After having 6 phones and 3 laptops hacked, I need advice

A place where newbies can post without (much) fear of reprisal. All mission posts should still go in the applicable forum.
Forum rules
Older HTS users: Be nice to the new people.

NEW USERS: This is NOT the place to post about missions! Refer to "Missions" category.

After having 6 phones and 3 laptops hacked, I need advice

Post by explorer123456 on Mon Sep 09, 2019 6:12 pm
([msg=99107]see After having 6 phones and 3 laptops hacked, I need advice[/msg])

system journal evtx:
security journal evtx:
application journal evtx:


I screw up at my work place. I didn't do anything illegal or exaggeratedly abnormal, but I still drew enough attention as to get as many devices hacked and harassment for over a year now. I had to quit and am now weathering it out at my parent's place.

This is a repost from the thread I started at ... s.3518638/
I didn't get any help there. I am looking for advice about how to overcome the tech hacking.

For over a year now, I can't wiggle out from a hacker's grip. I have tried switching to a new computer, but it is still going on. What can I make out of this information?

Today I present you the old dell latitude d420 case:

\I stripped this laptop of wifi cards and antennas, bluetooth module, dial-up modem, microphone, speakers, 3g chipset slot, pcmcia slot

I disconnected and reconnected the bios battery

I formatted the harddrive and reinstalled windows 8.1 pro, downloaded from microsoft, not activated.

I disabled windows update, remote desktop, deleted the first administrator account and created another one, turned on bitlocker.

I locked the screen (win+L) and came back 9 hours later.

At around the 7 hour mark (nobody was around to meddle with the laptop), 5-6 am on the logs, dodgy events happen; the mpksl386cdf00.sys update on windows defender and the certificate update worry me most. Keep in mind this is an isolated computer, in theory, and turned on but not being interacted with. I pasted those events here, and attached the full logs to this post (EDIT: I couldn't upload the journals along, I pasted links to download the journal files). I also pasted the hardware specifications at the end of the post

Information log

Code: Select all
Un service a été installé sur le système.

Nom du service :  MpKsl386cdf00

Nom du fichier de service :  C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\MpKsl386cdf00.sys

Type de service :  pilote en mode noyau

Type de démarrage du service :  Démarrage du système

Compte de service :

- <Event xmlns="">

- <System>

  <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />

  <EventID Qualifiers="16384">7045</EventID>






  <TimeCreated SystemTime="2019-08-28T11:50:22.006796400Z" />


  <Correlation />

  <Execution ProcessID="488" ThreadID="2196" />



  <Security UserID="S-1-5-18" />


- <EventData>

  <Data Name="ServiceName">MpKsl386cdf00</Data>

  <Data Name="ImagePath">C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\MpKsl386cdf00.sys</Data>

  <Data Name="ServiceType">pilote en mode noyau</Data>

  <Data Name="StartType">Démarrage du système</Data>

  <Data Name="AccountName" />



Security log:

Code: Select all
- <Event xmlns="">

+ <System>

  <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />







  <TimeCreated SystemTime="2019-08-28T11:49:15.195813700Z" />


  <Correlation />

  <Execution ProcessID="496" ThreadID="528" />



  <Security />


- <EventData>

  <Data Name="SubjectUserSid">S-1-5-18</Data>

  <Data Name="SubjectUserName">WIN-4PICQFV9S23$</Data>

  <Data Name="SubjectDomainName">WORKGROUP</Data>

  <Data Name="SubjectLogonId">0x3e7</Data>

  <Data Name="TargetUserSid">S-1-5-18</Data>

  <Data Name="TargetUserName">Système</Data>

  <Data Name="TargetDomainName">AUTORITE NT</Data>

  <Data Name="TargetLogonId">0x3e7</Data>

  <Data Name="LogonType">5</Data>

  <Data Name="LogonProcessName">Advapi</Data>

  <Data Name="AuthenticationPackageName">Negotiate</Data>

  <Data Name="WorkstationName" />

  <Data Name="LogonGuid">{00000000-0000-0000-0000-000000000000}</Data>

  <Data Name="TransmittedServices">-</Data>

  <Data Name="LmPackageName">-</Data>

  <Data Name="KeyLength">0</Data>

  <Data Name="ProcessId">0x1e8</Data>

  <Data Name="ProcessName">C:\Windows\System32\services.exe</Data>

  <Data Name="IpAddress">-</Data>

  <Data Name="IpPort">-</Data>

  <Data Name="ImpersonationLevel">%%1833</Data>



Application log

Code: Select all
Mise à jour automatique du certificat racine tiers réussie : Objet : <CN=VeriSign Universal Root Certification Authority, OU="(c) 2008 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US> Empreinte numérique Sha1 : <3679CA35668772304D30A5FB873B0FA77BB70D54>.

