Wednesday, 16 December 2015

redpill Hacker 4 and Anti-Virus

redpill routinely test redpill Hacker against Anti-Virus detection and improve its Anti-Virus Counter Detection techniques and measures.

Tests done on 2015/12/16 had the following results:

The heavyweight payloads had a detection rate of 9 out of 43 (Only 9 of the top 43 Anti-Virus packages could detect redpill Hacker payloads).

The lightweight payloads had a detection rate of 1 out of 43 (Only 1 of the top 43 Anti-Virus packages could detect a lightweight payload).

For more information about lightweight payloads see: Document Grabber

Why is the detection rate not zero? See Spy Programs vs Anti-Virus

Things to remember to keep your redpill Hacker detection rate down:

Each customer gets a unique build of redpill Hacker to reduce the risk of detection. Each payload you create is different, but the more times your payloads are scanned, the greater the risk becomes that Anti-Virus companies can find a unique 'fingerprint' within all your payloads.

If that happens, your success rate will start to drop as more and more Anti-Virus packages start to detect and remove your installations. The only way to fix this would be to get a rebuild from redpill. redpill charges a fee for the rebuild.

To reduce your exposure to Anti-Virus scans, do the following:
  • When doing a large scale attack, use a multi-phase attack, link or payload website. If you use your payload as attachment, the payload will be scanned each time the email is delivered even if it is not opened.
  • Add the folder you use to store your payloads to your list of folders that should be excluded from scans. By default it is Documents > redpill Hacker. 
  • Include your redpill Hacker program folder also to your list of folders that should be excluded from scans
  • Never test your payloads virus detection rate with multiple virus scan websites like megascan. Your payload will be scanned against all anti-virus packages..

For more information about redpill Hacker see:

Thursday, 22 October 2015

Hacking Made Easy

Hacking made easy with the new redpill Hacker 4!

Video explain hacking principles and show multiple ways of hacking with redpill Hacker.

For more information about redpill Hacker visit

Wednesday, 21 October 2015

Hacking was never so easy!

Professional Hacking was never so easy! redpill Hacker version 4 has been released - easier to use and more powerful!

New Enhancements in redpill Hacker 4:

The new version of redpill Hacker has more features but is easier to use!

Creating Payloads Made Easy with redpill Hacker 4 - Click to Enlarge
When making selections, detailed descriptions of each item selected are added to help you understand what will be created and how it works (see screenshot above - click to enlarge).

With redpill Hacker you could always have created many different payloads (covert install modules that secretly install spy programs on the target computer) and each one could be customized. Now, in version 4, you can also choose from different types of payloads performing different tasks with different levels of sophistication.

There are lightweight payloads that bypass the Windows UAC Warning message. Then there are also heavyweight payloads that perform a lot more tasks and return a lot more data that require a bit more social engineering. Even installing heavyweight payloads that require sophisticated social engineering is easy as redpill Hacker 4 comes with new and more advanced Social Engineering Templates:

Social Engineering Template in redpill Hacker 4
Attacking a target (hacking the target - installing a spy program remotely on the target computer) is also easier (and more fun!) in redpill Hacker 4:

As with previous versions you can choose to attack (install spy program) on a single target or install on multiple (unlimited) targets with the click of a button. In version 4 a section has been added to give you a detailed description of what you have selected to make sure you choose the correct social engineering template and payload for the job.

Other enhancements in version 4 include:

  • Payloads (spy install modules) are more difficult to detect.
  • New Document Grabber payload type that will secretly retrieve documents from the target computer.
  • New Fly-By payload will secretly take screenshots for a day. Will not start again after a computer restart like the full payload (that runs indefinitely, takes screenshots and log all keys), but as a lightweight payload it is more difficult to detect and will have a higher success rate.
  • General improvements to the redpill Hacker interface was made.
  • redpill Hacker 4 is more user friendly - easier to understand.
For more information about redpill Hacker go to the redpill website:

Wednesday, 14 October 2015

Stealth Document Grabber

Version 3.6 of redpill Hacker has been released. One of the enhancements is a new type of payload (spy module) called the 'Stealth Document Grabber;.

Stealth Document Grabber

Stealth Document Grabber - Click to enlarge

The Stealth Document Grabber will secretly email documents, pictures and other files on the target computer to you. The Stealth Document Grabber is also part of a new group of lightweight payloads.

Lightweight Payloads vs Heavyweight Payloads

There is a new group of Lightweight Payloads that is available in Version 3.6. These payloads only runs once and only perform specific tasks. The advantage of these payloads is that they are more difficult to detect and they bypass the Windows UAC Warning Message.

Heavyweight payloads can perform multiple tasks (key logging, taking screenshots) and will also continue to monitor a computer even after a computer restart was done. When the payload is however run for the first time it will cause the Windows UAC warning message to pop up. However, redpill Hacker has advanced Social Engineering Templates designed to 'convince' the target to allow the payload to run even when the UAC message appears (version 3.6 also has a couple of new social engineering templates).

Both the lightweight and heavyweight payloads has some pros-and-cons. Both heavyweight and lightweight will secretly install the spy program and both has advanced counter anti-virus detection features. The main difference:
  • Lightweight only runs once and performs a specific task (like the document grabber that sends you the documents on the target computer). They bypass the UAC message and is more difficult to detect. They will have a higher success rate.
  • Heavyweights can perform multiple tasks (key logging, taking screenshots) and can monitor a computer indefinitely. They will have a lower success rate but will return more data when they succeed.
redpill Hacker 3.6 is more flexible and gives you the ability to plan your attack better.For more information about redpill Hacker visit the redpill website.

Monday, 12 October 2015

How to use a phishing site to retrieve passwords

redpill Hacker is Penetration Testing Software for ethical hackers with various hacking tools. In this article I will explain how the Password Phishing Website tool works.

