It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

AngelFire 2.0

page: 1
4
<<   2 >>

log in

join
share:

posted on Sep, 2 2017 @ 07:24 PM
link   
I'm really surprised nobody here is talking about this.
Or I could have missed it as well.

The really bad part of all this, is the black hats now have a lot more ammunition on the 31st than what they did on the 30th.

Anyway, if you are getting a little paranoid about your scvhosts , here's a little program that might help you figure out if the bogeyman is close at hand.

svchostviewer.codeplex.com...

Boot sector corruption huh ?


Buck
edit on 2-9-2017 by flatbush71 because: (no reason given)




posted on Sep, 2 2017 @ 07:25 PM
link   
a reply to: flatbush71

Sorry to point this out but you spelt angel wrong.



posted on Sep, 2 2017 @ 07:27 PM
link   
I do stuff like that all the time.
Its called being very old.



posted on Sep, 2 2017 @ 07:28 PM
link   
a reply to: flatbush71

No worries just thought you might like to change it before it timed out in two hours. It's all good



posted on Sep, 2 2017 @ 07:29 PM
link   
Thanks A!!



posted on Sep, 2 2017 @ 07:51 PM
link   
I'm on my third beer at the moment, so forgive me for not understanding what exactly this thread is about (I'm a lightweight). Did they make another Angelfire? I used to go to anglefire websites all the time in the 90s when I was a huge anime fan.



posted on Sep, 2 2017 @ 07:55 PM
link   
a reply to: flatbush71

Very cool!! I've been waiting for some smart programmer/hacker to make something like this for a while now.

I was starting to think I was the only person curious about exactly which Svchost was in control of what services and the details surrounding them.

Thanx for sharing.



posted on Sep, 2 2017 @ 08:03 PM
link   
a reply to: GreenRiverRonin

Im kinda in the same place right now.



posted on Sep, 2 2017 @ 08:08 PM
link   
a reply to: GreenRiverRonin

Not sure what Angelfire and this thread have to do with each other. I just like the svchost app listed.

Wasn't angelfire some kind of site like yahoo or something??? I remember it but couldn't tell you why.



posted on Sep, 2 2017 @ 08:28 PM
link   
Its a spook app the wikileaks exposed on the 31st.

I had heard about this for a while, but didn't know the name.
I have long suspected the scvhost was being used as a backbone or being faked and sure enough..........

thehackernews.com... %28The+Hackers+News+-+Security+Blog%29&_m=3n.009a.1570.ee0aof7dvg.xyq

Buck
edit on 2-9-2017 by flatbush71 because: (no reason given)



posted on Sep, 2 2017 @ 08:31 PM
link   
I am so lost!



posted on Sep, 2 2017 @ 08:33 PM
link   
Oh we aren't talking about one of the first free website hosting companies?



posted on Sep, 2 2017 @ 08:36 PM
link   
a reply to: flatbush71

Ah. Interesting.




1. (U) Introduction (TS) Angelfire is an implant comprised of 5 components: Solartime, Wolfcreek, Keystone, BadMFS, and the Windows Transitory File system.

Solartime modifies the partition boot sector to load some kernel code. That kernel code then modifies the Windows boot process so that when Windows loads boot time device drivers, an implant device driver can be loaded. The implant driver and Solartime boot code (aside from the partition boot sector modifications) are kept in a small user-specified file on disk. This file is encrypted.

Wolfcreek is the kernel code that Solartime executes. Wolfcreek is a self-loading driver, that once executed, can load other drivers and user-mode applications.

Keystone is responsible for starting user applications. Any application started by MW is done without the implant ever being dropped to the file system. In other words, a process is created and the implant is loaded directly into memory. Currently all processes will be created as svchost. When viewed in task manager (or another process viewing tool) all properties of the process will be consistent with a real instance of svchost.exe including image path and parent process. Furthermore, since the implant code never touches the file system (aside from the possibility of paging) there is very little forensic evidence that the process was ever ran.

