Friend, Memorial Day - Remember & Honor and 2020 Election Cycle Notes

DuPage Dems Weekly

How to Celebrate Memorial Day from Home Take a moment of silence to remember and honor those that have made the ultimate sacrifice. Talk to your kids about the meaning of Memorial Day. Fly your Flag - US Flag Code Read up on the History of Memorial Day Donate to Memorial Day Flowers which places flowers on fallen veterans' graves 2020 Election Cycle Notes Fellow Dems, Want 2020 Election Updates? Like a reminder of when you can fill out your Vote By Mail application, how to register to vote, early voting dates/locations, etc... Text myvote2020 to 94253. DuPage Democratic Candidate List can be found here: votedupage.com/candidates Facts about Vote by Mail Vote By Mail is currently available to all Illinois Residents. Both Republican and Democratic Election Judges are ALWAYS present during all phases of processing Vote by Mail Ballots (Postmark Check, Signature Check, Feeding the Ballot through the Machine, etc...). Vote By Mail provides a paper trail that can always be verified/audited. Vote By Mail is an excellent option to keep both your health and vote safe. August 5 is the first day to apply for a Vote By Mail Ballot. For More information visit votedupage.com/vbm Sincerely, Cynthia Borbas Chair of the Democratic Party of DuPage County Chip in $5 for our 2020 Stamp Drive! https://secure.actblue.com/donate/dpdcstampdrive Help us get out the word on all Democrats on the ballot in DuPage in 2020. We need stamps for letters, postcards and mailers. Additionally, Support the Post Office and Letter Carriers who are under attack from the Trump Administration. Chip in $5 for our 2020 Stamp Drive! https://secure.actblue.com/donate/dpdcstampdrive Paid for by the Democratic Party of DuPage County, who continues the Fight for Economic Justice, Civil Rights and Our Environment within DuPage & Beyond.

Democratic Party of DuPage County | 1000 S Rohlwing Rd, Unit 1000-7, Lombard, IL 60148 Unsubscribe dstafford1.amyable@blogger.com Update Profile | About Constant Contact Sent by info@dupagedemocrats.com in collaboration with Try email marketing for free today!

Hacking Freemium Games - The Evolution Of PC Game Cheating

This post is going to be a rather strange post compared to previous ones. But bear with me, in the middle of the post you will see why this post fits the IT security topic.

I'm also terribly sorry for not posting recently, but I was busy with my SPSE and SLAE certification. Both are recommended for Python and Assembly noobs like me. But back to this post.

A little bit of history

Cheating in games started as help for game testers. By using invincibility or infinite ammo testers were able to test the game quicker, which meant less money spent on testing. I personally use cheat codes in games, depending on my mood. Sometimes it feels good to slash all the opponents while I'm invincible, sometimes it is more fun to play the game without cheats. One can argue whether cheating in games is OK or not, but I believe it depends, there is no black or white. But one thing is for sure, it is part of the gaming industry. There is huge demand for cheats. There were even cheat books printed on paper...

The different types of cheats (on PC)

There are different types of cheats in PC gaming. Following is a noncomplete list of these cheats:

Cheat codes

The good old IDDQD type of cheats. These are left in the game by the developers intentionally. Nothing interesting here.

Edit memory

This is my favorite. I will talk about this at the end of the post. Whenever a user launches a new program, the program's whole memory is accessible (read/write) to every other program launched by the user. And since the memory stores the current game state (health, ammo, armor, etc.), these values can be changed easily. In the good old times, there were POKE commands to do this cheats, and the memory address to write into was published by people who found where the game stores the most critical states about the game.

Code injection

This is like patching the game code. For example, one can change the "DEC (pointer to your current health)" instruction with NOP (do nothing), thus becoming invincible. In multi-player cheats, there is the aimbot to help you aim at enemies, wallhack to see through the wall, increase hitbox of the enemy for smoother hit, or in MMORPGs, one can write macros to collect items while the player is not online. I would say the so-called "trainers" more or less fit into this category and the previous one.

Saved game editor

The first time a kid meets a hex-editor (just like the co-author of this blog did with SIM City when he was 10 years old - David). It can teach a lot about file structures, the hexadecimal numeral system, etc. Fun times. 

Hacking game server

Not very common, but even more fun. Warning: endless trolling possibilities in multi-player games ahead :) How to hack a game server? Well, I think this might deserve another full blog post ...

Network traffic hacking

One last necessary type of cheating is to modify network traffic between the client and the game server. AFAIK SSL is not universal in gaming, so stunnel is not needed for this hack, but ettercap can help in changing the communication.

Why cheating becomes more critical (and challenging)?

