Repository: cybertechniques/site
Branch: master
Commit: 2023a1044507
Files: 165
Total size: 130.5 KB
Directory structure:
gitextract_jr_6xujh/
├── README.md
├── analysis_tools/
│ ├── bindiff/
│ │ └── index.md
│ ├── binvis/
│ │ └── index.md
│ ├── binviz/
│ │ └── index.md
│ ├── binwalk/
│ │ └── index.md
│ ├── cff-explorer/
│ │ └── index.md
│ ├── exeinfo/
│ │ └── index.md
│ ├── filealyzer/
│ │ └── index.md
│ ├── ida/
│ │ └── index.md
│ ├── index.md
│ ├── nwdiff/
│ │ └── index.md
│ ├── ollydbg/
│ │ └── index.md
│ ├── pestudio/
│ │ └── index.md
│ ├── peview/
│ │ └── index.md
│ ├── process-monitor/
│ │ └── index.md
│ ├── scurve/
│ │ └── index.md
│ └── vizbin/
│ └── index.md
├── assembly/
│ ├── index.md
│ ├── linux/
│ │ ├── index.md
│ │ ├── x64/
│ │ │ └── index.md
│ │ └── x86/
│ │ └── index.md
│ └── windows/
│ ├── index.md
│ ├── x64/
│ │ └── index.md
│ └── x86/
│ └── index.md
├── binary-analysis/
│ ├── binary-visualization/
│ │ ├── binvis/
│ │ │ └── index.md
│ │ ├── binviz/
│ │ │ └── index.md
│ │ ├── binwalk/
│ │ │ └── index.md
│ │ ├── index.md
│ │ └── vizbin/
│ │ └── index.md
│ └── index.md
├── contact-us.md
├── history/
│ ├── groups/
│ │ ├── 29A.md
│ │ ├── 3C_Group_Cyber_Criminals_Clan.md
│ │ ├── ANVX.md
│ │ ├── ARCV_Association_of_Really_Cruel_Viruses.md
│ │ ├── ASM_Association_of_Satanic_Maniacs.md
│ │ ├── AVCR_Amateur_Virus_Creation_Research_Group.md
│ │ ├── AVM_Alternative_Virus_Mafia.md
│ │ ├── A_N_O_I_A_New_Order_of_Intelligence.md
│ │ ├── Alliance.md
│ │ ├── Anarkick_Systems.md
│ │ ├── Astigmatizm.md
│ │ ├── Australian_Institute_of_Hackers.md
│ │ ├── BHA_Badsector_Hacking_Alliance.md
│ │ ├── Brigada_Ocho.md
│ │ ├── BzZ.md
│ │ ├── CVC_Corean_Virus_Club_new.md
│ │ ├── CVC_Corean_Virus_Club_old.md
│ │ ├── CVL_Corean_Virus_Laboratory.md
│ │ ├── Computa_GangstaZ.md
│ │ ├── Cybernetic_Crew.md
│ │ ├── DAN_Digital_Anarchy.md
│ │ ├── DDT_(Dichlore_Diphenyl_Trichloretane).md
│ │ ├── DIVA_Digital_Indonesian_Vx_Authors.md
│ │ ├── DVC_Death_Virii_Crew.md
│ │ ├── DVC_Dutch_Virii_Community.md
│ │ ├── DV_Verband_Deutscher_Virenliebhaber_The_German_Association_of_Virus_Lovers.md
│ │ ├── Dark_Conspiracy.md
│ │ ├── Darkness_Sons.md
│ │ ├── Demoralized_Youth.md
│ │ ├── Diabolical_Kreations.md
│ │ ├── Diffusion.md
│ │ ├── Divide_By_Zero.md
│ │ ├── Doom_Riderz.md
│ │ ├── Electrical_Ordered_Freedom.md
│ │ ├── FCF_Fearless_Criminal_Force_Formaters_Cracking_Force.md
│ │ ├── FS_Feathered_Serpents.md
│ │ ├── Familia.md
│ │ ├── Gedzac.md
│ │ ├── Genesis.md
│ │ ├── HCDS.md
│ │ ├── HTC_95.md
│ │ ├── HVM_Hungarian_Virus_Acade_my.md
│ │ ├── Hackerz_Networx.md
│ │ ├── Hail_and_Kill.md
│ │ ├── Hazard.md
│ │ ├── IKX_International_Knowledge_eXchange.md
│ │ ├── IR_G_Immortal_Riot_Genesis.md
│ │ ├── Immortal_EAS.md
│ │ ├── Immortal_Riot.md
│ │ ├── Intergang.md
│ │ ├── Invaders.md
│ │ ├── Italian_Virus_Research_Laboratory.md
│ │ ├── JVS_Janus_Virus_Syndicate.md
│ │ ├── K_P_V_Team.md
│ │ ├── LT_RSA_Living_Turmoil_Ruthless_Stealth_Angels.md
│ │ ├── LineZer0_VX_Team.md
│ │ ├── Living_Turmoil.md
│ │ ├── Mandragora.md
│ │ ├── Matrix.md
│ │ ├── Metaphase_VX_Team.md
│ │ ├── Mikees_World.md
│ │ ├── Misdirected_Youth.md
│ │ ├── NoP.md
│ │ ├── No_Mercy.md
│ │ ├── NuKE.md
│ │ ├── PVW_Pinoy_Virus_Writers.md
│ │ ├── Phalcon-Skism.md
│ │ ├── Power_Empire_Virii_Faction.md
│ │ ├── Power_Heap_Research.md
│ │ ├── RSA_Ruthless_Stealth_Angels.md
│ │ ├── RVM_Russian_Virus_Makers.md
│ │ ├── Rabid.md
│ │ ├── Ready_Rangers_Liberation_Front.md
│ │ ├── Rioters.md
│ │ ├── SG_Stealth_Group_former_SG_World_Wide.md
│ │ ├── SLAM.md
│ │ ├── SMF.md
│ │ ├── SOS_Sign_Of_Scream.md
│ │ ├── SPS_Scientific_Programming_Society.md
│ │ ├── SVAT_Special_Viruses_And_Trojans.md
│ │ ├── SVL_Slovak_Virus_Laboratories.md
│ │ ├── SVS_Seoul_Virus_Society.md
│ │ ├── Sector_Infector_Inc.md
│ │ ├── ShadowVX_Group.md
│ │ ├── Shadow_Dancer_Team.md
│ │ ├── Silicium_Revolte.md
│ │ ├── Skamwerk_Labs.md
│ │ ├── TAVC_Tula_Anti_Viral_Club.md
│ │ ├── TDJ_The_Diabolical_Judges.md
│ │ ├── TI_Technological_Illusions.md
│ │ ├── TNN_The_Narkotic_Network.md
│ │ ├── TPVO_OVEL_Taiwan_Power_Virus_Organisation_Organization_of_Virus_Examination_Lab.md
│ │ ├── Team_Necrosis.md
│ │ ├── The_Codebreakers.md
│ │ ├── The_Kefrens.md
│ │ ├── The_Trinity.md
│ │ ├── TridenT.md
│ │ ├── Trinity.md
│ │ ├── UCSI_Ultimate_Chaos_Security_International.md
│ │ ├── V-Zone_Virus_Zone.md
│ │ ├── VBB_Virus_Bits_Bytes.md
│ │ ├── VDV_Verband_Deutscher_Virenliebhaber_The_German_Association_Of_Virus_Lovers.md
│ │ ├── VLAD_Virus_Laboratory_And_Distribution.md
│ │ ├── VOFCA_Virus_and_Other_Fine_Code_Authors.md
│ │ ├── VXI_VX_India.md
│ │ ├── Viper_Viral_Inclined_Programming_Experts_Group.md
│ │ ├── ViroGenic_Junkies.md
│ │ ├── Virulent_Graffiti.md
│ │ ├── WAVE_World_Association_of_Virus_Enhancement.md
│ │ ├── Youths_Against_McAfee.md
│ │ ├── ZeroGravity.md
│ │ └── index.md
│ ├── index.md
│ └── magazines/
│ └── index.md
├── index.md
├── malware/
│ └── index.md
├── scripts/
│ ├── change_extension.sh
│ ├── create_dirs.sh
│ └── mv_files.sh
└── techniques/
├── index.md
└── obfuscation/
├── code_integration/
│ └── index.md
├── code_transposition/
│ └── index.md
├── dead_code/
│ └── index.md
├── encryption/
│ ├── common_encrypters/
│ │ └── index.md
│ └── index.md
├── index.md
├── instruction_substitution/
│ └── index.md
├── metamorphism/
│ └── index.md
├── oligamorphism/
│ └── index.md
├── packing/
│ └── index.md
├── polymorphism/
│ └── index.md
├── register_reassignment/
│ └── index.md
├── stealthy_code/
│ └── index.md
└── subroutine_ordering/
└── index.md
================================================
FILE CONTENTS
================================================
================================================
FILE: README.md
================================================
# Cybertechniques site pages
## See www.cybertechniques.net for more information
================================================
FILE: analysis_tools/bindiff/index.md
================================================
---
layout: default
title: bindiff
permalink: /analysis_tools/bindiff/
tags:
- cybertechniques
- cyber
- bindiff
---
bindiff
=======
Home Page
---------
[bindiff](http://www.zynamics.com/bindiff.html)
Description
-----------
BinDiff is a comparison tool for binary files, that assists vulnerability researchers and engineers to quickly find differences and similarities in disassembled code.
With BinDiff you can identify and isolate fixes for vulnerabilities in vendor-supplied patches. You can also port symbols and comments between disassemblies of multiple versions of the same binary or use BinDiff to gather evidence for code theft or patent infringement.
Screenshots
-----------
{: .imagefull}
Download Link
-------------
[Download](http://www.zynamics.com/software.html)
================================================
FILE: analysis_tools/binvis/index.md
================================================
---
layout: default
title: binvis
permalink: /analysis_tools/binvis/
tags:
- cybertechniques
- cyber
- replace-me-tool-name
---
binvis
====================
See [scurve](scurve/) also
Home Page
---------
http://binvis.io/
Description
-----------
Web based binary analyzer
Screenshots
-----------
{: .imagefull}
Download Link
-------------
[binvis](https://github.com/cortesi/scurve/blob/master/binvis)
================================================
FILE: analysis_tools/binviz/index.md
================================================
---
layout: default
title: replace-me-tool-name
permalink: /analysis_tools/binviz/
tags:
- cybertechniques
- cyber
- binviz
---
binviz
====================
Home Page
---------
No home page
Description
-----------
Note that binviz is a research prototype
binviz was written in Visual C# (VS2005 or maybe VS2008). The .zip is the project (source) file so it should load into visual studio and run. There is also a compiled .exe in... /binviz_0.44bw/binviz_0.01/bin/Debug/. You should just be able to double click it and run on a Windows machine. I developed it under XP, but have since used it under Windows 7 and it worked more or less the same. (mouseover event behavior is a little different, but still usable).
Useful Papers
-------------
http://www.rumint.org/gregconti/publications/taxonomy-bh.pdf
http://www.rumint.org/gregconti/publications/2008_VizSEC_FileVisualization_v53_final.pdf
http://www.rumint.org/gregconti/publications/200808_binviz38_dc_final.ppt
Screenshots
-----------
{: .imagefull}
Download Link
-------------
[binviz](http://www.rumint.org/gregconti/publications/binviz_0.zip)
================================================
FILE: analysis_tools/binwalk/index.md
================================================
---
layout: default
title: binwalk
permalink: /analysis_tools/binwalk/
tags:
- cybertechniques
- cyber
- binwalk
---
bindiff
=======
Home Page
---------
http://binwalk.org/
Description
-----------
Binwalk is a firmware analysis tool designed for analyzing, reverse engineering and extracting data contained in firmware images.
Binwalk can:
* Find and extract interesting files / data from binary images
* Find and extract raw compression streams
* Identify opcodes for a variety of architectures
* Perform data entropy analysis
* Diff an arbitrary number of files
Screenshots
-----------
{: .imagefull}
Download Link
-------------
[https://github.com/devttys0/binwalk/releases/latest](https://github.com/devttys0/binwalk/releases/latest)
Installation
------------
See the [installation documentation](https://raw.githubusercontent.com/devttys0/binwalk/master/INSTALL.md)
```bash
$ sudo ./deps.sh
```
```bash
# Python2.7
$ sudo python setup.py install
```
================================================
FILE: analysis_tools/cff-explorer/index.md
================================================
---
layout: default
title: CFF Explorer
permalink: /analysis_tools/cff-explorer/
tags:
- cybertechniques
- cyber
- cffexplorer
---
CFF Explorer
============
Home Page
---------
[CFF Explorer](http://www.ntcore.com/exsuite.php)
Description
-----------
A freeware suite of tools including a PE editor called CFF Explorer and a process viewer.
Features:
* Full support for PE32/64
* Special fields description and modification (.NET supported)
* utilities
* rebuilder
* hex editor
* import adder
* signature scanner
* signature manager
* extension support
* scripting
* disassembler
* dependency walker etc.
First PE editor with support for .NET internal structures.
Resource Editor (Windows Vista icons supported) capable of handling .NET manifest resources.
Screenshots
-----------
{: .imagefull}
{: .imagefull}
Download Link
-------------
[Download](http://www.ntcore.com/files/ExplorerSuite.exe)
================================================
FILE: analysis_tools/exeinfo/index.md
================================================
---
layout: default
title: EXEinfo
permalink: /analysis_tools/exeinfo/
tags:
- cybertechniques
- cyber
- exeinfo
---
EXEinfo
=======
Home Page
---------
[EXEinfo](https://sourceforge.net/projects/exeinfope/)
Description
-----------
ExEinfo PE Win32 bit identifier by A.S.L. - exe pe checker for packers, exeprotectors, packer detector with solve hint for unpack .
Internal zip ripper exe pe ripper ...
VBasicfake sign added.
MD5 and SHA1 file calculator.
.NET detector , analyze executable.
Non executable file detection.
Detect Internet behavior for updaters and PUA downloaders.
Small script Engine for Patch create.
Truncate file tool and adding overlay to file empty or from file.
.NET PE save streams to disk.
Screenshots
-----------
{: .imagefull}
Download Link
-------------
[Download](http://downloads.sourceforge.net/project/exeinfope/exeinfope.zip)
================================================
FILE: analysis_tools/filealyzer/index.md
================================================
---
layout: default
title: FileAlyzer
permalink: /analysis_tools/filealyzer/
tags:
- cybertechniques
- cyber
- filealyzer
---
FileAlyzer
==========
Home Page
---------
[FileAlyzer](https://www.safer-networking.org/products/filealyzer/)
Description
-----------
FileAlyzer is a tool to analyze files – the name itself was initially just a typo of FileAnalyzer, but after a few days I decided to keep it. FileAlyzer allows a basic analysis of files (showing file properties and file contents in hex dump form) and is able to interpret common file contents like resources structures (like text, graphics, HTML, media and PE).
Screenshots
-----------
{: .imagefull}
Download Link
-------------
[Download](http://www.spybotupdates.com/files/filealyz-2.0.5.57.exe#hash%28md5:D670C0B28E93941AD2FFB774DB271486%29)
================================================
FILE: analysis_tools/ida/index.md
================================================
---
layout: default
title: IDA
permalink: /analysis_tools/ida/
tags:
- cybertechniques
- cyber
- ida
---
IDA
===
Home Page
---------
[IDA](https://www.hex-rays.com/products/ida/)
Description
-----------
IDA combines an interactive, programmable, multi-processor
disassembler coupled to a local and remote debugger and augmented by a complete plugin
programming environment
Screenshots
-----------
{: .imagefull}
Download Link
-------------
[Download](https://out7.hex-rays.com/files/idafree50.exe)
================================================
FILE: analysis_tools/index.md
================================================
---
layout: default
title: Analysis Tools
permalink: /analysis_tools/
tags:
- cybertechniques
- cyber
- analysis tools
---
Analysis Tools
==============
* [BinDiff](bindiff/)
* [Binwalk](binwalk/)
* [CFF Explorer](cff-explorer/)
* [exeinfo](exeinfo/)
* [filealyzer](filealyzer/)
* [IDA](ida/)
* [nwdiff](nwdiff/)
* [OllyDBG](ollydbg/)
* [pestudio](pestudio/)
* [peview](peview/)
* [Process Monitor](process-monitor/)
* [scurve](scurve/)
* [VizBin](vizbin/)
Page Template
-------------
```
---
layout: default
title: replace-me-tool-name
permalink: /analysis_tools/replace-me-tool-name/
tags:
- cybertechniques
- cyber
- replace-me-tool-name
---
replace-me-tool-name
====================
Home Page
---------
http://replace-me-tool-website/
Description
-----------
Screenshots
-----------
{: .imagefull}
Download Link
-------------
[replace-me-tool-download-link](#)
Installation
------------
\`\`\`
special install instructions not mentioned on the tools website
\`\`\`
```
================================================
FILE: analysis_tools/nwdiff/index.md
================================================
---
layout: default
title: nwdiff
permalink: /analysis_tools/nwdiff/
tags:
- cybertechniques
- cyber
- nwdiff
---
nwdiff
======
Home Page
---------
[nwdiff](http://www.geocities.jp/belden_dr/ToolNwdiff_Eng.html)
Description
-----------
Binary comparison tool
Screenshots
-----------
{: .imagefull}
Download Link
-------------
[Download](http://www.geocities.jp/belden_dr/Nwdiff.lzh)
================================================
FILE: analysis_tools/ollydbg/index.md
================================================
---
layout: default
title: ollydbg
permalink: /analysis_tools/ollydbg/
tags:
- cybertechniques
- cyber
- ollydbg
---
ollydbg
=======
Home Page
---------
[ollydbg](http://www.ollydbg.de/)
Description
-----------
Highlights:
* Intuitive user interface, no cryptical commands
* Code analysis - traces registers, recognizes procedures, loops, API calls, switches, tables, constants and strings
* Directly loads and debugs DLLs
* Object file scanning - locates routines from object files and libraries
* Allows for user-defined labels, comments and function descriptions
* Understands debugging information in Borland® format
* Saves patches between sessions, writes them back to executable file and updates fixups
* Open architecture - many third-party plugins are available
* No installation - no trash in registry or system directories
* Debugs multithread applications
* Attaches to running programs
* Configurable disassembler, supports both MASM and IDEAL formats
* MMX, 3DNow! and SSE data types and instructions, including Athlon extensions
* Full UNICODE support
* Dynamically recognizes ASCII and UNICODE strings - also in Delphi format!
