![HuskyHacks](/img/default-banner.jpg)
- 39
- 299 037
HuskyHacks
United States
เข้าร่วมเมื่อ 5 ก.ย. 2020
decompile the halls | TryHackMe Advent of Cyber 2023 Day 9 [Malware Analysis]
Ayo as a side note, I teach malware analysis professionally over at TCM Security Academy! I run a 9+ hour course called Practical Malware Analysis & Triage which covers this subject and many others. Check it out over there if you're interested!
AND... the first 5 hours of that course are on TH-cam for free! Check it out here: th-cam.com/video/qA0YcYMRWyI/w-d-xo.html
Practical Malware Analysis & Triage: academy.tcm-sec.com/p/practical-malware-analysis-triage
00:00-06:00 - intro, story background, malware analysis concepts, .NET and decompilation
06:00-07:10 - loading sample into dnSpy, examining the decompiled code
07:10- 08:10 - briefly covering C2 architecture
08:10-16:00 - analyzing the decompiled code, analyzing each function, identifying key characteristics of a C2 agent, reverse engineering the malware's capabilities
16:00-19:10 - answering the challenge questions by referencing the code of the sample
19:10-19:53 - outtro. have a great holiday! 💖
AND... the first 5 hours of that course are on TH-cam for free! Check it out here: th-cam.com/video/qA0YcYMRWyI/w-d-xo.html
Practical Malware Analysis & Triage: academy.tcm-sec.com/p/practical-malware-analysis-triage
00:00-06:00 - intro, story background, malware analysis concepts, .NET and decompilation
06:00-07:10 - loading sample into dnSpy, examining the decompiled code
07:10- 08:10 - briefly covering C2 architecture
08:10-16:00 - analyzing the decompiled code, analyzing each function, identifying key characteristics of a C2 agent, reverse engineering the malware's capabilities
16:00-19:10 - answering the challenge questions by referencing the code of the sample
19:10-19:53 - outtro. have a great holiday! 💖
มุมมอง: 15 320
วีดีโอ
we are so-ho-ho back | TryHackMe Advent of Cyber 2023 Day 2 [Python + Jupyter Notebooks]
มุมมอง 23K7 หลายเดือนก่อน
00:00-00:45 - ya boi is back. intro. 00:45-05:19 - exposition, Python, Jupyter notebooks, background 05:19-16:00 - Notebook 1: Intro to Python/Jupyter notebooks, data types, variables, type inference, running cells, markdown 16:00-23:50 - Notebook 2: Intro to Pandas, dataframes, series, simple data manipulations 23:50-27:25 - Notebook 3: Intro to Matplotlib, making graphs from dataframes 27:25-...
I, Too, Stole a Microsoft 365 Account. Here's How. (Stealing Access Tokens from Office Desktop Apps)
มุมมอง 7K8 หลายเดือนก่อน
Attacking & Defending Azure & M365 - Xintra Training: training.xintra.org/view/courses/attacking-and-defending-azure-m365 mrd0x original writeup: mrd0x.com/stealing-tokens-from-office-applications/ TokenFinder: github.com/doredry/TokenFinder I also reimplemented TokenFinder in C#: github.com/HuskyHacks/SharpTokenFinder
Malware C2 Keying! Speakfriend | Huntress 2023 Capture the Flag
มุมมอง 4869 หลายเดือนก่อน
Malware C2 Keying! Speakfriend | Huntress 2023 Capture the Flag
breaking WEAK ENCRYPTION. BlackCat Walkthrough | Huntress 2023 Capture the Flag
มุมมอง 3829 หลายเดือนก่อน
breaking WEAK ENCRYPTION. BlackCat Walkthrough | Huntress 2023 Capture the Flag
c r a b | Crab Rave Walkthrough | Huntress 2023 Capture the Flag
มุมมอง 3559 หลายเดือนก่อน
Responsible Red Teaming: taggartinstitute.org/p/responsible-red-teaming
this computer READS YOUR MIND. Rock, Paper, Psychic | Huntress 2023 CTF
มุมมอง 4449 หลายเดือนก่อน
this computer READS YOUR MIND. Rock, Paper, Psychic | Huntress 2023 CTF
PyArmor Malware! Snake Eater Walkthrough | Huntress Capture The Flag 2023
มุมมอง 6849 หลายเดือนก่อน
PyArmor Malware! Snake Eater Walkthrough | Huntress Capture The Flag 2023
he back and he MAD 💢 Black Cat II Walkthrough | Huntress 2023 Capture the Flag
มุมมอง 3029 หลายเดือนก่อน
he back and he MAD 💢 Black Cat II Walkthrough | Huntress 2023 Capture the Flag
don't call it a comeback. Snake Eater II Walkthrough | Huntress 2023 Capture the Flag
มุมมอง 3179 หลายเดือนก่อน
don't call it a comeback. Snake Eater II Walkthrough | Huntress 2023 Capture the Flag
Cloudy with a Chance of Malware: Moving Malware Analysis to the Cloud
มุมมอง 1.9K9 หลายเดือนก่อน
Presented to the Cloud Security Alliance of LA/SoCal
It was sublime. Husky Hikes the AT 2023 (Finale)
มุมมอง 419ปีที่แล้ว
It was sublime. Husky Hikes the AT 2023 (Finale)
I. Do. Not. Yield!!! - Husky Hikes the AT 2023 (Part 14)
มุมมอง 242ปีที่แล้ว
I. Do. Not. Yield!!! - Husky Hikes the AT 2023 (Part 14)
We Crushed the White Mountains* (*they crushed us back tho) | Husky Hikes the AT 2023 (Part 13)
มุมมอง 166ปีที่แล้ว
We Crushed the White Mountains* (*they crushed us back tho) | Husky Hikes the AT 2023 (Part 13)
POV: you’re hiking the hardest mile on the Appalachian Trail - Husky Hikes the AT 2023 (Bonus!)