Password Phishing Website Tool - Click to enlarge
All you need is a Windows hosting option with a Windows Server that supports ASP.NET 4.0. There are a lot of website hosting companies to choose from like (and countless others) where you can get very inexpensive hosting options.

Your 'con' will be to email the target a link to some 'secure content' that will require him to sign in using his social media account (gmail, yahoo, facebook, etc). The secure content can be any youtube video or any other video from any other site. It could also be a link to a PDF or some other content on the Internet.

Below is a break down of how it works:

  1. You specify the custom settings you want in redpill Hacker and redpill Hacker creates the phishing site for you to fit into your specific con.
  2. redpill Hacker sends an email to the target using the Social Engineering Template you selected. The Templates are designed to convince the target to click on the link.
  3. The target clicks on the link to view the video (or other content you selected). He is redirected to the phishing site where he is required to login using his social media account.
  4. After he signed in he is redirected to the video or other content you selected. The redirection is quick so the target will not even realize that he was redirected. He will just think he needed to sign in to watch the video and then will continue to watch the video.
  5. redpill Hacker will then retrieve the target's username and password from the phishing site.''
For a demo of how this works see the video below:

For more information about redpill Hacker or other spy software visit the redpill Website.

Friday, 18 September 2015

How to get Saved Passwords on a Remote Computer

Keyloggers allow you to get everything that is typed including passwords. The problem is, what about passwords that are saved and that the target does not type. There are some spy software programs that will claim to retrieve these passwords but it is not always effective as it will depend on the type of browser or application that the target is using.

There is another way to get saved passwords: Use Social Engineering

First, you need to remotely install a key logger on the target computer using something like redpill Hacker or redpill Agent.

Then you use social engineering and get the target to change his passwords. You could send him an email or even give him a call with a message like this:

Hackers found a new vulnerability in Windows that allows them to retrieve all your saved passwords on your computer. To protect yourself, do the following:
  1. Run Windows Updates and make sure you get the latest security updates that will include a security patch for the new vulnerability.
  2. Change all your passwords for all your accounts including social media, emails and banking sites.

The target will run the updates that will not do anything, but when he changes all his passwords, he needs to type them. That means they will be logged and you will get all his passwords!

Friday, 24 July 2015

redpill Agent Improved

redpill Hacker has been dominating posts in this spy software blog lately but redpill Agent is far from done. A new version has just been published with a couple of improvements and a new look (see screenshot above).

redpill Hacker can do everything redpill Agent can do and a lot more ... but there are quite a lot of redpill Agent fans that still prefer this legacy system. It might have something to do with the fact that redpill Agent is a bit notorious and has even been blamed by hackermedicine  and some other news blogs for a major attack in India (read article here).

For more information about redpill Agent and other spy software visit

Wednesday, 22 July 2015

redpill Hacker price reduced

redpill got a new look:

To celebrate our new look and website, we discounted the redpill Hacker price with 50%!
redpill Hacker is now (for a limited time) available at $ 99.
An upgrade to the latest version (that will also give you a new unique and clean build) has also been reduced to $ 39.

Wednesday, 15 July 2015

Friday, 10 July 2015

Install Spy Software with a Payload Website

redpill Hacker 3.5 is now available. The most significant enhancement is a new powerful tool in the redpill Hacker arsenal (existing hacking tools where also updated and improved).

redpill recently added the 'Password Phishing Website' tool. The very high success rate of this tool convinced redpill to develop a new tool that combine the website creating ability of redpill Hacker with its payloads.

Social Engineering Payload Website

The difference between the Password Phishing Website Tool and the Payload Website Tool is that the password site can only capture a username and password while the payload website will install spy software to monitor the computer.

With the Payload Website you bypass any email problems as no attachments are emailed. You also don't email a link to a payload (install module). Emailing a link is one of the best delivery methods but it still has two problems:

  1. Most computer users know not to click on a link in an email. They where told to go to the website directly and download from there.
  2. Emailing a direct link to your payload can still cause unwanted exposure (Anti-Virus Scans) to your payload. The more your payload is scanned, the more you increase the risk of it becoming known as malware. 

The new tool takes care of these problems and will have a much higher success rate. Lets look at an example of how the Payload Website Tool works:

Step 1 – Choose or Create a Template

We will choose one of the templates that comes with redpill Hacker 3.5 – ZIP4WIN. You can make a few changes to the template or create your own if you want.

Click on the images to enlarge them.

Step 2 – Create the Payload 

We select the template we have chosen. This will populate most of the fields for us. For a Payload Website option you must select 'Program File' as attachment type (remember it will not be emailed).

Step 3 – Create the Website

Select the new 'Social Engineering Website With Paylaod' option in the Social Engineering Toolkit.

You simply enter a description and features that fits in with your con (the social engineering template that you chose) and you click on Create. I don't have a video yet of how this works, but to see how quickly and easily redpill Hacker creates a website see the 'phishing website video'.

Setp 4 – Attack

Go to the new Payload Website Attack option and select your list of targets. They will not get a link to a payload but will simply be told about the new great app with a link to the website.

This new tool allows you to create any 'super application' and website that goes with it in a couple of minutes.

The website will look legit to the target and he will expect the UAC Warning message from Windows as he is installing this great application!

The payload will install the spy program that will return the public IP address of the target, all keys that are typed (key logger) and will take screenshots at the interval you specified.

For more information about redpill Hacker visit

Monday, 6 July 2015

redpill Agent vs redpill Hacker

A lot of customers wants to know what is the difference between redpill Agent and redpill Hacker. redpill Hacker is without question a better product as it can do everything that redpill Agent can do and much more. redpill Agent is however still an excellent product and redpill will keep on supporting redpill Agent.

redpill Agent is bit easier to use for the simple reason that there is much less that you can do. redpill Hacker is very user friendly, but will require that you watch the videos, read the articles and spend a little time getting familiar with how it works.

redpill Hacker is definitely for the more serious hacker. 