* Recognizes complex code constructs, like call to jump to procedure
* Decodes calls to more than 1900 standard API and 400 C functions
* Gives context-sensitive help on API functions from external help file
* Sets conditional, logging, memory and hardware breakpoints
* Traces program execution, logs arguments of known functions
* Shows fixups
* Dynamically traces stack frames
* Searches for imprecise commands and masked binary sequences
* Searches whole allocated memory
* Finds references to constant or address range
* Examines and modifies memory, sets breakpoints and pauses program on-the-fly
* Assembles commands into the shortest binary form
* Starts from the floppy disk
Screenshots
-----------
{: .imagefull}
Download Link
-------------
[Download](http://www.ollydbg.de/odbg110.zip)
================================================
FILE: analysis_tools/pestudio/index.md
================================================
---
layout: default
title: pestudio
permalink: /analysis_tools/pestudio/
tags:
- cybertechniques
- cyber
- pestudio
---
pestudio
========
Home Page
---------
[pestudio](https://www.winitor.com/)
Description
-----------
pestudio is a tool that is used in many Cyber Emergency Response Teams (CERT) worldwide in order to perform malware initial assessment.
Malicious software often attempts to hide its intents in order to evade early detection and static analysis. In doing so, it often leaves suspicious patterns, unexpected metadata, and sometimes even anomalies.
The goal of pestudio is to spot these artifacts in order to ease and accelerate the Malware Initial Assessment. The tool uses a powerful parser and a flexible set of configuration files that are used to provide many of indicators and determine thresholds. Since the file being analyzed is never started, you can inspect any unknown or malicious executable file and even ransomware without a risk of infection.
Screenshots
-----------
{: .imagefull}
Download Link
-------------
[Download](https://www.winitor.com/tools/pestudio851.zip)
================================================
FILE: analysis_tools/peview/index.md
================================================
---
layout: default
title: peview
permalink: /analysis_tools/peview/
tags:
- cybertechniques
- cyber
- peview
---
PEView
======
Home Page
---------
[pestudio](http://wjradburn.com/software/)
Description
-----------
PEview provides a quick and easy way to view the structure and content of 32-bit Portable Executable (PE) and Component Object File Format (COFF) files. This PE/COFF file viewer displays header, section, directory, import table, export table, and resource information within EXE, DLL, OBJ, LIB, DBG, and other file types.
Screenshots
-----------
{: .imagefull}
Download Link
-------------
[Download](http://wjradburn.com/software/PEview.zip)
================================================
FILE: analysis_tools/process-monitor/index.md
================================================
---
layout: default
title: Process Monitor
permalink: /analysis_tools/process-monitor/
tags:
- cybertechniques
- cyber
- process monitor
---
Process Monitor
===============
Home Page
---------
[Process Monitor](https://technet.microsoft.com/en-us/sysinternals/bb896645)
Description
-----------
Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit.
Screenshots
-----------
{: .imagefull}
Download Link
-------------
[Download](https://download.sysinternals.com/files/ProcessMonitor.zip)
================================================
FILE: analysis_tools/scurve/index.md
================================================
---
layout: default
title: scurve
permalink: /analysis_tools/scurve/
tags:
- cybertechniques
- cyber
- scurve
---
scurve
======
Home Page
---------
[bindiff](https://github.com/cortesi/scurve)
Description
-----------
What scurve consists of:
* binvis: Visualize binaries using space-filling curves.
* colorswatch: Creates a swatch with a visual breakdown of the colours contained in a specified image.
* cube: Outputs a POV-Ray definition file for drawing 3-dimensional curves.
* drawcurve: Generates two dimensional lines-and-vertexes drawings of space-filling curves.
* gray: Prints a bit representation of the Gray codes of a specified bit width.
* testpattern: Projects a 3-dimensional traversal of the RGB colour cube onto a specified two-dimensional curve.
Screenshots
-----------
{: .imagefull}
Download Link
-------------
[Download](https://github.com/cortesi/scurve)
================================================
FILE: analysis_tools/vizbin/index.md
================================================
---
layout: default
title: VizBin
permalink: /analysis_tools/vizbin/
tags:
- cybertechniques
- cyber
- vizbin
---
VizBin
======
Home Page
---------
[VizBin](http://claczny.github.io/VizBin/)
Description
-----------
The gist of the concept is that VizBin uses the state-of-the-art nonlinear dimension reduction algorithm BH-SNE and appropriate data transformation to visualize (assembled) metagenomic data-inherent clusters.
Screenshots
-----------
{: .imagefull}
Download Link
-------------
[VizBin](https://github.com/claczny/VizBin/blob/master/VizBin-dist.jar?raw=true)
================================================
FILE: assembly/index.md
================================================
---
layout: default
title: assembly
permalink: /assembly/
tags:
- assembly
- cybertechniques
---
Assembly
========
Welcome to the assembly page
The page you are looking for will be at one of the following links:
* [Windows x86](windows/x86/)
* [Windows x64](windows/x64/)
* [Linux x32](linux/x86/)
* [Linux x64](linux/x64/)
================================================
FILE: assembly/linux/index.md
================================================
---
layout: default
title: linux assembly
permalink: /assembly/linux/
tags:
- assembly
- linux
---
Assembly - Linux
================
* [x86](/assembly/linux/x86/)
* [x64](/assembly/linux/x64/)
================================================
FILE: assembly/linux/x64/index.md
================================================
---
layout: default
title: 64-bit linux assembly
permalink: /assembly/linux/x64/
tags:
- assembly
- linux
- 64 bit
---
Assembly - Linux - 64 bit
=========================
================================================
FILE: assembly/linux/x86/index.md
================================================
---
layout: default
title: 32-bit linux assembly
permalink: /assembly/linux/x86/
tags:
- assembly
- linux
- 32-bit
---
Assembly - Linux - 32 bit
=========================
================================================
FILE: assembly/windows/index.md
================================================
---
layout: default
title: Windows Assembly
permalink: /assembly/windows/
tags:
- assembly
- windows
---
Assembly - Windows
================
* [x86](/assembly/windows/x86/)
* [x64](/assembly/windows/x64/)
================================================
FILE: assembly/windows/x64/index.md
================================================
---
layout: default
title: 64-bit windows assembly
permalink: /assembly/windows/x64/
tags:
- assembly
- windows
- 64-bit
---
Assembly - Windows - 64 bit
===========================
================================================
FILE: assembly/windows/x86/index.md
================================================
---
layout: default
title: 32-bit windows assembly
permalink: /assembly/windows/x86/
tags:
- assembly
- windows
- 32-bit
---
Assembly - Windows - 32 bit
===========================
================================================
FILE: binary-analysis/binary-visualization/binvis/index.md
================================================
---
layout: default
title: binvis Tutorial
permalink: /binary-analysis/binary-visualization/binvis/
tags:
- cybertechniques
- cyber
- binvis tutorial
---
binvis Tutorial
===============
binvis options
--------------
* {: .imagefull}
Step 1
------
### We start the tutorial by downloading putty
* [putty download](https://the.earth.li/~sgtatham/putty/latest/x86/putty.exe)
Step 2
------
### Then use upx to pack the putty executable
* {: .imagefull}
Step 3
------
### Use binvis on the unpacked putty executable
* {: .imagefull}
Step 4
------
### Run binvis using the packed putty executable
Results
-------
### For the packed putty you should see a result like the following:
* {: .imagefull}
### For the unpacked putty you should see a result like the following:
* {: .imagefull}
### It is easy to see how there are differences in the visualizations shown between the packed and unpacked putty executables.
================================================
FILE: binary-analysis/binary-visualization/binviz/index.md
================================================
---
layout: default
title: binviz Tutorial
permalink: /binary-analysis/binary-visualization/binviz/
tags:
- cybertechniques
- cyber
- binviz tutorial
---
binviz Tutorial
===============
Step 1
------
### We start the tutorial by downloading putty
* [putty download](https://the.earth.li/~sgtatham/putty/latest/x86/putty.exe)
Step 2
------
### Then use upx to pack the putty executable
* {: .imagefull}
Step 3
------
### Open the unpacked putty executable using the binviz program
### The binviz program has very basic menu options. You can click in the menu to get different windows to be shown or hidden.
### An example of the unpacked putty is shown below:
{: .imagefull}
### Below is an example of the packed putty
{: .imagefull}
Results
-------
### You can see how there are differences in the visualizations shown between the packed and unpacked putty executables.
================================================
FILE: binary-analysis/binary-visualization/binwalk/index.md
================================================
---
layout: default
title: binwalk tutorial
permalink: /binary-analysis/binary-visualization/binwalk/
tags:
- cybertechniques
- cyber
- binwalk tutorial
---
binwalk Tutorial
===============
Step 1
------
### We start the tutorial by downloading putty
* [putty download](https://the.earth.li/~sgtatham/putty/latest/x86/putty.exe)
Step 2
------
### Then use upx to pack the putty executable
* {: .imagefull}
Step 3
------
### Use binwalk to see the contents of the unpacked putty executable
{: .imagefull}
### Use binwalk to see the contents of the packed putty executable
{: .imagefull}
Results
-------
### It is easy to see how just the packing of the executable alters what contents the program is able to easy extract from the executable
### Below you can see the graphical results of the unpacked putty executable:
{: .imagefull}
### Below you can see the graphical results of the packed putty executable:
{: .imagefull}
================================================
FILE: binary-analysis/binary-visualization/index.md
================================================
---
layout: default
title: Binary Visualization
permalink: /binary-analysis/binary-visualization/
tags:
- cybertechniques
- binary analysis
- binary visualization
---
Binary Visualization
====================
You can find out more information about the following tools by clicking [here](http://www.cybertechniques.net/analysis_tools/)
### Tool Usage Tutorials
* [binvis](binvis/)
* [binviz](binviz/)
* [binwalk](binwalk/)
* [vizbin](vizbin/)
================================================
FILE: binary-analysis/binary-visualization/vizbin/index.md
================================================
---
layout: default
title: VizBin Tutorial
permalink: /binary-analysis/binary-visualization/vizbin/
tags:
- cybertechniques
- cyber
- vizbin tutorial
---
VizBin Tutorial
===============
Basic tutorial
--------------
| Description | Picture |
|--------------------------- | --------------------------|
| To run VizBin double click the VizBin-dist.jar icon|{: .imagefull}|
| Upon your first run, VizBin will initialize the settings only once. This window will not appear in future executions of VizBin. | {: .imagefull} |
| This is how the main window looks like. | {: .imagefull} |
| To specify the input sequences in fasta format, click on the "Choose" button | {: .imagefull} |
| Navigate to the directory containing your input sequences in fasta format. Here, we have them in `Desktop/Data/` | {: .imagefull} {: .imagefull} |
| Choose your file of interest, here `EssentialGenes.fa` | {: .imagefull} |
| The path to your file of interest should now appear in the "File to visualize" box. | {: .imagefull} |
| To start, simply click on the "Start" button. | {: .imagefull} |
| Upon successful termination, a scatterplot will appear in which you will be able to select your clusters of interest. Please also have a look at the general note below. | {: .imagefull} |
| Now you can choose your group of points for which you want the corresponding sequences to be exported to a seperate fasta file. Simply use the left mouse-click to create a polygonal selection. All sequences corresponding to the points inside of this polygon will be exported. | {: .imagefull}{: .imagefull}{: .imagefull}{: .imagefull}|
| Clicking the right mouse button (anywhere within the visualization) will open a menu where you can choose to export your selection. A confirmation window will apear. | {: .imagefull} |
| Press "yes" to continue exporting. Press "No" if you want to continue with your selection. Press "Cancel" if you want to start with a fresh polygonal selection without saving the current selection. | {: .imagefull} |
| Finally, choose the destination for your to-be-exported sequences and give the file a name, here `EssentialGenes_Polygon01.fa`. | {: .imagefull} |
#### A general note
We tried hard such that VizBin would produce identical between different platforms. However, due to various reasons (e.g., different optimizations done by the different (cross-)compilers, different numerical precision) the resulting 2D scatterplots might look slightly different but should be comparable qualitatively. In other words, it can happen that running VizBin on a Linux-machine or on a Windows-machine with the _same_ input fasta file will give you slightly different visualizations. However, the difference should be only in the relative position but not overall shape of the individual clusters. Hence, a particular cluster might not be at the same position on both machines but the clusters should be readily separated from other clusters and thus should be intuitively selectable with the polygon.
### Advanced options
Here we explain what the additional options (hidden by default) allow you to do. After clicking on "Show additional options", you will see different fields which can be modified:
{: .imagefull}
| Option name | Explanation |
|-----------------|-----------------|
| Point file (optional) | After computation of the 2D coordinates, this data is available in the `points.txt` file in the temporary directory (see your log-file). Specifying this file here makes VizBin create a visualization based on this previously computed data. A basic check is integrated to verify if the number of sequences specified in the "File to visualise" matches the number of points in `points.txt`. However, it is up to you to make sure you are indeed using the same sequences that were used in the initial creation of the chosen `points.txt` file. A future version of VizBin will integrate a convenient way of saving a session including the sequences, computed 2D coordinates etc. |
| Annotation file (optional) | This file allows you to provide additional information that will the be displayed by size, color, and/or opaqueness of individual points. The format of the file is CSV, i.e., the columns must be separated by a comma. The first line of the file must contain information on what information you provide in which column and only the following types are currently supported and have to be specified exactly as listed: `label`, `length`, `isMarker`, `coverage`, and `gc`. You may provide them in any order, e.g., `coverage,length,label,isMarker`, however, `coverage` and `gc` are mutually **exclusive**. Besides this header line, the following lines must match the order of the contigs in the fasta file and contain the information per column corresponding to the type of that column in the header. Accordingly, the first anntation line corresponds to the first sequence, the second annotation line to the second sequence and so on. You can find an example annotation file in [example dataset AMFJ01](http://claczny.github.io/VizBin/data/AMFJ01.zip).|
| Kmer length | This specifies the length of the _k_ mer that is used to compute the genomic signature. We found _k_ = 5 to work best. This value can be decreased or increased but bare in mind that the number of possible _k_ mers grows exponentially: 4^5 for _k_ = 4, 4^6 for _k_ = 6 etc. We have **not** yet tested the behavior of the application for larger _k_ than 5. |
| Merge rev compl | This "collapses" _k_-mers and their reverse complements to mitigate strand bias. |
| PCA columns | This represents the number of dimensions (principal components) that are kept when running the initial PCA. The default of 50 is suggested by the original [BH-SNE publication](http://homepage.tudelft.nl/19j49/t-SNE.html). |
| Theta | More details on different values of "Theta" can be found in the original [BH-SNE publication](http://homepage.tudelft.nl/19j49/t-SNE.html).|
| Perplexity | More details on different values of "Perplexity" can be found in the original [BH-SNE publication](http://homepage.tudelft.nl/19j49/t-SNE.html). As a general note, should you have a small number of sequences, e.g., below 100, then you should decrease the perplexity value. Think of it as the expected number of neighbors. This might help you to choose a reasonable smaller value. Start maybe by decreasing it slowly from the default value. Since you have few sequences, the computation should be fast. |
| Seed | BH-SNE is solving a non-convex optimization problem. Thus, the solver can end up in a local optimum which must not necessarily be a global optimum. Setting this value to something different than the default of "0" allows you to see if a different initialization leads to a markedly improved result. We found that the results are generally robust with respect to different initializations. Please note that the 2D scatterplots will be different in shape but should be qualitatively comparable. Make sure to remember this value and adust it if you want to reproduce results obtained on the same machine.|
| PCA library | We integrated two libraries for computing the PCA. The default `Mtj` is more efficient, in particular on large datasets This is, among others, due to some optimization we integrated. It should work on all platforms. For legacy reasons, we also provide the PCA version of `EJML`.|
| Take logarithm of coverage & length? | This option allows you to transform your coverage & length values using the natural logarithm (i.e., at the base `e`. This is enabled by default but should you provide your own transformation of the coverage & length values, simply set it to `No`and VizBin will use the values you specified without any transformation. This option is only effective if you provide an annotation file containing this information, s.a. `Annotation file` above. |
================================================
FILE: binary-analysis/index.md
================================================
---
layout: default
title: Binary Analysis
permalink: /binary-analysis/
tags:
- cybertechniques
- binary analysis
---
Binary Analysis
===============
Binary Visualization
------------------------
[Binary Visualization](binary-visualization)
================================================
FILE: contact-us.md
================================================
---
layout: default
title: Contact Us
permalink: /contact-us/
tags:
- cybertechniques
- cyber
- contact
---
# Contact Us
## If you would like to contact us, please send an email to: contact@cybertechniques.net
================================================
FILE: history/groups/29A.md
================================================
---
layout: default
title: 29A
permalink: /history/groups/29A/
tags:
- cyber
---
29A
===
Origin
------
Spain
Description
-----------
A group that emerged at the end of 1996. Although they were relative newcomers then they now are a dominant group with a lot of viral talent. Well known individuals have joined the group to create viruses from all types. Their four zines contain many viruses and several tutorials. Generally it is very quiet around the group and most activities are seen close to the release of one of their well known e-zines. "29A" is hexadecimal for the number "666".
