep analysis
Edit:

I see that you're pretty sure about those backdoors , without valid proof and you're the one talking when you literally said you've put a "secure" backdoor to your own tooling that you're selling. Very sad guy
He must fear another crack of is overpaid C2 shit lol

 

[sky]

Let me also add how sad he is with those bad jokes against a no-more online user without even knowing how things went.
https://x.com/NinjaParanoid/status/1711669284894900353
(or without requiring x.com login: https://nitter.net/NinjaParanoid/status/1711669284894900353)

This behavior is identical to Kyrecon retard, very sad kids
Man those people feel even higher than others just for writing a skiddy tool and selling legit malware lol
And if he's that low-key, I have no wonders why he has a Panigalle while still living in his garage lmfao, refered to his PFP

 

[zen]

Looks like there is a little circle jerk of failed Malware sellers (shellter, bruteratel, etc) over on Twitter/X running their mouths with nothing to back it up. Looks like Kostas joined the circle jerk!

So they wanna tell us that by distributing cracked software they obey the law

Do these people really not understand what the definition of "illegal" is? There are different "laws" in each country (over 200 nation-states to choose from! Did you know there is more to the world than the USA?), and that in most countries there are criminal laws (aka "illegal") and civil laws, and that these are separate bodies of rules and regulations for each? I'm not sure why I'd bother trying to educate you but you are embarrassing yourself and I thought I'd set you straight. Modifications to software are not "illegal". You just choked down the party line from mass-media and you yes-man group instead of doing the tiniest bit of research to actually learn the difference. You probably don't understand what "piracy" is (hint: money is involved) versus "warez", and I'll bet you didn't take 2 seconds to look around and realize that we don't touch money and are completely legal. It's all over your head anyway, wasting my keystrokes.

And yea, I think some of the things they forward on telegram might have something-something on them, what’s crazy about that? It’s not like they inspect them. I’ve seen posts that ask their users to disable AV

Hey another malware analyst who wants to put their reputation on the line and show some proof of their claims! Great! Well you read above, Kostas, and have all the same opportunities and access to files as everyone else. Or maybe you have some excuses as well? Pathetic. You know damn well there are no backdoors. Step up and show some proof, no-skill coward. What's the matter don't have a sniffer? Seriously?

As for disabling antivirus, this is totally up to the end user, and our advice has always been to run everything in virtual machines or on a disposable vps with nothing else on it. This has nothing to do with backdoors (we never have). It's probably beyond your comprehension, maybe you're a click click skid and don't even read the directions to these tools, but many of the security tools are detected by antivirus and will themselves advise the user to disable av and firewall. Install metasploit with an av running and well, you get what you deserve, endless problems. One reason av can matter is that some releases are packed using vmprotect which is itself detected by antivirus scanners as suspicious - it's the packer not the contents inside. Still there are many reasons av is long since useless and dead and no one with a brain will recommend you use it - especially when you are running security tools!! What idiot runs offensive security attack tools and has antivirus running on the same system?

Oh no, look, metasploit must be backdoored, they advise to not use useless shitty av! lol. you simpletons.

 

[zen]

Someone posted their take on things. Good. A bit of sense injected into the fray. Looks like the ball is in the court of the liars, who have their reputations on the line to prove their ridiculous claims about backdoors. Waiting to hear... This tool Chetan actually specifically claimed there was a cobaltstrike backdoor in cobalstrike! This is so easy to show if it were true. Laughingstock...

 

[zen]

"any decent analyst can identify them" lol


excuses by the fraud. There is nothing to find! Just admit you were full of shit and clean it up and go home Chetan. Pathetic.

 

[zen]

This is supposed to detect the cobaltstrike shellcode beacon in memory. Without even looking at the shellcode, just from what he has here, it is apparent that the socks shellcode alone has five alternate strings that are functionally identical for the operator, and can be implemented with a single line shell command (using xxd, perl, or python, for example). That's without even changing the instructions, and could be made a part of the build process. Unfortunately if I spell it out then he would likely add the permutations to his yara rule (I don't mind helping all sides, but would rather not help this guy while he's lying about us). (the core string has even more permutations)

 

[sky]

Of course now they don't care anymore LMFAO
Man even worse than kids when they're caught off guard lol
Clowns.

