@The_Beyond_One @YogSotho YogSotho aka Marco Monicelli has been trollijg social media pretending he is a hacker for quite some time... beimg in complete denial abput the fact that everybody makes fum of / humiliates him marco ontinues to claim shit he cant do which led 2 him and his poor mother 2 being swatted...being the harmless DoXeD SuperTrooper that he isbhe continues to tweet at those who terrprized his family...i. his eyes he is taking some for of revenge but in reality Marc lost... his informatioj got foumd out & he got his local pd called http://www.blacksheepnetworks.com/security/resources/pentest/6722.html http://www.securityfocus.com/archive/82/357175/30/1050/flat Undeniable info : 43613 Pickett Corner Ter Ashburn, VA 20148 7037261049 Verizon registered 2 L Monicelli Twitter & General Handle: @YogSotho Marco Monicelli 11 years ago Permalink Raw Message This exploit is NOT new at all because it has been known since 3 years now. Regards Marco aka Yog-Sotho Mark Heiligen <***@gm x.at> To ***@securityfocus.com, 13/02/2006 09.41 full-***@lists.grok.org.uk cc Subject Latest wu-ftpd exploit :-s _ Actually it's exactly like I said: (Quote from my previous email) but it's now too famous around so AV should be now updated to recognize it or at least a standard version (End of Quote) The file you download from the website is the standard one. If you just had a look at the videoclip found on the link I gave, you could have seen an example of How To make it undetectable. And there are other different ways of achieving that goal. Cheers Yog-Sotho this is what i do with hacker defender in Active Directory 1) download Hacker Defender from the link on Rookit.com 2) Use Software restriction to get a hash and put a policy 3) the tools, KHS, FHS, ICE Sword, rkdetector, can find the presencd 4) Macafee can also find and remove the rootkit In a message dated 10/27/2005 2:41:35 AM Central Daylight Time, marco.monicelli@marcegaglia.com writes: Dear Alex, that is not really a simple trojan.... it's a _ Re: Latest wu-ftpd exploit :-s To: Mark Heiligen Subject: Re: Latest wu-ftpd exploit :-sFrom: Marco Monicelli Date: Tue, 14 Feb 2006 08:36:40 +0100Cc: bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxxIn-reply-to: <43F04627.5000808@xxxxxx>List-help: List-id: List-post: List-subscribe: List-unsubscribe: Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm _ Old irc logs == YogSothoth [n=YogSotho@82.250.72.110] has joined #ubuntu marco.monicelli@marcegaglia.com > Marco Monicelli > MARCEGAGLIA SPA > Sales Department - Automotive > Tel. +39 0376 685369 > Fax. +39 0376 685625 > mail: marco.monicelli@marcegaglia.com Sister https://plus.google.com/112833901647497415468 Monte Amiata, 19 00141 Roma +39 06 8108869 Picture: imgur.com/HhRmTEj _ Finally Hilarity > -----Original Message----- > From: Marco Monicelli [mailto:marco.monicelli@marcegaglia.com] > Sent: 29 June 2004 07:41 > To: Skander Ben Mansour > Cc: 'Monty Ree'; focus-linux@securityfocus.com > Subject: RE: just running tcpdump makes promisc mode? > > > > > > Very right indeed. > > Just two words to say that modern rootkit (pardon me my friend > but Tornkit is pretty old nowadays) now has trojaned binaries > like ps, ls, ifconfig etc which have the same dimension of the > original binaries and are normally based on a master-slave > technique which strongly needs ifconfig not to show the > promisc mode set by the admin. > > At this regard, I will suggest you to google and search for > Superkit or Suckit (the first one coming up on the l33t scene) > which are also open source rootkits!! > > Anyway....Skander's reflections are very right and I > congratulate with him for his good analysis. > > Good work guys! > > Ciao > > Marco Monicelli > MARCEGAGLIA SPA > Sales Department - Automotive > Tel. +39 0376 685369 > Fax. +39 0376 685625 > mail: marco.monicelli@marcegaglia.com > > BTW stop pretending my names Stam or Zack or any bullshit u googled... u cant dox any1 urself skid and all that public 5 year old info u googled is not even approximately close 2 me or anyone i associate with... u got doxed amd swatted by someone better than u... wiser than u... go home Marco the sherade is up... ur not a hacker OR a criminal... ur a harmless little twitter troll that got carried away with his own lies for a few years... but now all is restored and all is well