OK after serious neglect for a while now i finally got around to updating some shit on the site. Still lazy and using WordPress so come hack it if you can. Discord server is still around so ping me if you want access.
now that covid is over and ww3 about to start figured id stop by and say hi.
Starting to push all code to gitlab, all the code on github will be left there but the account will be abandoned.
Swag reminder https://teespring.com/stores/illmob-swag-shop
Tools:
Simple tool to create HTA with Evading AV
CORS Misconfiguration Scanner.
Metasploit Shellcode Grows Up: Encrypted and Authenticated C Shells
harismuneer/Ultimate-Facebook-Scraper
Invoke-Procdump.ps1
SkelSec/pypykatz 0.3.0 released
rogerorr/DllSurrogate-dll to call x32com from x64 binaries
phackt/stager.dll- metasploit shellcode detection evasion
ANDRAX v4 DragonFly – Penetration Testing on Android
request smuggler
facebookincubator/WEASEL- DNS covert channel implant
Cobalt Strike 4.0 Released
macOS Red Team: Calling Apple APIs Without Building Binaries
antonioCoco/RogueWinRM – Windows Local Privilege Esc
xFreed0m/Disruption – Terraform script to deploy AD-based environment on Azure
b4rtik/ATPMiniDump – Evading WinDefender ATP credential-theft
sachinkamath/ntlmrecon – fast NTLM reconnaissance
Pwnagotchi 1.4.0 Released
FSecureLABS/awspx– Graph tool for access and resource relationships in AWS
https://hat.sh/
leo-lb/wpbrute-rs – WordPress login bruteforcer
CVE-2019-2890 – PoC
harleo/asnipASN – IP range attack surface mapping
Mimikatz 2.2.0 20191125 – released
hackerschoice/thc-tesla-powerwall2-hack
sailay1996/UAC_Bypass_In_The_WildWindows 10 UAC bypass for all executable files which are autoelevate true
0vercl0k/CVE-2019-11708 – Full exploit chain (CVE-2019-11708 & CVE-2019-9810) against Firefox on Windows 64-bit.
Reading:
AMSI as a Service — Automating AV Evasion
Bad Binder: Android In-The-Wild Exploit
Getting Malicious Office Documents to Fire with Protected View
Weak encryption cipher and hardcoded cryptographic keys in Fortinet products
Reflected XSS in graph.facebook.com leads to account takeover
Cracking Mifare Classic cards with Proxmark3 RDV4
Red Team Diary, Entry #3: Custom Malware Development
Evading WinDefender ATP credential-theft
Dumping LSASS without Mimikatz with MiniDumpWriteDump
[CVE-2019-14899] Inferring and hijacking VPN-tunneled TCP connections.
HackerOne breach lets outside hacker read customers’ private bug reports
your_xkcd_passwords_are_pwned
CVE-2019-12750: Symantec Endpoint Protection Local Privilege Escalation
BMW Infiltrated by Hackers Hunting for Automotive Trade Secrets
We thought they were potatoes but they were beans (from Service Accounts
Spilling Local Files via XXE When HTTP OOB Fails
Tools:
https://github.com/byt3bl33d3r/WitnessMe
https://github.com/NotSoSecure/cloud-service-enum
https://github.com/theMiddleBlue/CVE-2019-11043
https://github.com/cobbr/Covenant
https://github.com/n1xbyte/donutCS
https://sqlectron.github.io/
https://github.com/sansatart/scrapts/blob/master/shodan-favicon-hashes.csv
https://gitlab.com/initstring/evil-ssdp
https://github.com/nyxgeek/ntlmscan
https://twitter.com/cry__pto/status/1190045825914802176
https://github.com/3gstudent/Homework-of-C-Language/blob/master/Install_.Net_Framework_from_the_command_line.cpp
https://github.com/initstring/uptux
https://github.com/b4rtik/RedPeanut
https://github.com/rvazarkar/SharpHound3
https://github.com/Binject/go-donut
https://github.com/infosecn1nja/MaliciousMacroMSBuild
https://gist.github.com/TarlogicSecurity/2f221924fef8c14a1d8e29f3cb5c5c4a
https://shenaniganslabs.io/2019/11/12/Ghost-Potato.html
