Sunday, August 30, 2020

Many Ways Of Malware Persistence (That You Were Always Afraid To Ask)

TL;DR: Are you into red teaming? Need persistence? This post is not that long, read it ;)
Are you into blue teaming? Have to find those pesky backdoors? This post is not that long, read it ;)

In the previous post, I listed different ways how a Windows domain/forest can be backdoored. In this new post, I am digging a bit deeper, and list the most common/known ways malware can survive a reboot, just using local resources of the infected Windows system. The list is far from complete, and I would like to encourage everyone to comment on new methods, not yet listed here.

From an incident response point of view, one of the best strategies to find malware on a suspicious system is to search for suspicious entries that start with the system. In the good old days, you had to check for 2-3 locations to cover 99% of the infections. Nowadays, there are a thousand ways malware can start. The common ones automatically start whenever Windows starts (or the user logs in), but some tricky ones are triggered by other events.

Autoruns

My favorite choice when it comes to malware persistence is Sysinternals tools, Autoruns. In this paragraph, I mainly quote the official built-in help, but bear with me, it is still interesting.

On a side note, there are some problems with the Autoruns tool: it can only run on a live system. (EDIT: This is not true, Autoruns can analyze offline systems as well! Thanks to a comment from Justin.) And usually, this is not the case - I usually have dd images. And although VBoxManage can convert the dd images to VirtualBox disk image format, usually I don't have the time and storage to do that. This is where xmount awesomeness is here to rescue the day. It can convert dd and Encase images on-the-fly in-memory to Virtualbox format. Just attach the disk image to a new Virtualbox machine as the main boot HDD, modify the CPU/disk/controller settings until Windows starts instead of crashing, and voila, you can boot your forensic image - without modifying a single bit on the original evidence dd file. Another problem with malware analysis on a live system is that a good rootkit can fool the analyst easily. 

For quick wins, I usually filter out Microsoft entries, look for per-user locations only and check for unverified (missing or invalid Authenticode) executables. This usually helps to find 90% of malware easily. Especially if it has a color like purple or pink, it is highly suspicious. To find the rest, well, one has to dig deeper.
Zeus "hiding" in the usual random directory - check the faked timestamp
To implement "poor-mans monitoring", regularly save the output of Autoruns, and during incident response, it will be highly valuable. Howto guide here.

Logon

"This entry results in scans of standard autostart locations such as the Startup folder for the current user and all users, the Run Registry keys, and standard application launch locations." 
There are 42 registry keys/folders at the moment in Autoruns, which can be used to autostart a malware. The most common ways are the HKCU\Software\Microsoft\Windows\CurrentVersion\Run and the C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup folder.
One of my favorite regarding this topic is the file-less Poweliks malware, 100% pure awesomeness. Typical ring 3 code execution.

Explorer

"Select this entry to see Explorer shell extensions, browser helper objects, explorer toolbars, active setup executions, and shell execute hooks". 71 registry keys, OMG. Usually, this is not about auto-malware execution, but some of them might be a good place to hide malware.

Internet explorer

"This entry shows Browser Helper Objects (BHO's), Internet Explorer toolbars and extensions". 13 registry key here. If a malicious BHO is installed into your browser, you are pretty much screwed.

Scheduled tasks

"Task scheduler tasks configured to start at boot or logon." Not commonly used, but it is important to look at this.
I always thought this part of the autostart entries is quite boring, but nowadays, I think it is one of the best ways to hide your malware. There are so many entries here by default, and some of them can use quite good tricks to trigger the start.
Did you know that you can create custom events that trigger on Windows event logs?
Did you know you can create malware persistence just by using Windows tools like bitsadmin and Scheduled tasks?
Scheduler in the old days
Scheduler in the new days

Services

HKLM\System\CurrentControlSet\Services is a very commonplace to hide malware, especially rootkits. Check all entries with special care.