Now in the age of in-app-payments, the game creators are no longer thinking about cheats as funny things but something to be destroyed to the ground. Because cheating decreases its revenue. Or not. At least they think it does. To quote Wikipedia here, "cheating in such games is nonetheless a legal grey area because there are no laws against modifying software which is already owned, as detailed in the Digital Millennium Copyright Act." 

A lot of online games include anti-cheating components like PunkBuster, nProtect GameGuard, or Valve Anti-Cheat. This whole cheating/anti-cheating industry is the same as the virus/anti-virus industry. A cat and mouse game.

Freemium games

If you have not played with "freemium" games, you should watch South Park season 18, episode 6. - "Freemium Isn't Free." If you did play with freemium games, you definitely have to watch it :) There are many problems with freemium games. It is free to install, free to play. The first 3-4 hours might be fun to play. But after that, it turns out it is impossible to advance in the game without paying money for it. And by spending cash, I mean spending a LOT! Let's have a look at today's example, an arcade racing video game.

For 99.99 USD, you can get 3 000 000 credit. For almost double the price of a new PC game, you can get these credits. In this particular game, I estimate one have to play ~6-24 hours constantly to get this amount of credit. But by playing ~6 hours, I mean 6 hours without progress in the game! Kind of boring. And what do you get from 3 000 000 credit? You can buy one of the most expensive cars, but can't tune them fully. You have to play more (without progress) or buy more. But guess what, there are more cars you can't buy by only playing the game. Those are only available via in-app-purchase.

Even though the player has 58 765 533 credits, it is not possible to buy this car. Only available through real money.

So, what are your possibilities? You are either Richie Rich, and can afford the money to buy these. Or you can be insane, and try to play the game without in-app-purchase. Or give up the game and try another freemium ... Or, you can try to hack the game!

Hack all the freemium games!

Although I was not playing this racing game from day one, I was able to witness the evolution of the cheats against this game. The cheats which worked in one day was not working one month later. The game is continuously updated to defeat the newly published cheats.

Noob start

So, I want to hack this game, what is the first thing a noob like me does? Bing it! Google it! 

From the first page result, let's check this tool:

While trying to download that, I just have to give my email address to spammers, or my mobile number will be subscribed to premium rate text messages. What fun.

Another "cheat" program will install malware/adware on your computer. Never ever try these programs. They are fake 99% of the time and after installing those you will have another problem, not just how to hack freemium games.

Beginners start - Cheat engine

When I first heard about hacking games in memory, I visualized hours of OllyDBG/ImmunityDBG/(insert your favorite Windows debugger here). It turned out, there are some specialized tools to help you with cheating the game. No assembly knowledge required. My favourite tool is CheatEngine. I highly recommend to download it and spend 10 minutes to get past the built-in tutorial levels to get a feeling about this tool. It's super duper awesome.

When I first tried to hack this game myself, I scanned the memory for my actual credit and tried to change that, no luck. Keep reading, you will see what happened.

The second cheat I tried with cheat engine was something like this: 

1. Start the game, play the first level, and check how many credits is paid for winning the race. Pro tip: use dual display for full-screen game cheating.
2. Restart the same level, attach Cheat Engine to the game's process
3. Scan the memory for the same value at the beginning of the race
4. Scan the memory for the same value at the end of the game. The intersect of the first and second scan includes the real value where the credit is stored for winning the race.
5. Change the values (both the real one and some false positives) to something big
6. Watch the game to crash
7. Be amazed at the money you received

Nowadays, most of the cheats on YouTube does not work. Except for these kind of cheats. I don't want to recreate that tutorial, so you should watch it first then come back.

Are you back? Great. Do you have any idea what have you just seen? No? Well, in this case, don't try this at home. Copy-pasting assembly code from random internet posts and running on your computer is always a bad idea. It is precisely as risky as downloading free programs from random internet sites.

Although I have not seen people trolling others with this cheat engine type of shellcode, I think the time will come when these will be turned into something terrible. These shellcodes might work, or might harm your computer. The good news is, we can have a look at the code and analyze it. 

When you open CheatEngine and try to define a new custom type, you are greeted with a skeleton assembly code. I don't want to detail what all the skeleton code does, let's just focus on the difference between the skeleton code and the code used in the video. This is the "decrypt function":

xor eax, 0baadf00d
rol eax, 0e

What does it mean? The actual credit is encrypted in memory. If you want to scan it in memory, you won't be able to find it. But! The encryption is rotating the value to the right (ROR) with 0xE (14 in decimal), and after that, it is XOR-ed with 0xbaadf00d. Decrypting it is the inverse of the functions in reverse order (in this particular case, the order does not matter, but that's not the point). The inverse function of XOR is XOR, and the inverse function of ROR (rotate right) is ROL (rotate left). Now that we analyzed the assembly code, we can be sure that it is safe to execute. Just follow the video and see your coins falling from the sky. For free. In a freemium game. Have fun!

