Very nice guide good effort put into it! thanks for the info
[Guide] Checking Neopets Programs
Started by Kyle, Jun 26 2007 08:19 PM
33 replies to this topic
#26
Posted 12 August 2011 - 12:43 PM
#27
Posted 21 May 2012 - 11:38 AM
Just updated this so all of the images work again
#28
Posted 18 July 2012 - 02:25 AM
thank you for this it helped quite alot, i found a trainer off google once and it stole my account
#29
Posted 25 March 2013 - 03:18 AM
We wouldn't need to do these on Codex programs right?
#30
Posted 06 August 2015 - 10:33 PM
Thanks, this will help a lot of people.
#31
Posted 27 May 2016 - 05:46 PM
What if the developer stores the url inverted (ptth) or as a sequence of char codes (104, 116, 116, 112) instead of a simple string?
#32
Posted 27 May 2016 - 06:26 PM
Kinda a big time necro from someone I've seen had their post count reset for spamming a couple times now.
If you legitimately want to know the answer to your question, you either need to recognize the obfuscation when you're looking through pe Explorer, or watch the outbound connections with something like wireshark.
If you legitimately want to know the answer to your question, you either need to recognize the obfuscation when you're looking through pe Explorer, or watch the outbound connections with something like wireshark.
#33
Posted 27 May 2016 - 07:46 PM
It was just simple examples of what we may find.
The truth is we are not safe.
#34
Posted 28 May 2016 - 12:43 AM
Yes, but the fact is, those simple examples are least likely to be seen. If they're gonna do it to try to steal accounts, they're going to encrypt their program to give heuristics a tougher time detecting it, and unless you know what to look for in a packed file, you'll never see it anyway. This guide is geared toward a user who has a knowledge of debugging and the like, if you had no clue what you were doing, pe Explorer and checking files disassembled data is not going to be something they can do simply. And a guide as old as this, with a reply over a year ago before yours, it probably would have been better suited to start a new updated thread with more current information. The malware scene is constantly changing and simple tricks like inverting a url and the like aren't used much these days anyway. Not when they can come up with much more complicated ways to obfuscate the data.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users