มุมมอง 416ปีที่แล้ว
POV: you’re hiking the hardest mile on the Appalachian Trail - Husky Hikes the AT 2023 (Bonus!)
relaxing Appalachian Trail content from CT, MA, & VT 😌 - Husky Hikes the AT 2023 (Part 12)
มุมมอง 189ปีที่แล้ว
relaxing Appalachian Trail content from CT, MA, & VT 😌 - Husky Hikes the AT 2023 (Part 12)
A hidden gem beach | Manhattan Skyline | Retracing Steps - Husky Hikes the AT 2023 (Part 11)
มุมมอง 208ปีที่แล้ว
A hidden gem beach | Manhattan Skyline | Retracing Steps - Husky Hikes the AT 2023 (Part 11)
The… other part of PA. New Jersey is actually gorgeous - Husky Hikes the AT 2023 (Part 10)
มุมมอง 180ปีที่แล้ว
The… other part of PA. New Jersey is actually gorgeous - Husky Hikes the AT 2023 (Part 10)
Halfway Point. 🦝 Raccoon Raid. The Good Part of PA- Husky Hikes the AT 2023 (Part 9)
มุมมอง 195ปีที่แล้ว
Halfway Point. 🦝 Raccoon Raid. The Good Part of PA- Husky Hikes the AT 2023 (Part 9)
Virginia Blues & Shenandoah Views - Husky Hikes the AT 2023 (Part 8)
มุมมอง 208ปีที่แล้ว
Virginia Blues & Shenandoah Views - Husky Hikes the AT 2023 (Part 8)
…and goats. Husky Hikes the AT 2023 (Part 7)
มุมมอง 225ปีที่แล้ว
…and goats. Husky Hikes the AT 2023 (Part 7)
ponies. Husky Hikes the AT 2023 (Part 6)
มุมมอง 208ปีที่แล้ว
ponies. Husky Hikes the AT 2023 (Part 6)
Achievement Unlocked: Marathon Man - Husky Hikes the AT 2023 (Part 5)
มุมมอง 229ปีที่แล้ว
Achievement Unlocked: Marathon Man - Husky Hikes the AT 2023 (Part 5)
The Roan Mountain Gambit - Husky Hikes the AT 2023 (Part 4)
มุมมอง 372ปีที่แล้ว
The Roan Mountain Gambit - Husky Hikes the AT 2023 (Part 4)
My hat goes off to Big Bald. Literally - Husky Hikes the AT 2023 (Part 3)
มุมมอง 320ปีที่แล้ว
My hat goes off to Big Bald. Literally - Husky Hikes the AT 2023 (Part 3)
A brush with injury - Husky Hikes the AT 2023 (Part 2)
มุมมอง 318ปีที่แล้ว
A brush with injury - Husky Hikes the AT 2023 (Part 2)
The hardest part is over - Husky Hikes the AT 2023 (Part 1)
มุมมอง 620ปีที่แล้ว
The hardest part is over - Husky Hikes the AT 2023 (Part 1)
What if we have the access token
is it ok to enable the clipboard share feature on flarevm ?
How do you get PEView?
I was struggling with the very last part finding the phpinfo file, danke.
One tip, personally I would go the extra step and by ensuring clipboard sharing is disabled when deploying malware. I don't think he mentioned that and did notice he had it enabled when copying hashes to virus[.]total just my two cents. But great video none the less!
Hi, mr Husky. I have a little bit problem. As you showed at 59:09 to run wannacry then try it in my flare VM but wannacry.exe didn't run. I wonder why this happened(defender was off) Thanks in advance
You probably have the same issue as me - using a Windows 10 build which is no longer vulnerable to wannacry.
@@mattanderson2074 i dont know why, but it worked. Wannacry works properly
Windows Defender is not letting me detonate de virus :(
Dumping the access tokens is nice but dumping the refresh tokens would be cooler :)
Can you show the same lab setup using VMware Workstation Pro? I haven't been able to find a single video on this topic.