Website
-------
http://vxheaven.org/links.php?redir=http://vxheaven.org/29a/
Reference
---------
http://vxheaven.org/vx.php?id=g000
================================================
FILE: history/groups/3C_Group_Cyber_Criminals_Clan.md
================================================
---
layout: default
title: 3C Group (Cyber Criminals Clan)
permalink: /history/groups/3C_Group_Cyber_Criminals_Clan/
tags:
- cyber
---
3C Group (Cyber Criminals Clan)
===============================
Origin
------
Unknown
Description
-----------
A group that emerged early 1999. Members are new to the scene and produce viruses with an emphasis on macro viruses. The group also explores the hacking scene. The group was renamed to ZeroGravity early 2000.
Website
-------
None
Reference
---------
http://vxheaven.org/vx.php?id=g001
================================================
FILE: history/groups/ANVX.md
================================================
---
layout: default
title: ANVX
permalink: /history/groups/ANVX/
tags:
- cyber
---
ANVX
====
Origin
------
Unknown
Description
-----------
Known members: Industry, Retro, DiA, Xyver, s4rin
Website
-------
None
Reference
---------
http://vxheaven.org/vx.php?id=ga09
================================================
FILE: history/groups/ARCV_Association_of_Really_Cruel_Viruses.md
================================================
---
layout: default
title: ARCV (Association of Really Cruel Viruses)
permalink: /history/groups/ARCV_Association_of_Really_Cruel_Viruses/
tags:
- cyber
---
ARCV (Association of Really Cruel Viruses)
==========================================
Origin
------
United Kingdom
Description
-----------
Virus authoring group responsible for around 50 viruses. Arrests were made in February 1993.
Website
-------
None
Reference
---------
http://vxheaven.org/vx.php?id=ga03
================================================
FILE: history/groups/ASM_Association_of_Satanic_Maniacs.md
================================================
---
layout: default
title: ASM (Association of Satanic Maniacs)
permalink: /history/groups/ASM_Association_of_Satanic_Maniacs/
tags:
- cyber
---
ASM (Association of Satanic Maniacs)
====================================
Origin
------
Unknown
Description
-----------
Virus oriented group that emerged at the end of 1998. Outside the computer virus scene they are also active in the cracking scene.
Magaizine
---------
[DIE Magazine](http://vxheaven.org/vx.php?id=zd03)
Website
-------
None
Reference
---------
http://vxheaven.org/vx.php?id=ga05
================================================
FILE: history/groups/AVCR_Amateur_Virus_Creation_Research_Group.md
================================================
---
layout: default
title: AVCR (Amateur Virus Creation & Research Group)
permalink: /history/groups/AVCR_Amateur_Virus_Creation_Research_Group/
tags:
- cyber
---
AVCR (Amateur Virus Creation & Research Group)
==============================================
Origin
------
United States
Description
-----------
A short lived virus "research" group that recently emerged and disappeared in the USA.
Website
-------
None
Reference
---------
http://vxheaven.org/vx.php?id=ga07
================================================
FILE: history/groups/AVM_Alternative_Virus_Mafia.md
================================================
---
layout: default
title: AVM (Alternative Virus Mafia)
permalink: /history/groups/AVM_Alternative_Virus_Mafia/
tags:
- cyber
---
AVM (Alternative Virus Mafia)
=============================
Origin
------
International
Description
-----------
Virus authoring group that emerged at the end of 1998. Information is limited. The group sporadically released material but was not too active in showing a group identity. After the Melissa virus chaos no more was heard from the group.
Website
-------
None
Reference
---------
http://vxheaven.org/vx.php?id=ga08
================================================
FILE: history/groups/A_N_O_I_A_New_Order_of_Intelligence.md
================================================
---
layout: default
title: A.N.O.I. (A New Order of Intelligence)
permalink: /history/groups/A_N_O_I_A_New_Order_of_Intelligence/
tags:
- cyber
---
A.N.O.I. (A New Order of Intelligence)
======================================
Origin
------
Sweden
Description
-----------
Virus authoring group responsible for around 15+ viruses. Formerly known as BetaBoys and F.P.C.P. (Funky Pack of CyberPunks).
Website
-------
None
Reference
---------
http://vxheaven.org/vx.php?id=ga02
================================================
FILE: history/groups/Alliance.md
================================================
---
layout: default
title: Alliance
permalink: /history/groups/Alliance/
tags:
- cyber
---
Alliance
========
Origin
------
International
Description
-----------
A 1996 addition to the virus scene this group is mainly Internet (Web) based. Their members list is long and in a constant state of flux, people seem to come and go around the clock. Among these mainly HPA oriented members only a limited few meddle with viruses. The group is inactive or has been disbanded.
Website
-------
None
Reference
---------
http://vxheaven.org/vx.php?id=ga01
================================================
FILE: history/groups/Anarkick_Systems.md
================================================
---
layout: default
title: Anarkick Systems
permalink: /history/groups/Anarkick_Systems/
tags:
- cyber
---
Anarkick Systems
================
Origin
------
United States
Description
-----------
Virus authoring group responsible for 15+ viruses.
Website
-------
None
Reference
---------
http://vxheaven.org/vx.php?id=ga04
================================================
FILE: history/groups/Astigmatizm.md
================================================
---
layout: default
title: Astigmatizm
permalink: /history/groups/Astigmatizm/
tags:
- cyber
---
Astigmatizm
===========
Origin
------
Philippines
Description
-----------
A group of computer science (AMAC and Adamson University) students. A few of their limited number of viruses can be found at their site.
Website
-------
None
Reference
---------
http://vxheaven.org/vx.php?id=ga06
================================================
FILE: history/groups/Australian_Institute_of_Hackers.md
================================================
---
layout: default
title: Australian Institute of Hackers
permalink: /history/groups/Australian_Institute_of_Hackers/
tags:
- cyber
---
Australian Institute of Hackers
===============================
Origin
------
Australia
Description
-----------
Disbanded virus authoring group responsible for, among other things, the Australian Parasite series and several virus tutorials. Dark Fiber for a while ended up with NuKE and continued as a solo / freelance writer.
Website
-------
None
Reference
---------
http://vxheaven.org/vx.php?id=ga00
================================================
FILE: history/groups/BHA_Badsector_Hacking_Alliance.md
================================================
---
layout: default
title: BHA (Badsector Hacking Alliance)
permalink: /history/groups/BHA_Badsector_Hacking_Alliance/
tags:
- cyber
---
BHA (Badsector Hacking Alliance)
================================
Origin
------
Unknown
Description
-----------
A hacking group that also has an interest in computer viruses. Apparently changed their name to Badsector Networx early 2000.
Magazine
--------
[Bad Byte](http://vxheaven.org/vx.php?id=zb00)
Website
-------
None
Reference
---------
http://vxheaven.org/vx.php?id=gb00
================================================
FILE: history/groups/Brigada_Ocho.md
================================================
---
layout: default
title: Brigada Ocho
permalink: /history/groups/Brigada_Ocho/
tags:
- cyber
---
Brigada Ocho
============
Origin
------
Unknown
Description
-----------
Known members past and present: alcopaul, arkhangel, energy, secuxp
Magazine
--------
[Brigada Ocho](http://vxheaven.org/vx.php?id=zb02)
Website
-------
None
Reference
---------
http://vxheaven.org/vx.php?id=gb02
================================================
FILE: history/groups/BzZ.md
================================================
---
layout: default
title: BzZ
permalink: /history/groups/BzZ/
tags:
- cyber
---
BzZ
===
Origin
------
Russian Federation
Description
-----------
Not much is known about this virus oriented hacking group. They have produced a virus creation kit (VML)
Website
-------
None
Reference
---------
http://vxheaven.org/vx.php?id=gb01
================================================
FILE: history/groups/CVC_Corean_Virus_Club_new.md
================================================
---
layout: default
title: CVC (Corean Virus Club, new)
permalink: /history/groups/CVC_Corean_Virus_Club_new/
tags:
- cyber
---
CVC (Corean Virus Club, new)
============================
Origin
------
Republic Of Korea
Description
-----------
Group that was created from the remnants of the CVC [Corean Virus Club, old](http://vxheaven.org/vx.php?id=gc03), SVS [Seoul Virus Society](http://vxheaven.org/vx.php?id=gs12) and the recent CVL [Corean Virus Laboratory](http://vxheaven.org/vx.php?id=gc04).
Magazine
--------
[CVC/CVL](http://vxheaven.org/vx.php?id=zc07)
Website
-------
None
Reference
---------
http://vxheaven.org/vx.php?id=gc02
================================================
FILE: history/groups/CVC_Corean_Virus_Club_old.md
================================================
---
layout: default
title: CVC (Corean Virus Club, old)
permalink: /history/groups/CVC_Corean_Virus_Club_old/
tags:
- cyber
---
CVC (Corean Virus Club, old)
============================
Origin
------
Republic Of Korea
Description
-----------
Group responsible for a large number of the known Korean viruses. In the beginning of 1998 several members of CVC were arrested by Korean police and the group split up. A new group called CVL emerged after the arrests to continue the work of CVC. Still later members of the old CVC, SVS [Seoul Virus Society](http://vxheaven.org/vx.php?id=gs12) and CVL [Corean Virus Laboratory](http://vxheaven.org/vx.php?id=gc04) started the CVC [Corean Virus Club, new](http://vxheaven.org/vx.php?id=gc02).
Website
-------
None
Reference
---------
http://vxheaven.org/vx.php?id=gc03
================================================
FILE: history/groups/CVL_Corean_Virus_Laboratory.md
================================================
---
layout: default
title: CVL (Corean Virus Laboratory)
permalink: /history/groups/CVL_Corean_Virus_Laboratory/
tags:
- cyber
---
CVL (Corean Virus Laboratory)
=============================
Origin
------
Republic Of Korea
Description
-----------
Group that emerged from the now disbanded CVC. April 1998 members of the CVC [Corean Virus Club, old](http://vxheaven.org/vx.php?id=gc03), SVS [Seoul Virus Society](http://vxheaven.org/vx.php?id=gs12) and CVL started CVC [Corean Virus Club, new](http://vxheaven.org/vx.php?id=gc02).
Website
-------
None
Reference
---------
http://vxheaven.org/vx.php?id=gc04
================================================
FILE: history/groups/Computa_GangstaZ.md
================================================
---
layout: default
title: Computa GangstaZ
permalink: /history/groups/Computa_GangstaZ/
tags:
- cyber
---
Computa GangstaZ
================
Origin
------
International
Description
-----------
A new group that emerged at the end of 1996 among several other groups. As their name already implies they are not exclusively virus oriented but play around in other areas of the HPAVC scene too.
Magazine
--------
[Da Holocaust Chronical's](http://vxheaven.org/vx.php?id=zd00)
Website
-------
None
================================================
FILE: history/groups/Cybernetic_Crew.md
================================================
---
layout: default
title: Cybernetic Crew
permalink: /history/groups/Cybernetic_Crew/
tags:
- cyber
---
Cybernetic Crew
===============
Origin
------
Austria
Description
-----------
A group of some new and some well known virus authors. Their exploits cover computer viruses, hacking, cracking and phreaking. They can be found at their site.
Website
-------
None
Reference
---------
http://vxheaven.org/vx.php?id=gc05
================================================
FILE: history/groups/DAN_Digital_Anarchy.md
================================================
---
layout: default
title: DAN (Digital Anarchy)
permalink: /history/groups/DAN_Digital_Anarchy/
tags:
- cyber
---
DAN (Digital Anarchy)
=====================
Origin
------
Argentina
Description
-----------
Virus authoring group responsible for around 50 viruses.
Magazine
--------
[Minotauro Magazine](http://vxheaven.org/vx.php?id=zm02)
Website
-------
None
Reference
---------
http://vxheaven.org/vx.php?id=gd00
================================================
FILE: history/groups/DDT_(Dichlore_Diphenyl_Trichloretane).md
================================================
---
layout: default
title: DDT (Dichlore Diphenyl Trichloretane)
permalink: /history/groups/DDT_Dichlore_Diphenyl_Trichloretane/
tags:
- cyber
---
DDT (Dichlore Diphenyl Trichloretane)
=====================================
Origin
------
Spain
Description
-----------
Virus authoring group that, although active since the end of 1997, emerged on the Internet around October 1998. Activity around the group has ceased and none of the many projects under development have materialized. The demise of DDT was explained by Billy Belcebu in issue #4 of the [29a](http://vxheaven.org/vx.php?id=z001) virus zine.
Magazine
--------
[DDT](http://vxheaven.org/vx.php?id=zd01)
Website
-------
None
================================================
FILE: history/groups/DIVA_Digital_Indonesian_Vx_Authors.md
================================================
---
layout: default
title: DIVA (Digital Indonesian Vx Authors)
permalink: /history/groups/DIVA_Digital_Indonesian_Vx_Authors/
tags:
- cyber
---
DIVA (Digital Indonesian Vx Authors)
====================================
Origin
------
Indonesia
Description
-----------
This group from the city of Malang, Indonesia was started as an attempt to start a national computer virus group. The only remaining member is looking for membership of another group which will supposedly lead to the disbanding of DIVA.
Website
-------
None
Reference
---------
http://vxheaven.org/vx.php?id=gd07
================================================
FILE: history/groups/DVC_Death_Virii_Crew.md
================================================
---
layout: default
title: DVC (Death Virii Crew)
permalink: /history/groups/DVC_Death_Virii_Crew/
tags:
- cyber
---
DVC (Death Virii Crew)
======================
Origin
------
Russian Federation
Description
-----------
This small group originating from the vast Russian country is closely connected to the SG [Stealth Group; former SG World Wide](http://vxheaven.org/vx.php?id=gs01). It is known to have released several viruses and several issues of an E-Zine.
Magazine
--------
[Chaos AD](http://vxheaven.org/vx.php?id=zc01)
Website
-------
None
Reference
---------
http://vxheaven.org/vx.php?id=gd10
================================================
FILE: history/groups/DVC_Dutch_Virii_Community.md
================================================
---
layout: default
title: DVC (Dutch Virii Community)
permalink: /history/groups/DVC_Dutch_Virii_Community/
tags:
- cyber
---
DVC (Dutch Virii Community)
===========================
Origin
------
Netherlands
Description
-----------
Group of relative newcomers (early 1999) that tries to establish itself in the computer virus scene. Limited group activity has been observed. Limited signs of activity can be found at their site.
Website
-------
None
Reference
---------
http://vxheaven.org/vx.php?id=gd09
================================================
FILE: history/groups/DV_Verband_Deutscher_Virenliebhaber_The_German_Association_of_Virus_Lovers.md
================================================
---
layout: default
title: DV Verband Deutscher Virenliebhaber The German Association of Virus Lovers
permalink: /history/groups/DV_Verband_Deutscher_Virenliebhaber_The_German_Association_of_Virus_Lovers/
tags:
- cyber
---
### Origin
### Description
### Website
### Reference
================================================
FILE: history/groups/Dark_Conspiracy.md
================================================
---
layout: default
title: Dark Conspiracy
permalink: /history/groups/Dark_Conspiracy/
tags:
- cyber
---
Dark Conspiracy
===============
Origin
------
International
Description
-----------
A short lived addition to the virus writing scene. Disbanded September/October 1996. Several members ended up in both the Living Turmoil and RSA (Ruthless Stealth Angels) virus writing groups which later merged to become LT/RSA [Living Turmoil / Ruthless Stealth Angels](http://vxheaven.org/vx.php?id=gl02).
Magazine
--------
[PlasmaMag](http://vxheaven.org/vx.php?id=zp04)
Website
-------
None
Reference
---------
http://vxheaven.org/vx.php?id=gd01
================================================
FILE: history/groups/Darkness_Sons.md
================================================
---
layout: default
title: Darkness Sons
permalink: /history/groups/Darkness_Sons/
tags:
- cyber
---
Darkness Sons
=============
Origin
------
Italy
Description
-----------
Group that emerged late 1998, early 1999. They have created some viruses and some simple virus generators (XFVG, AVCC, IPVCK).
Website
-------
None
Reference
---------
http://vxheaven.org/vx.php?id=gd02
================================================
FILE: history/groups/Demoralized_Youth.md
================================================
---
layout: default
title: Demoralized Youth
permalink: /history/groups/Demoralized_Youth/
tags:
- cyber
---
Demoralized Youth
=================
Origin
------
Sweden
Description
-----------
Virus authoring group responsible for 25+ viruses.
