In here I'll talk about how I discovered something that not many of you knew about Discord.
So me and the boys are having a contest to see who could make the best backdoor (for educational purposes ofc), when all of a sudden we get an alert that some PC ran it, while we knew that we haven't given anyone the rat. So currently we haven't shared the rat to anyone, nor did any of us run it because you can't trust the boys with your token and IP, but someone still ran it! Who could it be!?
We suspected the main man who was developing it had a ratted PC, so he reset it and we didn't think about it anymore.
So far we haven't gotten anything out of the ordinary, all good! It has been a month or two after that happened and we didn't really think about it anymore (in fact, we forgot).
On one pretty day (it was raining tho) we were educating one of our people how to make some basic rats, when all of a sudden he gets a weird reading too! uh oh
I scanned the 2 IPs and guess what.
It was.. Avast? How did Avast get their hands on this?
Well turns out that Discord has built in on the fly malware detection (Java malware is very rarely detected) and then we realized that the last time it happened, the dev's PC wasn't even ratted and it was just this detection thing. Well what an unnecesarry PC reset.
We connected those two because both were named John, and I remember that goddamn name from before (it was Windows 7 too, bad OS detection tho haha) so I used nmap to scan and map out the connection between those IPs.
