How Hackers Can Hide PowerShell in Environment Variables

is the sky always blue? actually check this out to learn more cybersecurity jh.live/training and join my newsletter jh.live/newsletter for more like this

This is a very NEAT technique, did you stumble upon this technique in the wild being used by some bad actors?, how did you come up with it, Its really nice. I LOVED IT

Im really happy to see you grow, I have recommended you to a "thousand" others and now I see u got 1.3 m subs which is AMAZING. Keep on what ur doing! Greetings!

This video is eye-opening! It's crazy to see how hackers can use something as innocuous as environment variables to hide malicious PowerShell commands. The level of sophistication in cyber attacks is just mind-boggling. Understanding these tactics is crucial for staying safe online. Thanks for the insightful breakdown! Time to up my cybersecurity game.

You inspired me to make some more Powershell-Obfuscation-Scripts (using comment-blocks, math and variables). I took a command, passed it through them (and of course through yours) three times and I wasn't abled to deobfuscate this one command in under five minutes 🤣

Great video, seems like a good way to obfuscate commands!

Please bring a video on the new xz malware discovered

As i understand reverse engineering, which is very little admitedly. This is how hackers optimize building ROP gadgets. If you get a fixed number of bytes to add to the execution stack, you make sure that what is added is entirely built from other sections of the static mapped memory, because specific strings of assembly will be in fixed locations to reference. So instead of creating code that takes several bytes you just point to a chunk of that already in memory, thereby keeping the exploit within that limited stack space required to maintain the overflow or use after free or whatever tactic the codespace was permitted to hit the stack without the kernel overflowing. Stringing multiple gadgets together creates a ROP chain which is the set of functions you need the exploit to do.

where do you get windows iso to run in vmware or virtualbox, the official site offers 22GB zip which is unreasonable

You disappeared off my algorithm then I tried to remember ur name when I saw the xz hack and then I see u have 1.3 milli subs, you had 350k last time I watched a vid, killin it!!!

Watching right now❤

If you have variables that only have the user name as a variable path, you could for example use string splitting on \ to get more options.

You have built a nice very pythonic conditional christmas tree 😊😊

Did this idea come from a sample or just random thought ? Also nice to have more of the red team POV stuff. I've been trying to improve on red side since I've been made part of purple team and stuff like this is helping me make the mental shift.

Great stuff. I would like to know how this looks in the event logs. Does it just show the env variables or does it show the cmdlet being run?

Love you, dude. I am continuously hacked. Dangerous stalker. I have managed to thwart him a few times thanks to vids like this, many are yours! 🌹

Cool video keep it up

One form of obfuscation could even be caps, powershell should be case insensitive

This video is interesting and enthusiastic 😁😂

this is a great idea... now i just need to translate python to PS to make it work on any Windows environment. Usually I don't have python available on Windows systems during tests.

love the content!! keep killing it! what keyboard are you using in the newish setup?

John please make a video on the xz utils vulnerability and on Jia Tan😭

It's worrying the lack of Jurassic Park references.

I am new to coding so all of this has been informative but very confusing to me. I need to start from the beginning of your videos I guess lol

TNX bro

THANKS YOU

So helpful

YES!😃

Thanks for the great video John, I would like to see what kind of setup you are using (home lab, personal rig, laptop etc.). Can you do a home lab, everyday carry video? I think it will be very interesting and inspiring for the community

is this really useful if my environment is hardened?

leaking my sauce man :( - +10/10 video

Love the python content

You are naughty boy John

Use a debugger bro :D

It would be fun to run this on PowerShell Core in Linux or Mac 😂

Activate Windows got me

The icons are so big😅

Going to watch the video. Will ask if I want to know something

fun!

Why is there so many ai written comments on this….

make a video on how to detect hacking script which is in encoded javascript , i saw a pastebin post which can hack peoples crypto from g2a account scamming people via encode js code malicious

please 1 video how to hacked gmail password please please new video
🙏🙏🙏🙏🙏🙏

i tried brute-forcing dvwa with hydra but wont work. I had to build a custom script can someone send me the command

video content is good, but python code quality terrible

I'm not trust snyk.

420😄

😂 powershell_command = 'Write-Output 420'

I guess first

I guess I am first😀

Python... wtf