r/blackhat

▲ 0 r/blackhat+1 crossposts

Fully Infected BlackLotus / BootKitty "In the Wild" - Every Platform AMA

All the videos I see on Youtube talk about rootkits / bootkits but never actually show infected machines. It has fully taken over every single device I own.

- Windows / Linux / Mac OS / ChromeOS

- Android Auto (Honda Accord)

- iPhone ios 26

- 3 Routers

- 3 Laptops , 3 Desktops

- Created a Local Bluetooth Network and they all talk

If anyone out there is studying this or wants info, I am happy to share any and all logs etc.

I have spent the last 2 months trying to get rid of it and am unable to.

reddit.com
u/CryptusChrist — 3 days ago
▲ 11 r/blackhat+5 crossposts

Curl is the Most Dangerous Tool in Your Terminal

I go through how someone can utilize curl to compromise and exploit vulnerabilities in a website!

youtu.be
u/superdog793 — 6 days ago
▲ 40 r/blackhat+3 crossposts

How App Developer are marketing their apps

Found this guy on X, and I found it interesting how people are using phone farms to scale their content. In particular, this guy is talking about scaling with app cloners.

u/beeaniegeni — 9 days ago
▲ 0 r/blackhat+2 crossposts

Cybersecurity: Profession or Money Making Spiral?

I’m reaching out to this community for assistance. I’m a cybersecurity professional turned business owner who understands the frustrations of cybersecurity from both directions. As such I’ve come to determine that a major paradigm shift must occur.

Cybersecurity is costly, ineffective at preventing loss and is overly complex and labour intensive. It’s always a game of catch up via patching. This insight comes from my over 35 years of experience auditing and consulting in this field.

Cybersecurity is counter productive, difficult to work with and frustratingly hard to use especially now with multifactor login requirements. This comes as a user and business owner for over 15 years.

There is only one solution and that is a total redevelopment. A solutions that eliminates or at least minimizes the costs and frustrations.

Turning this field upside down will be a formidable task. It will require support from CEOs such as yourselves who must exert pressure on the industry. Unfortunately your CSIOs are born and bread on the existing architecture. They will not recommend or support this initiative as it will cause them great pain and suffering in having to start over.

The cybersecurity industry doesn’t want this without the absolute need to do it. They’re making money hand over fist easily from this perpetual updating and patching that goes on.

Bad actors must become disenfranchised and this means the battlefield on which cybersecurity operates must change.

AI and Quantum Computing will eventually offer cybersecurity no choice but to change. Better to do this upfront rather than in an emergency situation.

I ask you to come on board and let’s exert pressure on this industry to retool.

https://www.ctvnews.ca/sci-tech/article/ai-could-breach-government-and-business-defences-in-months-us-and-its-intelligence-partners-warn/

u/Silientium — 8 days ago
▲ 30 r/blackhat+3 crossposts

SHA256-CDP: GPU-accelerated rainbow tables using structural properties of SHA-256 — 2.5 GH/s build, 14 GH/s query on RX 9070 XT

Released SHA256-CDP, a GPU rainbow table implementation built on

CDP (Cyclic Digit-sum Projection) — a structural analysis of SHA-256

output distribution I published earlier this year.

Core idea: SHA-256's hex-digit sum W(H) converges deterministically

into exactly two cycles under iteration. This structure yields a

bijective fingerprint enabling zero-collision rainbow chains.

Repo: https://github.com/JM00NJ/SHA256-CDP

Paper: https://doi.org/10.5281/zenodo.20627240

Tested on AMD RX 9070 XT — 96.3% coverage on 7-char lowercase

with 3 tables in ~43s per hash.

github.com
u/Pale_Surround_3924 — 12 days ago
▲ 1 r/blackhat+1 crossposts

Bot Attack on MERN Web App VPS Hosted

We found something different one our website that is MERN based and hosted on VPS. We did some changes but after some time our live url and last deployment have difference. When we compare the code with github code , there is many changes. We checked the server logs and found something strange.

Our various files was changes.

Got server log something -

Jun 23 23:34:54 67 sshd-session[1281284]: userauth_pubkey: signature algorithm ssh-dss not in PubkeyAcceptedAlgorithms [preauth]

When i checked the file change logs

/home/domain/public_html/static/js/213.f4eb4aa8.chunk.js /home/domain/public_html/static/js/213.f4eb4aa8.chunk.js.LICENSE.txt /home/domain/public_html/static/js/239.fd8563bf.chunk.js.map

Is there any Devops or security expert who can share the exact steps to identify and block the issue.

Note:- CI/CD pipeline is not configured yet on the project.

Try to get some help from AI but it is repeating the same things.

reddit.com
u/EfficiencyOne1007 — 11 days ago