In short, here are the differences:
  • With redpill Agent you are limited to one email account for receiving data - so you are limited with the number of installs you can do. With redpill Hacker you can add as many email accounts as you want (unlimited installs).
  • redpill Agent can only be linked to a gmail account. That can sometimes be a problem if gmail forces you to change the password. Gmail is also limited to 500 emails per day. redpill Hacker can use gmail but is not limited to gmail. It can use any email service that supports SMTP.
  • redpill Agent uses Ghost Protocol so that your modules are part of a very small batch of users to reduce the risk of detection. redpill Hacker does not use Ghost Protocol as it is not needed - each customer gets a unique build - only you will have that specific version of redpill Hacker.
  • With redpill Agent you can choose from 5 different social engineering install modules and it allows to to specify your own. redpill Hacker on the other hand takes social engineering to a new level with a complete social engineering toolkit. There are a lot more templates to choose from and the templates are more advanced. It has a database, so you can also add as many templates as you want. 
  • Both products will secretly take screenshots and comes with a keylogger. redpill Hacker will also give you the public IP address of the target.
Then, there are features that only redpill Hacker has:
  • redpill Hacker can create phishing websites for you that you can use to retrieve usernames and passwords without needing to install anything on the target computer.These attacks works on all devices and platforms.
  • redpill Hacker has a database where you can save all your targets, email addresses, keep track of installations and much more.
  • redpill Hacker can email the payloads (install modules) for you by creating and sending personalized emails to the targets. It allows you to email a list of targets (any number) with the click of a button.
  • redpill Hacker can do dictionary attacks against email addresses. It comes with a database of 13 200 passwords (high quality commonly use passwords). You can also import more passwords if you want.
To see redpill Hacker in action search for 'redpill Hacker' on youtube and watch the videos.
To purchase redpill Hacker or redpill Agent go to

Wednesday, 1 July 2015

redpill Hacker - Getting Started

There is a lot that redpill Hacker can do - too much to explain in one article. For this article, I will focus on getting started - the very basics. We will send one payload to one target.

You will not need to do all the steps for every attack you do, but you will need to set a couple of things up before you start using the system.

Step 1: Add an Email Account

You will need to add at least one email account. From the Menu click on Resources > Email Accounts.

Email accounts will be used to send payloads to targets but also be used by the payload to send you data.

You can add any number of email accounts that you want to use. You can use any email service that supports SMTP. Free email services like gmail and yahoo will work, but will have some limitations and problems. These services are very strict with the type of attachments they allow and will also limit you with the number of emails that can be sent in a day.

When adding your email account note the following:
  1. Use load default if you are using gmail or yahoo. If you want to add your own default server (if you will add a couple of emails from that server) you can add it under Resources > SMTP Servers.
  2. The username is usually the full email address.
  3. If you are not using one of the default ones, you can get the Server, Port and SSL settings from your email service provider.
  4. Before you add the email,  click on test to make sure you added it correctly. You will receive a test email message.
  5. As mentioned, you can add as many emails as you want that you can use to send data or send email messages.

Step 2: Create a Payload
PAYLOAD: Payload in computing is the cargo of a data transmission. In computer security, payload refers to the part of malware which performs a malicious action.
In previous versions (and redpill Agent) payloads where called 'Install Modules'. The payload is the install program that will install the spy program on the target computer. A payload is disguised as another program that will give the target the idea that something else is being done while it secrtly installs the spy program.

From the Menu go to 'Social Engineering Payloads' > 'Social Engineering Payloads' and click on 'New Payload'.

  1. The Description will only be visible to you. You can use any descriptive name so that it will make is easy to later choose the correct payload (you can create as many as you want).
  2. The Social Engineering Template will populate the next 3 fields for you. There are several to choose from and you can also add more or edit the existing ones to work better for you.
  3. The Program Name, First and Second message will be set according to the Social Engineering Template that you selected, but you can change it here if you want.
  4. This account will be used to send the data. It will not be visible on the target computer.
  5. There are several attachment types to choose from. You need to keep in mind that different email services allows different types of attachments (sending and receiving). For this example we will use a ZIP File (you need to have WINRAR installed on your computer as redpill Hacker will use WINRAR to create the zip file).
  6. You select the payload filename (it is a good idea to make it similar to the program name) and where it should be saved on your computer. Be default it will use the redpill Hacker payload folder but you can also save it somewhere else.
  7. The email address where you want to receive the data .... it can be, but don't need to be, the same as number 4.
When you click on 'Create Payload' the payload will be created. You can use this payload at any time and as many times as you want. redpill Hacker can send the payload for you, but if you want to email the payload yourself, you can just open 'Social Engineering Payloads' again.

A list of all your payloads will be displayed. Select a payload to see information about the payload. To use it directly (if you don't want redpill Hacker to send it for you), simply click on 'Open Payload Location'. It will open a folder where the payload is saved.

Step 3: Add a Target

As mentioned in the previous section, you can email the payload directly, then you don't need to continue with these steps. If you want redpill Hacker to email the target, you need to add at least one target. The target is the person or computer you want to monitor.

From the Menu, select Targets > Add / Manage Targets.

Simply type in the target name (the name will be used in the email), the target email address and select any status. Click on 'Add' and then Close.

Step 4: Attack the Target

Now you are ready to do the attack. From the menu, select 'Social Engineering Payloads' > 'Social Engineering Attack'.

