- 6
- 29 488
arebelsec
เข้าร่วมเมื่อ 7 ส.ค. 2015
Advent of Cyber 2024 - Day 6 - "If I can't find a nice malware to use, I'm not going"
This is a video walkthrough of Day 6 for the Advent of Cyber 2024 event. This room is a fun exploration of Sandboxes and Malware Evasion techniques!
Timestamps:
00:00 - Intro
02:05 - Connecting to the Machine
03:30 - Detecting Sandboxes
07:05 - Can YARA Do It?
13:12 - Adding More Evasion Techniques
17:17 - Beware of Floss
19:47 - Using YARA Rules on Sysmon Logs
27:01 - Never Gonna Give Up
Credits:
* Music by limayojerel on SoundCloud: soundcloud.com/limayojerel
Timestamps:
00:00 - Intro
02:05 - Connecting to the Machine
03:30 - Detecting Sandboxes
07:05 - Can YARA Do It?
13:12 - Adding More Evasion Techniques
17:17 - Beware of Floss
19:47 - Using YARA Rules on Sysmon Logs
27:01 - Never Gonna Give Up
Credits:
* Music by limayojerel on SoundCloud: soundcloud.com/limayojerel
มุมมอง: 11 461
วีดีโอ
Advent of Cyber 2023 - Day 6 - Memories of Christmas Past - Advent of Cyber 2023
มุมมอง 17Kปีที่แล้ว
This is a video walkthrough of Day 6 for the Advent of Cyber 2023 event. This room is a fun exploration of memory corruption vulnerabilities! Timestamps: 00:00 - Intro 01:08 - Connecting to the Machine 01:53 - Starting the game 03:54 - Is This a Bug 06:50 - Memory Corruption 08:44 - Accessing the Debug Panel 14:40 - Strings in More Detail 22:39 - Integers and the Coins Variable 25:08 - Wining t...
Classifying Packed Malware Using Machine Learning
มุมมอง 346ปีที่แล้ว
At the recent Blackhat MEA meetup, I gave a presentation on identifying and classifying packed malware using machine learning. To make the content accessible to a broader audience, I have recorded myself going through the presentation again. In this talk, I covered the existing approaches to identifying and classifying packed malware, how machine learning can help automate this, and showed a de...
New tool preview: vATT&CK (Visual ATT&CK)
มุมมอง 3183 ปีที่แล้ว
Here's a preview of the tool that I am currently working on called vATT&CK. It is a relationship visualizer for the Mitre ATT&CK framework. I plan to release a demo of the tool in the future. If you have any ideas on how to improve the tool, feel free to contact me on Twitter at @accidentalrebel. Also, check the GitHub page here: github.com/accidentalrebel/vATTACK
Crypto? CTF Video Walkthrough
มุมมอง 2803 ปีที่แล้ว
This is me sharing the steps that I took to solve the Crypto? challenge posted on the InfoSec Philippines Discord server. It's me talking and explaining for 1 1/2 hours straight. For a more quick and straightforward walkthrough, check out @jebidiah's writeup on the same challenge here: jebidiah-anthony.gitbook.io/jebidiah/capture-the-flag/infosec-philippines/crypto
![Avoiding Intrusion Detection and Logging Systems [Taglish]](http://i.ytimg.com/vi/3ZgTPj908oM/mqdefault.jpg)
Avoiding Intrusion Detection and Logging Systems [Taglish]
มุมมอง 3133 ปีที่แล้ว
I was asked to give a talk at the last minute and found out it was targeted towards penetration testers. Since I'm a blue teamer, I picked a topic I know and spilled our secrets. :O "A blue teamer giving high-level tips on how to avoid getting detected by intrusion detection and logging systems."
Great job and explanations!
How do you get the dark theme?
Pls make more content. You have a great voice to coach !
17:14 how do you close the task and switch to start ?
nvm...i saw it xD i should open my eyes ...jesus
tthanks for the video!
Thank you :D
NICE DAY I enjoyed it with your way for telling the story and the pictures you use to describe the situation thanks for your work.
Great walk through, Thank you so much!
At the end off it couldn't find record_id in the filter, Any idea why?
In the part of the code "INSERT_EVENT_record_ID_HERE" there are quotation marks -> " " <- don't forget about them
how did you get into DarkMode?
Try dark reader extension
did you use an addon to get tryhackme in dark mode?
Great video and tutorial! Thank you.
Thank Tutorial
well explained!