Drivers

Same as services. Very commonplace for rootkits. Unfortunately, signing a driver for 64-bit systems is not fun anymore, as it has to be signed by certificates that can be chained back to "Software Publisher Certificates". Typical startup place for Ring 0 rootkits. 
Starting from Windows 10, even this will change and all drivers have to be signed by "Windows Hardware Developer Center Dashboard portal" and EV certificates.

Codecs

22 registry keys. Not very common, but possible code execution.

Boot execute

"Native images (as opposed to Windows images) that run early during the boot process."
5 registry keys here. Good place to hide a rootkit here.

Image hijacks

"Image file execution options and command prompt autostarts." 13 registry key here. I believe this was supposed for debugging purposes originally.
This is where the good-old sticky keys trick is hiding. It is a bit different from the others, as it provides a backdoor access, but you can only use this from the local network (usually). The trick is to execute your code whenever someone presses the SHIFT key multiple times before logging into RDP. The old way was to replace the sethc.exe, the new fun is to set a debug program on sethc.
If you see this, you are in trouble

AppInit

"This has Autoruns shows DLLs registered as application initialization DLLs." Only 3 registry keys here. This is the good old way to inject a malicious DLL into Explorer, browsers, etc. Luckily it is going to be deprecated soon.

Known DLLs

"This reports the location of DLLs that Windows loads into applications that reference them." Only 1 registry key. This might be used to hijack some system DLLs.

Winlogon

"Shows DLLs that register for Winlogon notification of logon events." 7 registry keys. Sometimes used by malware.

Winsock providers

"Shows registered Winsock protocols, including Winsock service providers. Malware often installs itself as a Winsock service provider because there are few tools that can remove them. Autoruns can disable them, but cannot delete them." 4 registry keys. AFAIK this was trendy a while ago. But still, a good place to hide malware.

Print monitors

"Displays DLLs that load into the print spooling service. Malware has used this support to autostart itself." 1 registry key. Some malware writers are quite creative when it comes to hiding their persistence module.

LSA providers

"Shows registers Local Security Authority (LSA) authentication, notification and security packages." 5 registry keys. A good place to hide your password stealer.

Network providers

"Missing documentation". If you have a good 1 sentence documentation, please comment.

WMI filters

"Missing documentation". Check Mandiant for details.

Sidebar gadgets

Thank god MS disabled this a while ago :)
We all miss you, you crappy resource gobble nightmares

Common ways - not in autoruns

Now, let's see other possibilities to start your malware, which won't be listed in Sysinternals Autoruns.

Backdoor an executable/DLL

Just change the code of an executable which is either auto-starting or commonly started by the user. To avoid lame mistakes, disable the update of the file ... The backdoor factory is a good source for this task. But if you backdoor an executable/DLL which is already in Autoruns listed, you will break the Digital Signature on the file. It is recommended to sign your executable, and if you can't afford to steal a trusted certificate, you can still import your own CA into the user's trusted certificate store (with user privileges), and it will look like a trusted one. Protip: Use "Microsoft Windows" as the codesigner CA, and your executable will blend in.
See, rootkit.exe totally looks legit, and it is filtered out when someone filters for "Hide Windows entries".


Hijack DLL load order

Just place your DLL into a directory which is searched before the original DLL is found, and PROFIT! But again, to avoid lame detection, be sure to proxy the legitimate function calls to the original DLL. A good source on this topic from Mandiant and DLL hijack detector.


Here you can see how PlugX works in action, by dropping a legitimate Kaspersky executable, and hijacking the DLL calls with their DLL. 

Hijack a shortcut from the desktop/start menu

Never underestimate the power of lame tricks. Just create an executable which calls the original executable, and meanwhile starts your backdoor. Replace the link, PROFIT! And don't be a skiddie, check the icon ;) I have seen this trick in adware hijacking browsers a lot of times.

IE hijacked to start with http://tinyurl.com/2fcpre6

File association hijack

Choose the user's favorite file type, replace the program which handles the opening with a similar one described in the previous section, and voila!

