Real Screen"
(How a Screen Sharing Tool Became a Hacker's Window)
⸻
Chapter 1 - Missing Contract
A technology company specializing in software development for a major banking company in the ASEAN region. On the day of the project submission, the client's feedback:
"Unfortunately, your opponent came up with a better pricing package - and, strangely enough, understands the entire architecture you proposed."
This company never shared the architecture with anyone except internally.
I was invited to investigate.
⸻
Chapter 2 - No Poison Code, No Attack
Scan the entire system endpoint, server, email - no ransomware detection, no strange VPN access, no manipulation of suspicious printing or sending files.
But while testing a PM’s (Project Manager) device, I noticed the “ScreenShare Pro” app – a free screen sharing software, manually installed 2 months ago.
“I use it for demo calls with foreign vendors. They say this software is easier to use than Zoom.” – The PM replied.
⸻
Chapter 3 - Deep Investigation Analysis
I threw away the event logs and found:
• ScreenShare Pro opens the session without warning, lasts 45 minutes
• Meanwhile, the user opens files: Project_Proposal_V4. pptx, DB_Design_Confidential. vsdx
• This app doesn't save meeting logs and doesn't show the red frame to warn about sharing
I teamed up with Wireshark and found:
• It's connecting strange TLS to an unknown address server (running on anonymous VPS)
• The protocol used is proprietary - it can't be decoded, but the traffic is quite large, suitable for visual television
⸻
Chapter 4 - The user is exploited
I reset my timeline:
1. The seller asks the PM to install screen sharing software "easier than Z"
2. Download PM from external link (not official website)
3. Every time the demo calls, the seller asks "turn on screen sharing of the entire desktop to easily monitor the operation"
4. One of those times - the moment when the PM opens technical documents to copy paste architectural demo
⸻
Investigation conclusion
• Vector intrusion: Use of trust, forcing victims to install unwanted software
• Behavior: Use screen sharing to record the screen without the need for unique codes or machine hacking.
• Impact level: Leak product architecture, suggest competitors, and convince customers.
⸻
Lesson learned
It’s not the file you send that’s dangerous – it’s what you display.
Modern hackers don’t have to pick locks – they’re waiting for you… Enable sharing at the right time.

Do you want to learn ethical hacking, pentesting, OSINT, or digital forensics without spending a dime? Here's an awesome resource:

XXXXX(Violation of Forum rules)

You'll find premium courses completely free, from beginner intros to certification prep like CEH, OSCP, CompTIA, and more.

? Perfect for those just starting out or looking to level up without financial barriers.

Especially useful for cybersecurity professionals looking for maximum coverage with minimal detection. ‚
? Operation modes
1️⃣ Stealthy (stealth) - Default method:
- Check for exposed routes, such as? rest_route=/plugins/...
- Compare discovered routes with known patterns
- Get the module version (when available) and compare it to known vulnerabilities (CVE)
2️⃣ Brute Force
- Try to access the plugin directory directly (p. EJ. : /wp-content/plugins/name)
- Detect modules whose route does not throw a 404 error
- Get versions and CVE maps
3️⃣ Hybrid
- Start in stealth mode.
- Then brute force it into what was not initially detected
- Provides maximum range while maintaining discretion
?️ https://github.com/Chocapikk/wpprobe

Attached Files

Thumbnail(s)
   

https://awesome-hacker-search-engines.com

Good Day, I am just a newbie here. I would like to thank the administrators for accepting me here. Thank you!

https://github.com/danieldurnea/FBI-tools

I have released ZigStrike toolkit last year and it is still under heavy development. I decided to code in Zig which I believe the next C successor. ZigStrike is designed to assist Offsec in their operations, converting a shellcode into portable extension(DLL/XLL/CPL) which can be used to leveraged to execute the shellcode, ZigStrike offers several features and powerful options with frequent updates. 

Features ( release 2.0 )

• Multiple Injection Techniques:
  • Local Thread
    
  • Local Mapping
    
  • Remote Mapping
    
  • Remote Thread hijacking
    
  • EarlyCascade injection
    
• Anti-Sandbox Protection:
  • TPM Presence Check.
    
  • Domain Join Check.
    
  • Run-Time protection.
    
• Output Formats:
  • XLL (Excel Add-in)
    
  • DLL
    
  • CPL
    
• Advanced Features:
  • Shellcode advanced allocation.
    
  • Payload Runtime protection; preventing emulation and sandbox dynamic anaylsis.
    
  • Bypass common detection rules.
    
• Front-end enhancement:
  • Added new page to view generated payloads.
    
  • Detailed information for each created payload.
    
  • Fix flask issue to support uploading large shellcode.
    

• Zig 0.14.0
  
• Ubuntu / Debian
  
• Python 3.x (for the web interface) with Flask 
  

As there is no post yet, I just want be the first to say HELLO!

Hello everyone,
We’re excited to announce the introduction of a new profile rating system for participants in the Ired DEV forums. As with many thriving communities, we believe this system will help recognize contributions, encourage engagement, and build a more connected experience for everyone.
To start, we’ve outlined the ranking system based on the number of posts a member has made:

Hey everyone!

We're excited to officially launch the IRed Dev Forums — your new go-to hub for everything cybersecurity, ethical hacking, open-source tools, and the latest in security news, vulnerabilities, and all things related to the infosec world.
Our mission is to build a focused and active community where professionals, enthusiasts, and learners can share hot topics, discuss techniques, and stay updated with the pulse of the cybersecurity world.

Whether you're into pen-testing, malware analysis, red/blue teaming, or just exploring the newest open-source utilities — this is the place for you!