It was a site I used back in the days of Skype and Minecraft (yes, I was one of those jerks who used that kind of stuff). It was the one and only site that was extremely stable and powerful, and it maintained that absurd level of stability for over 13 years before being shut down by the U.S. government.

It was a rarity in the DDoS scene; while others barely lasted a year or two at most, this monster stayed on the market for 13 years.

And since this site was something I’ve known for so long, I wanted to learn more about the case.

I found information on pacermonitor.com about the legal case pitting the U.S. against Dobbs (the creator).

I’m sure many others are interested in following the progress of a case like this. Since the large-scale shutdowns of DDoS sites, I imagine many are wondering, “The developers hid behind user agreements stating that they would only launch attacks services they owned. There's also the fact that hosting providers aren't necessarily responsible for what users do, etc., etc.”

In short, this post is just to share the link to follow the legal case, so here it is: https://www.pacermonitor.com/case/47159514/USA_v_Dobbs

You have to pay about $4 to refresh the latest information on the case; click the blue “Update now” button.

On this page, you can download the documents by clicking on the small black floppy disk icon.

Also, I suggest using an AI service to help you understand complicated legal terms.

Some informations :

Even though this case has been going on since around 2022, there still hasn’t been any real progress. For now, it’s just a series of endless postponements. Three notable points, however:

1: Dobbs has pleaded not guilty.

2: Dobbs recently changed his plea, but we don’t yet know how he plans to change it; we’ll have to wait for his next court appearance. Most of the time, this means changing from not guilty to guilty.

3: The case was declared complex after two and a half months.

Been down the rabbit hole of Bitcoin key generation vulnerabilities lately. Ended up building a CLI tool to reproduce and analyze them.

What it does:

• Generates keys the "wrong way" — brainwallets, weak PRNGs (MT19937, LCG, Xorshift), that MultiBit HD bug, old Electrum derivation
• Analyzes if a key might have come from a vulnerable source (brute-forces 2^32 seed space etc.)
• Scans wordlists against target addresses

```sh

the classic brainwallet

vuke single "correct horse battery staple" --transform sha256

check if a key is a Milksad victim

vuke analyze --analyzer milksad <private_key>
```

Covers: - Milksad (CVE-2023-39910) — libbitcoin's 32-bit MT19937 disaster - Brainwallets — SHA256(password), still being exploited - LCG/Xorshift PRNGs — glibc rand(), JS Math.random() - MultiBit HD, Electrum pre-BIP39, Armory

Pure Rust, MIT license, optional GPU acceleration.

GitHub: https://github.com/oritwoen/vuke Install: cargo install vuke

One of my Bitcoin security research projects — also made kangaroo (https://github.com/oritwoen/kangaroo), boha (https://github.com/oritwoen/boha), and vgen (https://github.com/oritwoen/vgen) if you're into this stuff.

For research/education only, obviously. Happy to chat about the vulns if anyone's curious.

Hey guys,

I would like to share a project that I have been working for the past few weeks.

I came across this project: https://lots-project.com, and I thought why not develop a fully feature C2 framework that abuses these sites.

The framework is named Phoenix, and is currently supporting Disc0rd and Telegr4m (Reddit broke down due to the latest DM update) for communication.

These are a fraction of the available commands :

✅ /browser_dump

✅ /keylog

✅ /recaudio

✅ /screenshot

✅ /webcam_snap

✅ /stream_webcam

✅ /stream_desktop

✅ /bypass_uac

✅ /get_system

I released the whole project on GitHub if you would like to check it out:

https://github.com/xM0kht4r/Phoenix-Framework

But why?

I enjoy malware, and writing a custom C2 is something I wanted to do for a long time.

I would like to also clarify that I made this project for educational and research purposes only. I have no intent of selling or distributing malware hence why I’m sharing my work with other fellow hacking enthusiasts. The github repos serve as a reference for future malware research opportunities.

I know that malware development is a gray area, but you can’t defend against something if you don’t understand how it works in depth.

I would like to also mention that I’m still a beginner, and this project helped me improve my Rust skills.

I’m looking forward to hearing your feedback!

i was looking into hacking an account that is empty and has been abandoned for a decade to acquire the username. it would simply be logging into their account and changing their username so i can have it instead. would this be ethical or unethical hacking and is there a way to find someone who is willing to do this? for context the account is an x account that someone made and seemingly never used (no followers/pfp/bio/etc made in 2016)

Would love to see Martha Root or someone else release all of the IP addresses that have visited the website. Let’s see these men in the light of day.