COM object hijack

The main idea is that some COM objects are scanned for whether they are on the system or not, and when it is registered, it is automatically loaded. See COMpfun for details.

Windows Application Compatibility - SHIM

Not many people are familiar with Windows Application Compatibility and how it works. Think about it as an added layer between applications and the OS. If the application matches a certain condition (e.g. filename), certain actions will take place. E.g. emulation of directories, registry entries, DLL injection, etc. In my installation, there are 367 different compatibility fixes (type of compatibility "simulation"), and some of those can be customized.
Every time IE starts, inject a DLL into IE

Bootkits 

Although bootkits shown here can end up in Autoruns in the drivers section (as they might need a driver at the end of the day), I still think it deserves a different section.

MBR - Master boot record

Malware can overwrite the Master boot record, start the boot process with its own code, and continue the boot process with the original one. It is common for rootkits to fake the content of the MBR record, and show the original contents. Which means one just have attached the infected HDD to a clean system, and compare the first 512 bytes (or more in some cases) with a known, clean state, or compare it to the contents shown from the infected OS. SecureBoot can be used to prevent malware infections like this.
There is a slight difference when MBR is viewed from infected OS vs clean OS

VBR - Volume boot record

This is the next logical step where malware can start it's process, and some malware/rootkit prefers to hide it's startup code here. Check GrayFish for details. SecureBoot can be used to prevent malware infections like this.

BIOS/UEFI malware

Both the old BIOS and the new UEFI can be modified in a way that malware starts even before the OS had a chance to run. Although UEFI was meant to be more secure than BIOS, implementation and design errors happens. Check the Computrace anti-theft rootkit for details.

Hypervisor - Ring -1 rootkit

This is somewhat special, because I believe although rootkit can run in this layer but it can't persist only in this layer on an average, physical machine, because it won't survive a reboot See Rutkowska's presentation from 2006 But because the hypervisor can intercept the restart event, it can write itself into one of the other layers (e.g. install a common kernel driver), and simply delete it after it is fully functional after reboot. Update: There is a good paper from Igor Korkin about hypervisor detection here.

SMM (System Management Mode) malware - Ring -2 rootkit

Somehow related to the previous type of attacks, but not many people know that System Management Mode can be used to inject code into the OS. Check the DEITYBOUNCE malware for more details ;) Also, abusing Intel Dual Monitor Mode (DMM) can lead to untrusted code execution, which basically monitors the SMM mode.

Intel® Active Management Technology - Ring -3 rootkit

According to Wikipedia, "Intel Active Management Technology (AMT) is hardware and firmware technology for remote out-of-band management of personal computers, in order to monitor, maintain, update, upgrade, and repair them". You can ask, what could possibly go wrong? See Alexander Tereshkin's and Rafal Wojtczuk's great research on this, or Vassilios Ververis thesis about AMT
As not many people click on links, let me quote the scary stuff about AMT:
  • Independent of the main CPU
  • Can access host memory via DMA (with restrictions)
  • Dedicated link to NIC, and its filtering capabilities
  • Can force host OS to reboot at any time (and boot the system from the emulated CDROM)
  • Active even in S3 sleep!

Other stuff

Create new user, update existing user, hidden admins

Sometimes one does not even have to add malicious code to the system, as valid user credentials are more than enough. Either existing users can be used for this purpose, or new ones can be created. E.g. a good trick is to use the Support account with a 500 RID - see here, Metasploit tool here.

Esoteric firmware malware

Almost any component in the computer runs with firmware, and by replacing the firmware with a malicious one, it is possible to start the malware. E.g. HDD firmware (see GrayFish again), graphic card, etc.

Hidden boot device

Malware can hide in one of the boot devices which are checked before the average OS is loaded, and after the malware is loaded, it can load the victim OS.

