Malware basics - don't get scammed! : hacking | Torhoo darknet markets
Saw a lot of low quality posts around and lately I have been staying a lot on dread so I decided to offer some basic knowledge for beginners to avoid scams.
First of all we aren't in 2012, so there are no "packs" with 200 RATs that will work. There are no DDoS tools that will require you to run a single executable and magically take a service down. There are no open source RATs that will bypass any kind of protection (not even talking about EDRs) without really large modifications. There are no free crypters, there are no free good tools in general.
Tools in general:
- always go native (native means no dependencies from the start - languages like C/C++/asm/go/rust - allows you to run on any target and are also harder to analyze by security researchers). "Well, python can be packed in a single executable as well"... just don't comment this...
- you will not be able to code your own tools if you don't have a lot of experience, again, AVs evolved a lot, copy pasting from github doesn't help anybody.
- they can't not be found on marketplaces, stop doing that. DNMs are for drugs, you want "hacking" tools? Go to actual hacking forums: xss/exploit/ramp/whatever you like, just don't get scammed. Avoid dread as well.
- always look for reputable members, vouches, old accounts, etc.
Crypters with shared/public stubs are not worth it anymore, always go for private stub, make sure the crypter is compatible with your payload (ask dev). Crypters only take care of static, runtime is based on your tool.
RATs are not for mass infection, rats are made for individual cases. RATs are made to specifically run on an RDP near the victim location to avoid latency for features like HVNC.
Loaders on the other hand are made to handle large amounts of bots, they are stealthy and modular.
DDoS / stressing is rarely offered these days because of the new regulations (they are not new anymore but..). Everyone who ddosed back in the day is still in jail. You will need a strong botnet to take down protected services.
IoT botnets are not a thing anymore, exploits for IoTs cost thousands and your mirai copy will not bring you more than 1k bots in 2025.
If you don't know russian you can use services like SimplyTranslate to stay on forums.
Do not ask for middleman if you are dealing with a known user on a russian forum tho, they will not even answer. Learn to behave on hacking forums, making cringe posts and asking a lot of questions will get you banned quickly.
Do not ask for spreading techniques, no one will share theirs with you for free.
Stop trying to make money with free tools and learn before wasting money.
If you're serious about building tools:
Stick with native (C/C++, ASM, Go, Rust). No dependencies, smaller footprint, and much harder for analysts to reverse or sandbox cleanly.
Python, Java, and .NET are fine for control panels or infrastructure, but not payloads. Packing Python into an EXE just screams “scan me.”
Crypters? Public stubs are dead. Private or nothing. Even then, make sure the stub is tailored for your payload. Static ≠ runtime. Know the difference.
Loaders should be modular, coded from scratch, and built with persistence logic that mimics legitimate behavior. Think about telemetry, not just obfuscation.
AI is starting to assist, but we’re not at full autonomy. LLMs can write shellcode loaders, generate AV-evasive variations of known payloads, or help brainstorm obfuscation layers—but they’re not writing fully custom implants or bypassing cloud-based behavioral defenses yet. If you're not skilled enough to audit or modify what it spits out, you’re playing with fire.
And a final word for the lurkers—stop hitting up experienced hackers and coders asking for free work like you’re doing them a favor. People spend years mastering this space. If you're not offering real payment or a cause worth backing (think whistleblower, activist work, etc.), don’t expect elite-level help. You get what you pay for—especially in a world where OPSEC failures cost people real time.