Website
-------
None
Reference
---------
http://vxheaven.org/vx.php?id=gd04
================================================
FILE: history/groups/Diabolical_Kreations.md
================================================
---
layout: default
title: Diabolical Kreations
permalink: /history/groups/Diabolical_Kreations/
tags:
- cyber
---
Diabolical Kreations
====================
Origin
------
Paraguay
Description
-----------
Apparently a new 'group' that emerged at the end of 1996 among several other groups. Information on the group is limited. Starting member Int13h joined IKX [International Knowledge eXchange](http://vxheaven.org/vx.php?id=gi00).
Website
-------
None
Reference
---------
http://vxheaven.org/vx.php?id=gd05
================================================
FILE: history/groups/Diffusion.md
================================================
---
layout: default
title: Diffusion
permalink: /history/groups/Diffusion/
tags:
- cyber
---
Diffusion
=========
Origin
------
United Kingdom
Description
-----------
A new 'group' that emerged at the beginning of 1998. The group is competent in several computer languages. The first family of macro viruses for MS Access 97 was written by Jerk1N. He changed his handle to Ice Breaker following some hassle resulting from the release of his Access virus.
Website
-------
None
Reference
---------
http://vxheaven.org/vx.php?id=gd06
================================================
FILE: history/groups/Divide_By_Zero.md
================================================
---
layout: default
title: Divide By Zero
permalink: /history/groups/Divide_By_Zero/
tags:
- cyber
---
Divide By Zero
==============
Origin
------
Russian Federation
Description
-----------
Magazine
--------
[Divide by Zero Zine](http://vxheaven.org/vx.php?id=zd04)
Website
-------
None
Reference
---------
http://vxheaven.org/vx.php?id=gd08
================================================
FILE: history/groups/Doom_Riderz.md
================================================
---
layout: default
title: Doom Riderz
permalink: /history/groups/Doom_Riderz/
tags:
- cyber
---
Doom Riderz
===========
Origin
------
Unknown
Description
-----------
Magazine
--------
[DoomRiderz](http://vxheaven.org/vx.php?id=gd11)
Website
-------
None
Reference
---------
http://vxheaven.org/vx.php?id=gd11
================================================
FILE: history/groups/Electrical_Ordered_Freedom.md
================================================
---
layout: default
title: Electrical Ordered Freedom
permalink: /history/groups/Electrical_Ordered_Freedom/
tags:
- cyber
---
Electrical Ordered Freedom
==========================
Origin
------
A note from their site:
EOF stands for Electrical Ordered Freedom and was founded in 2006, we are a team of people interested in virus coding and underground security, our aim is to make a website to provide others with knowledge about those and similar topics and share information.
This site contains source codes, articles and binaries, which may be able to damage computers, mobile phones and other devices. If you use anything from our site, we do not care about any damage you or other people might get of these files. All files are published for educational purposes only and not to damage anything or anybody.
Known members: SkyOut, RadiatioN, Berniee/Fakedminded, Sk0r/Czybik, Izee, WarGame, Nibble, Psyco_Rabbit
Description
-----------
Magazine
--------
[Electrical Ordered Freedom](http://vxheaven.org/vx.php?id=ze02)
Website
-------
None
Reference
---------
http://vxheaven.org/vx.php?id=ge00
================================================
FILE: history/groups/FCF_Fearless_Criminal_Force_Formaters_Cracking_Force.md
================================================
---
layout: default
title: FCF (Fearless Criminal Force, Formater's Cracking Force)
permalink: /history/groups/FCF_Fearless_Criminal_Force_Formaters_Cracking_Force/
tags:
- cyber
---
FCF (Fearless Criminal Force, Formater's Cracking Force)
========================================================
Origin
------
Hungary
Description
-----------
This small group cracking group has started activities in the VX scene. One of their members is a well known virus trader and creator of the [Virus Sorter New Generation](http://vxheaven.org/vx.php?id=uv00) collection tool.
Magazine
--------
[FCF E-Zine](http://vxheaven.org/vx.php?id=zf00)
Website
-------
None
Reference
---------
http://vxheaven.org/vx.php?id=gf00
================================================
FILE: history/groups/FS_Feathered_Serpents.md
================================================
---
layout: default
title: FS (Feathered Serpents)
permalink: /history/groups/FS_Feathered_Serpents/
tags:
- cyber
---
FS (Feathered Serpents)
=======================
Origin
------
International
Description
-----------
This group emerged late 1997 and has several well known figures from other VX groups as members. No group activity has been observed lately.
Magazine
--------
[Natural Selection](http://vxheaven.org/vx.php?id=zn06)
Website
-------
None
Reference
---------
http://vxheaven.org/vx.php?id=gf01
================================================
FILE: history/groups/Familia.md
================================================
---
layout: default
title: Familia
permalink: /history/groups/Familia/
tags:
- cyber
---
Familia
=======
Origin
------
Italy
Description
-----------
New group that emerged early 2000. This group is not produce viruses, but from the october 2000 they start to produce zine.
Magazine
--------
[Mater](http://vxheaven.org/vx.php?id=zm07)
Website
-------
None
Reference
---------
http://vxheaven.org/vx.php?id=gf02
================================================
FILE: history/groups/Gedzac.md
================================================
---
layout: default
title: Gedzac
permalink: /history/groups/Gedzac/
tags:
- cyber
---
Gedzac
======
Origin
------
Unknown
Description
-----------
Magazine
--------
[Mitosis](http://vxheaven.org/vx.php?id=zm08)
Website
-------
Reference
---------
http://vxheaven.org/vx.php?id=gg01
================================================
FILE: history/groups/Genesis.md
================================================
---
layout: default
title: Genesis
permalink: /history/groups/Genesis/
tags:
- cyber
---
Genesis
=======
Origin
------
United Kingdom
Description
-----------
British virus writing group, that in the end of 1996 ended up merging with [Immortal Riot](http://vxheaven.org/vx.php?id=gi02) resulting in IR/G [Immortal Riot/Genesis](http://vxheaven.org/vx.php?id=gi05).
Website
-------
Reference
---------
http://vxheaven.org/vx.php?id=gg00
================================================
FILE: history/groups/HCDS.md
================================================
---
layout: default
title: HCDS
permalink: /history/groups/HCDS/
tags:
- cyber
---
HCDS
====
Origin
------
Unknown
Description
-----------
Very little activity has been observed lately.
Website
-------
None
Reference
---------
http://vxheaven.org/vx.php?id=gh04
================================================
FILE: history/groups/HTC_95.md
================================================
---
layout: default
title: HTC '95
permalink: /history/groups/HTC_95/
tags:
- cyber
---
HTC '95
=======
Origin
------
United States
Description
-----------
New group that emerged in 1995. Creators of Virus Lab Creations (VLC). Not heard from recently.
Website
-------
None
Reference
---------
http://vxheaven.org/vx.php?id=gh03
================================================
FILE: history/groups/HVM_Hungarian_Virus_Acade_my.md
================================================
---
layout: default
title: HVM (Hungarian Virus Acade my)
permalink: /history/groups/HVM_Hungarian_Virus_Acade_my/
tags:
- cyber
---
HVM (Hungarian Virus Acade my)
==============================
Origin
------
Hungary
Description
-----------
Exact details of this group are unknown. The Typebug.951 virus by Zymotic is known.
Website
-------
None
Reference
---------
http://vxheaven.org/vx.php?id=gh05
================================================
FILE: history/groups/Hackerz_Networx.md
================================================
---
layout: default
title: Hackerz Networx
permalink: /history/groups/Hackerz_Networx/
tags:
- cyber
---
Hackerz Networx
===============
Origin
------
Philippines
Description
-----------
New group that emerged early 1999. They have written several viruses and were about to release a virus creation kit for Windows when their Internet presence was suddenly ended by unknown causes. After a short period of absence signs of activity can be found at their site.
Website
-------
Reference
---------
http://vxheaven.org/vx.php?id=gh00
================================================
FILE: history/groups/Hail_and_Kill.md
================================================
---
layout: default
title: Hail and Kill
permalink: /history/groups/Hail_and_Kill/
tags:
- cyber
---
Hail and Kill
=============
Origin
------
Spain
Description
-----------
New group that emerged in 1998. Remnants of their website can be found although activity there has been limited. Bumblebee has been active as a solo virus writer.
Magazine
--------
[Mors Ultima Ratio](http://vxheaven.org/vx.php?id=zm04)
Website
-------
None
Reference
---------
http://vxheaven.org/vx.php?id=gh01
================================================
FILE: history/groups/Hazard.md
================================================
---
layout: default
title: Hazard
permalink: /history/groups/Hazard/
tags:
- cyber
---
Hazard
======
Origin
------
Ukraine
Description
-----------
A group that emerged early 1999. The group is not only interested in computer viruses but also programs software cracks. Deviator is the only virus producing member and also produced the SME and SMM mutation engines.
Website
-------
Reference
---------
http://vxheaven.org/vx.php?id=gh02
================================================
FILE: history/groups/IKX_International_Knowledge_eXchange.md
================================================
---
layout: default
title: IKX (International Knowledge eXchange)
permalink: /history/groups/IKX_International_Knowledge_eXchange/
tags:
- cyber
---
IKX (International Knowledge eXchange)
======================================
Origin
------
International
Description
-----------
This 1996 addition to the virus scene the group is was initially mainly Internet (Web) based. Their members meddle in most areas of the HPAV scene, as does their E-zine "Xine".
Magazine
--------
[Xine]()
Website
-------
None
Reference
---------
http://vxheaven.org/vx.php?id=gi00
================================================
FILE: history/groups/IR_G_Immortal_Riot_Genesis.md
================================================
---
layout: default
title: IR/G (Immortal Riot/Genesis)
permalink: /history/groups/IR_G_Immortal_Riot_Genesis/
tags:
- cyber
---
IR/G (Immortal Riot/Genesis)
============================
Origin
------
International
Description
-----------
Made up out of members of the well known groups [Immortal Riot](http://vxheaven.org/vx.php?id=gi02), [Genesis](http://vxheaven.org/vx.php?id=gg00) and complemented with some solo virus writers this group looks like it will continue the practice of well written viruses en VX E-Zines.
Website
-------
None
Reference
---------
http://vxheaven.org/vx.php?id=gi05
================================================
FILE: history/groups/Immortal_EAS.md
================================================
---
layout: default
title: Immortal EAS
permalink: /history/groups/Immortal_EAS/
tags:
- cyber
---
Immortal EAS
============
Origin
------
Netherlands
Description
-----------
Virus authoring group that emerged in the Netherlands. 10 to 15 viruses produced by this group are known. Released a new virus creation tool, [Immortal EAS Virus Creation Centre](http://vxheaven.org/vx.php?id=ti00). Not heard of recently, probably disbanded.
Magazine
--------
[Immortal EAS Virus Magazine](http://vxheaven.org/vx.php?id=zi00)
Website
-------
None
================================================
FILE: history/groups/Immortal_Riot.md
================================================
---
layout: default
title: Immortal Riot
permalink: /history/groups/Immortal_Riot/
tags:
- cyber
---
Immortal Riot
=============
Origin
------
Sweden
Description
-----------
Virus authoring group responsible for many viruses. In the end of 1996 the group "merged" with Genesis and some solo virus writers and continued as IR/G (Immortal Riot/Genesis). Lately rumors have surfaced that after the demise of IR/G IR is starting a second life.
Magazine
--------
[Insane Reality Magazine](http://vxheaven.org/vx.php?id=zi03)
Website
-------
None
Reference
---------
http://vxheaven.org/vx.php?id=gi02
================================================
FILE: history/groups/Intergang.md
================================================
---
layout: default
title: Intergang
permalink: /history/groups/Intergang/
tags:
- cyber
---
Intergang
=========
Origin
------
Unknown
Description
-----------
Information on this group is limited. Initially this group only collected viruses and but later started creating them. Activity disappeared after the Melissa clamp down. Their "retirement" announcement can be found at their site.
Website
-------
None
Reference
---------
http://vxheaven.org/vx.php?id=gi03
================================================
FILE: history/groups/Invaders.md
================================================
---
layout: default
title: Invaders
permalink: /history/groups/Invaders/
tags:
- cyber
---
Invaders
========
Origin
------
Description
-----------
This group never really succeeded in presenting a real identity and was disbanded while in the process of starting out. Buz is now a member of FS [Feathered Serpents](http://vxheaven.org/vx.php?id=gf01), Mandragore moved via DDT (Dichlore Diphenyl Trichloretane) also to FS [Feathered Serpents](http://vxheaven.org/vx.php?id=gf01), T-2000 is rumored to be blowing life back into [Immortal Riot](http://vxheaven.org/vx.php?id=gi02) and Midnyte joined UCSI [Ultimate Chaos Security International](http://vxheaven.org/vx.php?id=gu00).
Website
-------
None
Reference
---------
http://vxheaven.org/vx.php?id=gi04
================================================
FILE: history/groups/Italian_Virus_Research_Laboratory.md
================================================
---
layout: default
title: Italian Virus Research Laboratory
permalink: /history/groups/Italian_Virus_Research_Laboratory/
tags:
- cyber
---
Italian Virus Research Laboratory
=================================
Origin
------
Italy
Description
-----------
Virus authoring / writer group responsible for more than 25 mainly hacks of known viruses.
Website
-------
None
Reference
---------
http://vxheaven.org/vx.php?id=gi06
================================================
FILE: history/groups/JVS_Janus_Virus_Syndicate.md
================================================
---
layout: default
title: JVS (Janus Virus Syndicate)
permalink: /history/groups/JVS_Janus_Virus_Syndicate/
tags:
- cyber
---
## JVS (Janus Virus Syndicate)
### Origin
Unknown
### Description
Virus authoring / writer group which emerged at the end of 1998. The group has released their first ezine and was working on a website. Apparently the group fell apart shortly after it emergence and some members had and still have connections with TI.
### Magazine
[Janus](http://vxheaven.org/vx.php?id=zj00)
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gj00
================================================
FILE: history/groups/K_P_V_Team.md
================================================
---
layout: default
title: K.P.V. Team
permalink: /history/groups/K_P_V_Team/
tags:
- cyber
---
## K.P.V. Team
### Origin
Malaysia
### Description
Virus authoring / writer group responsible for several Trojan Horse creators and the Odyseus Macro Virus Creation Kit.
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gk01
================================================
FILE: history/groups/LT_RSA_Living_Turmoil_Ruthless_Stealth_Angels.md
================================================
---
layout: default
title: LT/RSA (Living Turmoil / Ruthless Stealth Angels)
permalink: /history/groups/LT_RSA_Living_Turmoil_Ruthless_Stealth_Angels/
tags:
- cyber
---
## LT/RSA (Living Turmoil / Ruthless Stealth Angels)
### Origin
International
### Description
The result of the merger of [Living Turmoil](http://vxheaven.org/vx.php?id=gl01) and RSA [Ruthless Stealth Angels](http://vxheaven.org/vx.php?id=gr02). Many ex-members of [Dark Conspiracy](http://vxheaven.org/vx.php?id=gd01) found a home here after the death of their group. After an inactive period Living Turmoil started back up in the beginning of 1997. RSA [Ruthless Stealth Angels](http://vxheaven.org/vx.php?id=gr02) was initially inactive as well but started back up early/middle 1997.
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gl02
================================================
FILE: history/groups/LineZer0_VX_Team.md
================================================
---
layout: default
title: LineZer0 VX Team
permalink: /history/groups/LineZer0_VX_Team/
tags:
- cyber
---
## LineZer0 VX Team
### Origin
International
### Description
Part of the LineZer0 Network this computer virus branch is active in macro viruses, macro virus creation kits and ASM viruses. Activity of the group came to almost a standstill early 2000. Limited signs of activity can be found at their site.
### Magazine
[Line Zero](http://vxheaven.org/vx.php?id=zl01)
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gl00
================================================
FILE: history/groups/Living_Turmoil.md
================================================
---
layout: default
title: Living Turmoil
permalink: /history/groups/Living_Turmoil/
tags:
- cyber
---
## Living Turmoil
### Origin
International
### Description
After a bumpy road that started with Dark Conspiracy, stopped at Living Turmoil and LT/RSA (Living Turmoil / Ruthless Stealth Angels) the group emerged back on the scene in the beginning of 1997 as Living Turmoil. Remnants of the group can be found at their site.
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gl01
================================================
FILE: history/groups/Mandragora.md
================================================
---
layout: default
title: Mandragora
permalink: /history/groups/Mandragora/
tags:
- cyber
---
## Mandragora
### Origin
Paraguay
### Description
One of the few manifestations of a computer virus scene in South America. Details about this group are unknown. Some of the Xav virus strain were released by members of this group.
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gm00
================================================
FILE: history/groups/Matrix.md
================================================
---
layout: default
title: Matrix
permalink: /history/groups/Matrix/
tags:
- cyber
---
## Matrix
### Origin
Russian Federation
### Description
Group that started November 1st 1999. Ultras is known for his macro virus work. (UCK, UAMP, UMPE, UMP, UHE, ME, MUCK, AMG, ZSZPE).
### Magazine
[Matrix Zine](http://vxheaven.org/vx.php?id=zm00)
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gm01
================================================
FILE: history/groups/Metaphase_VX_Team.md
================================================
---
layout: default
title: Metaphase VX Team
permalink: /history/groups/Metaphase_VX_Team/
tags:
- cyber
---
## Metaphase VX Team
### Origin
United States
### Description
A 1998 addition to the virus scene this group combines the 'talents' of several solo virus creators. After minor signs of activity late 1999 the group has again lapsed into dormancy.