Network-level backdoor

Think about the following scenario: every time the OS boots, it loads additional data from the network. It can check for new software updates, configuration updates, etc. Whenever a vulnerable software/configuration update, the malware injects itself into the response, and get's executed. I know, this level of persistence is not foolproof, but still, possible. Think about the recently discovered GPO MiTM attack, the Evilgrade tool, or even the Xensploit tool when we are talking about VM migration.

Software vulnerability

Almost any kind of software vulnerability can be used as a persistent backdoor. Especially, if the vulnerability can be accessed remotely via the network, without any user interaction. Good old MS08-067...

Hardware malware, built into the chipset

I am not sure what to write here. Ask your local spy agency for further information. Good luck finding those!

More links

Tools I highly recommend:
For more information, check this blog post, part 1, part 2

Update 2017-04-29: A very nice list of Office persistence: https://labs.mwrinfosecurity.com/blog/add-in-opportunities-for-office-persistence/

Update 2017-10-23: Persistence via Security Descriptors and ACLs: https://www.youtube.com/watch?v=SeR4QJbaNRg

Update 2018-07-25: Backdooring LAPS https://rastamouse.me/2018/03/laps---part-1/
https://rastamouse.me/2018/03/laps---part-2/ 

I would like to thank to Gabor Pek from CrySyS Lab for reviewing and completing this post.

Related links


  1. Game Hacking
  2. Hacking Tools Download
  3. Hacker Tools List
  4. Hacking Tools Free Download
  5. Hacking Tools Kit
  6. Hack Tools For Pc
  7. Hacker Tools Free
  8. Hacking Tools
  9. Hackrf Tools
  10. Best Hacking Tools 2019
  11. Hacking Tools Usb
  12. Hacker Tools For Mac
  13. Usb Pentest Tools
  14. Pentest Tools Website Vulnerability
  15. Bluetooth Hacking Tools Kali
  16. Hacking Tools Name
  17. Hack Website Online Tool
  18. Hacker Techniques Tools And Incident Handling
  19. Hacker Tools Online
  20. Hacker Tools Mac
  21. Hacker Tools Free Download
  22. Pentest Tools Review
  23. Hack Tools
  24. Hack Tools
  25. Pentest Tools
  26. Hacking Tools For Windows
  27. Hack Tools 2019
  28. Hack Tool Apk
  29. Install Pentest Tools Ubuntu
  30. Hacking Tools Online
  31. Pentest Tools Windows
  32. Hack Tools Mac
  33. Hack And Tools
  34. Hacker Tools Mac
  35. Hacker Tools Github
  36. Hacking Tools Download
  37. Hacking Tools Online
  38. Hacker Tools Apk Download
  39. Tools Used For Hacking
  40. Hackers Toolbox
  41. Hacking Tools Mac
  42. Easy Hack Tools
  43. Pentest Tools Android
  44. Top Pentest Tools
  45. What Are Hacking Tools
  46. Hacking Tools For Mac
  47. What Is Hacking Tools
  48. Tools For Hacker
  49. Hack Tool Apk No Root
  50. Hacking Tools Download
  51. Pentest Tools Kali Linux
  52. Hack Tools
  53. Hacking Tools For Windows 7
  54. Hacking Tools 2019
  55. How To Hack
  56. Nsa Hack Tools Download
  57. Nsa Hack Tools Download
  58. Nsa Hack Tools Download
  59. Hack Tool Apk No Root
  60. Tools For Hacker
  61. Hacker Tools Windows
  62. Pentest Tools Bluekeep
  63. Tools For Hacker
  64. Hacking Tools Windows 10
  65. How To Install Pentest Tools In Ubuntu
  66. Hack Tools For Mac
  67. Hacking Tools Online
  68. Black Hat Hacker Tools
  69. Hack Rom Tools
  70. Hacking Tools Hardware
  71. Pentest Tools Review
  72. Game Hacking
  73. Hack Apps
  74. Hacking Tools Free Download
  75. Bluetooth Hacking Tools Kali
  76. Growth Hacker Tools
  77. Hacker Tools Windows
  78. Hacker Tools For Windows
  79. Hacking Tools 2020
  80. Hacker Tools Free
  81. Pentest Tools Port Scanner
  82. Hacking Tools For Windows 7
  83. Tools 4 Hack
  84. Pentest Tools Bluekeep
  85. Kik Hack Tools
  86. Pentest Tools For Windows
  87. Pentest Tools Open Source
  88. Pentest Box Tools Download
  89. Hack Tools 2019
  90. Pentest Tools Online
  91. Hacking Tools For Pc
  92. Hack Tools For Ubuntu
  93. Hacker Tools For Pc
  94. Kik Hack Tools
  95. How To Install Pentest Tools In Ubuntu
  96. Android Hack Tools Github
  97. Pentest Tools Github
  98. Hacker Tools Github
  99. Best Hacking Tools 2020
  100. Hacker Tools Software
  101. How To Hack
  102. Hacker Tools For Ios
  103. Beginner Hacker Tools
  104. Hak5 Tools
  105. How To Hack
  106. Pentest Tools Linux
  107. World No 1 Hacker Software
  108. Nsa Hack Tools Download
  109. Hacking Tools Windows 10
  110. Hacking Tools Software
  111. Hacking Tools For Kali Linux
  112. Hacking Tools For Windows Free Download
  113. Hack Apps
  114. Ethical Hacker Tools
  115. Easy Hack Tools
  116. How To Install Pentest Tools In Ubuntu
  117. How To Hack
  118. Hak5 Tools
  119. Pentest Tools Online
at No comments:

