gungor

It embeds the executable file or payload inside the jpg file. The method the program uses isn't exactly called one of the steganography methods. For this reason, it does not cause any distortion in the JPG file. The JPG file size and payload do not have to be proportional.The JPG file is displayed normally in any viewing application or web application. It can bypass various security programs such as firewall, antivirus. If the file is examined in detail, it is easier to detect than steganography methods. However, since the payload in the JPG file is encrypted, it cannot be easily decrypted. It also uses the "garbage code insertion/dead-code insertion" method to prevent the payload from being caught by the antivirus at runtime.

HTML smuggling is a malicious technique used by hackers to hide malware payloads in an encoded script in a specially crafted HTML attachment or web page. The malicious script decodes and deploys the payload on the targeted device when the victim opens/clicks the HTML attachment/link. The HTML smuggling technique leverages legitimate HTML5 and JavaScript features to hide malicious payloads and evade security detections. The HTML smuggling method is highly evasive. It could bypass standard perimeter security controls like web proxies and email gateways, which only check for suspicious attachments like EXE, DLL, ZIP, RAR, DOCX or PDF

It embeds the executable file or payload inside the zip/rar file. It can use two different methods. The first method embeds the executable or payload in the zip/rar file without any action. In this way, it can be triggered and run by documents in the compressed file or in the same folder. The second method encrypts the executable file or payload and it also uses the "garbage code insertion/dead-code insertion" method to prevent the payload from being caught by the antivirus at runtime. Both methods do not damage the rar/zip file. It is not detected by users. However, the first method can be detected by the antivirus depending on the code embedded.

Based on the Shodan API, it displays the open ports and security vulnerabilities of the server related to the entered ip or hostname.

Blocking smartscreen, security center, forensic processes and 3rd party security applications on Windows Operating Systems

It is a program written in Python3 in order to facilitate process analysis and to easily access Windows process tools. In this way, it facilitates malware analysis processes. In addition, processes running in the background can be detected.  After the program is started, it continues to run in the background. Afterwards, the tools can be accessed on the system tray.