A file can perform certain checks on the system before downloading and executing the final malware, such as checking if the system is a virtual machine, for example by looking for this registry key: *HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\VMware Tools* I think that all possible traces of virtualization must be eliminated
I am still a beginner, how to install the files to my flare vm and I have no connection to the internet ?
You download it into your main machine then enable drag and drop (host to guest) and transfer the files into the Flare VM
i cannot find the flare-vm github repo
Thanks! The information about the jwt token helped me find a big vulnerability
I Just found you , and you have great Content. Im trying to learn some stuff, how to be soc Analyst?
Can you make a video by testing the any malware in kali Linux , I mean whole malware analysis on kali Linux with Linux tools .
Just a quick question.. why does my Network setting is not working? I tried everything but the configuration is just not working in my case? Any solution?
hey husky i tried to download the repo on my physical host but the defender and browser didn't let me download the repo as it was detection viruses into it can you help me with it please
Same issue. Best I can find, the latest version of Win10 does not allow users to disable MsMpEng.exe. It is owned by the system. That's Microsoft's main AV scanner. Have not found a way around it yet.
@@OldDirtyDragon well bro it is a very simple issue what i did that i cloned the repo using git clone command and further it was downloaded on the pc but i made sure i dont open or unzip the repo, i further enabled the drag n drop from host to machine option temporarily for flarevm after dropping the repo into the flarevm i disabled the drag n drop option from v box and made sure that i have deleted the cloned repo from my physical machine and during all this process i didn't touched or twitch the windows defender should work for you as well
5:02 5:03 5:05
Malware analysis didn't work anymore.
May I know why?
This has been such an amazing journey. Much respect to Husky! Heath's crew @ TCM are awesome! 🎉
Man thank you this has been amazing. Liked and Subbed and going to recommend your channel. 💙💻🦠😎
Thank you very much for this video, can I get your mail id so that can discuss which are related to this in details. Am a PhD student and faculty in an organization, my work on this is very interesting.
I enjoyed these! thanks for writing them coming back now to see the ones I missed
Thanks a lot sir. Just what to know for after ransomware detonation which tools I can use for dynamic analysis like you have shown how to use procmon and procexp but when I detonate the ransomware tools get crash.
I swear to God, This is very good malware analysis for real, I will recommend to my folks, HuskyHacks, Thank you for everything
best malware analysis course. Thanks for this amazing course
floss cmmand not working in my cmd said that it is not recognizeble how to solve this issue
hello
Hello Sir, I am facing one issue, whenever I try to arm any binary, win10 defender or firewall removes it, Although all security options are turned off, Via Real Time Protection, Registry entry, group security policy etc. Still whenever any binary is converted to armed mode, windows automatically removes it. Kindly help what to do?
In remnux when i mount it said no medium found on dev/sro what i can do for these
Subscribed!!
Decided to run through AoC 2022 after doing the 2023 version because I found it very informative. I got stuck on one question and this helped me out. Thanks.
Thank you my friend. Excelent tutorial :) I'm cheering for you to do more. hhaha
When I try to mount the cdrom I get this error message, mount: /media/cdrom: no medium found on /dev/sr0.
Go to devices>insert guest additions cd image... >run
Thank you so much for this amazing tutorial Please release next set of malware analysis video
Hi @huskyhacks ! Thank you for sharing the video. I am unable to get Fireeye Flare-vm, it it mandiant/Flare-vm ?
Yes, it's now hosted under the Mandiant org on GitHub
listening to all the safety spiels as a linux user is funny. I have a habit of just leaving malware .exes lying around my pc because it can't do anything aha
Doesn't work. even with renewed token it errors out: {"error":{"code":"InvalidAuthenticationToken","message":"Access token validation failure. Invalid audience.","innerError....
What's the audience for that token and which resource are you trying to access?
Not sure about the audience, but the token is for outlook for sure.
@@cyberus15 Unfortunately, the Outlook API was deprecated sometime last year learn.microsoft.com/en-us/previous-versions/office/office-365-api/api/version-2.0/use-outlook-rest-api You might be able to get lucky and find an older on-prem Exchange server that still uses the API but I haven't tested that. Your best bet is to hunt for Graph API tokens and use those
Nice video man this was fun to watch <3
Why is there no shared clipboard in this machine? It's just poor execution to force people to write everything to the answer boxes.
Thank you for the extremely informative intro to Jupyter Notebooks!
You have a new subscriber through Advent of Cyber 2023. Thank for your eloquent presentation.
when run, it says "pd is not define"
first u need to import pd in machine
It was really good..there’s a small doubt that in this we are using get and post methods, is it using for getting information and instruction from c2 server/giving the data to the c2 server..there’s a bit of confusion in that 9:57
Unbelievable how clear your explanations are, I appreciate you doing this - thank you!
okayyyy, fun and interesting. learned something new despite needed my hand held 😂😂
Very informative explanation, Thank you brother ^___^
Thanks man!!!
Great explanation and a great tool to have in the bag!
Great video, thanks!!