Steghide - A Beginners Tutorial




All of us want our sensitive information to be hidden from people and for that we perform different kinds of things like hide those files or lock them using different softwares. But even though we do that, those files  attractive people to itself as an object of security. Today I'm going to give you a slight introduction to what is called as Steganography. Its a practice of hiding an informational file within another file like you might have seen in movies an image has a secret message encoded in it. You can read more about Steganography from Wikipedia.

In this tutorial I'm going to use a tool called steghide, which is a simple to use Steganography tool and I'm running it on my Arch Linux. What I'm going to do is simply encode an image with a text file which contains some kind of information which I don't want other people to see. And at the end I'll show you how to decode that information back. So lets get started:

Requirements:
1. steghide
2. a text file
3. an image file

After you have installed steghide, fire up the terminal and type steghide



It will give you list of options that are available.

Now say I have a file with the name of myblogpassword.txt which contains the login password of my blog and I want to encode that file into an Image file with the name of arch.jpg so that I can hide my sensitive information from the preying eyes of my friends. In order to do that I'll type the following command in my terminal:

steghide embed -ef myblogpassword.txt -cf arch.jpg



here steghide is the name of the program
embed flag is used to specify to steghide that we want to embed one file into another file
-ef option is used to specify to steghide the name (and location, in case if its in some other directory) of the file that we want to embed inside of the another file, in our case its myblogpassword.txt
-cf option is used to specify the name (and location, in case if its in some other directory) of the file in which we want to embed our file, in our case its an image file named arch.jpg

After typing the above command and hitting enter it will prompt for a password. We can specify a password here in order to password protect our file so that when anyone tries to extract our embedded file, they'll have to supply a password in order to extract it. If you don't want to password protect it you can just simply hit enter.

Now myblogpassword.txt file is embedded inside of the image file arch.jpg. You'll see no changes in the image file except for its size. Now we can delete the plain password text file myblogpassword.txt.

In order to extract the embedded file from the cover file, I'll type following command in the terminal:

steghide extract -sf arch.jpg -xf myblogpass.txt



here steghide is again name of the program
extract flag specifies that we want to extract an embedded file from a stego file
-sf option specifies the name of the stego file or in other words the file in which we embedded another file, in our case here its the arch.jpg file
-xf option specifies the name of the file to which we want to write our embedded file, here it is myblogpass.txt
(remember you must specify the name of file with its location if its somewhere else than the current directory)

After typing the above command and hitting enter, it will prompt for a password. Supply the password if any or otherwise just simply hit enter. It will extract the embedded file to the file named myblogpass.txt. Voila! you got your file back but yes the image file still contains the embedded file.