BadMFS is a covert file system that is created at the end of the active partition. It is used to store all drivers and implants that Wolfcreek will start. All files are both encrypted and obfuscated to avoid string or PE header scanning.

The Windows Transitory File system is the new method of installing AngelFire. Rather than lay independent components on disk, the system allows an operator to create transitory files for specific actions including installation, adding files to AngelFire, removing files from AngelFire, etc. Transitory files are added to the UserInstallApp (both the .exe or .dll versions).



posted on Sep, 2 2017 @ 08:37 PM
link   

originally posted by: eXia7
Oh we aren't talking about one of the first free website hosting companies?


Apparently not.

Different thing entirely.

Don't feel bad though. You obviously weren't the only one who didn't know that until right now. We were all lost right along side you.



posted on Sep, 2 2017 @ 08:44 PM
link   
I'm sorry TL, I just come across that way sometimes, but its not intentional.
I forget a lot of the time that a lot of you don't follow this stuff where as its been my life and breath for over 50 years.

Its a easy penetration of W-XP and W-7 x86-x64.
In layman's terms, they can get everything you got and you'll never know it.

Buck



posted on Sep, 2 2017 @ 08:56 PM
link   
a reply to: flatbush71

So I'm guessing when everyone found out about all those NSA tools that were available for purchase and/or released into the wild about a year or so ago has kept you pretty busy eh??

Really shook up the cyber security world as well as many other areas of business, international trade, gov. ect.

I find it amazing how many smart people/organizations don't understand the phrase "Don't sh*t where you eat."



posted on Sep, 2 2017 @ 09:09 PM
link   
a reply to: mOjOm

I'm going to be frank with you.
I don't believe there is anyway to even gauge the amount of damage that has been done over the last few years.

Between this kinda stuff and Purple Shovel, there are no real secrets any more.

Ahhh, but I still dream of milking goats in Nazareth someday.

Buck



posted on Sep, 2 2017 @ 09:36 PM
link   
a reply to: flatbush71

Well, unless milking goats is some kind of cryptic double meaning, you probably will want to live out that dream sooner than later because the longer you wait the less likely such a possibility of that happening will be possible.

We don't seem to be slowing down our march into a brave new world where even a goat will be safe or free or wild let along your chance of milking one.

All this cyber (un)security and the various problems which can and will happen were really inevitable and unavoidable if you think about it. Anyone who's been paying attention in life knew it, even if some thought we could stop it. We can't stop ourselves and the Human sickness which has always eaten away at us though.

So obviously when dealing with a New Cyber Universe of our own design, our lust for causing evil within that universe would surely follow in unlimited ways as well. How could it not?? We never fixed the root problem within us first so anything we create will also have to suffer it's affects.

Now we can't even escape the powerful things we created. Which means we can't escape the evil which comes along with them either.



posted on Sep, 2 2017 @ 10:19 PM
link   
I mean real goats in real barn.

Technologically has just made the entire thing ten times worse.

The probability of a accidental engagement due to faulty or mis-programed tech is very real.
Then add human stupidity on top of that and mutual destruction is guaranteed.
edit on 2-9-2017 by flatbush71 because: (no reason given)



posted on Sep, 2 2017 @ 11:26 PM
link   
a reply to: flatbush71

My point exactly.

Better get milkin those goats now before it's too late. Do it while you still can.

I spent 7 years living in the mountains. No cell service. Well for water. Wood stove for heat and cooking. Even had to rig up a row a car batteries for a while to run a small pump for showers and a single light in the house. Learned all sorts of new things and experienced challenges that a city born and raised guy like myself wasn't prepared for.

Ended up being some of the best times of my life. It's amazing how good a snow cone collected from the actual snow as it's falling tastes when it's basically all you have to eat because your snowed in and can't get out of your own driveway.

But now I'm back in the city and livin' like the normal folk do again. Glad I had the chance when I did though. But you sometimes have to make it happen or it never will and you get stuck where you are and before you know it, it's too late to have those adventures.



new topics

top topics



 
4
<<   2 >>

log in

join