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gm02
================================================
FILE: history/groups/Mikees_World.md
================================================
---
layout: default
title: Mikee's World
permalink: /history/groups/Mikees_World/
tags:
- cyber
---
## Mikee's World
### Origin
International
### Description
Group that was started by Mikee early 1998. No activity has been observed lately.
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gm03
================================================
FILE: history/groups/Misdirected_Youth.md
================================================
---
layout: default
title: Misdirected Youth
permalink: /history/groups/Misdirected_Youth/
tags:
- cyber
---
## Misdirected Youth
### Origin
Russian Federation
### Description
Little information is known about this group. Mongoose is an active participant in the Top Device Online project.
### Magazine
[Social Distortion](http://vxheaven.org/vx.php?id=zs03)
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gm04
================================================
FILE: history/groups/NoP.md
================================================
---
layout: default
title: NoP
permalink: /history/groups/NoP/
tags:
- cyber
---
## NoP
### Origin
International
### Description
March 1998 group that joined some well known members. Virogen quit producing viral material and is now mainly known for his 32-bit programming. Disbanded in the end of 1999.
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gn01
================================================
FILE: history/groups/No_Mercy.md
================================================
---
layout: default
title: No Mercy
permalink: /history/groups/No_Mercy/
tags:
- cyber
---
## No Mercy
### Origin
Indonesia
### Description
Group that slowly emerged in 1996. Responsible for many WordBasic macro viruses, the CVCK and NEG virus creation kits and the NVLR database. The group went dormant in the midst of the Indonesian political unrest late 1999. Signs of activity can still be found at their site or [here](http://www.coderz.net/foxz)
### Website
No
### Reference
http://vxheaven.org/vx.php?id=gn00
================================================
FILE: history/groups/NuKE.md
================================================
---
layout: default
title: NuKE
permalink: /history/groups/NuKE/
tags:
- cyber
---
## NuKE
### Origin
International
### Description
Virus authoring group with members spread around the world responsible for an unknown large number of viruses. Group member Nowhere Man released the first virus construction kit in 1992, Virus Creation Lab 1.0. Some individual members are still working the VX scene but the group is either inactive or has been disbanded.
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gn02
================================================
FILE: history/groups/PVW_Pinoy_Virus_Writers.md
================================================
---
layout: default
title: PVW (Pinoy Virus Writers)
permalink: /history/groups/PVW_Pinoy_Virus_Writers/
tags:
- cyber
---
## PVW (Pinoy Virus Writers)
### Origin
Philippines
### Description
Started by two virus writers from the Philippines this group mainly covers the Philipino virus scene.
### Magazine
[Pinoy Virus Writers Magazine](http://vxheaven.org/vx.php?id=zp03)
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gp01
================================================
FILE: history/groups/Phalcon-Skism.md
================================================
---
layout: default
title: Phalcon-Skism
permalink: /history/groups/Phalcon-Skism/
tags:
- cyber
---
## Phalcon-Skism
### Origin
United States
### Description
One of the first and more notorious virus authoring groups it started as a merger of the hacking group Phalcon and the virus writers from SKISM (Smart Kids Into Sick Methods) and has an international. Continous competition and "flaming" went on between Phalcon-Skism and [NuKE](http://vxheaven.org/vx.php?id=gn02), resulting in many viruses and two competing virus creation tools, Virus Creation Lab and Phalcon/Skism Mass-Produced Code Generator. Some individual members are still working the VX scene but the group is either inactive or has been disbanded.
### Magazine
40hex
### Website
### Reference
================================================
FILE: history/groups/Power_Empire_Virii_Faction.md
================================================
---
layout: default
title: Power Empire Virii Faction
permalink: /history/groups/Power_Empire_Virii_Faction/
tags:
- cyber
---
## Power Empire Virii Faction
### Origin
International
### Description
As part of the larger Power Empire group this "faction" is responsible for the virus creation. Several "regular" and macro viruses by this group are known. The members started Codebreakers September/October 1997.
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gp02
================================================
FILE: history/groups/Power_Heap_Research.md
================================================
---
layout: default
title: Power Heap Research
permalink: /history/groups/Power_Heap_Research/
tags:
- cyber
---
## Power Heap Research
### Origin
Russian Federation
### Description
### Magazine
[Infected E-Burg](http://vxheaven.org/vx.php?id=zi05)
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gp03
================================================
FILE: history/groups/RSA_Ruthless_Stealth_Angels.md
================================================
---
layout: default
title: RSA (Ruthless Stealth Angels)
permalink: /history/groups/RSA_Ruthless_Stealth_Angels/
tags:
- cyber
---
## RSA (Ruthless Stealth Angels)
### Origin
Ukraine
### Description
After a short inactive period after the split with Living Turmoil this group became active again early/middle 1997.
### Magazine
[RSA](http://vxheaven.org/vx.php?id=zr02)
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gr02
================================================
FILE: history/groups/RVM_Russian_Virus_Makers.md
================================================
---
layout: default
title: RVM (Russian Virus Makers)
permalink: /history/groups/RVM_Russian_Virus_Makers/
tags:
- cyber
---
## RVM (Russian Virus Makers)
### Origin
Russian Federation
### Description
Unknown. Apparently an unsuccessful attempt to start a group.
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gr03
================================================
FILE: history/groups/Rabid.md
================================================
---
layout: default
title: Rabid
permalink: /history/groups/Rabid/
tags:
- cyber
---
## Rabid
### Origin
United States
### Description
Virus authoring group from the early nineties responsible for around 30+ viruses. The group is either inactive or has been disbanded.
### Magazine
[Censor](http://vxheaven.org/vx.php?id=zc00)
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gr00
================================================
FILE: history/groups/Ready_Rangers_Liberation_Front.md
================================================
---
layout: default
title: Ready Rangers Liberation Front
permalink: /history/groups/Ready_Rangers_Liberation_Front/
tags:
- cyber
---
## Ready Rangers Liberation Front
### Origin
Unknown
### Description
Known members (past and present): adious, AlcoPaul, assassin007, BlueOwl, cyneox, DiA, disk0rdia, Dolomite, dr.g0nZo, DvL, El DudErin0, Energy, Industry, Kefi, Maniac89, Necronomikon, Ne0, PetiK, philet0ast3r, ppacket, pRe4Ch_0_23, psychologic, rastafarie, Retro, Second Part To Hell, sinBrain, TeAgeCe, Zed
### Website
http://vxheaven.org/rrlf/
### Reference
http://vxheaven.org/vx.php?id=gr04
================================================
FILE: history/groups/Rioters.md
================================================
---
layout: default
title: Rioters
permalink: /history/groups/Rioters/
tags:
- cyber
---
## Rioters
### Origin
Russian Federation
### Description
New group that started out in March 1998. Ultras has written the Ultras Construction Kit (UCK) and several macro viruses. Apparently this group was short lived. After a brief stay with SOS (Sign Of Scream) and a period of independance Ultras started his own group, Matrix.
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gr01
================================================
FILE: history/groups/SG_Stealth_Group_former_SG_World_Wide.md
================================================
---
layout: default
title: SG (Stealth Group; former SG World Wide)
permalink: /history/groups/SG_Stealth_Group_former_SG_World_Wide/
tags:
- cyber
---
## SG (Stealth Group; former SG World Wide)
### Origin
Russian Federation
### Description
A early to mid '90's addition to the virus writing scene. Initially only known in the Ukranian/Russian scene they later spread to the rest of the world. After an extended period of online inactivity in the late '90's renewed signs of activity of this "cyberunderground" group can be found at their site.
### Magazine
[Infected Voice](http://vxheaven.org/vx.php?id=zi01)
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gs01
================================================
FILE: history/groups/SLAM.md
================================================
---
layout: default
title: SLAM
permalink: /history/groups/SLAM/
tags:
- cyber
---
## SLAM
### Origin
International
### Description
A new Internet based group that emerged at the end of 1996 among several other groups. Ex-members of VBB found a new home in this group. Although the group initially started out with an emphasis on macro viruses SLAM issue #3 showed the group also embracing the more traditional coded viruses. Additional information on the group is limited.
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gs06
================================================
FILE: history/groups/SMF.md
================================================
---
layout: default
title: SMF
permalink: /history/groups/SMF/
tags:
- cyber
---
## SMF
### Origin
Russian Federation
### Description
A group that started in the middle of 1998. Not all of its activities are computer viruses related and one member is responsible for the majority of its viral output.
### Magazine
[Duke Virus Lab](http://vxheaven.org/vx.php?id=zd05)
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gs07
================================================
FILE: history/groups/SOS_Sign_Of_Scream.md
================================================
---
layout: default
title: SOS (Sign Of Scream)
permalink: /history/groups/SOS_Sign_Of_Scream/
tags:
- cyber
---
## SOS (Sign Of Scream)
### Origin
International
### Description
This group was started in August 1998 by Nightmare Joker (ex SLAM) and joins several solo virus writers and some writers with past virus group experience. The emphasis of the group's activities lies with macro and HLL virus technology. The group never really succeeded as is rumored to have been disbanded.
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gs08
================================================
FILE: history/groups/SPS_Scientific_Programming_Society.md
================================================
---
layout: default
title: SPS (Scientific Programming Society)
permalink: /history/groups/SPS_Scientific_Programming_Society/
tags:
- cyber
---
## SPS (Scientific Programming Society)
### Origin
Russian Federation
### Description
Not a lot is known about this group except that they just have a minor interest in computer viruses.
### Magazine
[LMD](http://vxheaven.org/vx.php?id=zl00)
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gs09
================================================
FILE: history/groups/SVAT_Special_Viruses_And_Trojans.md
================================================
---
layout: default
title: SVAT (Special Viruses And Trojans)
permalink: /history/groups/SVAT_Special_Viruses_And_Trojans/
tags:
- cyber
---
## SVAT (Special Viruses And Trojans)
### Origin
Unknown
### Description
A litlle known group that has produced several viruses. The group was disbanded due to lack of time to create new viruses.
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gs10
================================================
FILE: history/groups/SVL_Slovak_Virus_Laboratories.md
================================================
---
layout: default
title: SVL (Slovak Virus Laboratories)
permalink: /history/groups/SVL_Slovak_Virus_Laboratories/
tags:
- cyber
---
## SVL (Slovak Virus Laboratories)
### Origin
Slovakia
### Description
This group started late 1992 and has produced several viruses (Slovakia and SVL viruses) and the polymorphic engine MDevice. In june 1996 the group announced the end of it's activities.
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gs11
================================================
FILE: history/groups/SVS_Seoul_Virus_Society.md
================================================
---
layout: default
title: SVS (Seoul Virus Society)
permalink: /history/groups/SVS_Seoul_Virus_Society/
tags:
- cyber
---
## SVS (Seoul Virus Society)
### Origin
Republic Of Korea
### Description
Group with unknown number of members responsible for 50+ viruses. Merged with the CVC [Corean Virus Club, old](http://vxheaven.org/vx.php?id=gc03) and CVL [Corean Virus Laboratory](http://vxheaven.org/vx.php?id=gc04) to create the new CVC [Corean Virus Club, new](http://vxheaven.org/vx.php?id=gc02).
### Website
### Reference
================================================
FILE: history/groups/Sector_Infector_Inc.md
================================================
---
layout: default
title: Sector Infector Inc.
permalink: /history/groups/Sector_Infector_Inc/
tags:
- cyber
---
## Sector Infector Inc.
### Origin
United States
### Description
Virus authoring group / writer responsible for about 10+ , mostly hacked, viruses.
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gs00
================================================
FILE: history/groups/ShadowVX_Group.md
================================================
---
layout: default
title: ShadowVX Group
permalink: /history/groups/ShadowVX_Group/
tags:
- cyber
---
## ShadowVX Group
### Origin
International
### Description
A group with some well known and lesser known members.
### Magazine
[ShadowVX](http://vxheaven.org/vx.php?id=zs01)
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gs03
================================================
FILE: history/groups/Shadow_Dancer_Team.md
================================================
---
layout: default
title: Shadow Dancer Team
permalink: /history/groups/Shadow_Dancer_Team/
tags:
- cyber
---
## Shadow Dancer Team
### Origin
Indonesia
### Description
Little information is known about this group except that their young members started out late 1999 and are new to the scene. Their website disappeared with the massive shutdown of SOK4Ever. Ding Lik created the Ding Lik C Virus Generator (DLCVG).
### Magazine
[Shadow Dancer](http://vxheaven.org/vx.php?id=zs00)
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gs02
================================================
FILE: history/groups/Silicium_Revolte.md
================================================
---
layout: default
title: Silicium Revolte
permalink: /history/groups/Silicium_Revolte/
tags:
- cyber
---
## Silicium Revolte
### Origin
Poland
### Description
A recent (early 2000) addition to the computer virus scene this group has both a computer virus and software cracking background.
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gs04
================================================
FILE: history/groups/Skamwerk_Labs.md
================================================
---
layout: default
title: Skamwerk Labs
permalink: /history/groups/Skamwerk_Labs/
tags:
- cyber
---
## Skamwerk Labs
### Origin
International
### Description
Started by the creator of the SkamWerks Labs WCCK this groups is mainly active with macro viruses. No recent activity has been observed.
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gs05
================================================
FILE: history/groups/TAVC_Tula_Anti_Viral_Club.md
================================================
---
layout: default
title: TAVC (Tula Anti & Viral Club)
permalink: /history/groups/TAVC_Tula_Anti_Viral_Club/
tags:
- cyber
---
## TAVC (Tula Anti & Viral Club)
### Origin
Russian Federation
### Description
'Group' that has been around for a while but was just recently (1998) 'discovered'. Apparently disbanded early 1999. Their Moon Bug publication still appears regularly as a combined effort of the Russian VX scene.
### Magazine
[MoonBug](http://vxheaven.org/vx.php?id=zm03)
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gt00
================================================
FILE: history/groups/TDJ_The_Diabolical_Judges.md
================================================
---
layout: default
title: TDJ (The Diabolical Judges)
permalink: /history/groups/TDJ_The_Diabolical_Judges/
tags:
- cyber
---
## TDJ (The Diabolical Judges)
### Origin
Unknown
### Description
New group that emerged in the middle of February of 1998. No activity has been observed recently.
### Magazine
[Diabolic Judges](http://vxheaven.org/vx.php?id=zd02)
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gt01
================================================
FILE: history/groups/TI_Technological_Illusions.md
================================================
---
layout: default
title: TI (Technological Illusions)
permalink: /history/groups/TI_Technological_Illusions/
tags:
- cyber
---
## TI (Technological Illusions)
### Origin
International
### Description
New group that emerged late 1998. No recent activity has bee observed and their website has disappeared.
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gt03
================================================
FILE: history/groups/TNN_The_Narkotic_Network.md
================================================
---
layout: default
title: TNN (The Narkotic Network )
permalink: /history/groups/TNN_The_Narkotic_Network/
tags:
- cyber
---
## TNN (The Narkotic Network )
### Origin
United States
### Description
Group that emerged in the middle of 1997. VicodinES is responsible for the tutorial "Theory Of Better Virus Distribution", several 32-bit (Win32 and Windows 95) and macro viruses and the VicodinES [Class.Poppy Construction Kit](http://vxheaven.org/vx.php?id=tc01) (VMPCK). VicodinES joined [Codebreakers](http://vxheaven.org/vx.php?id=gc00) in June 1998.
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gn03
================================================
FILE: history/groups/TPVO_OVEL_Taiwan_Power_Virus_Organisation_Organization_of_Virus_Examination_Lab.md
================================================
---
layout: default
title: TPVO/OVEL (Taiwan Power Virus Organisation/Organization of Virus Examination Lab
permalink: /history/groups/TPVO_OVEL_Taiwan_Power_Virus_Organisation_Organization_of_Virus Examination_Lab/
tags:
- cyber
---
## TPVO/OVEL (Taiwan Power Virus Organisation/Organization of Virus Examination Lab
### Origin
Taiwan, China
### Description
Virus authoring group responsible for 15+ viruses. Dark Slayer is responsible for mutation engines like DCSE and DSME. Dark Killer released his DKME mutation engine in TPVO magazine #3. During 1996 the group was later renamed to OVEL. Actvity has been limited due to military draft commitments of the members.
### Magazine
[TPVO/OVEL Magazine](http://vxheaven.org/vx.php?id=zo00)
### Website
### Reference
================================================
FILE: history/groups/Team_Necrosis.md
================================================
---
layout: default
title: Team Necrosis
permalink: /history/groups/Team_Necrosis/
tags:
- cyber
---
## Team Necrosis
### Origin
United States
### Description
The group emerged in November 1999. Their activities cover exploits and macro virus issues.
There is their self definition:
Based in the United States, Team Necrosis is a nationally recognized group of the Active Viral Community. Our main area of expertise is High Level Language Artificial Life creation and design. Although we design AL, we do not fully support the ideas of spreading our creations.
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gt02
================================================
FILE: history/groups/The_Codebreakers.md
================================================
---
layout: default
title: The Codebreakers
permalink: /history/groups/The_Codebreakers/
tags:
- cyber
---
## The Codebreakers
### Origin
International
### Description
Started by and with members of the Power Empire Virus Faction they are partly VX and partly hacking oriented. Throughout 1998 this group has grown to be the eading authority of the VX world. Well known solo virus writers have joined and the group is producing a lot of material and a solid e-zine. Due to the Melissa virus chaos in the beginning of 1999 the group had some problems with their website and has been offline for a while. Early 2000 signs of renewed activity.