Encrypt memory - applications at financial institutions

Another exciting thing is that I don't recall any thick client applications in the financial industry encrypting the values in memory. And I agree, there are more significant problems with thick client applications than not encrypting the essential values in memory. But still, some thick client applications are regularly updated, maintained. Maybe it is a good idea to encrypt the values in memory. It will make attackers' life harder. Not impossible, but harder. Perhaps the developers of these applications should learn from the gaming industry (or from malware developers for that matter) because it is a shame that an arcade racing game or an FPS is protected better than an application responsible for transacting millions of dollars. Just think about the RAM scraping malware stealing millions of credit card data ...

Moral of the story

Cheating is part of the gaming history, and the freemium games are trying to take away the cheats from the gamers because they want money. Thanks to CheatEngine and some clever hacks, these programs can be still beaten. And guess what, there is CheatEngine for Android - although it did not work for me on the latest Android. And sometimes, hacking all kinds of applications can be more comfortable with CheatEngine, compared to traditional debuggers.

Also, always check the code before executing it! And when you find something cool, publish it, so everyone could enjoy the games!

Related links

1. Hacking Netflix Account
2. Hacking Mac
3. Que Es Hacker En Informatica
4. Tutorial Hacking
5. Tools For Hacking Wifi
6. Hacking With Swift
7. Hacking Mifare
8. Penetration Testing A Hands-On Introduction To Hacking

Vlang Binary Debugging

Why vlang? V is a featured, productive, safe and confortable language highly compatible with c, that generates neat binaries with c-speed, the decompilation also seems quite clear as c code.
https://vlang.io/

After open the binary with radare in debug mode "-d" we proceed to do the binary recursive analysis with "aaaa" the more a's the more deep analys.

The function names are modified when the binary is crafted, if we have a function named hello in a module named main we will have the symbol main__hello, but we can locate them quicly thanks to radare's grep done with "~" token in this case applied to the "afl" command which lists all the symbols.

Being in debug mode we can use "d*" commands, for example "db" for breakpointing the function and then "dc" to start or continue execution.

Let's dissasemble the function with "pD" command, it also displays the function variables and arguments as well, note also the xref "call xref from main"

Let's take a look to the function arguments, radare detect's this three 64bits registers used on the function.

Actually the function parameter is rsi that contains a testing html to test the href extraction algorithm.

The string structure is quite simple and it's plenty of implemented methods.

With F8 we can step over the code as we were in ollydbg on linux.

Note the rip marker sliding into the code.

We can recognize the aray creations, and the s.index_after() function used to find substrings since a specific position.

If we take a look de dissasembly we sill see quite a few calls to tos3() functions.
Those functions are involved in string initialization, and implements safety checks.

• tos(string, len)
• tos2(byteptr)
• tos3(charptr)

In this case I have a crash in my V code and I want to know what is crashing, just continue the execution with "dc" and see what poits the rip register.

In visual mode "V" we can see previous instructions to figure out the arguments and state.

We've located the crash on the substring operation which is something like "s2 := s1[a..b]" probably one of the arguments of the substring is out of bounds but luckily the V language has safety checks and is a controlled termination:

Switching the basic block view "space" we can see the execution flow, in this case we know the loops and branches because we have the code but this view also we can see the tos3 parameter "href=" which is useful to locate the position on the code.

When it reach the substr, we can see the parameters with "tab" command.

Looking the implementation the radare parameter calculation is quite exact.

Let's check the param values:

so the indexes are from 0x0e to 0x24 which are inside the buffer, lets continue to next iteration,
if we set a breakpoint and check every iteration, on latest iteration before the crash we have the values 0x2c to 0x70 with overflows the buffer and produces a controlled termination of the v compiled process.

More information

1. Chema Alonso Wikipedia
2. Chema Alonso Libros
3. Hacking Movies
4. Udemy Hacking
5. What Is Growth Hacking
6. Growth Hacking Sean Ellis
7. Hacking Wireless 101 Pdf
8. Tecnicas De Hacking

DOWNLOAD SENTRY MBA V1.4.1 – AUTOMATED ACCOUNT CRACKING TOOL

Sentry MBA is an automated account cracking tool that makes it one of the most popular cracking tools. It is used by cybercriminals to take over user accounts on major websites. With Sentry MBA, criminals can rapidly test millions of usernames and passwords to see which ones are valid on a targeted website. The tool has become incredibly popular — the Shape Security research team sees Sentry MBA attack attempts on nearly every website we protect.  Download Sentry MBA v1.4.1 latest version.