That's it, very easy isn't it?

It was a pretty basic introduction you can look for other things like encrypting the file to be embedded before you embed it into another file and so on... enjoy :)

More articles


  1. Best Hacking Tools 2019
  2. Hacks And Tools
  3. Hack Tool Apk
  4. Pentest Tools Alternative
  5. Free Pentest Tools For Windows
  6. Kik Hack Tools
  7. Hacking Tools 2019
  8. Pentest Automation Tools
  9. Pentest Tools List
  10. Hacker Tools Mac
  11. Hacking Tools Software
  12. Pentest Tools Windows
  13. Hacking Tools For Windows
  14. Ethical Hacker Tools
  15. Tools Used For Hacking
  16. Free Pentest Tools For Windows
  17. Top Pentest Tools
  18. Game Hacking
  19. Pentest Tools Subdomain
  20. Hacker Hardware Tools
  21. Pentest Tools For Windows
  22. How To Hack
  23. Hack Tools
  24. Hack Tools 2019
  25. Pentest Tools For Android
  26. Nsa Hack Tools
  27. Nsa Hack Tools Download
  28. Pentest Automation Tools
  29. Hackrf Tools
  30. How To Make Hacking Tools
  31. Hacker Techniques Tools And Incident Handling
  32. Hacking Tools Pc
  33. What Are Hacking Tools
  34. Hacking Tools 2020
  35. Pentest Tools Nmap
  36. Hacking Apps
  37. Hacking Tools Name
  38. Hacking Tools For Windows
  39. Hacker Tools List
  40. Hacking App
  41. Hack Tools Mac
  42. Pentest Tools Open Source
  43. Hacking Tools Windows 10
  44. Hack Tools Online
  45. Hack Tools
  46. Hacking Apps
  47. Hacking Tools Download
  48. Hacking Tools Free Download
  49. Hack Tools For Ubuntu
  50. Hack Tool Apk No Root
  51. How To Make Hacking Tools
  52. Pentest Tools For Ubuntu
  53. Hacker Tools Mac
  54. Hack Tools For Pc
  55. What Are Hacking Tools
  56. Hacker Tools List
  57. What Is Hacking Tools
  58. Best Hacking Tools 2020
  59. Hacker Tools For Pc
  60. Blackhat Hacker Tools
  61. Blackhat Hacker Tools
  62. Hacking Tools Github
  63. Hacker Tool Kit
  64. Hack And Tools
  65. Nsa Hack Tools
  66. Pentest Tools Find Subdomains
  67. Game Hacking
  68. Ethical Hacker Tools
  69. Tools Used For Hacking
  70. Hacking Tools Windows
  71. Hacking App
  72. Hacking Tools Online
  73. Hacking Tools For Windows 7
  74. Pentest Tools Website Vulnerability
  75. Pentest Tools For Windows
  76. Pentest Tools Tcp Port Scanner
  77. Hackrf Tools
  78. Easy Hack Tools
  79. Pentest Recon Tools
  80. Hacking Tools Free Download
  81. Hacking Tools Name
  82. Ethical Hacker Tools
  83. Hack Tool Apk No Root
  84. Pentest Tools List
  85. Hacker Tools For Pc
  86. Bluetooth Hacking Tools Kali
  87. Hacking Tools For Pc
  88. Hacking Tools 2020
  89. Hack Tools
  90. Pentest Tools
  91. Hack Tools For Games
  92. Hackrf Tools
  93. Pentest Tools Free
  94. Pentest Tools Nmap
  95. Pentest Tools Open Source
  96. Hack Tools
  97. Pentest Tools Nmap
at No comments:

Workshop And Presentation Slides And Materials

All of our previous workshop and presentation slides and materials are available in one location, from Google Drive.