  1. Select the target you want to attack. You can also choose to attack a list of targets.
  2. Select the Social Engineering Template that redpill Hacker should use. To see what is in the template, you can go to Resources and Tools > Social Engineering Templates.
  3. Select the payload that you just created.
  4. Choose the email account that redpill Hacker should use to send the email. It does not need to be (but can be) the same account that the payload will use to send the data or where you will receive the data.
  5. Click on 'Attack Selected Target'. If you want to attack all the targets in the list, you can use the 'Attack All' button.
redpill Hacker will now send a personalized email to the target using the template you selected and attach the payload you selected. When the target runs the payload, you will start to receive data in the email account you specified.

There are a lot more you can do with redpill Hacker. Click on the 'redpill Hacker' topic in this blog to read more articles or watch videos about more advanced features and tips. 
To purchase redpill Hacker, go to

Monday, 29 June 2015

Incremental Hacking

No hacking attempt is guaranteed. There is a lot that can go wrong when you attempt to remotely and secretly install spy software.

Things that can go wrong:

  • The target can choose not to open the payload. Even after some good social engineering, there will be a lot of targets that will know better than to open the attachment.
  • The target can open the payload on a device (Operating System) that does not support the specific payload.
  • The target computer can have a two-way firewall (not the standard Windows Firewall) that can block the data from being sent.
  • The target computer can have very strict Anti-Virus that will block any program that is not known and trusted.

Ways to improve your chances of success:

The first thing you can do is use a targeted attack against a specific target. You find out as much as you can (facebook, google, etc) about the target. You can use information that might look very insignificant to others to improve your social engineering con (I will explain in more detail with the example in this article). This type of attack is called spear phishing and will greatly improve your chances of success compared to phishing where you simply 'attack' a list of targets and hope for the best.

Another way to improve your chances of success is to use incremental hacking

With incremental hacking you first do a type of attack that has a higher success rate and usually lower reward before moving to the next phase with a lower success rate but greater reward. That way, if the target get suspicious during the last phase and the attempt fails, then at least you have some information about the target.

This multi-phase attack also has the advantage that you can prepare (through social engineering) the target for the final payload so that he is willing and ready to run it.

Example of Incremental Hacking

You did your homework and from facebook you learned that the target is a big Miley Cyrus fan.

The Con

You create a profile (facebook google+ or simply an email address at yahoo, gmail, etc) and give the impression that you are also a Miley fan (the things we sometimes need to do …). You could alternatively create an email that will let it look like some sort of special fan group.

You will then email the target a link to a Miley video where you will only get the target's username and password using a phshing website – high success rate – Phase 1.

After you successfully retrieved the target's username and password, you can then email the target another 'naughty' video of Miley that is not freely available on the internet. Once the target try to run this video, you will have full monitoring of the target computer – lower success rate but higher reward – Phase 2.

Let's see how this can be done:

Phase 1: Phishing Website

After our first phase, we don't want the target to become suspicious. We want the target to trust as even more. So the first phase of the con is very important. We search the web (youtube or any other video service) for an actual video of Miley that will give the target the impression that there was a reason why the video was somewhat restricted (maybe a real sexy/naughty video).

We use that link to create our phishing website with redpill Hacker.

redpill Hacker will create the phishing site for us (see the redpill Hacker Phishing Website Video  for more detail on how the website is created by redpill Hacker).

We then make a couple of changes to one of the many social engineering templates in redpill Hacker to fit in with our con. We let redpill Hacker email the target.

The target will get an email with a link to the video. When the target want to view the video, he will be prompted to sign in using his social media account (gmail, yahoo, facebook, twitter) – as are the case with many sites and content on the internet. After he signed in, he will be able to watch the video and will not suspect anything.

We however, would have received his username and password!

This type of attack as a very high success rate as nothing needed to be installed on the target computer. It works on any device and operating system and there is no warning messages.

Phase 2: Emailing the Payload

The second phase of the attack has a lower success rate as we want to remotely install a spy program on the target computer. If this however fails, then at least we already have the target's login details for one of his accounts that will give us a lot of information about the target (remember, some users will use the same password for all their accounts).

We also now already established contact with the target and the target will now have a sense of familiarity that will help us with the next attack.

Using the 'video' social engineering template in redpill Hacker, we create a video payload and email it to the target. We tell the target that this video is not freely available on the internet as it has some shocking content of Miley.

When the target wants to run the video player we attached, he might get the standard UAC message from Windows or a warning from his Anti-Virus that it is not a known and trusted application. We however did explain in the email that we are using a new video encryption program to attach the video so the target will be expecting the message and allow it to run.

If the target allow the payload to run, we will start to receive data (IP Address, keylogs, screenshots) from the target.

Not only will an incremental attack increase your chances off success during the final phase, it will also reduce exposure to your payloads (see why this is important) and also leave you with at least access to the target's social media account if the final attempt is not successful.

For more information about redpill Hacker, visit

Friday, 26 June 2015

Setting up a FTP Server for redpill Hacker

redpill Hacker is a hacking tool (penetration testing tool) that allows you to do different types of 'attacks' on targets (the computers or persons you want to monitor/investigate). Some attacks like the Phishing Website Attack or a payload that is send with a link require a website (or at least a file hosting site for the link option).

You do not need an actual website as redpill Hacker will create the website for you (in the case of the phishing site) or you only need a place to host the file (in the case of the link attack). So all you need to get, is a website hosting option from a hosting company like Sites like godaddy offer cheap hosting options that also include a domain name.

With your hosting option, you will also get a FTP Server. The FTP Server is used to upload files to your website. In redpill Hacker, you can easily add the FTP Server. Open redpill Hacker and go to Resources > FTP Servers.

Your hosting company will give you the server name. It will either be something like or an IP address. The username and password will also be provided by your hosting company or you will be able to create a FTP user in your website control panel.

