CyberGuard v2.1 Update

CyberGuard is an essential security tool to monitor and protect your computer from a variety of threats:

  • Malware and Viruses of any kind;
  • Unwanted surveillance or telemetry;
  • Unwanted data collection.

CyberGuard combines the functionality of an AntiMalware, a Firewall and an IDPS (Intrusion Detection & Prevention System).
CyberGuard is designed to be lightweight, fast, effective, and, on top of that, it protects your privacy in addition to your security, as it does not leak or distribute your files!


Version 2.1 Update:

  • 🛡 File Scanner: Improvements to the engine for better threat detection accuracy
  • 📡 Network Scanner: Added monitoring of TCP port opens
  • 🎨 Activity Monitor: Added button to filter out low importance activity
  • 🔩 Error Fix: Fixed some process activity not showing in the event log
  • 🔩 Code optimizations: Various code optimizations and improvements

Full CyberGuard changelog here.

Read More & Comment
Remcos v4.9.4 Update

🔩 Stability: Fixed Remcos Controller errors after resuming an RDP session, due to DPI corruption of toolbars.
🔑Password Recovery: Added support for latest versions of Thunderbird.
🎨 GUI: Improved behavior of tray icon. Now can use a single click to quickly show and hide Remcos.
🎨 GUI: Added more informative popup hints to some options for better user friendliness.
🔩 Now the public IP is displayed by default on Local Settings and Agent Builder for an easier configuration.
🔩 Other minor improvements and fixes.

✅ Note: No need to update your old agents to get advantage of the latest update.
Thanks to Remcos modular design, improvements were applied to plugin modules and do not require an agent rebuild.

Full Remcos Changelog here.

Read More & Comment
[New Open Source Tool] File To ByteArray Converter

Our latest open source release:
File To ByteArray Converter is a simple tool designed to convert files into byte arrays.

This open-source utility is useful for developers, cybersecurity professionals,
and anyone in need of analyzing or manipulating file data at the byte level.


  • Easy to use interface for converting any file to a byte array.
  • Supports any file type.
  • Can add custom prefix for each byte.
  • Open-source: freely modify and distribute.
  • Fast, coded in native Delphi.


Practical Usage Examples

  • Transform file code into readable format
  • Employ in projects, research or tasks involving file manipulation, data analysis,
    or studying file formats at the byte level, providing a practical tool for various data processing tasks.
  • Embedding files into source code, scripts and executables:
    Embed file code of any kind into your application.

Example results:

Processing a txt file containing text “Hello World” produces the following output:

C Byte Array:
BYTE ByteArray[] = {72, 101, 108, 108, 111, 32, 87, 111, 114, 108, 100, };



Download and more info here.

Read More & Comment
[Major Update] CyberGuard v2.0

CyberGuard is an essential security tool to monitor and protect your computer from a variety of threats:

  • Malware and Viruses of any kind;
  • Unwanted surveillance or telemetry;
  • Unwanted data collection.

CyberGuard combines the functionality of an AntiMalware, a Firewall and an IDPS (Intrusion Detection & Prevention System).
CyberGuard is designed to be lightweight, fast, effective, and, on top of that, it protects your privacy in addition to your security, as it does not leak or distribute your files!



Active Protection

CyberGuard automatically blocks threats, but leaves control and the ultimate decision to the user.
CyberGuard provides the user with an informed decision on what a process does and if any further decision is required.

In this update, the scanner received various improvements.

Process Manager

The Process Manager provides an overview of the running processes and their security level and trust.
The security level is evaluated by CyberGuard based on its scanners and rules.
You can view with the glimpse of an eye if there is any suspicious process running, and you can set permissions for any process.



Network Manager

The Network Manager displays all the important details of all the active inbound and outbound connections from your system.
It is a powerful tool to monitor any suspicious activity, get informative details on connection IP addresses and to whom they belong,
and, of course, set rules and restrictions if necessary.



IP Blacklist

With the IP blacklist you can monitor and block any IP address that you want.
This feature is extremely useful to block unwanted telemetry, ads, protect your privacy, and block access to unwanted websites.



Restriction Rules

You can set custom restrictions to any process.
For example, you can keep a process running as usual, but prevent it from accessing the internet.

Many programs send unwanted telemetry or data, and this is an extremely effective way to use these programs while preserving your privacy.



Activity Viewer

The Activity Viewer displays in real time info on the activity running in the system, such as file, process, and network access from any process at any moment.
The Activity Viewer is an essential instrument to keep track of everything that is going on in your system and monitor any process activity.



