Category Archives: Articles

An important tip for Shellter usage

Hi all,

I have been watching this ‘bad habit’ that I am  going to discuss about, happening very often so it’s time to talk about it.

I have noticed that people tend to use Shellter with the same executables, even when this is not required as I explain later on.

Someone uploads a demo video infecting ‘putty.exe’,  then everyone uses that.
Next day someone uploads a video infecting the setup program of ‘Winrar’ and then everyone uses that.
It’s one thing using the same executables for creating videos for educational and demonstration purposes and another using those all the time on VirusTotal and other online multi-AV scanners.

I hate to ruin this for you, but by always using the same executables with Shellter,  AV vendors create better heuristics for those specific legitimate executables that you infect.

This is not really effective against Shellter itself but in some cases might fit the purpose, and make things worse for yourself when you really need to convince someone to execute a specific ‘legitimate’ application that you have infected.

Continue reading An important tip for Shellter usage

To make things clear…

First of all, many thanks to NCC Group that respected my request related to this post, and they took immediate action.

It’s about time to make some things clear…again!

 Shellter has been downloaded thousands of times, and it’s been widely used by the infosec community. Thank you all for that.

Beyond the bright side of the things, I had to deal many times with people that had something to say against it, and especially about the fact that it’s not open source. Needless to say that all the ‘bad’ comments were not technical at all, but mostly a stupid ‘war’ from people that just wanted to grab the source code and disappear without giving a single credit to my work.

Regarding the ‘not-being-open-source’, there is not much to say about it. This is my work, and I offer this tool for free. Instead of attacking me over a personal decision, maybe you should consider saying ‘thanks’ just for once.

Freedom in sharing ideas and our work is not  just about open-source. It is also about deciding not to release the source of something and assume that other people will respect your decision. You can call me whatever you want, whatever makes you happy, but I have seen things that make me think twice before making tools as such open source. On the other hand, if you don’t trust the tool,  just because of the fact that is not open source, you are more than welcome to seek an alternative solution.

Shellter might become open source one day, but until that day you have to respect my decision. I can’t believe that all these fighters for freedom and open source are not able to respect one man’s decision. It’s really sad, but it tells me a lot. It should tell a lot to you as well.

As mentioned already, developing this tool is an ongoing effort. People download, use it, download the new release, use it, demand to make it open-source, because supposingly they love it, but (except from very few people) they never donated anything. But I didn’t stop developing it. I didn’t stop supporting it. I didn’t stop replying to sensible emails to people that needed my help. I do all this for free. People only see what they want to see, and if you run out of their favorite ice cream flavor, they just attack you.

This tool comes with a custom license. If you don’t like it, don’t use it. If you use it, you need to respect the terms of that license. Not because I say so, or because I will pay a lawyer to hunt you down. You should do it from respect to my efforts to give you something good and useful for free. I wish I could make this more clear, but what else can I say?

Cheers,
kyREcon

Shellter V [5.4] – User Defined Encoding Sequence

Despite the fact that Shellter v5.3 was just released, I am already working on the next version which will be hopefully out quite soon.

So what’s new in the upcoming Shellter V [5.4] , you might be asking yourself.
Well, the new version introduces the ‘user defined encoding sequence’ feature.
What that means, is that optionally the user will be able to define a custom encoding sequence using the supported encoding operators.
Continue reading Shellter V [5.4] – User Defined Encoding Sequence