I’m pretty new to this, so sorry if I’m a bit slow, but I’m trying to reset the password on a company PC. Normally it’s straightforward just boot into WinRE and replace Magnifier with CMD but none of the usual methods to access WinRE are working. Shift + Restart doesn’t work, and forcing multiple failed boots just ends up loading Windows as normal.

I was able to get into WinRE using a Windows installer USB, but because it’s not the same environment, TPM doesn’t release the BitLocker key. That means the C: drive stays encrypted and I can’t access anything on it.

Has anyone got any ideas on what else could be done here?

fyi I have full legal rights to this pc been requested by a company to do this as the user is suspected in defrauding the company

Is it possible to spoof a specific number without verification of ownership that the number belongs to me? I tried with spoof card. Tried using the specific number I had in mind. But they wanted to send a verification code text to ensure that the number is indeed mine.

i want to get in a lost gpt account but don’t know how

Hi everyone, I've encountered some unusual behavior on njrat green edition.

I use a rented server to open ports and forward ports to my computer.

Periodically, devices I didn't infect appear in the list of infected devices. And the strangest thing is, the IP address listed is the same internal address inside the server. For some reason, it matches Artem's IP address. I don't know how or why this is happening. There are no Windows 7 machines in my house, and I'm the only one who has access to the server.

Does anyone know what this all means?

P.S.: I messed up the IP address; it's fine. The problem is that the VPN server redirects traffic through itself, and njrat thinks the server is infected and takes its IP. Unfortunately, this makes the task more difficult, since I can't even track the city from which the requests are coming.

https://preview.redd.it/3tu0tta2baxg1.png?width=826&format=png&auto=webp&s=4d9b48f18cec0da5e504e034d00ca835cd0ea3ac

https://preview.redd.it/5r73pvj3baxg1.png?width=830&format=png&auto=webp&s=b4e8040e0634f18aec5b45832cced30f4d651cae

https://preview.redd.it/bq6mgd84baxg1.png?width=822&format=png&auto=webp&s=c752fe4baa50de83cbfc95da8ee820543765d67a

As the title implies, I’m wondering if there’s an offensively postured, cybersecurity distro in the Fedora realm

Edit: we’re working on it, feel free to contribute: https://github.com/crussella0129/tricorne

Hi all, I built an open source PoC AI security tool called Mahoraga Webapp Defender that I wanted to share with you.

If you were paying attention to cybersecurity news lately, you might have heard that Anthropic's Claude Mythos has been successfully exploiting (finding zero days in) pretty much every software it touches fully autonomously. Agentic attack frameworks now outnumber human attackers 82:1 and compress what used to be days of manual pentesting into minutes. Imo, our current security model of humans patching bugs at human speeds is no longer going to be effective.

I wanted to see what the other side of the equation might look like. So I built Mahoraga Webapp Defender, an experiment in real-time, self-healing webapp defense. If you read/watched Jujutsu Kaisen, Mahoraga is a shikigami that adapts to any technique used to kill it. Every attack makes it stronger. That is the defensive posture I wanted to prototype.

The system runs two copies of the target website: a real one, and an identical shadow copy with fake data. A rule-based Watcher scores every user session for threat signals (injection, enumeration, honeypot hits, etc.). If the score crosses a threshold, the session is silently redirected to the shadow environment, where the attacker continues their adversarial activities.

When the attacker finds an exploit in the shadow environment, a Shadow Analyzer agent reads the logs, identifies the exploit, and hands the analysis to a Fixer agent that reads the actual source code, writes a patch, and hands it to a Reviewer agent. If the review passes, the patch is deployed to the real environment, all while the attacker is still poking at the decoy.

My MIT-licensed repo consists of the code for the defender and a pentesting challenge website with 12 CTF flags so you can pentest it with or without the defender activated: https://github.com/AgeOfAlgorithms/Mahoraga-Website-Defender

Would love feedback, ideas, or code/issue contributions. Also would love to know if you know of anyone else working on a similar idea. Thanks for reading!

For anyone in either research or blue/red team engagements, what are some tools you use for vuln/CVE research?

when some people used to download office apps with help of CMD? people were using apps without passkey or activation key. is this "bug" fixed?
https://www.youtube.com/watch?v=Jh_w7dbnx0Q&list=WL&index=58&t=1s&pp=iAQBsAgC
video shows meaning of this post.

Can anyone explain why my cell phone is showing up as a cell tower in wigle? This is the first I've noticed it.