The directory (or folder) is where the files should be uploaded. With some hosting companies this will be in the root FTP folder. In that case just add a forward slash as in the screenshot above (/). Other sites will be something like /httpdocs/ or /www/ (you should add the forward slash in the beginning and end of the directory name).

If you are not sure what the directory is where you should upload your website files, you can contact your hosting company for support and ask them. You could also use your File Explorer in the hosting control panel to see where the website files are (there will be a Default or Index file with a htm, html, aspx or asp extension).

Once you added the FTP server, it can easily be selected from other parts of the program for things like a link payload or a phishing website. redpill Hacker will then create the website for you or upload the file for you.

A couple of things to remember:
  • When you want to send a payload with a link, you can use any website hosting option. If you want to use your site for a phishing site as well, you will need to make sure it is a Windows Server with ASP.NET 4.0 enabled.
  • Both options must be a website hosting option and not a ready build website (like website builder from godaddy) as theses sites does not allow you to upload any file you want (like payloads).
  • The link that you will specify in your link payload or the phishing website attack should be a link to your domain name and not to your FTP server.
  • You can use the same website (and FTP server) for different types attacks. You could for example use the same site for a phishing website and for multiple payload links.
Please note, we recommend godaddy as they setup the sites correctly and their domains are quickly available. Some other companies fail to create some standard and needed folders with the correct permissions.

Please contact redpill support if you have any questions.

Thursday, 25 June 2015

redpill Hacker 3.22 Released

redpill Hacker 3.22 has been released with the following enhancements:
  • The payloads has been improved to make them harder to detect. The changes include changes to avoid detection by the target (user) and anti-virus.
    Note: One of the changes will cause a delay in the initial 'success message' and a delay before receiving the initial data. After the initial delay, data will be received in real time.
  • The payloads will now also give the IP address of the target computer that can be used to look up the target location.
  • A 'Delete All' was added to the target screen. This is useful if you want import targets (email addresses) from a file and attack targets in batches. 
For more information about redpill Hacker, visit

Thursday, 4 June 2015

redpill Hacker now with website phishing

redpill Hacker now with new website phishing feature. Training video shows how to get usernames and passwords from any device and any operating system.

For more information about redpill Hacker or more training videos visit:

Sunday, 17 May 2015

redpill Hacker 3 is available!

The new redpill Hacker 3 is more flexible with the way payloads are created and used. It also comes with a database of thousands of commonly used passwords and a Dictionary Attack tool to hack into email accounts. See the video for for a demonstration.

For more information about redpill Hacker visit the redpill website.

Thursday, 7 May 2015

redpill Hacker - How to attack a large list of targets

redpill Hacker allows you to install  spy software on any number of computers (unlimited). If you decide to do a single attack on a large number of computers, you need to use a two phase attack to avoid detection. This video explains how to do it:

For more information about redpill Hacker, visit

Wednesday, 6 May 2015

Spy programs vs Anti-Virus

Is redpill spy products FUD? I get asked this question a lot. FUD (in some circles) means Fully UnDetectable spy programs.

The answer depends on what you mean with FUD. Some Anti-Virus packages will block and remove any program that is downloaded or received via email and is not a well known program. The program is not really detected as a known virus, and it does not even need to show any suspicions behavior, but is blocked and removed by some strict AV (Anti-Virus packages) because it is seen as a potential threat.

If you take that into consideration, no spy program can be completely undetectable (or FUD).

redpill products like redpill Hacker and redpill Agent gets past more Anti-Virus than most other spy programs. It however also depends on how you use your spy program. I will explain how to use your spy program, but first, it is important that you understand how detection works.

How Does Anti-Virus Software Detect Spy Programs?

AV companies basically detect spy software (and viruses) in three ways:
  1. Comparing the file against a library of known viruses and malware - This method can only detect known viruses and spy programs.
  2. Heuristic Analysis – Anti-Virus companies use heuristic analysis to detect new viruses and spy software that is new or new variants. In short, anti-virus software that use this method will run he program in a controlled virtual system (sandbox testing) or decompile the suspected program and analyze the source code before releasing it into the real system. The anti-virus software will use profiling to make an 'educated guess' to decide if the unknown program is a virus or malware. Obviously this method will lead to a lot of false-positives.
  3. Wisdom of the crowd - It is often impossible to decide if a file is malicious or not, basing this decision only on data from one computer. The picture changes when it’s possible to analyze application behavior on multiple computers. Using this data and heuristic analysis methods, anti-virus companies can very quickly make a verdict about a suspected file.

How does redpill get past Anti-Virus detection?

As explained in the beginning, no spy program will get past all AV all the time on all systems. redpill however has some of the best results in getting past AV in the business. The reason for this is that redpill works very hard at developing unique techniques to avoid detection … and has been doing this for 10 years. redpill has some unique counter detection features:
  1. redpill uses a range of techniques to prevent its products from being detected as known spy software including: encryption, code scrambling, code obfuscation, covert coding (over the years redpill has learned some coding principles that will make applications more difficult to detect) and code fogging (code fogging is a redpill term that means adding 'tons' of program generated code to improve obfuscation of code and making it more difficult to find and detect the red flag code).
  2. Unique Install Every Time – Even if you use the same install module on the same computer, each install will be unique. New program names, folders, registry keys, etc. is used with each installation.
  3. Masking – Heuristics scans will look at how the program behave (Is it hidden, was it downloaded or received via email, did it install a keyboard hook, is it sending data over the internet, etc.). redpill has developed some unique (and secret) methods of masking some of these operations. Note that masking techniques can't hide everything .. the program still needs to be downloaded or received via email, etc. Again … redpill will get past a lot of AV scans but not all. (no spy program can).

How can you avoid your redpill product from being detected?

As explained in this document, redpill has done a lot to avoid detection. It however will also depend on how you use your redpill Agent or redpill Hacker that will determine if it will be detected.