It's my first year doing AOC and this is by far the best walk-through! Methodical, step-by-step guidance, no unnecessary distractions, calm reassuring voice. Thank you! If you can, please do walk throughs for the Yara tasks in THM as I've found them a bit difficult.
The fun part was actually having my tools organized from previous flags, and understanding more of their use cases. Thank you for sharing!
thank you
Nice one Sir, LFG!
Thanks for the tutorial! What are you using for dark mode tho?
18:00
this year sucks tbh. the quality of the rooms is lacking...like 80% of the material in the rooms are unneeded or confusing. like it's a circus or unnecessary information just to find out you run 2 commands and be done with it. i felt like the other years the content and explanations were alot better and each individual command actually mattered and guided you perfectly. this year its a jumbled up mess and not good for new comers at all imo.
I feel like that's a lot of these kinds of rooms in the field, very poorly written and confusing. Same way with Immersive Labs, just the worst and most vague kinds of instructions and jumbled up tech that barely works to complete the challenge. It's annoying
this guy actually made a pretty good video and took his time to explain how everything works, like what tyler ramsbey is doing
thanks for the tutorial, I would be lost without it today :)
6:00 you said that if there is the folder present in the registry then we are running in a sandboxed env. If you read just below the img, the explanation states the opposite, that is, that usually in a sandbox or other virtualized environments this directory is often absent.
I got the same idea. In a lot of sandbox or virtual setups used for checking out malware, you might find the C:\Program Files folder missing or not exactly like you'd see it on a normal Windows computer. Because of this, malware often looks at whether the C:\Program Files directory is there and what's inside. It's a trick they use to figure out if they're being run in a virtual or sandbox environment. If that folder isn't there or looks a lot different than what they'd expect, the malware might think it's being watched in a sandbox and start acting differently to avoid getting caught.
I was in the same boat, that makes a lot of sense now, obrigado!
can t copy and paste from webpage to the sandbox.
ctrl+shift+C/V should do it depending on if you want to copy or paste
This is the fastest I completed one of these challenges keep up the good work guys
Question about the ProgramFilesDir. I don't get it. My really machine has that in regedit and it isn't a sandbox. Can you please explain? Thanks
see my comment: 6:00 you said that if there is the folder present in the registry then we are running in a sandboxed env. If you read just below the img, the explanation states the opposite, that is, that usually in a sandbox or other virtualized environments this directory is often absent. also the C script states actually this: // Run the command int result = system(command); // Check for successful execution if (result == 0) { printf("Registry query executed successfully. "); } else { fprintf(stderr, "Failed to execute registry query. "); } } where it says if result == 0 it is because it did not find the programfilesdir if result == 1 then it found the programfilesdir
If you know you've never loose any streaks, and you'll definitely finish the challenge, let's gather here 💪💪🏆🏆🏆
Loved the way you deciphered it 🪐 Cute room , smooth tutorial 😊
Day 6 complete! thank you :)
Thnx for Tutorial 👍👍
Cant got it on ctf.. but now i do) thank you
Amazing walkthrough, through so much arebelsec
I found the ghost 31337 :)
Thank you for doing this.
Great job on the walk through. I enjoyed your presentation style.
thanks nice room kuys
I got the aaaabbbbccccdddd
thanks man!
I somehow broke mine and the text was going vertically hahahahhaha. I literally broke the game. Is that an ender 3 behind you? :O
Yes, it is!
@@arebelsec1406 I have one too, I love it!
Nice wt GOT A SUB
Really enjoyed the room. Thanks for the beautiful explanations. 💌
Thanks for making it easy to follow.
The glitch, I found the THM inventory item
There is more that awaits you. Fulfil the legend the ghost speaks of!
@@sem8973 did you manage to get the ghost? If so, can you please give a hint
@@cowgummy92 look shop inventory id : a is missing try to buy it
@@sem8973 watttt tell me more!
This is so far one of my favorite rooms in the AOC2023, Thank you for this amazing walkthrough !!
Thank you for your great explanation, I can see why you are a member of THM! Keep up the good work 💪
This was the best room so far.
Thank you so much ❤
Aw, so if I understood it right, I somehow need to see 'd' in my inventory boxes as id 'd' indicates the star. And, the only way I can do it is by overflowing the value for the player name variable till the value starts flowing in to inventory boxes. isn't it? I have taken your example name and changed it slightly to check if I got it right or not: AAAAAAAAAAAAAAAABBBBBBBBBBBBCCCCCCCCCCCCCCCCDDDD1234d Nice video, thanks! :)
Very nice
Can you make a video of how you learn Regex by yourself? @arebelsec