Sunday, 17 May 2015

redpill Hacker 3 is available!

The new redpill Hacker 3 is more flexible with the way payloads are created and used. It also comes with a database of thousands of commonly used passwords and a Dictionary Attack tool to hack into email accounts. See the video for for a demonstration.

For more information about redpill Hacker visit the redpill website.

Thursday, 7 May 2015

redpill Hacker - How to attack a large list of targets

redpill Hacker allows you to install  spy software on any number of computers (unlimited). If you decide to do a single attack on a large number of computers, you need to use a two phase attack to avoid detection. This video explains how to do it:

For more information about redpill Hacker, visit

Wednesday, 6 May 2015

Spy programs vs Anti-Virus

Is redpill spy products FUD? I get asked this question a lot. FUD (in some circles) means Fully UnDetectable spy programs.

The answer depends on what you mean with FUD. Some Anti-Virus packages will block and remove any program that is downloaded or received via email and is not a well known program. The program is not really detected as a known virus, and it does not even need to show any suspicions behavior, but is blocked and removed by some strict AV (Anti-Virus packages) because it is seen as a potential threat.

If you take that into consideration, no spy program can be completely undetectable (or FUD).

redpill products like redpill Hacker and redpill Agent gets past more Anti-Virus than most other spy programs. It however also depends on how you use your spy program. I will explain how to use your spy program, but first, it is important that you understand how detection works.

How Does Anti-Virus Software Detect Spy Programs?

AV companies basically detect spy software (and viruses) in three ways:
  1. Comparing the file against a library of known viruses and malware - This method can only detect known viruses and spy programs.
  2. Heuristic Analysis – Anti-Virus companies use heuristic analysis to detect new viruses and spy software that is new or new variants. In short, anti-virus software that use this method will run he program in a controlled virtual system (sandbox testing) or decompile the suspected program and analyze the source code before releasing it into the real system. The anti-virus software will use profiling to make an 'educated guess' to decide if the unknown program is a virus or malware. Obviously this method will lead to a lot of false-positives.
  3. Wisdom of the crowd - It is often impossible to decide if a file is malicious or not, basing this decision only on data from one computer. The picture changes when it’s possible to analyze application behavior on multiple computers. Using this data and heuristic analysis methods, anti-virus companies can very quickly make a verdict about a suspected file.

How does redpill get past Anti-Virus detection?

As explained in the beginning, no spy program will get past all AV all the time on all systems. redpill however has some of the best results in getting past AV in the business. The reason for this is that redpill works very hard at developing unique techniques to avoid detection … and has been doing this for 10 years. redpill has some unique counter detection features:
  1. redpill uses a range of techniques to prevent its products from being detected as known spy software including: encryption, code scrambling, code obfuscation, covert coding (over the years redpill has learned some coding principles that will make applications more difficult to detect) and code fogging (code fogging is a redpill term that means adding 'tons' of program generated code to improve obfuscation of code and making it more difficult to find and detect the red flag code).
  2. Unique Install Every Time – Even if you use the same install module on the same computer, each install will be unique. New program names, folders, registry keys, etc. is used with each installation.
  3. Masking – Heuristics scans will look at how the program behave (Is it hidden, was it downloaded or received via email, did it install a keyboard hook, is it sending data over the internet, etc.). redpill has developed some unique (and secret) methods of masking some of these operations. Note that masking techniques can't hide everything .. the program still needs to be downloaded or received via email, etc. Again … redpill will get past a lot of AV scans but not all. (no spy program can).

How can you avoid your redpill product from being detected?

As explained in this document, redpill has done a lot to avoid detection. It however will also depend on how you use your redpill Agent or redpill Hacker that will determine if it will be detected.

With redpill Agent, don't re-use old install modules. redpill Agent is designed to do multiple installations, but not huge numbers. So as long as you don't use old install modules, you should not have any problems.

redpill Hacker however can do a large number of installs. redpill Hacker even comes with a database where you can add or import targets from a file. You can also select a huge list of targets and then redpill Hacker can email all the targets for you.

HOWEVER ... just because you can import a huge number of emails and email an attack module to them all at once, does not mean you should do it. Emailing 5000 targets (or any number) an attack module or link is a very bad idea:
  • It is a bad idea because redpill hates phishing emails and phishing attacks... just like everybody else. It is a bad idea because it is illegal. You should only do spear phishing on specific targets you need to (and can) monitor.
  • It is a bad idea because the 'wisdom of the crowd' will very quickly kick in and your install module will be detected by almost every AV.
Remember, you don't have to have successful installations before your module is scanned. Attachments and even links can be scanned as they are received.

If this happens (if your redpill Hacker gets known by AV), you will need to request a rebuild by redpill (for a fee).

Things you can do to prevent your redpill Hacker from becoming known by AV:
  • Only do spear phishing - hacking on specific targets.
  • Choose your targets and methods of hacking/monitoring carefully. 
  • Never test your payload detection rate with multi-scan anti-virus sites. Your payload will be scanned against every Anti-Virus package available. The more you expose your payloads to AV scans the greater the risk that they will find a 'fingerprint' and add your version of redpill Hacker to AV databases.
  • You can use a two phase attack as shown in this video to prevent your redpill Hacker from becoming known.
  • You can use incremental hacking.
  • You can disable your Anti-Virus on your own computer or choose the one that you use carefully. When you do testing on your own computer the payloads will be scanned each time you create a new payload. If the payloads are scanned enough times, it will be possible for your AV to find a 'fingerprint' in the modules and add your build of redpill Hacker to their database. 
If you use your redpill Hacker correctly, it might never be needed for you to do a rebuild. If you do need to do a rebuild to get a new clean version, contact redpill. You will then also get a upgrade to the latest version.

Friday, 1 May 2015

redpill now accepts Bitcoin

redpill accepts credit/debit card payments for redpill Spy and redpill Detective, but not for the more 'hard core' penetration testing software like redpill Hacker and redpill Agent. For those products redpill uses Perfect Money and Webmoney.

Some customers complained as Perfect Money and Webmoney is not supported in the United States and difficult or expensive to load from some countries. To help those customers, redpill now also allow bitcoin payments that is available everywhere including in the US.

To purchase using bitcoin, just select that option in the Purchase page of the redpill website.

For more info about bitcoin click here. To get started is very simple and quick. You can install a wallet app from (tip: install a lightweight client and not a full node like Bitcoin Core as a full node needs to download tons of data).