With redpill Agent, don't re-use old install modules. redpill Agent is designed to do multiple installations, but not huge numbers. So as long as you don't use old install modules, you should not have any problems.

redpill Hacker however can do a large number of installs. redpill Hacker even comes with a database where you can add or import targets from a file. You can also select a huge list of targets and then redpill Hacker can email all the targets for you.

HOWEVER ... just because you can import a huge number of emails and email an attack module to them all at once, does not mean you should do it. Emailing 5000 targets (or any number) an attack module or link is a very bad idea:
  • It is a bad idea because redpill hates phishing emails and phishing attacks... just like everybody else. It is a bad idea because it is illegal. You should only do spear phishing on specific targets you need to (and can) monitor.
  • It is a bad idea because the 'wisdom of the crowd' will very quickly kick in and your install module will be detected by almost every AV.
Remember, you don't have to have successful installations before your module is scanned. Attachments and even links can be scanned as they are received.

If this happens (if your redpill Hacker gets known by AV), you will need to request a rebuild by redpill (for a fee).

Things you can do to prevent your redpill Hacker from becoming known by AV:
  • Only do spear phishing - hacking on specific targets.
  • Choose your targets and methods of hacking/monitoring carefully. 
  • Never test your payload detection rate with multi-scan anti-virus sites. Your payload will be scanned against every Anti-Virus package available. The more you expose your payloads to AV scans the greater the risk that they will find a 'fingerprint' and add your version of redpill Hacker to AV databases.
  • You can use a two phase attack as shown in this video to prevent your redpill Hacker from becoming known.
  • You can use incremental hacking.
  • You can disable your Anti-Virus on your own computer or choose the one that you use carefully. When you do testing on your own computer the payloads will be scanned each time you create a new payload. If the payloads are scanned enough times, it will be possible for your AV to find a 'fingerprint' in the modules and add your build of redpill Hacker to their database. 
If you use your redpill Hacker correctly, it might never be needed for you to do a rebuild. If you do need to do a rebuild to get a new clean version, contact redpill. You will then also get a upgrade to the latest version.

Friday, 1 May 2015

redpill now accepts Bitcoin

redpill accepts credit/debit card payments for redpill Spy and redpill Detective, but not for the more 'hard core' penetration testing software like redpill Hacker and redpill Agent. For those products redpill uses Perfect Money and Webmoney.

Some customers complained as Perfect Money and Webmoney is not supported in the United States and difficult or expensive to load from some countries. To help those customers, redpill now also allow bitcoin payments that is available everywhere including in the US.

To purchase using bitcoin, just select that option in the Purchase page of the redpill website.

For more info about bitcoin click here. To get started is very simple and quick. You can install a wallet app from (tip: install a lightweight client and not a full node like Bitcoin Core as a full node needs to download tons of data).

Wednesday, 29 April 2015

Email setup in redpill Hacker

In redpill Hacker you need to setup email accounts. Email accounts are used to send data from the spy module and also sending the attack module to the target. You can add as many email accounts as needed and you can use an email service that supports SMTP.

You will get the SMTP details from your email service provider. If you want to use gmail, you can use the settings below:

  1. Email; your full gmail email address
  2. Username: again, your full gmail email address
  3. Password: your gmail password
  4. Server:
  5. Port: 587
  6. Use SSL: Yes (check the box)
Do a test (just click on Test). If you get a 5.5.1 error, read this.

Remember, you don't need to use gmail. Just added the settings here as a lot of users use gmail.

FTP Server for redpill Hacker

Update: This article is for an older version of redpill Hacker.
Please see: Setting up a FTP Server in redpill Hacker 

When to fill in the FTP details in redpill Hacker ...

When to use links

In redpill Hacker there are two Social Engineering Attack methods that would require the use of a FTP Server - a link or a website.

If you are new to redpill Hacker, I suggest you start with the easier attachment types like a program file, zip file, or Wordpad file, as these types do not require a FTP Server. When you choose one of these types, the FTP Settings are disabled.

Using a link as part of a social engineering attack is sometimes needed as some email services like gmail block attachment types like program files and zip files. Although Wordpad files are allowed in gmail, some other email services or anti-virus applications will block wordpad attachments that contain embedded program files.

How to use a link

A link in an email is just that - a 'link' that points to something somewhere else. If you want to use a link you will need to have a FTP Server or website hosting option where you can place your social engineering attack module.

There are free file hosting services available like idrive or google drive that you can use as explained in this article: How to attach a spy program to an email.
The problem with the free hosting options is that most of them will not allow you to upload a program file or have a direct simple link to the file.

There are very cheap hosting options (FTP Servers or websites) that will allow you to upload your install module and use a direct link to the file. The best solution would be to get a website hosting option with your own domain name that will fit in with your social engineering con. For example, if your social engineering template you used is for a 'virus removal tool', you could choose a domain name that has to do with virus removal. The link that you will use will then look a lot more legit. A good and cheap hosting company is ... but there are many to choose from.

Once you have your website or file hosting site, your hosting company will provide you with the FTP details. You will need the following:
  • FTP Server - usually just a IP address or it could also be something like
  • FTP Username
  • FTP Password 
  • FTP Folder - this is the folder where you place your website files. With a file hosting service it will usually be in the root so you just enter '/' in redpill hacker (without the quotes) or if it is a website it is usually '/httpdocs/'.
You also need to specify the download link.

In the download link box, just replace '[replace with your domain]' with your domain name. 
If you use a free file hosting service they might generate a link for you. You will then need to use that link instead.

Want to take it one step further?

As part of your social engineering attack you can use a website instead of a link. Most users will not easily click on a link in an email, but they will download a free application from a website.
With this option you will need some basic knowledge of how websites work ... if you don't, you can get redpill to do it for you for a fee. 

