https://thedfirreport.com/2020/10/08/ryuks-return/
This isn’t the first I have read about AdFind being used by bad actors, it won’t be the last.
I first started hearing about AdFind being used in exploits and recon work roughly 2.5 or so years ago when IR teams and Security Researchers started emailing me about it and asking for hashes of older versions etc. AdFind is not, by far, the first of my tools used by the bad actors, it won’t be the last. I have had several tools used by them over the years and have shown up in malware packages as well as anti-hacker toolkits (none of which I ever get any sort of kickback for – so you know who you are that make money off of me, wth???). I mean come on, who can blame them? The tools are fast and they work and don’t require a huge infrastructure around them to function and will often work in environments when other heavier tools based on fat frameworks go sideways. Perfect for Admins trying to get shit done and hackers trying to get into shit, quickly.
With that being said, dear hackers… if you are making money off my tools, how about you do me a solid and do some donating by clicking that Pay Pal button up in the corner?? I mean seriously, if you can score a few million USD in ransom you can easily kick me $100k or so right? Seriously. It is only fair.
And you pen testers and other anti-hackers, how about you too step up and donate.
joe
