Lazy Hacker

  This project provides a suite of two Python-based GUI tools designed to automate and streamline the process of discovering and testing potential DLL hijacking vulnerabilities in Windows applications. Overview This project provides a suite of two Python-based GUI tools designed to automate and streamline the process of discovering and testing potential DLL hijacking vulnerabilities in Windows applications. It leverages Sysinternals Process Monitor (Procmon) for data collection and provides a framework for testing identified hijack points with user-selected payloads. Many applications attempt to load Dynamic Link Libraries (DLLs) without specifying a full path. If these DLLs are not found in standard locations, an attacker might be able to place a malicious DLL with the same name in a location that the application searches earlier (e.g., the application’s own directory if it has weak permissions), leading to the malicious DLL being loaded and executed. Manually identifying all such...

  I’ve developed a script that automates the DLL hijacking process. During my testing, I noticed that we often focus on DLLs marked as “Not Found” when testing for DLL hijacking. However, an interesting observation is that among these “Not Found” DLLs, a few (typically one or two) might actually execute, even though we don’t manually test all of them. This script helps automate the testing of all potential DLLs. Note that the payload execution still requires manual verification, as the script is currently a work in progress. Features: Do not perform testing on DLLs within the Windows directory. If the command prompt runs with administrative privileges, the script will ask if you want to execute with elevated permissions. Allows exploitation with either administrative or normal user privileges. It offers multiple payload options to choose from. Execution Process: Run  Run1_Auto_DLL_Hijacking_Admin.bat  with administrative privileges. It first launches Procmon and then prom...

  I have developed an automation script for testing binary protection and signature issues. Previously, we had to open the terminal and enter commands, which involved copying paths, and it was a bit irritating for me. Now, with this script, all you need to do is execute the batch file and paste the installable directory path. Both test cases will be performed automatically by this script, and you will receive the results in the same folder under the name "output." It might be helpful for someone. Download:  https://github.com/crazywifi/Binary_Protection_Sig_Checker_Automation.git

Create a Bot for the Telegram Alert Open Telegram messenger, sign in to your account or create a new one Enter @Botfather in the search tab and choose this bot. (Official Telegram bots have a blue checkmark beside their name.) Click “Start” to activate BotFather bot.In response, you receive a list of commands to manage bots. Choose or type the /newbot command and send it. Choose a name for your bot — your subscribers will see it in the conversation. And choose a username for your bot — the bot can be found by its username in searches. The username must be unique and end with the word “bot.” Copy the token value. How to Create a New Bot for Telegram: https://sendpulse.com/knowledge-base/chatbot/telegram/create-telegram-chatbot How to Get Your Telegram Chat ID:   https://diyusthad.com/2022/03/how-to-get-your-telegram-chat-id.html In your Telegram account, search for “@myidbot” or open this link t.me/myidbot on your smartphone. Start a conversation with that bot and type /getid. You w...

Now we have a tool to restore our old images which we have taken with a low configuration camera. It's time to restore our grandparents, parents, and child blurry photos. This tool is free of cost. 😇 Thanks to the GFPGAN team, who build this.  Check the output: Installation: Download and install Python3 Download the zip file GFPGAN  and unzip it. Open the CMD and navigate to the GFPGAN folder. Run this command pip3 install -r requirements.txt Download ANACONDA and install it. Download PYTORCH  and in the package, choose pip. Download and install CUDA . Download the pre-trained model . GFPGANv1.3.pth is better to use. Move the model file to {" GFPGAN-1.3.8\experiments\pretrained_models\ "}. Copy the blur face image to {" GFPGAN-1.3.8\inputs\whole_imgs\ "}. Run the command {" python inference_gfpgan.py "}. If you are using any other model, then use "python inference_gfpgan. py -v option". Check "python inference_gfpgan.py -h" option...

Now you can search movies by the script. Automation is always great. CMD Movie_Search_By_GoogleDorks.exe By Lazy hacker [Follow: https://lazyhacker22.blogspot.com/] Enter Movie Name: Secret Space UFOs Rise of the Tr3b site:vidoza.net Secret Space UFOs Rise of the Tr3b site:www.1377x.to Secret Space UFOs Rise of the Tr3b https://www.1377x.to/movie/917143/Secret-Space-UFOs-Rise-of-the-TR3B-2021/ Check this tool: Download

  Mr. Robot (TV Series 2015-2019) Citizenfour (2014) CyberHell (Exposing An Internet Horror) Hacker 2016 Live Free or Die Hard 2007 Snowden 2016 Blackhat 2015 Who AM I 2014 Trust No One: The Hunt for the Crypto King Web of Make Believe: Death, Lies and the Internet

Regular phishing awareness should be done in the organization. Regular 2FA/MFA hacking awareness should be done in the organization. The Phishing campaign should be run internally in the organization to check the employee's awareness. Reward the employees if they successfully pass the phishing internal check . So that all other employees remember it. Reward the employees who tell about the phishing email or any phishing activity. This creates a positive impact in the organization and the team. The common misconception people have with the standard form of MFA (SMS, Touch, Push) is that it prevents social engineering . Although it MFA protects against an attack, it's commonly still vulnerable to a MITM phishing attack . Check the example of Uber Hack 2022   Take a regular quiz related to phishing and reward some of the employees who pass the quiz. This will motivate others. Always check the domain name while entering the username and password. Make this a habit. Block ph...

The company has reported that it is investigating a cyber security incident and also alerted the law-enforcement authorities. Uber is on high alert after a hacker claimed that the ride-hailing giant has suffered a data breach. The alleged breach had reportedly forced Uber to take several internal communications and engineering systems offline. Screenshot from Twitter  vxunderground How this attack worked initially (According to news and Twitter): You all are thinking that how the attacker bypassed the MFA?  An extremely common misconception people have with standard forms of MFA (push/touch/mobile) is that it prevents social engineering. Although MFA can protect against an attacker who only has the victim's credentials, it is commonly still vulnerable to MiTM attacks. Check the analysis of the Uber attack, he has explained it clearly https://mobile.twitter.com/BillDemirkapi/status/1570602097640607744 Some mitigation to avoid these hacks: Regular phishing awareness should be do...