… and much more!

The list of improvements goes on and includes many more improvements and error fixes:

[+] Added Process Manager
[+] Added Network Viewer
[+] Added IP Blacklist
[+] Added “Block Process” function
[+] Added “Restrict Process function
[*] Fixed crash when disabling protection while pending actions where waiting.
[*] Fixed hang system bug, happening when GUI crashed or freezed.
[*] Fixed access violation error when clicking on empty space in Activity tab
[*] Removed flickering on activity log
[*] Fixed wrong number of pending actions showing in Actions tab in some cases
[*] Updater improved: now added option to execute and install the new update
[*] Updater: Fixed error of unable to save file in some cases
[*] Fixed CyberGuard process not completely closing when Auto Startup was ON
[*] CyberGuard Dll converted from C to C++
[*] Various other minor improvements and fixes.


Read More & Comment
[Video] Bypass Censorship and Nationwide Firewalls using Remcos
1 Comment

How to unlock free internet when our network is heavily censored?

In some cases we cannot access or use a VPN due to the network restrictions.
In this new video we show how to bypass nation-wide firewalls using Remcos, taking as an example the Great Firewall of China.

In China, internet is heavily censored and restricted. Most of the websites and services used in other parts of the world are not accessible from mainland China.
In the recent times, more restrictive rules are being applied to the Firewall. For example, almost any VPN website is inaccessible, and some VPN connections and IP are detected and blocked.
Let’s see how can we unlock free internet when our network is heavily restricted and we cannot access or use a VPN.

Read More & Comment
Remcos v4.9.3 Update
No Comments

This update includes an improved Event Log and an improved Keylogger.

📑Event Log Improved:
Now it is possible to sort Event Log by any column (Computer Name, Event Type, Time Ascending/Descending, …).
The Event Log txt file can be saved in the sorted format.
When new events are added to the event log, they will be automatically sorted in the preferred format.

Moreover, now it is possible to pause and resume event logging.

⌨️ Keylogger Improved:
Fixed conflicts when using the accent keys in some keyboard layout, including Spanish and French.
Minor GUI improvements.

View Full Changelog here.

Read More & Comment
Response to Checkpoint Research’s allegation about our company
1 Comment

In a recent article written by Checkpoint Research, BreakingSecurity has been accused to support illicit abuse of our software via a third party retailer who has been selling some external products alongside Remcos.
We have also been accused to be the same company of the retailer, forging a double identity in order to provide encryption service to our software and facilitating abuse.

However, as we will demonstrate in this answer, these accusations are wrong.

First of all, our company has never been interested in supporting the abuse of our cybersecurity programs (proofs below).
As is clearly highlighted on our site, and also on the article itself, we never provided in our website a tool that could be used to make Remcos undetected to security software.
Also, we never provided any support on our official website and telegram channel about abusing our software in any way.
We do not sell our products on any blackhat or hacking forum.

Any customer manifesting any illegal intention of using our software has had his license banned (proofs posted below).
Any report sent to us regarding any illegal usage of our software has been investigated and the responsible user had his license banned (proofs posted below).

We also have developed CyberGuard, an Anti-Malware application, which we sell on our own site.

The article focuses on one of our software, Remcos.
Remcos is a versatile surveillance and cybersecurity tool, and as such is used in many different scenarios.
We have many customers and companies that use our products and services in various cybersecurity fields.
For example, Remcos is widely used as a tool for red teaming, pen testing, legitimate surveillance, but also for administering many machines from a single control point, for creating a proxy, and much more.

We are aware that Remcos, like most cybersecurity and pentesting tools, has risks.
Many other cybersecurity tools such as Cobalt Strike, Metasploit, Flipper Zero, many VPNs, and many other software or services have been abused to the detriment of the developers’ intentions, even though their company, like ours, has never sold their products with the purpose of being abused.
We do not provide any products on our site that allow users to bypass the protection of antivirus software: so users can only use Remcos on computers on which they have explicit consent and access to install it.

We have in place various measures to contain abuse, and every single report sent to us regarding the abuse of one of our products was immediately investigated and the relevant license immediately blocked (proofs below); not allowing the use of our product to customers who did not comply to our terms of use that they accepted before purchasing the software.

On our website, we also publicly provide a free standalone Remcos Uninstaller tool to detect and remove Remcos installations on a system.
The tool can also generate a report for us to identify the associated license and block it in case of abuse.
Published on our website, we also have a dedicated email inbox to immediately monitor any abuse report of our software:
We never received a single report or sample from Checkpoint or any communication regarding any abuse.
Otherwise we would have taken immediate action.

Various proofs of support tickets, showing that we enforce legal usage both in public and in private, and we ban any suspicious license and user: 


































As we can see from the ticket dates, we always enforced legal usage of our software, long before any article about us was posted.
Now let’s show some examples from our Telegram Group.

Telegram Group:

There is a comprehensive list of our posts in our telegram group which clearly shows we blocked any suspicious activity and question from users from the start.
Note that some of the related users messages was deleted by us, as we moderate any message who could manifest suspicious intentions.

Some of the related posts:
The article focuses on the actions of an employee of ours along with an external retailer. This employee was hired to help us with customer support, helping customers with software installation in their own systems, analyzing new malware variants found in the wild, and marketing our products by helping us manage some sales and support channels, such as the Telegram group mentioned in your article.
Along with other marketing strategies, it was proposed by our employee to allow a third-party company (VGOstore) to resell our products, as long as they followed our same conditions of use. To verify the reliability of the retailer, we requested a company registration certificate from VgoStore, which was provided to us.
The document sent to us certifies that our reseller has a business in Jordan based on the sale of products online.
We have received other similar requests in the past, but they were always rejected by BreakingSecurity because the reseller had not passed our verification.
The relation between BreakingSecurity and VgoStore was just a one between a developer and an external retailer.
We couldn’t investigate in depth the internals of his business, or which other tools he was providing, such as the encryption service, which we are not related to:
This is because the software and services offered on his platform were periodically changing and being updated.
We however verified that our reseller had a registered company in the trade of online software.
And, despite the title of the article, we aren’t related to “Guloader” neither “CloudEye” nor we developed these software in any way.
We are not sure where the alliance mentioned in the title of the article is. 
This external reseller was providing our software along with software unrelated to us on the same platform, for their own income unrelated to us.
We doubt VgoStore is the developer of any software sold on their platform.
We were aware that our employee also helped this company (VgoStore) with some of their work, hence the reason why he had access to the dashboard of this retailer’s site.
However, BreakingSecurity is not aware of the details of the job tasks conducted by our employee in his side job for an external business. 
The work conducted by our employee with VgoStore was conducted by him personally on his own behalf, without any relationship to the rest of BreakingSecurity.
Our employee worked for VgoStore by helping him with WordPress development, recording some videos, and helping him with his telegram channel.
As we can see in the article, our employee was using his own personal Youtube channel, not the one of BreakingSecurity.
BreakingSecurity was not aware of the internal details of VgoStore or their earnings, as they are a company external to ours.
BreakingSecurity’s only profits derived from VgoStore were licenses of our products sold to it as a reseller.
The other income shown in your article is in no way related to BreakingSecurity, but only to VgoStore, of which we are not a part.

Regarding the claim that our company and VgoStore are the same one, or that our employee and Vgo are the same person using different accounts:
We asked our retailer VgoStore to provide clear proof to show that

  1. We are not the same company
  2. Our companies are managed by different people
  3. Our businesses do not share income.
    BreakingSecurity did not receive any income from the sale or support of any encryption tool or any other service provided on the VgoStore platform.
  4. The relationship between BreakingSecurity and VgoStore was just the one between a developer and a retailer;
    BreakingSecurity didn’t manage which other software or services were provided in this external platform.
    Before allowing resale of our software, we however verified that our reseller had a registered company in the trade of online software.
  5. The work conducted by our ex-employee with VgoStore was done on his behalf and outside of BreakingSecurity.

In this video recorded by VgoStore and provided upon our request, showing old chats by him and our employee, all the above points are clearly proved:

Then, we also asked our retailer to provide evidence that he was not selling our software to suspicious users.
Proof of this in private chat conversations:

Our employee as well was enforcing legal usage in private chats with customers who manifested suspicious intentions.
He provided us with evidence regarding old conversations with customers:


Regarding data and samples displayed in the article in one of the servers used by our employee:
Our employee routinely used virtual servers to analyze and test new malware variants, as well as samples found in the wild.
This does not mean that the same malware was used for malicious purposes by us.
As cybersecurity researchers, we collect many different pieces of code, but this does not mean we are going to use them nefariously, but only for the purpose of study and subsequently updating our own solutions.
BreakingSecurity does not provide or sell any server, crypter or any other software except the ones found on the official platform.
Servers used by our employee were not purchased, monitored nor used by BreakingSecurity, but were just provided by clients for testing, while other servers were used internally for testing and analysis or sold by VgoStore to clients that presented themselves as cybersecurity customers.
It is worth noting that our employee was tasked, during his external job for VgoStore, into helping customers with software installation in their own servers, via remote support sessions. So he didn’t own some of the servers displayed in the article, and could not know what other tools were installed on these servers or how these servers were going to be used by customers.