https://github.com/0x09AL/RdpThief
https://github.com/Mr-Un1k0d3r/SCShell
https://labs.nettitude.com/blog/introducing-sharpsocks-v2-0/
https://github.com/FuzzySecurity/Sharp-Suite#remoteviewing
https://github.com/liamg/pax
https://github.com/skelsec/jackdaw
Reading:
https://twitter.com/Alra3ees/status/1192246345341513729
https://www.mdsec.co.uk/2019/11/rdpthief-extracting-clear-text-credentials-from-remote-desktop-clients/
C2 Comparisons
https://twitter.com/OSINTtechniques/status/1197102283869376513
http://powerofcommunity.net/poc2019/Qian.pdf
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2019/november/cve-2019-1405-and-cve-2019-1322-elevation-to-system-via-the-upnp-device-host-service-and-the-update-orchestrator-service/
https://medium.com/@c2defense/man-in-the-network-network-devices-are-endpoints-too-d5bd4a279e37
https://leucosite.com/Edge-Local-File-Disclosure-and-EoP/
https://posts.specterops.io/cve-2019-12757-local-privilege-escalation-in-symantec-endpoint-protection-1f7fd5c859c6
https://www.embercybersecurity.com/blog/cve-2019-1378-exploiting-an-access-control-privilege-escalation-vulnerability-in-windows-10-update-assistant-wua
http://tpm.fail/
https://limitedresults.com/2019/11/pwn-the-esp32-forever-flash-encryption-and-sec-boot-keys-extraction/
https://www.bleepingcomputer.com/news/security/magento-urges-users-to-apply-security-update-for-rce-bug/
https://medium.com/@d.bougioukas/red-team-diary-entry-2-stealthily-backdooring-cms-through-redis-memory-space-5813c62f8add
https://medium.com/@two06/amsi-as-a-service-automating-av-evasion-2e2f54397ff9
https://googleprojectzero.blogspot.com/2019/11/bad-binder-android-in-wild-exploit.html
Breaches:
https://threatpost.com/hackers-dump-2-2m-gaming-cryptocurrency-passwords-online/150451/
https://headleaks.com/2019/11/21/millions-of-sites-using-jetpack-wordpress-plugin-exposed-by-a-security-vulnerability-Q1VaTHc4VUhUazZGeWcyWDgxL2dYQT09
https://www.helpnetsecurity.com/2019/11/20/confidential-medical-images/
https://gizmodo.com/7-5-million-adobe-accounts-exposed-by-security-blunder-1839364598
https://www.bleepingcomputer.com/news/security/macys-customer-payment-info-stolen-in-magecart-data-breach/
https://pastebin.com/8rXhtqgr
+20 new dumps added to our database
https://github.com/h43z/dns-rebinding-tool/
http://intx0x80.blogspot.com/2019/10/JWT.html
https://twitter.com/kaluche_/status/1181834267204210688
https://github.com/Hackplayers/Salsa-tools
https://github.com/AlmondOffSec/PoCs/tree/master/Windows_wermgr_eop
https://github.com/HunnicCyber/SharpSniper
https://github.com/3gstudent/GadgetToJScript
https://github.com/ZeroPointSecurity/GoldenTicket
https://github.com/coolboy4me/cve-2019-0708_bluekeep_rce
https://github.com/bugbounty-site/exploits/tree/master/CVE-2019-14994
Reading
https://xz.aliyun.com/t/6498
https://thewover.github.io/Bear-Claw/
https://blog.hunniccyber.com/phishing-with-netlify/
https://www.preempt.com/blog/drop-the-mic-2-active-directory-open-to-more-ntlm-attacks/
https://silentbreaksecurity.com/cve-2019-10617/
https://www.nextron-systems.com/2019/10/04/antivirus-event-analysis-cheat-sheet-v1-7-2/
https://jailbreak.fce365.info/Thread-It-s-possible-once-again-to-bypass-iCloud-by-using-a-CFW-with-the-CheckM8-Exploit?pid=1151#pid1151
https://offsec.almond.consulting/windows-error-reporting-arbitrary-file-move-eop.html
https://ssd-disclosure.com/archives/4033/ssd-advisory-openssh-pre-auth-xmss-integer-overflow
https://safebreach.com/Post/HP-Touchpoint-Analytics-DLL-Search-Order-Hijacking-Potential-Abuses-CVE-2019-6333
Tools:
HRShell – Flask HTTP/HTTPS Reverse Shell/C2
Evil WinRM + Donut-Loader