Monday, 27 April 2015

redpill Hacker - How to use Wordpad

redpill Hacker tutorial video that shows you how to use a Wordpad attack module. Wordpad attachments is not blocked by gmail or yahoo.

There are several different types of modules that can be used with redpill Hacker. More training videos will be coming soon ...

Thursday, 23 April 2015

Spy Software Developer - TheCoder.Ninja

The programmer of the redpill spy products gets a new name, look and website:

Please note: still the same software developer. The redpill website and redpill products will not be affected. Still working hard on new and better spy software

Monday, 6 April 2015

redpill Hacker Tutorial Video

Tutorial Video that shows you how to use redpill Hacker to install spy software remotely and secretly on multiple (unlimited) computers anywhere in the world.

For more information about redpill Hacker visit:

Monday, 30 March 2015

redpill Hacker Version 2 Released

redpill Hacker 2 is now available!

redpill Hacker now allows you to install on multiple targets with a click of a button. It now includes a target database (email addresses of the persons you want to monitor) as well as new Social Engineering Templates.
  • You can now specify multiple targets (persons you want to monitor) in redpill Hacker. 
  • You can now choose from Social Engineering Templates and add your own.
  • redpill Hacker will automatically send personalized emails (using the Social Engineering Templates) to multiple targets with the click of a button.
  • The install modules or link to install modules will automatically be added in the email.
As with the previous version, any number of install modules can be created. Supported formats include .zip, .rtf, .exe and links.

For more information about redpill Hacker and other spy software products visit:

Wednesday, 25 March 2015

Fake redpill websites

Be aware of the following fake redpill websites:
  • www [dot] redpillspy [dot] com
  • www [dot] redpilldetective [dot] com
They used to be able to sell redpill products through the Avangate Affilate Network system. redpill has now disabled the network affiliate selling system due to sites like these that claims to be the official sites of redpill products.

It caused problems as they where making false promises to customers and also selling other spy products of a lower quality from these websites that looked like they where the official redpill sites.

The official redpill website is:

Official product sites:

Thursday, 12 March 2015

redpill Hacker Email Accounts

redpill Hacker allows you to setup and use multiple (unlimited) email accounts for sending and receiving data. This article explains how email accounts are used in redpill Hacker.

When using redpill Hacker, there is usually three email accounts involved:
  1. Email account for sending data (Delivery Email Account).The Spy Module will use this account to secretly send the data via email.
  2. Email account for receiving the data. 
  3. The email account that you will use to communicate with the target (for social engineering) and to email the install module.
Note: You can use the same email account for all three tasks.

The email account to receive data you only specify when creating the install module and the email account you will use to communicate with the target you do not need to specify in redpill Hacker. Setting up the email account for sending the data is a bit more tricky so we will look at how that is done.

Setting up an email account in redpill Hacker

In redpill Hacker click on 'Email Accounts'. The Email Account form will open.

The email account that you want to use to send the data (Delivery Email Account) needs to be an email that supports SMTP. If you are using a private email or company email address your email service provider will be able to supply you with the SMTP details. You can also use gmail ( for this.

If you want to use gmail, simply check the 'Use Gmail' box. The gmail SMTP settings will be added for you. Note that with gmail, your username is the same as your email address (see example above).

You can then just click on add and use the email account at any time.

Testing Emails

Before you send the install module to the target it is important to test your settings to make sure it is correct. Once you have emailed the target the install module you cannot change it. You will need to email another one if you made a mistake. 

To test it, simply select the email account for sending the data and enter the email account you want to use to receive the data.

You then simply click on 'Send Test Email'. You should receive a test email.

If you are using gmail and you get the following message:
The SMTP server requires a secure connection or the client was notauthenticated. The server response was: 5.5.1 Authentication Required.
Read this article to fix it.

Saturday, 28 February 2015

redpill Agent gets past 93% of Anti-Virus Detection

redpill Agent now gets past 93% of anti-virus detection. 

redpill Agent with the new version of Ghost Protocol got past popular Anti-Virus packages like Avast, AVG and 36 other top anti-virus packages.

On 2015-02-28 redpill ran an install module of redpill Agent through 39 anti-virus scanners (all up to date with the latest anti-virus defenitions) and only had a 7% detection rate (see results in image above). Only 3 of the 39 packages marked the redpill Agent install module as a potential threat. These 3 that did detect redpill Agent is not widely used as they are known for having a lot of False Positives (detecting programs as viruses when they are not).

redpill improved counter detection on all redpill spy products including redpill Spy and redpill Hacker. redpill Hacker has even a lower detection rate than redpill Agent. 

For more information about redpill spy products visit:

Wednesday, 11 February 2015

FUD Spy Programs

FUD - no, not 'Fear, Uncertainty and Doubt ' but Fully UnDetectable Spy Software means Key Loggers and other Spy Programs that can get past Anti-Virus systems.

Some hackers use Crypting programs to make spy programs and key loggers undetectable.The crypting programs does not encrypt the program files as that would make them unusable, instead the code within the file is scrambled. The problem with these programs is that although the file might no longer be detected by anti-virus, the file becomes damaged and unusable (the crypting program causes problems within the program file.

redpill have been using a unique set of features and processes to make their spy programs undetectable. With redpill Agent, these features and processes are applied with Ghost Protocol.

redpill has just released Version 2 of Ghost Protocol that has a lot more enhanced features and processes that include:
  • Code Obfuscation and Scrambling (basically what a Crypting program does).
  • String and Resource Encryption
  • Code Fogging (a term coined by redpill) - Actual code is hidden within 'tons' of FOG code (actual code performing actual tasks generated by a redpill in-house program)

The above processes are run daily on the redpill modules. Apart from these processes, redpill has also developed various counter detection measures that include:
  • Using unique file names, folders and keys with EACH installation.
  • Several features to hide or mask the nature and purpose of the program.
  • Some more Counter Detection Measures that cannot be listed as it is trade secrets. 

redpill Agent users will automatically get the new version of Ghost Protocol the next time they activate it or if they purchase a new redpill Agent license.

