I believe this ebook is a copy paste of another ebook!
• XC Scanner
• Nodistribute
• VirusCheckMate
All these no distributing antivirus engines are down years now and was input on a ebook of 2022.
Faults of guide:
Ebook explains what a stub is what a rat is, encryption runtime scantime which is described on thread though takes most of the ebook.
Talks about generic detection removal with assembly info modification (public with a bit of googling but acceptable), Add Delay (30+ secs) will bypass some AVs (public info provided by every crypter in the market before using or if asking)
In his own ebook he says detections occur upon copy paste of code though his method is copy pasting?
*Copy & Pasta of code his words.
back to the "make ur exe fud no need for crypter" that explains how crypters work and what info they already give you with providing us kindly with non distributing antivirus scanners(copy paste ebook) from 2018
https://www.reddit.com/r/hacking/comment...bute_down/ (backend doesnt work for reference since then)
doesn't even include
Method 1:
WORKS ONLY IF YOUR RAT IS OPEN SOURCE (AsyncRat)
edit the stub (no other info provided)
Simple just edit your stub change the code as much as you can
Or even crypt/encode the code it works I tried it
again no info tutorial on a beginner friendly guide.
Method 2: FULLY FUD(said the dev)
static scan
https://avcheck.net/id/g4HZg7vmIWpv (not crypted with the publicly found tool, by the way his own words are: "Tools WILL most likely cause runtime detections. You will
also successfully annoy support and the owner" PS: he is referring to paid crypters as well though his methods of crypt is dependent on public tools with no modification on his side")
vbs crypt tool used: static scan:
https://avcheck.net/id/SoQeeuyZqecN wow bypasses Windows defender statically. nevermind...
https://ibb.co/YDvR0q1 sometimes even antivirus scanners are false. (always testing.)
EVEN IF THE TOOL MADE IT FUD ON WINDOWS DEFENDER statically. the vbs code only downloads an exe and executes some commands. runtime detected if the payload is detected. so not fud and speaking of fud since when the FUD method best recommended by dev has 8/26 detections doesnt bypass WD statically and even if it did its not a crypt method since it would get detected runtime due to being a downloader downloading a detected EXE?
his scans provided that show fud make no sense whatsoever, my guess? an empty .vbs file or filled with nothing scanned 0/26 boom "FUD". no runtime video provided on thread nor on ebook.
his third method? omg dont i guess? another downloader in JS (Jscript and vbscript are quite similar)
again downloader. wont bother with scantime results we already know. wont bypass runtime of course.
but for those who dont know again. DOWNLOADERS WILL NOT DO SHIT AGAINST ANTIVIRUSES. simple ones of course. some downloaders could bypass windows defender using exclusion and such but then again you need uac bypass and so on.
Method 4, finally not a downloader lets go!
encrypt ur payload with aes (no code given to do that no tutorial)
gives code to decrypt but it does nothing else?
decrypt and do what? load it at least? nope nothing given.
final summary:
75% of book is copy pasted from other sources. he didnt even care to cross check for dead sources like the nodistribute scanner being down 4 years now. all info is publicly given if searched for 1 hour or less. many forums have such free ebooks(not cracked.io) but ones related to crypting such as hackforums.
method 1: edit stub (requires knowledge of coding) (requires open source projects/rats) (even the dev himself cant do it) (wont work runtime 90% of time)
method 2: VBS downloader explained above detected statically even if not, EVEN IF NOT RUNTIME DETECTION, downloader drops ur detected exe and windows defender removes it.
method 3: same as VBS but in form of .js (VBScript and JScript are similar and especially in object calling which is the same in both cases) (uses a public "vbs crypter") which even if worked, runtime rip even if runtime undetected of the stub.js or stub.vbs.
method 4: AES encrypt your payload(no code given) decrypt (some crappy code
https://stackoverflow.com/questions/5987...-in-vb-net , hey at least stackoverflow provides the aes encrypt function) (nothing else given just encrypt and decrypt payload) which is useless if no injection is used?
by the way all of this is completely PUBLIC and not even bit changed:
Method 1 requires knowledge of coding and clearly even the seller doesn't know what he is talking about * Reference: Editing the stub,This only works on your own rat/stealer or open source rat/stealer,Simple just edit your stub change the code as much as you can,Or even crypt/encode the code it works I tried it clearly no clue on what he is doing.
JS downloader from method 3:
https://github.com/NYAN-x-CAT/JS-Downloa...nloader.js
VBS downloader from method 2:
https://github.com/Ch0pin/ToolBox/blob/m...ndExec.vbs
Method 4:
https://stackoverflow.com/questions/5987...-in-vb-net
Advertised as a noob friendly guide by the way