From now on, we are only going to keep the latest-greatest version of each talk/workshop and announce changes on Twitter.

More articles


  1. Pentest Tools For Windows
  2. Hacker Tools Software
  3. Hack And Tools
  4. Hacker Tools Free Download
  5. Ethical Hacker Tools
  6. Pentest Automation Tools
  7. Hacking Tools Software
  8. New Hacker Tools
  9. Pentest Tools For Mac
  10. Pentest Tools Framework
  11. Android Hack Tools Github
  12. Hacking Tools Download
  13. How To Hack
  14. Hack Tools Download
  15. Hacker Tools Free
  16. Growth Hacker Tools
  17. Hack Tools For Mac
  18. Hacker Tools Windows
  19. Growth Hacker Tools
  20. Hacker Tools Apk Download
  21. Best Hacking Tools 2019
  22. Pentest Reporting Tools
  23. Pentest Tools Find Subdomains
  24. Pentest Tools Review
  25. Pentest Tools Bluekeep
  26. Hack Tools Online
  27. Growth Hacker Tools
  28. Hacker Tools For Windows
  29. Pentest Tools Tcp Port Scanner
  30. Pentest Tools Online
  31. Hack Tools For Windows
  32. Hack Tool Apk
  33. Physical Pentest Tools
  34. Hack Tools Online
  35. Hacking Tools Mac
  36. Pentest Tools Free
  37. Pentest Tools Review
  38. Pentest Tools Windows
  39. Hack Tools For Pc
  40. Hack Tools For Windows
  41. Pentest Tools For Ubuntu
  42. Hacks And Tools
  43. Pentest Tools Website
  44. Pentest Tools Apk
  45. Bluetooth Hacking Tools Kali
  46. Pentest Tools Download
  47. Tools For Hacker
  48. Tools For Hacker
  49. Termux Hacking Tools 2019
  50. Pentest Tools Review
  51. Hacker Tools 2019
  52. Hack Tools For Ubuntu
  53. Hacker Tools Windows
  54. Hacker
  55. Nsa Hack Tools
  56. Wifi Hacker Tools For Windows
  57. How To Hack
  58. Tools For Hacker
  59. Hack Tools
  60. Hacker Tools For Pc
  61. Pentest Tools Tcp Port Scanner
  62. Hack Tools For Pc
  63. New Hack Tools
  64. Computer Hacker
  65. Hacking Tools Kit
  66. Hackers Toolbox
  67. Bluetooth Hacking Tools Kali
  68. Pentest Recon Tools
  69. Hack Tools Download
  70. Hack App
  71. Pentest Reporting Tools
  72. Pentest Tools Free
  73. Pentest Reporting Tools
  74. Hack Tools Pc
  75. Usb Pentest Tools
  76. Hacker Tools Online
  77. Pentest Tools Bluekeep
  78. Pentest Tools Android
  79. Bluetooth Hacking Tools Kali
  80. Bluetooth Hacking Tools Kali
  81. Growth Hacker Tools
  82. Tools 4 Hack
  83. Hacking Tools Windows
  84. Hack Website Online Tool
  85. Termux Hacking Tools 2019
  86. Hacking Tools For Beginners
  87. Pentest Tools Find Subdomains
  88. Pentest Tools Download
  89. Hacking Tools For Pc
  90. Pentest Tools Github
  91. Pentest Tools Online
  92. Pentest Tools Subdomain
  93. Free Pentest Tools For Windows
  94. Hacker Hardware Tools
  95. Hacking Tools Free Download
  96. Pentest Tools Review
  97. Termux Hacking Tools 2019
  98. Hacking Tools
  99. Hacking Tools Mac
  100. Easy Hack Tools
  101. Pentest Tools Subdomain
  102. Growth Hacker Tools
  103. Best Pentesting Tools 2018
  104. Pentest Tools Kali Linux
  105. Underground Hacker Sites
at No comments: