P4r4d0x (with Abdul Muid) Starts His Drama Again

A close associate of the Jihadi Terrorist Gregory Morse aka Abdul Muid, p4r4d0x (one among the many nicknames that he uses on online boards) started speaking up against me and the cops yet again:

P4r4d0x (formerly pirat) on TSRh and EXETOOLS forum, zd0x on tuts4you etc rants about me and the cops

Gregory Morse has already been discussed many times in the past:

Gregory Morse aka Abdul Muid aka chants aka Progman

Teddy Rogers of Tuts4you Supports Gregory Morse (Jihadi Abdul Muid)

Original post here: https://exetools.live/2020/12/16/teddy-rogers-of-tuts4you-supports-gregory-morse-jihadi-abdul-muid/

Check out the person named Gregory Morse (aka ProgMan on Tuts4you and CHANTS on Exetools) . Yeah that author has a nice picture on his Github page (https://github.com/GregoryMorse):

Gregory Morse aka Abdul Muid

What is more interesting is that the same user has even more controversial content on his YouTube page (ranging all the way from 2011). The most interesting one being this:

This video linked to above is dated Feb 3, 2012 and the same person that we see on the GitHub page photo (Gregory Morse) is also seen speaking in this video! See the date in the screenshot below.

Gregory Morse Person speaking is the same as in the photo on the Github page

Other videos on Gregory’s Home page:

You can view the full playlist here:

Details about this terrorist were posted on tuts4you today by a journalist, but not surprisingly, Teddy Rogers, the admin of the tuts4you site, hurriedly got it deleted.

It is well known that Teddy Rogers receives funds from terrorists like Abdul Muid aka Gregory Morse for the upkeep of the tuts4you site. So it is not a huge wonder that he gets the posts detrimental to terrorism removed in a hurry from his website!

Yay, they wrote about myself too! Let me re-post here… 😀

Meanwhile, as covered already, TonyWeb, previously a well respected reverser, continues to sell child porn on various online sites:

and also

How to debug Jumps

Load it in a debugger and find out!

  1. You have executable-can-move checked in DllCharacteristic and relocations are present, thus windows7+ loads the executable at a random address, imagebase is just the preferred address. But as you can see in the opcodes you are hardcoding your VA, which will then be invalid.
  2. Better to choose a relative jump directly, which doesnt encode an absolute VA but rather the location relative to the current address. Use the following and avoid all issues with location of the executable:

000000013F44D000 E9 FB3FFEFF jmp 13F431000

If you are wondering how to get “FB3FFEFF”:

(0x000000013F44D000 – 114693) + 5 –> FB3FFEFF

where 0x000000013F44D000 is the current address, 114693 is the difference to the new location and 5 the size of the jump instruction itself.