FEATURES

Sentry MBA has a point-and-click graphical user interface, online help forums, and vibrant underground marketplaces to enable large numbers of individuals to become cybercriminals. These individuals no longer need advanced technical skills, specialized equipment, or insider knowledge to successfully attack major websites.

Sentry MBA attack has three phases,

• Targeting and attack refinement
• Automated account check
• Monetization

Continue reading

• Google Hacking
• Hacking Basico
• Hacking Y Forensic Desarrolle Sus Propias Herramientas En Python Pdf
• Hacking Etico Libro
• Hacking Marketing
• Wifi Hacking App
• Hacking Etico Curso Gratis
• El Libro Del Hacker
• Paginas De Hackers
• Mindset Hacking Español
• Certificacion Hacking Etico
• Hacking News
• Hacking Games
• Hacking Etico
• Hacking Programs
• Hacking Hardware Tools

Amnesia / Radiation Linux Botnet Targeting Remote Code Execution In CCTV DVR Samples

Reference

Amnesia / Radiation botnet samples targeting Remote Code Execution in CCTV DVR 

2017-04-06 Palo Alto Unit 42. New IoT/Linux Malware Targets DVRs, Forms Botnet

2016-08-11 CyberX Radiation IoT Cybersecurity campaign

Download

             Other malware

Download. Email me if you need the password (see in my profile)