USB Armory MKII
PyPyKatz-WASM – Parse lsass dumps in the cloud
https://shell.now.sh/
SMB2 snapshots with Impacket SMBClient
Python API wrapper for spyse.com tools
SharpDoor – termsrv.dll multiRDP patcher
Reading:
https://thehackernews.com/2019/09/windows-fileless-malware-attack.html
https://posts.specterops.io/understanding-and-defending-against-access-token-theft-finding-alternatives-to-winlogon-exe-80696c8a73b
https://www.praetorian.com/blog/running-a-net-assembly-in-memory-with-meterpreter
Just in time for summer camp , finally got around to adding designs to new illmob store on ::teespring:: tried to keep the prices to at cost. We will also be handing out some stickers and prizes given out randomly if you find us. See you there!
TL;DR: The infosec ‘community’ is a dumpster fire. (with lots of screenshots that everyone loves to post.)
So since a shitty reporter wrote a hit piece of a one-sided view of the illmob facebook group, figured we’d get all the info on the table so you can make your own conclusions instead of following the narrative. This was never about illmob being misogynists. They wanted to twist it to make it seem like posts about the few women who caused drama and fake the funk in the scene were us including all women. Even though there was other females in the group.
On illmob it was mostly a lot of posts related to infosec, we dropped security related news, 0days, tools, breaches and yes talked shit about people we felt cause drama or we call out for being a fraud. If this happened in 2010-2011 we would have been called racists for calling out Gregory Evans for calling himself World’s #1 Hacker.
This changed in September 2017 when tweets started popping up on Twitter about conferences adopting Codes of Conducts etc , trying to push the GamerGate narrative into the infosec community. Tweets from Roxanna ‘@theroxyd’ Dehart , who had never attended a single DerbyCon started to push the agenda of asking why the conference doesn’t have a CoC. There was some back and forth between a few of us. Including me, Martin Bos, Roxy, Brian ‘@DeviantOllam’ Rea, and Wesley Mcgrew. During the time I was making stickers and ended up making this sticker.
And I got into the back and forth fight with Wesley McGrew over the sticker which I made a photoshop of him
I was calling him out because usually the loudest backers of bullshit are the ones who want to pretend to be for the cause.
Example: This tweet about Georgia Weidman after she had posted on Twitter asking for opinions on her new website design, I said her logo was shitty
the resulting tweet a few months later was from her trying to tweet BsidesCT to try to get me removed from the conference for being mean about artwork. But it did make her improve the logo …
This started a whole pile up on Twitter of people questioning her abilities during which Georgia’s mom made an account on Twitter to fight with everyone. I got this message from Wesley:
So does this make a Wesley a misogynist because he was going against someone he felt didn’t belong, was it worse he did it in private?
Was he complacent for being in the group with a ‘burner account’
^ nuff said.
We’ll get back to Georgia further down the post…
One good thing to come out of the DerbyCoC stickers was resulting in me selling all of the stickers for donations and then donating all the funds received to 2 different non-profits that support women in technology. (Girls Who Code & CyberJutsu Girl’s Academy)
Some of the leftover funds from money coming in after DerbyCon went to the Puerto Rico Hurricane fund, which happened right around the same time.