### Magazine
[CodeBreakers](http://vxheaven.org/vx.php?id=zc03)
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gc00
================================================
FILE: history/groups/The_Kefrens.md
================================================
---
layout: default
title: The Kefrens
permalink: /history/groups/The_Kefrens/
tags:
- cyber
---
## The Kefrens
### Origin
Germany
### Description
Group that started February 1999. Limited signs of activity can be found at their site.
Group comment: "The KEFREN , also spelled 'Chephren' or 'Kephren', has been an old, egypt king, that ruled in the 4th dynastie and the Second Pyramid was built for him, and the sphinx has his face. We took this name, because it sounds good and looks nice on pics :) We want to write good and individual code, like every writer should try to produce. In addition to this, we try to spread knowledge and to give new writers a helping hand in virus creating. All in all we follow the ethics and morals that The Mentor has summed up in his 'Hackers Manifesto'."
### Website
[Kefrens](http://vxheaven.org/vx.php?id=zk00)
### Reference
http://vxheaven.org/vx.php?id=gk00
================================================
FILE: history/groups/The_Trinity.md
================================================
---
layout: default
title: The Trinity
permalink: /history/groups/The_Trinity/
tags:
- cyber
---
## The Trinity
### Origin
International
### Description
Virus writing group that started somewhere in 1994 but hasn't been heard from recently.
### Magazine
[Revelation](http://vxheaven.org/vx.php?id=zr00)
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gt07
================================================
FILE: history/groups/TridenT.md
================================================
---
layout: default
title: TridenT
permalink: /history/groups/TridenT/
tags:
- cyber
---
## TridenT
### Origin
Netherlands
### Description
Virus authoring group responsible for 150+ viruses and the well known TridenT Polymorphic Engine (TPE).
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gt05
================================================
FILE: history/groups/Trinity.md
================================================
---
layout: default
title: Trinity
permalink: /history/groups/Trinity/
tags:
- cyber
---
## Trinity
### Origin
United States
### Description
Virus authoring group responsible for an unknown number of viruses.
### Magazine
[Source](http://vxheaven.org/vx.php?id=zs02)
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gt06
================================================
FILE: history/groups/UCSI_Ultimate_Chaos_Security_International.md
================================================
---
layout: default
title: UCSI (Ultimate Chaos Security International)
permalink: /history/groups/UCSI_Ultimate_Chaos_Security_International/
tags:
- cyber
---
## UCSI (Ultimate Chaos Security International)
### Origin
International
### Description
A group that was started February 1998 as a group of virus collectors and people interested in computer viruses. It now also has virus producing members but the future of the group will be mainly based on security issues.
### Magazine
[Final Chaos](http://vxheaven.org/vx.php?id=zf01)
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gu00
================================================
FILE: history/groups/V-Zone_Virus_Zone.md
================================================
---
layout: default
title: V-Zone (Virus Zone)
permalink: /history/groups/V-Zone_Virus_Zone/
tags:
- cyber
---
## V-Zone (Virus Zone)
### Origin
Russian Federation
### Description
Not a lot is known about this group from Irkutsk. The group has produced some viruses and an e-zine.
### Magazine
[Virus Zone](http://vxheaven.org/vx.php?id=zv12)
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gv08
================================================
FILE: history/groups/VBB_Virus_Bits_Bytes.md
================================================
---
layout: default
title: VBB (Virus Bits & Bytes)
permalink: /history/groups/VBB_Virus_Bits_Bytes/
tags:
- cyber
---
## VBB (Virus Bits & Bytes)
### Origin
International
### Description
A recent addition to the virus writing scene. Like so many of them this group went inactive after their initial start. In the end of 1996 some members started a new group, [SLAM](http://vxheaven.org/vx.php?id=gs06).
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gv00
================================================
FILE: history/groups/VDV_Verband_Deutscher_Virenliebhaber_The_German_Association_Of_Virus_Lovers.md
================================================
---
layout: default
title: VDV (Verband Deutscher Virenliebhaber (The German Association of Virus Lovers))
permalink: /history/groups/VDV_Verband_Deutscher_Virenliebhaber_The_German_Association_of_Virus_Lovers/
tags:
- cyber
---
## VDV (Verband Deutscher Virenliebhaber (The German Association of Virus Lovers))
### Origin
Germany
### Description
Virus writing group responsible for the release of the virus creation tool VCS (Virus Construction Set).
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gv01
================================================
FILE: history/groups/VLAD_Virus_Laboratory_And_Distribution.md
================================================
---
layout: default
title: VLAD (Virus Laboratory And Distribution )
permalink: /history/groups/VLAD_Virus_Laboratory_And_Distribution/
tags:
- cyber
---
## VLAD (Virus Laboratory And Distribution )
### Origin
Australia
### Description
Virus authoring group responsible for around 40 viruses. Group with international members but originated in Australia. In the last year of its existence the membership list changed many times. With many members retired the end of 1996 appeared to be the end of this prolific virus writing group.
### Magazine
[Vlad](http://vxheaven.org/vx.php?id=zv03)
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gv05
================================================
FILE: history/groups/VOFCA_Virus_and_Other_Fine_Code_Authors.md
================================================
---
layout: default
title: VOFCA (Virus and Other Fine Code Authors)
permalink: /history/groups/VOFCA_Virus_and_Other_Fine_Code_Authors/
tags:
- cyber
---
## VOFCA (Virus and Other Fine Code Authors)
### Origin
United States
### Description
A 1996 addition to the virus writing scene. Several viruses and a de/encryption tool have been released. Member of the [Alliance](http://vxheaven.org/vx.php?id=ga01).
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gv06
================================================
FILE: history/groups/VXI_VX_India.md
================================================
---
layout: default
title: VXI (VX India)
permalink: /history/groups/VXI_VX_India/
tags:
- cyber
---
## VXI (VX India)
### Origin
India
### Description
One of the few manifestations of a computer virus scene in India. Exact details about this group are unknown. Unlimited Group's Note: Group Philosophy
* Learn more and more about operating systems and vulnerabilities
* Support all true learning taking place in systems programming
* Not to cause any harm to any innocent people
* Ensure that viruses which spread in wild only do minimal effects
* Surpassing limits set by Companies and people
* To make new friends with similar ideology and attitude
* To respect all thoughts and views
* Make viruses which are based on the SIUS principle (read on www.vxi.cjb.net)
* Have a few checkmates on the AV industry
* Make aware people that all is not safe and that trust is explicit, not implicit
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gv07
================================================
FILE: history/groups/Viper_Viral_Inclined_Programming_Experts_Group.md
================================================
---
layout: default
title: Viper (Viral Inclined Programming Experts Group)
permalink: /history/groups/Viper_Viral_Inclined_Programming_Experts_Group/
tags:
- cyber
---
## Viper (Viral Inclined Programming Experts Group)
### Origin
United States
### Description
Virus authoring / writer group responsible for a small number of simple viruses.
### Magazine
[Anaconda](http://vxheaven.org/vx.php?id=za04)
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gv02
================================================
FILE: history/groups/ViroGenic_Junkies.md
================================================
---
layout: default
title: ViroGenic Junkies
permalink: /history/groups/ViroGenic_Junkies/
tags:
- cyber
---
## ViroGenic Junkies
### Origin
Unknown
### Description
Virus authoring group that never was. It ended up being a staging area for virus writers in search of a group. Septic and Virus-X from the short lived [JVS (Janus Virus Syndicate)](http://vxheaven.org/vx.php?id=gj00) ended up in [TI (Technological Illusions)](http://vxheaven.org/vx.php?id=gt03) (Virus-X in the mean time has left TI). Mandragore ended up with [DDT (Dichlore Diphenyl Trichloretane)](http://vxheaven.org/vx.php?id=gd03).
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gv03
================================================
FILE: history/groups/Virulent_Graffiti.md
================================================
---
layout: default
title: Virulent Graffiti
permalink: /history/groups/Virulent_Graffiti/
tags:
- cyber
---
## Virulent Graffiti
### Origin
United States
### Description
Virus authoring group responsible for around 10 viruses.
### Magazine
[Infectious Disease Magazine](http://vxheaven.org/vx.php?id=zi02)
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gv04
================================================
FILE: history/groups/WAVE_World_Association_of_Virus_Enhancement.md
================================================
---
layout: default
title: WAVE (World Association of Virus Enhancement)
permalink: /history/groups/WAVE_World_Association_of_Virus_Enhancement/
tags:
- cyber
---
## WAVE (World Association of Virus Enhancement)
### Origin
International
### Description
Virus authoring group that at the end of 1997 emerged from the UHA (United Hackers of Amsterdam) hacking group. No recent activity has been observed.
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gw00
================================================
FILE: history/groups/Youths_Against_McAfee.md
================================================
---
layout: default
title: Youths Against McAfee
permalink: /history/groups/Youths_Against_McAfee/
tags:
- cyber
---
## Youths Against McAfee
### Origin
United States
### Description
Virus authoring group responsible for around 30 viruses and the [Instant Virus Production Kit](http://vxheaven.org/vx.php?id=ti01).
### Magazine
[Evolution](http://vxheaven.org/vx.php?id=ze00)
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gy00
================================================
FILE: history/groups/ZeroGravity.md
================================================
---
layout: default
title: ZeroGravity
permalink: /history/groups/ZeroGravity/
tags:
- cyber
---
## ZeroGravity
### Origin
International
### Description
Renamed [3C Group (Cyber Criminals Clan)](http://vxheaven.org/vx.php?id=g001) (early 2000). The groups explores both the computer virus and the hacking scene.
### Website
None
### Reference
http://vxheaven.org/vx.php?id=gz00
================================================
FILE: history/groups/index.md
================================================
---
layout: default
title: Cyber Groups - CyberTechniques.net
permalink: /history/groups/
tags:
- cyber
---
## History - Groups
In Alphabetical Order
* [29A](29A/)
* [3C Group (Cyber Criminals Clan)](3C_Group_Cyber_Criminals_Clan/)
* [A.N.O.I. (A New Order of Intelligence)](A_N_O_I_A_New_Order_of_Intelligence/)
* [Alliance](Alliance/)
* [Anarkick Systems](Anarkick_Systems/)
* [ANVX](ANVX/)
* [ARCV (Association of Really Cruel Viruses)](ARCV_Association_of_Really_Cruel_Viruses/)
* [ASM (Association of Satanic Maniacs)](ASM_Association_of_Satanic_Maniacs/)
* [Astigmatizm](Astigmatizm/)
* [Australian Institute of Hackers](Australian_Institute_of_Hackers/)
* [AVCR (Amateur Virus Creation & Research Group)](AVCR_Amateur_Virus_Creation_Research_Group/)
* [AVM (Alternative Virus Mafia)](AVM_Alternative_Virus_Mafia/)
* [BHA (Badsector Hacking Alliance)](BHA_Badsector_Hacking_Alliance/)
* [Brigada Ocho](Brigada_Ocho/)
* [BzZ](BzZ/)
* [The Codebreakers](The_Codebreakers/)
* [Computa GangstaZ](Computa_GangstaZ/)
* [CVC (Corean Virus Club, new)](CVC_Corean_Virus_Club_new/)
* [CVC (Corean Virus Club, old)](CVC_Corean_Virus_Club_old/)
* [CVL (Corean Virus Laboratory)](CVL_Corean_Virus_Laboratory/)
* [Cybernetic Crew](Cybernetic_Crew/)
* [DAN (Digital Anarchy)](DAN_Digital_Anarchy/)
* [Dark Conspiracy](Dark_Conspiracy/)
* [Darkness Sons](Darkness_Sons/)
* [DDT (Dichlore Diphenyl Trichloretane)](DDT_Dichlore_Diphenyl_Trichloretane/)
* [Demoralized Youth](Demoralized_Youth/)
* [Diabolical Kreations](Diabolical_Kreations/)
* [Diffusion](Diffusion/)
* [DIVA (Digital Indonesian Vx Authors)](DIVA_Digital_Indonesian_Vx_Authors/)
* [Divide By Zero](Divide_By_Zero/)
* [Doom Riderz](Doom_Riderz/)
* [DVC (Death Virii Crew)](DVC_Death_Virii_Crew/)
* [DVC (Dutch Virii Community)](DVC_Dutch_Virii_Community/)
* [Electrical Ordered Freedom](Electrical_Ordered_Freedom/)
* [Familia](Familia/)
* [FCF (Fearless Criminal Force, Formater's Cracking Force)](FCF_Fearless_Criminal_Force_Formaters_Cracking_Force/)
* [FS (Feathered Serpents)](FS_Feathered_Serpents/)
* [Gedzac](Gedzac/)
* [Genesis](Genesis/)
* [Hackerz Networx](Hackerz_Networx/)
* [Hail and Kill](Hail_and_Kill/)
* [Hazard](Hazard/)
* [HCDS](HCDS/)
* [HTC '95](HTC_95/)
* [HVM (Hungarian Virus Acade my)](HVM_Hungarian_Virus_Acade_my/)
* [IKX (International Knowledge eXchange)](IKX_International_Knowledge_eXchange/)
* [Immortal EAS](Immortal_EAS/)
* [Immortal Riot](Immortal_Riot/)
* [Intergang](Intergang/)
* [Invaders](Invaders/)
* [IR/G (Immortal Riot/Genesis)](IR_G_Immortal_Riot_Genesis/)
* [Italian Virus Research Laboratory](Italian_Virus_Research_Laboratory/)
* [JVS (Janus Virus Syndicate)](JVS_Janus_Virus_Syndicate/)
* [K.P.V. Team](K_P_V_Team/)
* [The Kefrens](The_Kefrens/)
* [LineZer0 VX Team](LineZer0_VX_Team/)
* [Living Turmoil](Living_Turmoil/)
* [LT/RSA (Living Turmoil / Ruthless Stealth Angels)](LT_RSA_Living_Turmoil_Ruthless_Stealth_Angels/)
* [Mandragora](Mandragora/)
* [Matrix](Matrix/)
* [Metaphase VX Team](Metaphase_VX_Team/)
* [Mikee's World](Mikees_World/)
* [Misdirected Youth](Misdirected_Youth/)
* [No Mercy](No_Mercy/)
* [NoP](NoP/)
* [NuKE](NuKE/)
* [Phalcon-Skism](Phalcon-Skism/)
* [Power Empire Virii Faction](Power_Empire_Virii_Faction/)
* [Power Heap Research](Power_Heap_Research/)
* [PVW (Pinoy Virus Writers)](PVW_Pinoy_Virus_Writers/)
* [Rabid](Rabid/)
* [Ready Rangers Liberation Front](Ready_Rangers_Liberation_Front/)
* [Rioters](Rioters/)
* [RSA (Ruthless Stealth Angels)](RSA_Ruthless_Stealth_Angels/)
* [RVM (Russian Virus Makers)](RVM_Russian_Virus_Makers/)
* [Sector Infector Inc.](Sector_Infector_Inc/)
* [SG (Stealth Group; former SG World Wide)](SG_Stealth_Group_former_SG_World_Wide/)
* [Shadow Dancer Team](Shadow_Dancer_Team/)
* [ShadowVX Group](ShadowVX_Group/)
* [Silicium Revolte](Silicium_Revolte/)
* [Skamwerk Labs](Skamwerk_Labs/)
* [SLAM](SLAM/)
* [SMF](SMF/)
* [SOS (Sign Of Scream)](SOS_Sign_Of_Scream/)
* [SPS (Scientific Programming Society)](SPS_Scientific_Programming_Society/)
* [SVAT (Special Viruses And Trojans)](SVAT_Special_Viruses_And_Trojans/)
* [SVL (Slovak Virus Laboratories)](SVL_Slovak_Virus_Laboratories/)
* [SVS (Seoul Virus Society)](SVS_Seoul_Virus_Society/)
* [TAVC (Tula Anti & Viral Club)](TAVC_Tula_Anti_Viral_Club/)
* [TDJ (The Diabolical Judges)](TDJ_The_Diabolical_Judges/)
* [Team Necrosis](Team_Necrosis/)
* [TI (Technological Illusions)](TI_Technological_Illusions/)
* [TNN (The Narkotic Network)](TNN_The_Narkotic_Network/)
* [TPVO/OVEL (Taiwan Power Virus Organisation_Organization of Virus Examination Lab](TPVO_OVEL_Taiwan_Power_Virus_Organisation_Organization_of_Virus_Examination_Lab/)
* [TridenT](TridenT/)
* [The Trinity](The_Trinity/)
* [Trinity](Trinity/)
* [UCSI (Ultimate Chaos Security International)](UCSI_Ultimate_Chaos_Security_International/)
* [V-Zone (Virus Zone)](V-Zone_Virus_Zone/)
* [VBB (Virus Bits & Bytes)](VBB_Virus_Bits_Bytes/)
* [VDV (Verband Deutscher Virenliebhaber (The German Association of Virus Lovers))](VDV_Verband_Deutscher_Virenliebhaber_The_German_Association_of_Virus Lovers/)
* [Viper (Viral Inclined Programming Experts Group)](Viper_Viral_Inclined_Programming_Experts_Group/)
* [ViroGenic Junkies](ViroGenic_Junkies/)
* [Virulent Graffiti](Virulent_Graffiti/)
* [VLAD (Virus Laboratory And Distribution)](VLAD_Virus_Laboratory_And_Distribution/)
* [VOFCA (Virus and Other Fine Code Authors)](VOFCA_Virus_and_Other_Fine_Code_Authors/)
* [VXI (VX India)](VXI_VX_India/)
* [WAVE (World Association of Virus Enhancement)](WAVE_World_Association_of_Virus_Enhancement/)
* [Youths Against McAfee](Youths_Against_McAfee/)
* [ZeroGravity](ZeroGravity/)
================================================
FILE: history/index.md
================================================
---
layout: default
title: history
permalink: /history/
tags:
- history
- cyber
---
## History
[Groups](groups/)
[Magazines](magazines/)
Timeline: Key events in cyber history
Explore some of the technological advances that led to cyberspace and examples of notable hacks.