Hashes

MD5	SHA256	SHA1
74bf554c4bc30d172cf1d73ac553d766	06d30ba7c96dcaa87ac584c59748708205e813a4dffa7568c1befa52ae5f0374	3c40221177383da576b11a0b3f6b35d68a9cde74
5dd9056e5ab6a92e61822b6c04afd346	10aa7b3863f34d340f960b89e64319186b6ffb5d2f86bf0da3f05e7dbc5d9653	c865dd67853a24fd86ef74b05140827c1d5fd0bd
2b486466f4d3e30f7b22d0bc76cb68f9	175fe89bbc8e44d45f4d86e0d96288e1e868524efa260ff07cb63194d04ea575	ed62f6d1588bea33c20ababb42c02662d93d6015
3411bb2965f4c3d52c650aff04f48e52	1d8bc81acbba0fc56605f60f5a47743491d48dab43b97a40d4a7f6c21caca12a	1e0281178b4a9d8dec74f50a7850867c87837435
34f915ac414e9aad2859217169f9a3aa	2f9cd1d07c535aae41d5eed1f8851855b95b5b38fb6fe139b5f1ce43ed22df22	d66f1e47c983a8d30ad7fd30cd08db8cd29a92b0
59e08f2ce1c3e55e2493baf36c1ad3c6	327f24121d25ca818cf8414c1cc704c3004ae63a65a9128e283d64be03cdd42e	90d45b81e9a97ddcc9911122f4e8fd439ccc8fa9
f4bc173bf80d922da4e755896af0db61	37b2b33a8e344efcaca0abe56c6163ae64026ccef65278b232a9170ada1972af	fab32f8c3ce3a837e80a1d98ada41a5bf39b01e7
a253273e922ce93e2746a9791798e3fe	3a595e7cc8e32071781e36bbbb680d8578ea307404ec07e3a78a030574da8f96	99cfdec405f6a9f43d58b1856fce7ca3445395d3
335e322c56278e258e4d7b5e17ad98e6	4313af898c5e15a68616f8c40e8c7408f39e0996a9e4cc3e22e27e7aeb2f8d54	504022707609a0fec9cbb21005cb0875be2a4726
93522e5f361a051f568bd1d74d901d30	46ea20e3cf34d1d4cdfd797632c47396d9bdc568a75d550d208b91caa7d43a9b	e7fc96b2a92888572de2539f227c9a6625449f83
c86af536d87c1e5745e7d8c9f44fd25d	4b0feb1dd459ade96297b361c69690ff69e97ca6ee5710c3dc6a030261ba69e0	6ef69a683913ae650634aedc40af8d595c45cb4f
90c7c5e257c95047dbf52bbfbe011fd6	4db9924decd3e578a6b7ed7476e499f8ed792202499b360204d6f5b807f881b8	1c3a9be6ae9300aaad00fb87d5407ed6e84ec80b
7c0528e54b086e5455ef92218ea23d03	5e6896b39c57d9609dc1285929b746b06e070886809692a4ac37f9e1b53b250c	868abc912ff2fdcd733ff1da87e48e7d4c288a73
6405b42d2c7e42244ac73695bb7bfe6b	64f03fff3ed6206337332a05ab9a84282f85a105432a3792e20711b920124707	173aca65181c8da84e062c803a43a404ad49302d
6441157813de77d9849da5db9987d0bb	6b2885a4f8c9d84e5dc49830abf7b1edbf1b458d8b9d2bafb680370106f93bc3	92dff9bdb31d3b9480d9e5f72a307715859dd094
614ea66b907314398cc14b3d2fdebe79	6b29b65c3886b6734df788cfc6628fbee4ce8921e3c0e8fc017e4dea2da0fd0b	c7e71c42d391f9c69375505dbf3767ba967f9103
00fe3120a666a85b84500ded1af8fb61	885dce73237c4d7b4d481460baffbd5694ab671197e8c285d53b551f893d6c09	342ed67e08d16ab982a4012fcecdca060a5da46b
5477de039f7838dea20d3be1ae249fcb	886136558ec806da5e70369ee22631bfb7fa06c27d16c987b6f6680423bc84b0	5b19202b45e5a58cadec8c2efa40fd924b64177d
91bf10249c5d98ea6ae11f17b6ef0970	8f57ec9dfba8cf181a723a6ac2f5a7f50b4550dd33a34637cf0f302c43fd0243	682dab9ec3ff0b629cce4e16c9c74171dd2551d4
fb0a7e12d2861e8512a38a6cdef3ddf0	9351ee0364bdbb5b2ff7825699e1b1ee319b600ea0726fd9bb56d0bd6c6670cb	c077c490bb22df9886475dc5bedfc6c032061024
9b7f5a1228fa66cbd35e75fb774fdc8e	9c7a5239601a361b67b1aa3f19b462fd894402846f635550a1d63bee75eab0a2	ae89bc6c5cc1818b3136a40961462327c3dececc
5b97d54dc5001eb7cf238292405070a6	a010bf82e2c32cba896e04ec8dbff58e32eee9391f6986ab22c612165dad36a0	96d2194f5f3927de75605f6ca6110fe683383a01
642f523bb46c2e901416047dca1c5d4e	ad65c9937a376d9a53168e197d142eb27f04409432c387920c2ecfd7a0b941c8	bbf667213a446bc9bc4a5a2e54e7391752e3a9b8
c617655312c573ecb01d292b320fff2e	aeb480cf01696b7563580b77605558f9474c34d323b05e5e47bf43ff16b67d6a	de102a6f35e08f18aa0c58358f5b22871eb0a45f
c8835a3d385162ae02bd4cb6c5ebac87	b113ec41cc2fd9be9ac712410b9fd3854d7d5ad2dcaac33af2701102382d5815	831eb9cf0dcd57a879c04830e54a3b85fe5d6229
1497740fa8920e4af6aa981a5b405937	b13014435108b34bb7cbcef75c4ef00429b440a2adf22976c31a1645af531252	8d6b90f0b88b1ad5dcc87d377e6a82dc6ac64211
5e925e315ff7a69c2f2cf1556423d5af	b3d0d0e2144bd1ddd27843ef65a2fce382f6d590a8fee286fda49f8074711545	64fe900b3a2b030c28211404afa45703c6869dea
951ec487fb3fece58234677d7fe3e4dc	bdefa773e3f09cdc409f03a09a3982f917a0cc656b306f0ece3dd1a2564a8772	0b03d9471522590530dd90ad30b2d235ec98b578
3e84998197fc25cbac57870e3cdeb2de	c03b403d5de9778a2ec5949d869281f13976c2fc5b071e0f5f54277680c80902	0b9eb6d931dc6b226a913e89bb422f58228de0d0
c3a73d24df62057e299b6af183889e6b	cb2382b818993ef6b8c738618cc74a39ecab243302e13fdddb02943d5ba79483	6a683ef6f7653e5ee64969cbbbe4403601ae9ded
d428f50a0f8cd57b0d8fe818ace6af20	ce61dcfc3419ddef25e61b6d30da643a1213aa725d579221f7c2edef40ca2db3	9bd832256b94e43546dfb77532f6d70fcd1ce874
e1d6d4564b35bb19d2b85ca620d7b8f2	d0bda184dfa31018fe999dfd9e1f99ca0ef502296c2cccf454dde30e5d3a9df9	c1af00d3263893b5d23dbf38015fe3c6a92cefaf
e9502ae7b0048b9ea25dd7537818904c	e7d6b3e1fba8cdf2f490031e8eb24cd515a30808cdd4aa15c2a41aa0016f8082	0e080ac0130ab3f7265df01b8397e4abd13c38cb
8eb34e1fb7dd9d9f0e1fef2803812759	eb54dc959b3cc03fbd285cef9300c3cd2b7fe86b4adeb5ca7b098f90abb55b8a	5310a99f0f8c92bfa2f8da87e60c645f2cae305a
ca0fc25ce066498031dc4ca3f72de4b8	f23fecbb7386a2aa096819d857a48b853095a86c011d454da1fb8e862f2b4583	7f4d97eea294fc567b058b09cc915be56c2a80e1
5a2fcfff8d6aab9a0abe9ca97f6093ed	f6af2fa4f987df773d37d9bb44841a720817ce3817dbf1e983650b5af9295a16	f4ddf49fbf23edb23f50be62637a4a688e352057
ed98e8fa385b39ca274e0de17b1007e6	f7a737cb73802d54f7758afe4f9d0a7d2ea7fda4240904c0a79abae732605729	a69d4c2b88bfe3a06245f8fbfb8abe5e9a894cec
320db5f1230fcfe0672c8515eb9ddcfc	f7cf1e0d7756d1874630d0d697c3b0f3df0632500cff1845b6308b11059deb07	8d40dbf34a02dd43a81e5cdc58a0b11bfa9f5663
18d6af9211d0477f9251cf9524f898f3	f97848514b63e9d655a5d554e62f9e102eb477c5767638eeec9efd5c6ad443d8	b0e76be186fd609d5a8a33d59d16ffa3bdab1573