But yea we’re a misogynist hate group…
Now let’s address this tweet. This is the tweet that set it all off. I understand relationships go bad, and can have bad actors on both sides. People can also be vindictive as fuck after breaking up. Not to say nothing happened that was tweeted, or to downplay the seriousness of the accusations, but it’s up for the police and courts to decide once all the evidence is presented from both parties. Not for Twitter or a conference to decide.
Being that I was working security for the conference, upon seeing this tweet, I had a duty to let the rest of security know about this. Because it was in a sea of other people that were already talking shit on Twitter I may have not worded it in a way that was understood by some.
Immediately I was PM’d and this conversation happened.
Hopping on our security team Slack I immediately informed the team to make sure they were aware there may be an issue and that we should look into it. She had stated there was paperwork submitted but this had not trickled down to the rest of the team. I was only trying to help, I wasn’t trying to be offensive to someone who may have experienced something like what was tweeted.
Upon coming out of that PM , I was greeted with a tweet from Brian ‘DeviantOllam’ Rea , whom I was already arguing with in previous weeks. Twitter isn’t the greatest medium to get points across because noone knows your tone or intention. Hence this response.
Im not one to take shit , especially from some no-talent assclown who does lockpicking party tricks that my locksmith down the street does daily. I responded and said I was on staff and told him to go back to being a cuck. Brian immediately called Dave at his wife’s birthday dinner to cry about being called a cuck.
This was from Dave’s own Facebook page, Dave was at dinner and didn’t want drama, so he had head of security call me to say that I couldnt’ come to Derbycon. Which of course was changed to I was able to come just not volunteer my time to do security. I wasn’t getting paid to work, I drove 12 hours each way for 7 years to help with a conference that I believed was one of the best conferences around with awesome people. I didn’t want anything in return. I vented in the illmob group at the time which alot of people were a part of at the time, including people who helped run Derbycon.
The accuser’s ex-bf also hit me up during this time
Making light of the situation during the weekend I made some photoshops to fuck with Brian ‘DeviantOllam’ Rea , which got circulated from the group of him and his wife Tarah Wheeler. There was people in the group who knew Brian and sent him screenshots. Such as the ones seen below. It’s the fucking internet, if shit like this offends you then you arent built for the internet.
We knew there was a leak because someone took a photo of them trying to laugh it off while they were at DerbyCon, pointing at the pictures. I photoshopped those out and made it them laughing at ‘her’ book. Which was also posted in the group.
During this time Shannon ‘@snubs’ Morse along with Roxy, started to chime in more with Codes of Conduct and even went as far as writing a Tumblr blog post naming me, a derbycon videographer (IronGeek), the accused/unnamed rapist , and YTCracker as ‘women haters’. It also told the story of how YT grabbed snubs ass during a drunken defcon party a few years earlier. YT admitted he was wrong and apologized profusely. I tweeted to her asking her about her grabbing Bill Gardner’s ass at DerbyCon to jump the beer line, in which I was blocked. The post was discussed in the group and with another photoshop. At some point it was discussed that she had some nude photos to her boyfriend that had got leaked, these files were easily found if you just google her name, there was no threat to release her pictures because they were already floating around the internet for more than 10 years now, we werent the ones disseminating . Does that make it right talking about it? No. But neither do false claims.
So that was post from September 2017 which Kyle ‘@eiais’ Spiers from Google , (who was in the illmob group also) started to circulate recently to make it look like the narrative we hated on ‘all’ women. These were from the discussion we had during the Derbycon CoC fiasco. He only had/screenshotted these because he was friends with Brian ‘DeviantOllam’ Rea. This wasnt because he was some sort of hero for women. Goes to show someone’s privacy ethics when friends are involved, I’m sure he fits right in with Google’s privacy policy.
That pretty much brings us to present there was two posts unrelated to the previous drama , but got intertwined into the whole DerbyCon drama in 2018. I was there this year but stayed in my room to watch most of the talks because the vibe was off and I was only there to hang out with friends.