 

[sky]

And since that retard is a DFIR guys, I would also add that is thanks also to us if people and blue team could create new detection patterns (not the ones by the cheetah guy) and can improve those without the need of spending 5k.
A packed binary won't make any difference, since detection are build on the payloads and not the actual teamserver or client
But probably all they can do is just analyze some shitty rat like DarkComet Rat and not even newer ones like AsyncRat or Warzone lol
Fucking hell

 

[zen]

talk about cringe, this clown really thinks his detection script is about something! wow, total clown. i think i was too kind in my treatment of this.



You can see people using sense pointing out immediately how dumb his detection is. The claim that only source code changes from Fortra could possibly change the code is just absurd. Dumb as a box of rocks. Anyone with an iota of skill would see instantly how to modify the shellcode to not be detected. At least one other expert out there posted about it.

Also pretty good observation by someone that this guy should focus on his own work and get his nose out of other people's business. His false claims about phantom backdoors (nope!) are just an attention grab from a sad individual. Look Chetan if you have early onset Alzheimer's or some other neurodegenerative, just keep it real and apologize and check yourself. Spouting off all this nonsense and then backpedaling saying now "it doesn't matter", is just clown behavior. "You need to do better. Mind your own business."

 

[c0rt3zx]

Let's consider the situation where both Fortra and The Monkeyninja are marketing C2 tools. However, they appear to be concerned about the integrity of their malware tools, whether they've been compromised or not.

The use of malware tools is inherently unlawful and unethical. So, when did the development and distribution of malware tools become acceptable or legitimate? Furthermore, is reverse engineering conducted on these tools now considered an illegal activity?

It's crucial to question the transformation of the information security (INFOSEC) landscape within the new generation of MonkeySec.

 

[sky]

Let's consider the situation where both Fortra and The Monkeyninja are marketing C2 tools. However, they appear to be concerned about the integrity of their malware tools, whether they've been compromised or not.

The use of malware tools is inherently unlawful and unethical. So, when did the development and distribution of malware tools become acceptable or legitimate? Furthermore, is reverse engineering conducted on these tools now considered an illegal activity?

It's crucial to question the transformation of the information security (INFOSEC) landscape within the new generation of MonkeySec.

In my honest opinion, Cobalt Strike is way better and legitimate than ShittyRatel C2.

Just by the fact that by default the beacon is detectable even by stupid AVs, even with leaked Artifact kits.
If you need to bypass EDRs and AVs you need to work on it, as it should

While for the monkey, it should be, as he said, out of the box evasion, so why does he offers the .bin file as well ?
Ok about dll and svc_exe, but the shellcode means you need to work on that shit as well, so what evasion is out of the box? On post exploitation? On the shellcode itself ?
It seems a bit of a scam, i would pay instead cobalt if i need to work over it.
Also BRC4 doesn't seems customizable at all, if not the profile and it's very limited anyway.
So what are we talking about? A legit scam.

I'd like to add that he sells his shit as a tool to evade EDR and AVs, so where is the legitimacy here? Just because he can from India ? LOL
I don't think that in US he could sell it, since even Fortra has legal issues and it's not made for evasion in first place.

 

[sky]

LOL about the yara rule
https://nitter.net/cyb3rops/status/1712722730481590642

And of course, zero false positive!1

 

[sky]

Still crying lol

https://nitter.net/NinjaParanoid/status/1713125969320714487

Man this guy's is a fucking clown kid

 

[sky]

Aaand as usual, he's getting even more clowny
https://nitter.net/NinjaParanoid/status/1711050444104163605

No wonder he doesn't want to provide brc4 ones
I wonder why :)

 

[zen]

The thing about yara rules and detection is this is like 30 years too late nonsense escalation .. most of us learned this decades back about antivirus signature based approach and later ids and here again this idiot doing the same thing with yara rules. His detection of cobaltstrike is trivial to defeat, and writing signatures for bruteratel might be possible but it's the same stupid chase - signatures approach is no good that'd why nowadays we all say "EDR" not "AV" - because AV is dead (signatures are dead). Behavior monitoring is the only hope, and signatures will only catch the very low hanging fruit. That is not worthless, don't get me wrong, but it's also not something to brag about to sell your product.

 

[witch_king]

He states that he would release ways to detect the Brute Ratel if it is leaked, let's see why it just leaked '-'
NOTE: it is not cracked

 

[sky]

Yeah and that release surely can't be cracked since the xmodlib.bin is missing and that file contains his shitty payloads inside. This release is useless as is.