Continue reading

• Hacking Simulator
• Como Ser Un Buen Hacker
• El Mejor Hacker
• Que Es El Hacking
• Seguridad Y Hacking
• Un Hacker
• Que Hay Que Estudiar Para Ser Hacker
• Curso Growth Hacking

Collection Of Pcap Files From Malware Analysis

Update: Feb 19. 2015

We have been adding pcaps to the collection so remember to check out the folder ( Pcap collection) for the recent pcaps.

I had a project to test some malicious and exploit pcaps and collected a lot of them (almost 1000) from various public sources. You can see them in the PUBLIC folder. The credits go to the authors of the pcaps listed in the name of each file. Please visit their blogs and sites to see more information about the pcaps, see their recent posts, and send them thanks. The public pcaps have no passwords on them.




Update:Dec 13. 2014 

Despite rare updates of this post, we have been adding pcaps to the collection so remember to check out the folder ( Pcap collection (New link)) for the recent pcaps!

Update:Dec 31. 2013 - added new pcaps

I did some spring cleaning yesterday and came up with these malware and exploit pcaps. Such pcaps are very useful for IDS and signature testing and development, general education, and malware identification. While there are some online public sandboxes offering pcaps for download like Cuckoo or Anubis but  looking for them is a tedious task and you cannot be totally sure the pcap is for the malware family supposedly analysed - in other words, if the sandbox says it is Zeus does not necessarily mean that it is.

I found some good pcap repositories here (http://www.netresec.com/?page=PcapFiles) but there are very few pcaps from malware.

These are from identified and verified (to the best of my knowledge and belief - email me if you find errors) malware samples.

All of them show the first stage with the initial callback and most have the DNS requests as well. A few pcaps show extended malware runs (e.g. purplehaze pcap is over 500mb).
Most pcaps are mine, a few are from online sandboxes, and one is borrowed from malware.dontneedcoffee.com. That said, I can probably find the corresponding samples for all that have MD5 listed if you really need them. Search contagio, some are posted with the samples.

Each file has the following naming convention:
BIN [RTF, PDF] - the filetype of the dropper used, malware family name, MD5, and year+month of the malware analysis.

I will be adding more pcaps in the future. Please donate your pcaps from identified samples, I am sure many of you have.

Thank you

Download

Download all together or separately.

All pcaps archives have the same password (same scheme), email me if you need it. I tried posting it without any passwords and pass infected but they get flagged as malware. Modern AV rips though zips and zips with the pass 'infected' with ease.

APT PCAPS

Download all together or separately.