There was a Mental Health Village to help people in the community deal with their various issues. There was a whiteboard outside the village asking “what makes you happy?” Someone wrote ‘boobies’ then someone else wrote underneath ‘#metoo’ and pointing to the writing. This caused issues with one female attendee @deborahlindseyl. She tweeted to @derbycon about the issue and was unsatisfied with the timeliness of their response. She also criticized Amanda Berlin for covering the offending text with a sticker (which also happened to be a podcast Amanda was a part of) so she accused them of trying to cover it up and promote the podcast.
She also went on to criticize Walmart Security for having mustache combs at their booth, and not anything for women. People went on to assume she was just another shit-stirrer and didn’t take her opinion that a poor attempt at a joke should be something that the conference as a whole should be responsible for. AFAIK the conference organizers tried to resolve the issue as quick as possible but I was apart of anything so I cant confirm what went down. Other people that were there did comment in the group on what went down, along with report of other people complaining that there was nazis at DerbyCon because someone was photographed doing the ‘circlegame’ symbol. After this died down someone thought it would be funny to post a picture of her face on a battleship calling her ‘BattleCunt’
Around the same time someone posted a tweet from Georgia Weidman claiming that DerbyCon 2013 was worse that an attempted rape that happened when she and Brian ‘DeviantOllam’ Rea were attending a conference in Poland. (During which Brian didn’t believe her narration of events, in which he later apologized for 4 years later on his blog and deleted previous tweets saying she was a liar.) 
People in the thread were questioning her state during DerbyCon, where she admits to drinking before and during her talk, which wasn’t well-received. Not because she was female , it was just the content was filled with drunken ramblings. Other items from people who had in-person accounts of her doing/saying other things mentioned in the screenshots. Shit got rowdy in the posts with both men and women responding their opinion and experiences. Also there was talk that she did training while drugged up, it was so bad that conference organizers offered attendees another free class to make up for it.
Besides noone wants to take you seriously if you dress like this during a technical conference.
Georgia herself recognizes the CoC narrative
The report for Motherboard was also in the group, and had been in the group for over 18 months. He was brought into the group by Runa Sandvik who was an original illmob member. He was a tech writer so everyone figured he was there to get the latest tech scoop before other reporters did. He must have had a deadline to meet to deviate from the normal writing he did, Do I blame him for the article? Yep. It was a one-sided piece, he messaged a few people involved in the article , including me. He didn’t even take time to research anything, he went from messaging to article within the afternoon. here’s my conversation.
As you can see the shitting on males narrative doesn’t make for a good hit piece. It was poorly researched considering the length of time in the group (18months to 2 yrs), does that make him complacent like everyone that feels the need to apologize for being in the group so they don’t call their place of work trying to get them fired? We were a group of guys AND girls we didn’t hate women.
If you want to fit your own narrative of one of the players in this drama, who promotes ‘women in tech’, even wrote a book on it, is now being sued in court along with her employer for allegedly trying to force people she was in charge of to do illegal things. see ::HERE:: and ::HERE:: , trial scheduled for next year if not settled out of court beforehand. When someone complained to HR, Tarah responded by wiping evidence from one of the plaintiffs under the guise of a ‘laptop upgrade’. Shit like this in the workplace does worse for women than some Memes and name calling.
I’ll leave you with me being my ‘meanest’ on Facebook.
her ability as a wordpress ‘dev’ to leave .bak backup in root directory
her ability to write a ‘book’ which she relied on other women to write
Female attendee Derbycon 2017.
p.s. the Facebook group never closed, people were removed and trimmed down to less than 50 members who continue to discuss infosec and learn. fuck the bullshit.
p.s.s. for those thinking im only photoshopping women, https://imgur.com/a/28mndq2
Seems like our little journalist, Lorenzo Franceschi-Bicchierai, is no stranger to being a misogynist homophobe himself. He tried to age old “sorry im ashamed of these tweet and I’ve changed” when confronted by them and then deleted the tweets. The internet is forever cupcake, nice try though.
We love our country, but fear our government.
Skype
Email
Keybase.io
