Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/byt3n33dl3/dockermacexec

More payloads for Trojan infections, a stup!d memory of Trojan spreads
https://github.com/byt3n33dl3/dockermacexec

backdoor docker shellcode trojan

Last synced: 8 days ago
JSON representation

More payloads for Trojan infections, a stup!d memory of Trojan spreads

Host: GitHub
URL: https://github.com/byt3n33dl3/dockermacexec
Owner: byt3n33dl3
License: wtfpl
Created: 2024-03-18T10:35:05.000Z (8 months ago)
Default Branch: main
Last Pushed: 2024-06-24T07:28:15.000Z (5 months ago)
Last Synced: 2024-11-08T10:04:33.062Z (8 days ago)
Topics: backdoor, docker, shellcode, trojan
Language: Dockerfile
Homepage:
Size: 62.5 KB
Stars: 6
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        [![Build Status](https://dev.azure.com/GreaterFire/Trojan-GFW/_apis/build/status/trojan-gfw.trojan?branchName=master)](https://dev.azure.com/GreaterFire/Trojan-GFW/_build/latest?definitionId=5&branchName=master)

[![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/malware-cryptominer-container)](https://artifacthub.io/packages/search?repo=malware-cryptominer-container)

## MALDEV

- [Container image with malware and crypto miner for testing purposes](#container-image-with-malware-and-crypto-miner-for-testing-purposes)

  - [Deployment of the vulnerable image](#deployment-of-the-vulnerable-image)

    - [CloudFormation - EC2 instance](#cloudformation---ec2-instance)

    - [Amazon ECS](#amazon-ecs)

    - [Amazon EKS](#amazon-eks)

  - [Scanner tests](#scanner-tests)

    - [Aqua Scanner](#aqua-scanner)

    - [Trivy Scanner](#trivy-scanner)

    - [Prisma Cloud Scanner](#prisma-cloud-scanner)

    - [Wiz.io Scanner](#wizio-scanner)

    - [Anchore - Grype Scanner](#anchore---grype-scanner)

    - [Snyk Scanner](#snyk-scanner)

    - [ClamAV](#clamav)

  - [Verify image integrity](#verify-image-integrity)

  - [Local tests](#local-tests)

Live worker hosted at [@](https://spamchannel.haxxx.workers.dev)

**UPDATE ( Aug 13 2023 ): Two days after my DEFCON 31 talk, MailChannels silently decided to require a [Domain Lockdown Record](https://support.mailchannels.com/hc/en-us/articles/16918954360845) in order to send emails from Cloudflare Workers meaning this code doesn't work anymore. However, because they just addressed a "symptom" and not the underlying issue (lack of sender idenitity verification) anyone can still signup on their website (80$) and use their "normal" SMTP relay to spoof all of their customer domains 🤷🏻‍♂️**

## What is this

As of writing, This allows you to spoof emails from any of the +2 Million domains using MailChannels. It also gives you a slightly higher chance of landing a spoofed emails from any domain that doesn't have an SPF & DMARC due to [ARC](https://www.rfc-editor.org/rfc/rfc8617.html#) adoption.

It was released at the Defcon 31 talk [SpamChannel: Spoofing Emails From 2 Million+ Domains and Virtually Becoming Satan](https://forum.defcon.org/node/245722). Slides for the talk are [here](https://github.com/byt3bl33d3r/Slides/blob/master/Defcon31_SpamChannel_Spoofing_Emails_from_2M_Domains.pdf)

## Defcon Talk

See [CONTRIBUTING.md](CONTRIBUTING.md).

## Dependencies

- [CMake](https://cmake.org/) 

- [Boost](http://www.boost.org/)

- [OpenSSL](https://www.openssl.org/)

- [libmysqlclient](https://dev.mysql.com/downloads/connector/c)

- [EMailSpam]()

## License

[GPLv3](LICENSE)