1. 2012-12-31 BIN_Xinmic_8761F29AF1AE2D6FACD0AE5F487484A5-pcap
2. 2013-09-08 BIN_TrojanPage_86893886C7CBC7310F7675F4EFDE0A29-pcap
3. 2013-09-08 BIN_Darkcomet_DC98ABBA995771480AECF4769A88756E-pcap
4. 2013-09-02 8202_tbd_ 6D2C12085F0018DAEB9C1A53E53FD4D1-pcap
5. 2013-09-02 BIN_8202_6d2c12085f0018daeb9c1a53e53fd4d1-pcap
6. 2013-09-02 BIN_Vidgrab_6fd868e68037040c94215566852230ab-pcap
7. 2013-09-02 BIN_PlugX_2ff2d518313475a612f095dd863c8aea-pcap
8. 2013-09-02 BIN_Taidoor_46ef9b0f1419e26f2f37d9d3495c499f-pcap
9. 2013-09-02 BIN_Vidgrab_660709324acb88ef11f71782af28a1f0-pcap
10. 2013-09-02 BIN_Gh0st-gif_f4d4076dff760eb92e4ae559c2dc4525-pcap.zip
11. 2013-07-15 BIN_Taleret.E_5328cfcb46ef18ecf7ba0d21a7adc02c.pcap
12. 2013-05-14 BIN_Mediana_0AE47E3261EA0A2DBCE471B28DFFE007_2012-10.pcap
13. 2013-05-14 BIN_Hupigon_8F90057AB244BD8B612CD09F566EAC0C
14. 2013-05-14 BIN_LetsGo_yahoosb_b21ba443726385c11802a8ad731771c0_2011-07-19
15. 2013-05-13 BIN_IXESHE_0F88D9B0D237B5FCDC0F985A548254F2-2013-05-pcap
16. 2013-05-06 BIN_DNSWatch_protux_4F8A44EF66384CCFAB737C8D7ADB4BB8_2012-11-pcap
17. 2013-05-06 BIN_9002_D4ED654BCDA42576FDDFE03361608CAA_2013-01-30-pcap
18. 2013-05-06 BIN_BIN_RssFeeder_68EE5FDA371E4AC48DAD7FCB2C94BAC7-2012-06-pcap (not a common name, see the traffic ssheet http://bit.ly/maltraffic )
19. 2013-04-30 BIN_MSWab_Yayih_FD1BE09E499E8E380424B3835FC973A8_us-pcap
20. 2013-04-29 BIN_LURK_AF4E8D4BE4481D0420CCF1C00792F484_20120-10-pcap
21. 2013-04-29 BIN_XTremeRAT_DAEBFDED736903D234214ED4821EAF99_2013-04-13-pcap
22. BIN_Enfal_Lurid_0fb1b0833f723682346041d72ed112f9_2013-01.pcap
23. BIN_Gh0st_variant-v2010_B1D09374006E20FA795B2E70BF566C6D_2012-08.pcap
24. BIN_Likseput_E019E37F19040059AB5662563F06B609_2012-10.pcap
25. BIN_Nettravler_1f26e5f9b44c28b37b6cd13283838366.pcap
26. BIN_Nettravler_DA5832657877514306EDD211DEF61AFE_2012-10.pcap
27. BIN_Sanny-Daws_338D0B855421867732E05399A2D56670_2012-10.pcap
28. BIN_Sofacy_a2a188cbf74c1be52681f998f8e9b6b5_2012-10.pcap
29. BIN_Taidoor_40D79D1120638688AC7D9497CC819462_2012-10.pcap
30. BIN_TrojanCookies_840BD11343D140916F45223BA05ABACB_2012_01.pcap
31. PDF_CVE-2011-2462_Pdf_2011-12.pcap
32. RTF_Mongall_Dropper_Cve-2012-0158_C6F01A6AD70DA7A554D48BDBF7C7E065_2013-01.pcap
33. OSX_DocksterTrojan.pcap

CRIMEWARE PCAPS

Download all together or separately.