- <Event xmlns="">

- <System>

  <Provider Name="Microsoft-Windows-CAPI2" Guid="{5bbca4a8-b209-48dc-a8c7-b23d3e5216fb}" EventSourceName="Microsoft-Windows-CAPI2" />

  <EventID Qualifiers="0">4097</EventID>






  <TimeCreated SystemTime="2019-08-28T11:53:14.829170600Z" />


  <Correlation />

  <Execution ProcessID="920" ThreadID="2112" />



  <Security />


- <EventData>

  <Data>CN=VeriSign Universal Root Certification Authority, OU="(c) 2008 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US</Data>




This is an old latitude d420

Code: Select all


Core™ Duo processor U2500 (1.20GHz)

945GMS (533MHz front side bus) with Intel onboard graphics

Min: 512MB DDR2 shared


533 MHz

Max: 1.5GB DDR2 shared


533 MHz

Wide-aspect 12.1” WXGA (1280 x 800 resolution) UltraSharp™

Supports up to a maximum resolution of WUXGA (1920 x 1200)



Graphics Media Accelerator 950 (up to 224MB shared)

30, 60GB




post RTS)

87-Key US; key travel 2.5mm; key spacing 18.5mm

Touch Pad - PS/2 compatible, Track Stick - PS/2 compatible

High Definition Audio codec, mono speaker, 1.0W, integrated omni-directional microphone

H: 25.4mm/1.0” x W: 295mm/11.6” x D: 209.8mm/8.25”

Starting at 3.0Lbs/1.36Kg


65 Watt or 90 Watt AC adapter with cord wrapping

Primary 4-cell/28 WHr “Smart” Li-Ion battery featuring ExpressCharge™

Primary 6-cell/42 WHr “Smart” Li-Ion battery featuring ExpressCharge™

Primary 9-cell/68 WHr Li-Ion battery



v.92 Internal Modem; 10/100/1000 Gigabit



Cellular Broadband


: (Only Available in the US)

Dell Wireless 5500 Mobile Broadband 3G HSDPA (Cingular US)

Dell Wireless 5700 Mobile Broadband CDMA EVDO (Verizon US)



PRO/Wireless 3945A/G (802.11a/g), Dell Wireless 1490 (802.11a/g), Dell Wireless 1390 (802.11g)

Dell Wireless 350 Bluetooth internal wireless card

One Type I or Type II

Support 34mm ExpressCard via a USB interface through PCMCIA adapter

SD card slot, IEEE1394, docking connector, 3 USB (one powered), VGA, headphone/speaker out, infrared port, RJ-11, RJ-45, AC power

Serial port, parallel port, VGA port, DVI port, 4 USB 2.0 ports, RJ-45 port, RJ-11 port, MIC in, HP out

9.5mm slim 24XCDRW/DVD or 8X DVD+/-RW

-- Mon Sep 09, 2019 6:29 pm --

The other devices
* Xperia pro. usb port blasted, then screen didn't turn on
* Blu Studio G: usb port blasted, then stopped booting, couldn't reflash
* Samsung S4 (i9500).
USB port "Stopped working" -> Reflash.
Apps corrupted -> Reflash.
Permissions messed up -> Reflash.
Not booting up -> Reflash
BOUGHT A SECOND i9500, -> Same problems
P0rn showing up x2 -> reflash
Cannot connect to network x2 -> reflash
Whatsapp hacked -> stripped 3g modem firmware of functions.
Now I have a powerdrain but the device can be used as a tablet and connect to the internet even through wifi
Blu C4
Pwned in two hours -> Walmart replacement underwarranty
Second device Pwned in under 30 minutes -> Downloaded spreadtrum flashing tools.

It seems the C4 pings home for updates, so it is very vulnerable to man in the middle attacks. I cannot connect it to the internet while not using a VPN bridge.

I pulled wifi cards, wifi antennas, dialup modems, microphones and camera from my laptops, and they still act out while not connected to the internet.
The newer computer was a brand new INSPIRON 15 3547, the oldest one an INSPIRON 500m. The dell latitude sports a 3g slot (removed the slot), but the other ones don't have cellular connectivity listed under specs.

Now I am shielding my laptops in a faraday and using different operating system architectures. This way, from this place, I can use the internet regularly, but whenever my computers go closer to the street, they start acting out.

Imagine all this happening in a time when rocks where thrown at my door at night (happened for two weeks)

What I am already doing
Using VPN (OVPN, SHA256, no dns leaks, several providers, two paid)
Not using WiFi (removed cards)
Not using any wireless peripheral
Running live distros of OSs
Faraday cage (this solves pretty much everyting on laptops, most notably video corruption and keystrokes)

I need advice.
New User
New User
Posts: 1
Joined: Mon Sep 09, 2019 4:49 pm
Blog: View Blog (0)

Return to NZone

Who is online

Users browsing this forum: No registered users and 0 guests