Our employee provided us a record of an old conversation with the customer which sent him a sample (formbook). The same customer was the owner of the Formbook panels.
The conversation proves that there is no relation between our employee and the malware campaigns mentioned in the article, neither that our employee was the owner of this server and Formbook.

Following our internal investigation, we have taken the following actions:
1) We have terminated all relationships with the VgoStore company, as they provided external tools which could lead to abuse if used in combination with Remcos.
They no longer have the ability to present or resell any of our products, and all of our products have been removed from their sales platform.
2) Our employee who collaborated with VgoStore has been removed from our company.
This decision has been taken in mutual accordance among both parties (BreakingSecurity and our ex-employee), after a discussion about the situation.
We are available to analyze any sample and report regarding incorrect use of our products.
We invite you to contact us should there be any evidence of abuse of our software or need any clarification.
Remcos is a multi-purpose tool for surveillance, red teaming and cybersecurity, and is used by many customers for entirely legitimate purposes, and we will not allow the abuse of our products by few to tarnish the reputation of us and our products.
Best Regards
The Administration

Read More & Comment
Remcos v4.9.2 Update

This update features an improved Proxy function.

🔩 Proxy: Speed optimizations.
🔩 Proxy: Fixed error which caused high CPU usage on proxy.
🔩 Proxy: Fixed Agent crash in some cases.
🔩 Remcos Controller: Added check if Remcos is being executed from the zip without being extracted.
✅ Note: There is no need to update your remote Remcos Agents, as all the improvements were done on Remcos Controller or in plugin modules.

Full Remcos Changelog here.

Read More & Comment
Remcos v4.9.1 Update

This update features an improved Cookie Recovery, the addition of a new AutoTask (Write registry value),
and various error fixes.

➕ AutoTasks: New AutoTask added: Write Registry Key
🍪 Cookie Recovery: Added support for Edge profiles
🍪 Cookie Recovery: Added support to latest Chrome browser update
🍪 Cookie Recovery: Fixed not getting cookies from some Chrome profiles
🔩 Stability: Fixed Remcos Controller errors when using Remcos inside a Remote Desktop Protocol controlled machine, after restarting a RDP session.
🔩 Stability: Fixed Access Violation error in Remcos Controller in rare cases when using Screen Preview.
🔩 Control Center: Fixed GUI multithread error occurring in rare cases.

Full Remcos Changelog here.

Read More & Comment
Remcos v4.9.0 Update

This update improves the File Manager in many ways.
Performance when browsing and loading remote directories is now 4 times faster!
Thanks to this performance boost, folders with thousands of files can be loaded much more quickly.

Zip related functions (Zip, Unzip, Zip & Download) have been improved for better performance and stability:
Zipping or unzipping files or folders is now twice as fast as before!

File Manager stability has been also improved by fixing some resource leaks.
Fixed also some errors which made Remcos Agent or Controller crash when using File Manager.

Some quality of life improvements have also been added,
such as the auto-sorting of processes when opening Process Manager or Network Monitor.

⚡️ File Manager improved performance:
Listing files in a directory is now 4x faster!

🗜   Zip module improved performance:
With the new improved Zip module, zipping or unzipping is 2x faster!

🗜   Zip plugin optimized size:
230 kb older, vs 154 kb newer, for faster transmission to Remcos Agent.

➕ File Manager: Added Refresh shortcut button in toolbar

🔩 Zip Plugin improved stability: Fixed Remcos Agent crash when compressing folders with a large number of files.

🔩 File Manager: Fixed Unzip function not extracting subdirectories.

🔩 File Manager: Fixed resource leak causing Remcos Controller to crash, freeze, or show errors after browsing folders with many thousands of files.

🔩 File Search: Fixed resource leak.

🔩 Process Manager: Items are now automatically alphabetically sorted when opening form.

🔩 Network Monitor: Items are now automatically alphabetically sorted when opening form.

✅ Note: There is no need to update your remote Remcos Agents, as all the improvements were done on Remcos Controller or in plugin modules.

Full Remcos Changelog here.

Read More & Comment