Friday, 23 November 2012

When a remote installation fails

No covert remote installation of spy software can be guaranteed. Any spy software vendor that guarantees success of remote installations is lying.

In this article I will explain what you could do if your first attempt to install spy software like redpill Detective covertly (without the target user’s knowledge) failed.

There are many reasons why a remote installation of a spy program could fail:
  • The target user could have decided not to open or run the attachment (install module).
  • The target user could have received a warning from his/her anti-virus saying that it is not a known program and asking the user if he wants to allow the program to run. If he chooses not to allow the program to run, the installation will fail.
  • The install module needs to run on a Windows operating system. The target user could have opened the attachment on another operating system (MAC, linux, android).
  • The target computer might be protected by an additional two-way firewall (apart from the standard Windows Firewall) that does not allow for any program to send data over the internet.

What to do if a remote installation fails:


Step 1 – Attempt to get the target to run the install module. 

First try and find out why it didn’t work. Email the target user and ask him if he received the photos (or whatever cover you chose) and try to convince him/her to run the attachment.

Step/Phase 2 – Try again
  • Try again but wait a few days … else the target will become suspicious.
  • Create a new alias (new email address) and use a different approach. Choose a topic that you know will appeal to the target (his business, hobby, entertainment interests).
  • Choose a cover application and wording for the application that will work with your new approach.
  • Use a different type of attachment than the first time. Example, if you used an install module embedded in a WordPad file the first time, use a zipped file this time.

Step/Phase 3 – Critter Monitoring Approach

If step 1 and 2 failed you could use the Critter Monitoring approach.
Just a note on where the term 'Critter Monitoring' comes from:
The Critter Monitoring Approach is a term coined by redpill. In the computer game Starcraft, a critter is a neutral unit (alien animal). When you have a Zerg Queen unit you could infect an enemy unit so that you can see what he sees (spy on the enemy). It is however sometimes difficult to infect an enemy unit that is well protected and the infection is easily discovered and ‘healed’.
What you could do is then infect critters close to the enemy as they are easy to infect and their infection is seldom discovered. The critters will walk around undisturbed in enemy territory and the enemy will be unaware that you can see everything that the critter sees. 
The Critter approach in spy software terms works very similar. When you are unable to install spy software on the target computer because the it is a ‘hard target’, you could install on the target’s friends/partners/business associates/etc. that are ‘softer targets’ to get the information you need about the main target.

For example:
If you are expecting infidelity but are unable to install on your spouse’s computer, you could install on the person you expect he/she is having an affair with or his/her best friend. From their correspondence (chats, emails, etc) with your partner, you might be able to get the information you are looking for.

You will be amazed about how much you can find out about a person using the Critter Monitoring method. You could also use Facebook to see who his friends and likes are.

Recently I had to investigate a ‘hard target’ and I was unable to install on his computer. In facebook I couldn’t see who his friends where due to his security settings but I could see his likes … most people would think this is harmless. In his list of likes I saw a company that didn’t have too many likes and from their website I could see it was a very exclusive type of club. Due to legal reasons I can’t give the details of what I did but I could monitor his emails with this company and found the ‘smoking gun’ that the customer was looking for.

Even when I was unable to install on the person’s computer I wanted to monitor, I got the information I wanted by using the Critter Monitoring Approach.

Please remember that installing spy software on a person’s computer without their knowledge could be illegal. The training provided in this article assumes that you have legal right to install the software (for example official penetration testing). Do not use redpill spy software illegally.

Tuesday, 20 November 2012

Live Computer Monitoring Improved

The Live Computer Monitoring of redpill Detective has been improved.

Apart from recording all keystrokes (key logger), redpill Detective allows you to see what is happening on a computer in (near) real time. You can see the latest screenshot of what was done on the computer that is updated every 120 seconds.

Some improvements were made as how redpill Detective detects if something interesting is happening on the computer. You can also now view the current screenshot as well as go two screenshots back to get a better ‘view’ of what the target is doing ... just click on the Date and Time button of the screenshot you want to view. You can also Zoom any picture that was taken to full screen.

redpill Detective is spy software that can be remotely installed on a computer anywhere in the world. For more information on redpill Detective visit the redpill website.