1988
----
The Morris worm - one of the first recognised worms to affect the world's nascent cyber infrastructure - spread around computers largely in the US. The worm used weaknesses in the UNIX system Noun 1 and replicated itself regularly. It slowed down computers to the point of being unusable. The worm was the work of Robert Tapan Morris, who said he was just trying to gauge how big the Internet was. He subsequently became the first person to be convicted under the the US' computer fraud and abuse act. He now works as a professor at MIT.
DECEMBER 2006
-------------
NASA was forced to block emails with attachments before shuttle launches out of fear they would be hacked.
Business Week reported that the plans for the latest US space launch vehicles were obtained by unknown foreign intruders.
APRIL 2007
----------
Estonian government networks were harassed by a denial of service attack by unknown foreign intruders, following the country's spat with Russia over the removal of a war memorial. Some government online services were temporarily disrupted and online banking was halted.
The attacks were more like cyber riots than crippling attacks, and the Estonians responded well, relaunching some services within hours or - at most - days.
JUNE 2007
---------
The US Secretary of Defense’s unclassified email account was hacked by unknown foreign intruders as part of a larger series of attacks to access and exploit the Pentagon's networks.
OCTOBER 2007
------------
China’s Ministry of State Security said that foreign hackers, which it claimed 42% came from Taiwan and 25% from the US, had been stealing information from Chinese key areas.
In 2006, when the China Aerospace Science & Industry Corporation (CASIC) intranet network was surveyed, spywares were found in the computers of classified departments and corporate leaders.
SUMMER 2008
-----------
The databases of both Republican and Democratic presidential campaigns were hacked and downloaded by unknown foreign intruders.
AUGUST 2008
-----------
Computer networks in Georgia were hacked by unknown foreign intruders around the time that the country was in conflict with Russia. Graffiti appeared on Georgian government websites.
There was little or no disruption of services but the hacks did put political pressure on the Georgian government and appeared to be coordinated with Russian military actions.
JANUARY 2009
------------
Hackers attacked Israel’s internet infrastructure during the January 2009 military offensive in the Gaza Strip. The attack, which focused on government websites, was executed by at least 5,000,000 computers.
Israeli officials believed the attack was carried out by a criminal organisation based in a former Soviet state, and paid for by Hamas or Hezbollah.
JANUARY 2010
------------
A group named the "Iranian Cyber Army” disrupted the service of the popular Chinese search engine Baidu. Users were redirected to a page showing an Iranian political message.
The same “Iranian Cyber Army” had hacked into Twitter the previous December, with a similar message.
OCTOBER 2010
------------
Stuxnet, a complex piece of malware designed to interfere with Siemens industrial control systems, was discovered in Iran, Indonesia, and elsewhere, leading to speculation that it was a government cyber weapon aimed at the Iranian nuclear programme.
JANUARY 2011
------------
The Canadian government reported a major cyber attack against its agencies, including Defence Research and Development Canada, a research agency for Canada's Department of National Defence.
The attack forced the Finance Department and Treasury Board, Canada’s main economic agencies, to disconnect from the Internet.
JULY 2011
---------
In a speech unveiling the Department of Defense’s cyber strategy, the US Deputy Secretary of Defense mentioned that a defense contractor was hacked and 24,000 files from the Department of Defense were stolen.
OCTOBER 2012
------------
The Russian firm Kaspersky discovered a worldwide cyber-attack dubbed “Red October,” that had been operating since at least 2007.
Hackers gathered information through vulnerabilities in Microsoft’s Word and Excel programmes. The primary targets of the attack appear to be countries in Eastern Europe, the former USSR and Central Asia, although Western Europe and North America reported victims as well.
The virus collected information from government embassies, research firms, military installations, energy providers, nuclear and other critical infrastructures.
MARCH 2013
----------
South Korean financial institutions as well as the Korean broadcaster YTN had their networks infected in an incident said to resemble past cyber efforts by North Korea.
JUNE 2013
---------
In their first-ever meeting dedicated to cyber defence on Tuesday (June 4), NATO Defence Ministers agreed that the Alliance’s cyber-defence capability should be fully operational by the autumn, extending protection to all the networks owned and operated by the Alliance.
OCTOBER 2013
------------
NCIRC Upgrade - The NATO Computer Incident Response Capability (NCIRC) upgrade project, a 58 Million euro enhancement of NATO cyber defences, is on track for completion by the end of October 2013. This major capability milestone will help NATO to better protect its networks from the increasing number of cyber attacks against the Alliance's information systems.
1943-1944
---------
History
-------
The digital era jumped ahead with the creation of Colossus, the first programmable digital machine. Though limited compared to later computers, Colossus played a pivotal role in code breaking during World War II. In effect, the British developed the first digital machine to hack German codes.
The National Museum of Computer: Colossus
Colossus: The first large-scale electronic computer
1961-1962
History
-------
Key steps in the history of global computer networks came when Leonard Kleinrock at MIT published the first paper on packet switching theory in July 1961, and the next year when J.C.R. Licklider, also at MIT, wrote a series of memos spelling out his ideas for a "Galactic Network" in which people could access data from anywhere.
Internet Society: Origins of the Internet
1967-1969
History
-------
The Advanced Research Projects Agency, later known as DARPA, accelerated work on what was initially dubbed ARPANET and eventually came to be known as the Internet. The first ARPANET message was sent at 10:30 p.m. on Oct. 29, 1969.
Internet Society: Oirginal Internet concepts
Stanford Research Institute: Celebrating the first ARPANET transmission
1971
History
-------
Intel released the first integrated microprocessor, a major leap forward in the history of the computer. It had 2,300 transistors and processed 60,000 instructions per second.
1982
Hack
----
National security officials in the United States launched one of the world's first cyberattacks on another country: the Soviet Union. U.S. officials heard, through a KGB source named Farewell, that the Soviets intended to buy computer equipment through a front company to operate a gas pipeline. U.S. agents altered the software, which later caused the pipeline to explode.
CIA: The Farewell Dossier
At the Abyss: An Insider's History of the Cold War (book)
1986-1987
Hack
----
In 1986 and 1987, a physics researcher at the University of California at Berkeley uncovered a global hack of academic, military and government computers in the United States. Chronicled later in the book “The Cuckoo's Egg,” it was the first investigation of its kind, and it revealed online hacker threats spread around the globe.
Wikipedia: The Cuckoo's Egg
1988
Hack
----
The first "worm" attack occurred on the Internet. A Cornell University student named Robert Tappan Morris released several dozen lines of code, which replicated wildly and hit thousands of computers hard. It stopped about 10 percent of the 88,000 computers linked to the Internet at the time.
The What, Why, and How of the 1988 Internet Worm
CERT: Security of the Internet
1990
History
-------
ARPANET became an operation network known as the Internet. About 2.6 million people around the globe had access.
1994
Hack
----
Anonymous hackers repeatedly attacked the Air Force's Rome Laboratory in New York, underscoring the threat to military systems. Investigators discovered that a British teenager and an Israeli technician had used phone systems and networks in eight countries to cloak their attacks on numerous military and government computer systems.
GAO (PDF): Computer attacks at the Department of Defense pose increasing risks
1997
Hack
----
The Pentagon's first "information warfare" exercise, known as Eligible Receiver, found that industrial and information systems throughout the United States are vulnerable to cyberattacks from hackers using readily available technology and software. Specialists said it appeared as though simulated attacks on power and communications networks in Oahu, Hawaii; Los Angeles; Colorado Springs, Colo.; Washington, D.C.; and elsewhere succeeded with ease.
Congressional Research Service report (PDF): Cyberwarfare
2003
History
-------
The amount of digital information created by computers, cameras and other data systems this year surpassed the amount of all information created in human history, according to studies by International Data Corp. and EMC.
November 2003
Hack
----
Hackers apparently supported by China attacked military and government systems in the United States with impunity, making off with terabytes of data. The attacks were dubbed Titan Rain by officials in the United States.
Washington Post: Hackers attack via Chinese Web sites
May 2007
Hack
----
During a dispute between Estonia and Russia, hackers launched massive attacks on Estonian government agencies, banks, newspapers and other organization, using networks of computers to shut down Estonian systems online. Some analysts, blaming Russia, asserted the attacks represent one of the first instances of cyberwar.
Wired: Kremlin Kids: We launched the Estonian cyber war
2008
History
-------
Cyberspace accelerated its expansion, with the number of devices connected to the Internet exceeding the number of people on Earth for the first time. That number hit an estimated 12.5 billion in 2010, according to a researcher at Cisco who predicted it will rise to 50 billion in 2020. Hundreds of millions of new Internet users also sign on, many millions of them via mobile phones and other portable devices.
November 2008
Hack
----
The most significant breach of U.S. computer security occurred, apparently when someone working with the Pentagon's Central Command inserted an infected flash drive into a military laptop computer at a base in the Middle East. The case was code named Buckshot Yankee. "The flash drive’s malicious computer code, placed there by a foreign intelligence agency, uploaded itself onto a network run by the U.S. Central Command. That code spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control," a senior U.S. official later wrote in Foreign Affairs magazine.
Washington Post: Cyber-intruder sparks massive federal response
March 2009
Hack
----
Canadian researchers identified a Chinese espionage network operating on government computer systems in 103 countries, making it the largest operation of its kind ever publicly identified. The researchers dubbed the system GhostNet.
New York Times: Vast spy system loots computers in 103 countries
December 2009
Hack
----
Communications links with U.S. drones were hacked by Iraqi insurgents, who used laptop computers and inexpensive software. The hack apparently enabled the insurgents to see video images the drone was recording.
January 2010
Hack
----
Google announced that it and dozens of other companies were the focus of a "highly sophisticated and targeted attack" originating from China. The attack resulted in a huge amount of data being stolen. It was later dubbed Operation Aurora.
February 2010
History
-------
The number of Internet users topped 2 billion. The Defense Department said that although "it is a man-made domain, cyberspace is now as relevant a domain for DoD activities as the naturally occurring domains of land, sea, air and space.”
July 2010
Hack
----
Researchers discovered the most sophisticated cyberweapon ever to be made public. A "worm" known as Stuxnet, it was designed to seek out certain industrial control systems made by Siemens. Stuxnet took advantage of four zero-day vulnerabilities and appeared to be targeted at a uranium enrichment program in Iran. Specialists said it appeared to have a devastating effect, destroying or damaging hundreds of centrifuges. The New York Times reported that President Obama approved the operation as part of a secret U.S.-Israeli cyberwar campaign against Iran begun under the Bush administration.
November 2010
History
-------
A group of the nation's top scientists concluded in a report to the Pentagon that "the cyber-universe is complex well beyond anyone’s understanding and exhibits behavior that no one predicted, and sometimes can’t even be explained well." The scientists, part of a Pentagon advisory group called JASON, said, "Our current security approaches have had limited success and have become an arms race with our adversaries. In order to achieve security breakthroughs we need a more fundamental understanding of the science of cyber-security."
May 2011
Hack
----
Sony told Congress that hackers had penetrated the PlayStation network, stealing or misusing the personal information of at least 77 million users. Sony estimated that fallout from the hack cost at least $170 million. It appeared as though criminals masqueraded as members of the anarchist-activist group known as Anonymous.
March 2012
Hack
----
Gen. Keith Alexander, commander of U.S. Cyber Command, blamed China for taking "astounding" amounts of intellectual propery and for the hack last year of security giant RSA. In testimony before a congressional panel, Alexander hinted at military reprisals. "We reserve the right to use all necessary means — diplomatic, informational, military, and economic — as appropriate and consistent with applicable international law," Alexander testified.
### References
* http://www.washingtonpost.com/wp-srv/special/investigative/zeroday/cyber-history-timeline/
* http://www.nato.int/docu/review/2013/cyber/timeline/EN/index.htm
================================================
FILE: history/magazines/index.md
================================================
---
layout: default
title: Cyber Techniques
permalink: /history/magazines/
tags:
- history
- magazines
- cyber
---
History - Magazines
===================
================================================
FILE: index.md
================================================
---
layout: default
title: Cyber Techniques
permalink: /
tags:
- cybertechniques
- cyber
---
# Cyber Techniques
### A collaborative exploration
## Welcome to the Cyber Techniques website www.cybertechniques.net
Our site and content has been designed to be easily modified and updated
* See the [contribute section](#contribute) below for more information
I have started this site as a result of work in my masters degree program in Cyber Security.
With only knowing a small part of the overall big picture I hope to get others to contribute information to this group.
This site was created to contain a compilation of various material related to different cyber techniques that either have existed in the past, that currently exist, or that could exist in the future.
I created this site to contain information which can help people explore various cyber techniques, something that I have found difficult to do while going through my Cyber Security education because there is currently no good compilation of material on this topic.
By compiling a vast amount of information in one place one would ask if this collection of information could be used for more bad than good. The answer is simple, yes. It is no different than anything else. Information on cyber techniques isn't easy to find. Partly due to the fact that that this is a new and evolving area. I think it is also due to people trying to hide this information thinking that making this type of information difficult to find will make things better. I think this makes a good introduction into [obfuscation](techniques/obfuscation/). I believe that information related to cyber techniques should be well known to everyone. Just because it is hard to find information on a particular topic doesn't mean that information cant be obtained, it just takes longer to find what you are looking for. That means it is harder for everyone to find and learn about this evolving topic. Making this information readily available I hope to start to break down the walls between the hidden techniques commonly used by crackers and expose them to researchers, hackers, and others wanting to learn how to overcome threats now and in the future. I want this to be a place where information can be shared, contributed to, disected, and built upon.
The main reason why I am integrating this site and github together is so that it will be easy for anyone to help contribute, share, and use information related to various cyber techniques. Hopefully this will help in some way to keep us ahead of the many cyber threats that exist today and the many that will continually be exposed over the upcoming years.
My goal is not to reduplicate information that is already readily available but to take existing information and archive it for historical and learning purposes in the future.
By not reduplicating efforts that have already been done we can focus our efforts on learning and implementing protections for current or future problems.
## Definitions
### What is cyber?
The definition of cyber is: of, relating to, or characteristic of the culture of computers, information technology, and virtual reality.
Cyber can relate to anything electronic, digital, wired, virtual, internet, or network related.
### What are cyber techniques?
I am using cyber techniques to describe what techniques are used in the cyber realm
You can take a look at the [techniques page](techniques/) for more information
Cyber techniques can be used for both bad and good
Before looking at some of the software related cyber techniques it may be a good idea to review or go over some of the [Assembly Language](assembly/) tutorials provided here. You can also take a look at the [assembly language quick links](#assembly-language-quick-links)
A big focus area today is: Cyber Threats
Different cyber techniques are implemented which help to create:
* [Malware](malware/)
* [Social Attacks](#) \(No content available yet\)
* [Computer Attacks](#) \(No content available yet\)
* [Cloud Attacks](#) \(No content available yet\)
* [Infrastructure Attacks](#) \(No content available yet\)
## Assembly Language Quick Links
* The use of assembly language is common in the various cyber threats. See the links below for more information.
* [Main Page](assembly/)
* [Windows x86](assembly/windows/x86/)
* [Windows x64](assembly/windows/x64/)
* [Linux x32](assembly/linux/x86/)
* [Linux x64](assembly/linux/x64/)
## History
[History](history/)
## Analysis Tools
[Link](analysis_tools/)
## Archiver Tool
The archiver tools is not yet available but is a web based tool that will allow a user to archive a sites page & associated content at a given url
[Link](#)
## Contribute
* Our site is hosted on Amazon.
* The site repository is located at: [Github](http://site.cybertechniques.net)
* Our code is hosted on github
* The techniques code repository is located at: [Github](http://code.cybertechniques.net)
* The threats code repository is located at: [Github](http://threats.cybertechniques.net)
### Repository Layout
In order to keep the repository checkout process simple and small in size all examples will be contained in separate sub repositories listed under the Cyber Threats group
* You should use the following form which is prefixed with example and separated by a hyphen(-) where you have a new folder:
upx obfuscation example:
example-techniques-obfuscation-packing-upx
## Policies
In order to prevent abuse using content from this site I have a running list below of unacceptable items that will not be permitted in any of the repositories and are listed in alphabetical order (linked content using the [Archiver Tool](#archiver-tool) is acceptable though):
* binaries (except for free / opensource analysis tools)
* must be validatable by a known good chacksum
* once available, the binary must include a snapshot of the known good checksum using the archiver tool for historical purposes
* stolen information (includes)
* proprietary information
* information not for public release
## Contact
Somone can be reached at: contact@cybertechniques.net
================================================
FILE: malware/index.md
================================================
---
layout: default
title: Cyber Techniques
permalink: /malware/
tags:
- malware
---
# Malware
### What is malware?
### Where can I find real malware samples?
I have no intention of storing real live malware samples in this repository. Only malware source code will be permitted.
### Real Samples
In alphabetical order
Site Name | URL
-------------------- | --------------------
Luxembourg CERT | https://malware.lu
VirusShare | https://virusshare.com
================================================
FILE: scripts/change_extension.sh
================================================
for f in *.html; do
mv "$f" "$(basename "$f" .html).zip"
done
================================================
FILE: scripts/create_dirs.sh
================================================
#!/bin/bash
for f in *.zip; do
mkdir malware-source-${f%%.*}
done
================================================
FILE: scripts/mv_files.sh
================================================
#!/bin/bash
for f in *.zip; do
mv $f ../malware-source-${f%%.*}/
done
================================================
FILE: techniques/index.md
================================================
---
layout: default
title: Cyber Techniques
permalink: /techniques/
tags:
- cybertechniques
---
In order to learn about different techniques that can be used in the creation of cyber threats I have created sections for various cyber techniques
Technique | Location
-------------------- | --------------------
Obfucation | [techniques/obfuscation/{name}](obfuscation/)
================================================
FILE: techniques/obfuscation/code_integration/index.md
================================================
---
layout: default
title: Code Integration
permalink: /techniques/obfuscation/code_integration/
tags:
- code integration
- obfuscation
- techniques
---
Obfuscation - Code Integration
==============================
================================================
FILE: techniques/obfuscation/code_transposition/index.md
================================================
---
layout: default
title: Code Integration
permalink: /techniques/obfuscation/code_transposition/
tags:
- code transposition
- obfuscation
- techniques
---
Obfuscation - Code Transposition
================================
================================================
FILE: techniques/obfuscation/dead_code/index.md
================================================
---
layout: default
title: Dead Code
permalink: /techniques/obfuscation/dead_code/
tags:
- dead code
- obfuscation
- techniques
---
Obfuscation - Dead Code
=======================
================================================
FILE: techniques/obfuscation/encryption/common_encrypters/index.md
================================================
---
layout: default
title: Common Encrypters
permalink: /techniques/obfuscation/encryption/common_encrypters/
tags:
- common encrypters
- obfuscation
- techniques
---
Crypter / Protector
===================
Common Encrypters:
------------------
* ARM Protector
* HOME
* Not Available
* DESC
* ARM Protector is a Windows Portable Executable (PE) file protector and cryptor against reverse engineering (cracking, debugging and other illegal modifications). It has some nice protection options.
* PESpin
* HOME
* http://www.pespin.com/
* DESC
* PESpin is a simple PE protector, compressor coded in Win32ASM using MASM. Utilizes aPlib as compression library
* PECRYPT32
* HOME
* Not Available
* PE-PROTECTOR
* HOME
* Not Available
* DESC
* PE-PROTECTOR is a encrypter/protector for Windows 9x/ME to protect executable files PE against reverse engineering or cracking with a very strong protection. Features anti-debugger, anti-disassembler, anti-generic dumper, anti-VxD dumper, anti-FrogsICE, anti-Monitors, anti-API spy and many more advanced techniques.
* CodeCrypt
* HOME
* Not Available
* tELOCK
* HOME
* Not Available
* PEncrypt
* HOME
* Not Available
* ELFCrypt
* HOME
* https://web.archive.org/web/20071216172051/http://www.infogreg.com/source-code/public-domain/elfcrypt-v1.0.html
* DESC
* It's supposed to encrypt the .code section (.text, in most cases) and decrypts itself at run-time.
* Ding Boy's PE-Lock
* HOME
* Not Available
* DESC
* A PE crypter with definable start message, restrictive runtimes, and restrictive dates.
* Yoda’s Crypter
* HOME
* http://sourceforge.net/projects/yodap/files/
* yoda's Protector by yoda & Ashkbiz Danehkar
* HOME
* http://sourceforge.net/projects/yodap/files/
* NFO (Based on yoda's crypter)
* HOME
* Not Available
* PeX
* HOME
* Not Available
* PCPEC
* HOME
* Not Available
* PE-SHIELD
* HOME
* Not Available
* PELOCKnt
* HOME
* Not Available
* PE-ENCRYPTOR
* HOME
* Not Available
* VGCrypt
* HOME
* Not Available
* NoodleCrypt
* HOME
* Not Available
* LameCrypt
* HOME
* Not Available
* PE password protector
* HOME
* Not Available
================================================
FILE: techniques/obfuscation/encryption/index.md
================================================
---
layout: default
title: Encryption
permalink: /techniques/obfuscation/encryption/
tags:
- encryption
- obfuscation
- techniques
- xor
---
Obfuscation - Encryption
========================
What is encryption?
-------------------
Encryption is used to protect the confidentiality of digital data that is stored on electronic systems or transmitted via electronic means.
XOR Tutorial
------------
We will first look at a simple encryption xor example
[XOR Encryption Example](http://code.cybertechniques.net/example-techniques-obfuscation-encryption-xor/)
Common Encrypters
-----------------
[Click For List](common_encrypters/)
================================================
FILE: techniques/obfuscation/index.md
================================================
---
layout: default
title: Cyber Techniques
permalink: /techniques/obfuscation/
tags:
- cybertechniques
---
Obfuscation Techniques
======================
What is Obfuscation?
-----------------------
Obfuscation is the deliberate addition of ambiguous, confuscing, or misleading information to interfere with surveillance and data collection.
The concept of obfuscation is simple but there are many use cases for obfuscation.
Obfuscation is the production of noise modeled on an existing signal in order to make a collection of data more ambigious, confusing, harder to exploit, more difficult to act on, and therefore less valuable.
Obfuscation can be compared to a safe. A safe is not invincible. A fire safe is rated in hours. It is vulnerable to the same hazards, the only difference is that it was built specifically to help protect its contents. Obfucation provides the same function. It is also vulnerable, its purpose is to just protect its contents that it was made to protect.
Obfuscation is a tool that is particularly well suited for people without access to other modes of recourse. This doesn't have to be a particular case, but it can be the case in general. What does this mean? It means that if you are on the weak side of a power play relationship that you will most likely be the one who turns to obfuscation first. It is much easier and cheaper to implement or use obfuscation in certain scenarios than to implement larger more robust solutions.
Does this mean that it isn't used by the powerful players. No, it is used by anyone and everyone. Obfuscation is just as successful at what it can provide regardless of the person using it given a solid implementation.
We can see examples where actors even at the country level commonly use obfuscation techniques.
One example is the 2011 Russian parliamentary elections.
Another was seen during the Mexican election.
Obfuscation can fool people but not machines. Since obfuscation can't fully protect anything, it can only help obscure things, or make it harder for humans to figure out what is really happening.
The film Spartacus is another example that shows the use of Obfuscation. Here obfuscation can be seen where instead of just one individual saying that they are Spartacus, there are many individuals all claiming to be Spartacus. This shows that as it is not impossible to find the real person who is the Spartacus they are looking for, it still takes time to filter out all of the unwanted results, thus giving extra time for the real Spartacus to escape.
In another instance, the company Uber sent large amounts of orders for rides to Gett drivers and then would cancel the orders shortly before the drivers got there. In this case Uber, would then offer the Gett drivers better jobs to switch to Uber. Since the Gett drivers were tired of losting money from Gett they would switch to uber. The obfuscation in this case was a result of all of the fake request that were sent by Uber.
Another example shows us that works of writing can be obfuscated. It is possible that with the use of computers it is now possible to collect enough text from users that a computer can map a piece of text to a user based on the user's writing style based on a pool of known users and their writings.
This type of detection is called stylometry and in order to evade this collection technique you can use obfuscation to vary the writing style of text so that a text style cant be traced back to a specific user. An example of a solution to this type of obfuscation is called Anonymouth.
Do you ever feel like you are being watched when you browse the internet? If so it is because you are. Through the use of cookies, sites such as ad companies are able to track what sites you visit which in turn can then help to target certain ads for display in your internet browser.
How can you avoid this? One method that has been used is called the cookie collector. The cookie collector takes cookies from different people and swaps their cookies. This in effect changes the user experience that the users will have when browsing and will confuse the adsense system.
There are many good use cases for obfuscation. In no other time in history has there been so much data amassed about each on of us as now. All of this data is commonly referred to as Big Data. Big Data has many aspects that are commonly associated with it. Anything from analytics, data aggregation, and predictive modeling. Much of the data is this anonymized isnt truly anonymous. The problem comes from the fact that oftentimes data standing in its singular form is anonymous. The problem is that once you combine multiple singular anonymous data sets, the data often times change from anonymous data to data that clearly identifies relationships between the different anonymouse files.
Many forms of obfuscation work best as a way to buy time until something else happens. Obfuscation may only be able to get you a small amount of time as in minutes, hours, days, and if your lucky years. Even though it may not provide much extra time, sometimes a few minutes is all you need.
[//]: # (## Interesting points)
[//]: # (Where does a wise man hide a leaf? In the forest. But what does he do if there is no forest? ... He grows a forest to hide it in.)
## Computer related obfuscation techniques
| Obfuscation Technique | Advantage |
| --------------------------------------------- | ------------------------------------------------------------------------------------ |
| Packing | Saves memory and bandwidth |
| Encryption | Simple implementation multiple layers of encryption is more effective |
| Oligmorphism | More effective than encryption since the decryptor can change |
| Polymorphism | Became the successor to oligmorphism, and is still an effective technique |
| Metamorphism | Much more effective than other current obfuscation techniques |
| Stealthy code obfuscation technique | New idea / implementation, Could easily defeat antimalware scanners in the beginning |
| Dead code insertion | Simple, changes program appearance |
| Register reassignment | Simple technique without having to change the program code |
| Subroutine reordering | Can be effective but not as effective as other techniques |
| Instruction substitution | Can replace routines like xor with sub and mov instructions for harder detection |
| Code transposition | Reorders instructions without having an impact on program behavior |
| Code integration | This technique can make detection and recovery difficult |
___
### Packing
#### Overview
#### Link
* [packing](packing/)
___
### Encryption
#### Overview
#### Link
* [encryption](encryption/)
___
### Oligamorphism
#### Overview
Oligamorphism is where the decoder is changed for every instance of infection. It can still be detected by its signature, as there is a limit to the number of replications a decoder can make of itself.
#### Link
* [oligamorphism](oligamorphism/)
___
### Polymorphism
#### Overview
Polymorphism is an advancement on oligomorphic malware, this generates infinite number of decoders by using different obfuscation techniques. The basic function of polymorphic malware remains the same each time it is decoded, only the obfuscation changes. Depending on the conditions, polymorphic code also has the ability to re-write itself, further complicating detection.
#### Link
* [polymorphism](polymorphism/)
___
### Metamorphism
#### Overview
Metamorhpism is when code is re-written every time it is replicated, making each instance different from its previous once. This prevents detection by removing the potential for common signatures within a particular malware variant.
#### Link
* [metamorphism](metamorphism/)
___
### Stealthy Code
#### Overview
#### Link
* [stealthy code](stealthy_code/)
___
### Dead Code
#### Overview
Dead code is the insertion of No Operation Performed (NOP) code; this code serves no function but is written in a way that complicates analysis.
#### Link
* [dead code](dead_code/)
___
### Register Reassignment
#### Overview
Register reassignment replaces the unused registers with malware code registersis; the program code and its behaviour remains the same.
#### Link
* [register reassignment](register_reassignment/)
___
### Subroutine Ordering
#### Overview
Subroutine ordering randomly changes the order of subroutines in the program, creating different malware signatures for every variation of subroutines.
#### Link
* [subroutine ordering](subroutine_ordering/)
___
### Instruction Substitution
#### Overview
Instruction substitution replaces some of the code statements with the equivalent statements.
#### Link
* [instruction substitution](instruction_substitution/)
___
### Code Transposition
#### Overview
Code transposition changes the order of instructions by using statements which alters the code from its native form; this is achieved in two ways: by using unconditional branch statements, or by reordering the independent instructions, which is difficult to implement and harder to identify the malware.
#### Link
* [code transposition](code_transposition/)
___
### Code Integration
#### Overview
Code integration inserts a new brief into the benign source code from a program inorder to run the code malicious.
#### Link
* [code integration](code_integration/)
___
### References
https://www.cert.gov.uk/wp-content/uploads/2014/11/Code-obfuscation.pdf
================================================
FILE: techniques/obfuscation/instruction_substitution/index.md
================================================
---
layout: default
title: Instruction Substitution
permalink: /techniques/obfuscation/instruction_substitution/
tags:
- instruction substitution
- obfuscation
- techniques
---
Obfuscation - Instruction Substitution
======================================
================================================
FILE: techniques/obfuscation/metamorphism/index.md
================================================
---
layout: default
title: Metamorphism
permalink: /techniques/obfuscation/metamorphism/
tags:
- metamorphism
- obfuscation
- techniques
---
Obfuscation - Metamorphism
==========================
================================================
FILE: techniques/obfuscation/oligamorphism/index.md
================================================
---
layout: default
title: Oligamorphism
permalink: /techniques/obfuscation/oligamorphism/
tags:
- oligamorphism
- obfuscation
- techniques
---
Obfuscation - Oligamorphism
===========================
================================================
FILE: techniques/obfuscation/packing/index.md
================================================
---
layout: default
title: Packing
permalink: /techniques/obfuscation/packing/
tags:
- packing
- obfuscation
- techniques
---
Obfuscation - Packing
=====================
Introduction
------------
### What is packing?
A packer helps to reduce the physical size of an executable by using a compression technology. A decompression stub is usually then attached, parasitically, to the executable. At runtime, the decompression stub expands the original application and transfers control to the original entry point.
#### Common packers:
Free
* UPX
* HOME
* http://upx.sourceforge.net/
* DESC
* UPX is a free, portable, extendable, high-performance executable packer supporting multiple executable formats
* EXAMPLE
* [Link](http://code.cybertechniques.net/example-techniques-obfuscation-packing-upx/)
* UNPACKING
* Morphine
* HOME
* http://www.delphibasics.info/home/delphibasicscounterstrikewireleases/polymorphiccrypter-morphine27byholyfather
* DESC
* UNPACKING
* http://www.joestewart.org/morphine-dll/
* Mew
* HOME
* https://web.archive.org/web/20070204142739/http://northfox.uw.hu/down/mew11.zip
* DESC
* Mew is an exe-packer program, based on LZMA and ApPack methods, written in MASM 32 and Visual C++ by Northfox. Originaly it was designed for small files (4k,64k intros), but it supports bigger files too. With one of the best compression ratio.
* Packman
* HOME
* http://packmanpacker.sourceforge.net/
* DESC
* Packman is a 32bit Windows Portable Executable image packer. It will take an existing executable and compress it into a form that runs exactly like the original. The main goal of the program is to give the user detailed control over the packing process.
* exe32pack
* HOME
* http://www.woodmann.com/forum/showthread.php?5035-exe32pack-unpacker-dumper-with-source
* DESC
* Packs win32 executables and dynamically expands them upon execution. Helps protect executables against tampering.
* SOURCE
* http://www.woodmann.com/forum/attachment.php?attachmentid=885&d=1076532697
* EZIP
* HOME
* DESC
* SOURCE
* UNPACKING
* http://comcrazy.net76.net/REA/Manual%20unpacking%20EZIP%201.0.htm
* PE-PaCK
* HOME
* DESC
* Quote: I have compared PEPACK to all the other PE packers I know off: PETITE, PECRYPT, WWPACK32, SHRINKER, STNPEE... And I can proudly say, that PEPACK beats up all of them.
* SOURCE
* UNPACKING
* FSG
* HOME
* Not working - http://www.woodmann.net/bart/download.php?id=xt_fsg20.zip
* cExe
* HOME
* http://www.scottlu.com/Content/CExe.html
* DESC
* Compress any executable! With CExe, you can compress any executable and make it significantly smaller and still fully functional. This is useful for sending executables in email, downloading executables over the net, fitting executables on floppies, etc. CExe can compress Win32 executables, Win16 executables, OS/2 executables, WinNT Posix executables... the output format is *always* Win32 executable format
* PE Diminisher
* HOME
* Not Available
* DESC
* PE Diminisher is a simple PE packer. Just run it, open the file you want to pack, and select Encrypt File! This software was written in learning purpose only. Nice GUI.
================================================
FILE: techniques/obfuscation/polymorphism/index.md
================================================
---
layout: default
title: Polymorphism
permalink: /techniques/obfuscation/polymorphism/
tags:
- polymorphism
- obfuscation
- techniques
---
Obfuscation - Polymorphism
==========================
================================================
FILE: techniques/obfuscation/register_reassignment/index.md
================================================
---
layout: default
title: Register Reassignment
permalink: /techniques/obfuscation/register_reassignment/
tags:
- register reassignment
- obfuscation
- techniques
---
Obfuscation - Register Reassignment
===================================
================================================
FILE: techniques/obfuscation/stealthy_code/index.md
================================================
---
layout: default
title: Stealthy Code
permalink: /techniques/obfuscation/stealthy_code/
tags:
- stealthy code
- obfuscation
- techniques
---
Obfuscation - Stealthy Code
===========================
================================================
FILE: techniques/obfuscation/subroutine_ordering/index.md
================================================
---
layout: default
title: Subroutine Ordering
permalink: /techniques/obfuscation/subroutine_ordering/
tags:
- subroutine ordering
- obfuscation
- techniques
---
Obfuscation - Subroutine Ordering
=================================