1. 2013-11-12_BIN_ChePro_2A5E5D3C536DA346849750A4B8C8613A-1.pcap
2. 2013-10-15_BIN_cryptolocker_9CBB128E8211A7CD00729C159815CB1C.pcap
3. 2013-09-20_BIN_Lader-dlGameoverZeus_12cfe1caa12991102d79a366d3aa79e9.pcap
4. 2013-09-08 BIN_Tijcont_845B0945D5FE0E0AAA16234DC21484E0-pcap
5. 2013-09-08 BIN_Kelihos_C94DC5C9BB7B99658C275B7337C64B33-pcap.zip
6. 2013-08-19 BIN_Nitedrem_508af8c499102ad2ebc1a83fdbcefecb-pcap
7. 2013-08-17 BIN_sality_CEAF4D9E1F408299144E75D7F29C1810-pcap
8. 2013-08-15 BIN_torpigminiloader-pcap.zip
9. 2013-13-08 EK_popads_109.236.80.170_2013-08-13.pcap
10. 2013-11-08 BIN_Alinav5.3_4C754150639AA3A86CA4D6B6342820BE.pcap
11. 2013-08-08 BIN_BitcoinMiner_F865C199024105A2FFDF5FA98F391D74-pcap
12. 2013-08-07 BIN_ZeroAccess_Sirefef_C2A9CCC8C6A6DF1CA1725F955F991940_2013-08-pcap
13. 2013-07-05 BIN_Kuluoz-Asprox_9F842AD20C50AD1AAB41F20B321BF84B
14. 2013-05-31 Wordpress-Mutopy_Symmi_20A6EBF61243B760DD65F897236B6AD3-2pcap.pcap
15. 2013-05-15 BIN_Zeus_b1551c676a54e9127cd0e7ea283b92cc-2012-04.pcap
16. 2013-05-15 BIN_Gypthoy_3EE49121300384FF3C82EB9A1F06F288-2013-05.pcap
17. 2013-05-12 BIN_PassAlert_B4A1368515C6C39ACEF63A4BC368EDB2-2013-05-13
18. 2013-05-12 BIN_HorstProxy_EFE5529D697174914938F4ABF115F762-2013-05-13-pcap
19. 2013-05-12 BIN_Bitcoinminer_12E717293715939C5196E604591A97DF-2013-05-12-pcap
20. 2013-05-07 BIN_ZeroAccess_Sirefef_29A35124ABEAD63CD8DB2BBB469CBC7A_2013-05-pcapc
21. 2013-05-05 BIN_PowerLoader_4497A231DA9BD0EEA327DDEC4B31DA12_2013-05-pcap
22. 2013-05-05 BIN_GameThief_ECBA0FEB36F9EF975EE96D1694C8164C_2013-03-pcap
23. 2013-05-05 BIN_PowerLoader_4497A231DA9BD0EEA327DDEC4B31DA12_2013-05-pcap
24. 2013-04-27 EK_BIN_Blackhole_leadingto_Medfos_0512E73000BCCCE5AFD2E9329972208A_2013-04-pcap
25. 2013-04-26 -- BIN_Citadel_3D6046E1218FB525805E5D8FDC605361-2013-04-samp 
26. BIN_CitadelPacked_2012-05.pcap
27. BIN_CitadelUnpacked_2012-05.pcap
28. BIN_Cutwail_284Fb18Fab33C93Bc69Ce392D08Fd250_2012-10.pcap
29. BIN_Darkmegi_2012-04.pcap
30. BIN_DarknessDDoS_v8g_F03Bc8Dcc090607F38Ffb3A36Ccacf48_2011-01.pcap-
31. BIN_dirtjumper_2011-10.pcap
32. BIN_DNSChanger_2011-12.pcap
33. BIN_Drowor_worm_0f015bb8e2f93fd7076f8d178df2450d_2013-04.pcap
34. BIN_Googledocs_macadocs_2012-12.pcap
35. BIN_Imaut_823e9bab188ad8cb30c14adc7e67066d.pcap
36. BIN_IRCbot_c6716a417f82ccedf0f860b735ac0187_2013-04.pcap
37. BIN_Kelihos_aka_Nap_0feaaa4adc31728e54b006ab9a7e6afa.pcap
38. BIN_LoadMoney_MailRu_dl_4e801b46068b31b82dac65885a58ed9e_2013-04 .pcap
39. BIN_purplehaze-2012-01.pcap
40. BIN_ponyloader_470a6f47de43eff307a02f53db134289.pcap
41. BIN_Ramnitpcap_2012-01.pcap
42. BIN_Reedum_0ca4f93a848cf01348336a8c6ff22daf_2013-03.pcap
43. BIN_SpyEye_2010-02.pcap
44. BIN_Stabuniq_F31B797831B36A4877AA0FD173A7A4A2_2012-12.pcap
45. BIN_Tbot_23AAB9C1C462F3FDFDDD98181E963230_2012-12.pcap
46. BIN_Tbot_2E1814CCCF0C3BB2CC32E0A0671C0891_2012-12.pcap
47. BIN_Tbot_5375FB5E867680FFB8E72D29DB9ABBD5_2012-12.pcap
48. BIN_Tbot_A0552D1BC1A4897141CFA56F75C04857_2012-12.pcap
49. BIN_Tbot_FC7C3E087789824F34A9309DA2388CE5_2012-12.pcap
50. BIN_Tinba_2012-06.pcap
51. BIN_Vobfus_634AA845F5B0B519B6D8A8670B994906_2012-12.pcap
52. BIN_Xpaj_2012-05.pcap
53. BIN_ZeroAccess_3169969E91F5FE5446909BBAB6E14D5D_2012-10.pcap
54. BIN_ZeusGameover_2012-02.pcap
55. BIN_Zeus_2010-12.pcap
56. EK_Blackholev1_2012-03.pcap
57. EK_Blackholev1_2012-08.pcap
58. EK_Blackholev2_2012-09.pcap
59. EK_Blackhole_Java_CVE-2012-4681_2012-08.pcap
60. EK_Phoenix_2012-04.pcap
61. EK_Smokekt150(Malwaredontneedcoffee)_2012-09.pcap -  credit malware.dontneedcoffee.com

Related word

• Hacking Team
• Hacking To The Gate Lyrics
• Hacking Usb
• Life Hacking
• Manual Del Hacker
• Hardware Hacking Tools
• Experto En Seguridad Informática
• Hacking Health
• Como Hackear
• Informatico Hacker
• Hacking Games
• Linux Hacking
• El Hacker
• Hacking News
• Growth Hacking Instagram