Please Note: 
No program is really FUD. They might get past an initial scan as they get past the fingerprint scan method (known malware detection) but they can then be detected as the behaviour of the program is suspicious. Some Anti-Virus (depending on the settings) will flag any program as possible malware if it is not known and if it has been downloaded or received via email. redpill strive to get past the most Anti-Virus software and as close to FUD as possible but cannot guarantee that we will get past ALL Anti-Virus all of the time. Please report high detection rates.

Friday, 6 February 2015

Install Spy Program with a Link from a Legit Website

Some hard targets (users that are security conscious) will not open an attachment or click on any link in an email. Sending a link in an email is easy ... making sure it looks legit and trustworthy is a bit more work.

This video is a tutorial on how to remotely install redpill Agent with a link in a email that comes from a real website.

Thursday, 5 February 2015

Problems receiving your emails from redpill Agent?

Not receiving your emails in gmail from redpill Agent and getting the following error when you do a test?
The SMTP server requires a secure connection or the client was not
authenticated. The server response was: 5.5.1 Authentication Required
Follow the steps below to fix the problem:

Usually the problem is that an incorrect password was entered for gmail in the 'Spy Install Module' creation page. Create a new install module and make sure you enter the correct gmail password for your account.

If you are sure your password in the install module is correct and you still have the same problem, do the following:

Open your gmail account and go to Settings.Go to the 'Accounts and Import' Tab and click on 'Other Google Account Settings'.

Go down to the 'Signing In' Section.

Turn 2-Step Verification is 'Off' and change 'Access for less secure apps' to 'Allowed'.
You should now start receiving the data from redpill Agent.

For more information about redpill Agent or other Spy Programs visit

Monday, 2 February 2015

redpill Hacker with Custom Website

redpill released a new powerful spy program called redpill Hacker. One of the program features is to create different delivery packages. Using a custom website as a delivery package has been proven to have the best success rate of all delivery methods.

A lot of computer users know not to open attachments or click on links in emails. You can get past some of them by using social engineering and winning their trust before sending the link or attachment, but some hard targets (security aware users) might still be a problem.For those targets, a custom web option is your best choice.

How the Custom Website Delivery Method Works:

As mentioned, a lot of users will not open an attachment or click on a link, but they might be willing to install a useful application directly from the providers website. The key is to choose a product that the target will be interested in.

Depending on your target, you can think of an application/product that the target will be interested in. Examples would be:
  • Secure Chat Application - you email the target telling him about the great secure chat app that you want to use to chat with him.
  • Hobby - you use facebook to find out what the target's hobby or interests is and then choose a program that he would want to install. You then just tell him about the great program (on facebook, via email, etc).
  • Virus Removal Tool 
  • etc.
After you chose your product, the following happens:
  1. You contact redpill that will develop the custom website for you.
  2. You purchase the domain and hosting from a hosting company like GoDaddy (not expensive, but wait for instructions from redpill as there are some specific requirements needed for the hosting)
  3. You use redpill Hacker to upload your 'product' to the website.
From the target side, the following will happen:
  1. You will send them a email or message on facebook telling them about this great free product.
  2. They will go to the website and see it is a real product (website will look legit).
  3. They click on the Install button on the website but will then receive a message saying 'computer is not compatible', 'virus was removed' ...or any message you want depending on the product you chose.
  4. They will think the installation failed or the operation completed but instead the spy program would have been installed.
  5. You will start to receive data.
You can use your website for multiple installations. You can just use redpill Hacker to update your module after each install so that you will receive the data in separate accounts. 

Please note:
  • redpill gives a price option for 'redpill Hacker with Custom Website'. The website will be a simple 3-4  page website with a main page, feature page, download page and contact page (can be changed for other pages depending on your product) Basic graphics will be included. If you have more advanced requirements it will be charged for extra.
  • The price for the hosting and domain registration is not included. You will need to purchase it separately (not expensive). For legal reasons redpill will not purchase the domain or do the hosting.
  • This method should only be used in targeted installs and not for phishing (if you do, your website might be flagged as malicious).
  • redpill Hacker or your website should not be used illegally.
For more information about redpill Hacker, visit

New hacking tool for professionals

New spy program from redpill: redpill Hacker

All the power of redpill Agent but with no limits (unlimited installs), not linked to gmail and with delivery package creation!!

redpill Hacker is the ultimate hacking tool for professional hackers!
  • Remotely and secretly install on computers anywhere in the world.
  • Records all key strokes (key logger) and take screenshots.
  • Unlimited installs!!
  • Unlike redpill Agent, you are not limited to link your install modules to gmail. You can link each install module to a different email account and use any SMTP email service.
Various Delivery Methods for Remote Install:
  • Application
  • Email Wordpad File - The system will assist you in creating the wordpad file.
  • Email ZIP File - The system will create the zip file for you.
  • Email a link - The system will create the link for you!
  • Website - The system will upload the install module to the website.
Each customer gets a uniquely build version. No Anti-Virus will know about your spy program as you will be the only one that is using it!! If you did a lot of installs and your spy program becomes known (detected by anti-virus) you can request a rebuild for a small fee.

For more information about redpill Hacker visit the redpill website.

Saturday, 17 January 2015

How to create a spy program and embed it into wordpad

Video that shows you how to create an install module (spy program that can be remotely installed) and embed it into wordpad. Embedding a spy program into wordpad allows you to bypass email security.

For more information about redpill Agent go to