Much appreciated! I have a channel @ryanchapmanj, but I don't curate content like our man John here. I mostly add my various presentations to my playlists, as they are often hosted elsewhere.
Thank you! The shadowy world relies on secrecy and silence. This effort to teach and explore is so important. The more light you shine, and the more sparks of interest it inspires, the less room there is for the darkness.
I wouldn't be surprised if many builders had input sanitization issues. In fact, that could be a cool research project/video! "How many builders can be break with silly input?" Fun idea!
It's happened before, it will happen again! I saw something similar in the 90's. VCL, IIRC, by Nowhere man of nuke. It was a DOS TUI for creating viruses and the like. It was basically an x86 ASM code generator. You'd select type: com, exec infectors, droppers, etc... type of payload, custom strings and the like. It was password protected, but, if you were skilled with debug tools, you could extract it.
I may have missed this if it was already answered in the video. But is the VM image he's using with all of those analysis programs on the desktop publicly available?
That login is ridiculously easy to bypass. Just supply a profile dictionary object and execute the code in the last if statement in the login function.
i wonder if any ransomware type crypters have ever used something like sdelete to overwrite empty space on disk to mitigate possible file recovery. or just create a file that eats up free space than deletes after disk is full
ive been searching for a while now to help me learn about this subject, i want to start my own channel but its hard to get a hold of entire intact how to docs so i can teach this on my channel, i think its crazy how select education is blocked, because this is my ikigai
Hello John, can you review PNPT certification? How the course is, and what are the preps to do for the exam. And suggestions for machines to do in THM and HTB. It'll be helpful for me to uptake the certification 🥺
Wow this is old LockBit though. New versions have made the decrytor not available on the system. They are preparing this on thir systesm and dropping to the victim.
я тоже могу рассказать как использовать билды, ума для этого не нужно. Очень конечно интересно. Но суть Не понял. Зачем рассказывать как работают билдеры этих зловредов.
I’d love to see more of Ryan, hoping he’ll start his own yt channel
Much appreciated! I have a channel @ryanchapmanj, but I don't curate content like our man John here. I mostly add my various presentations to my playlists, as they are often hosted elsewhere.
Thank you! The shadowy world relies on secrecy and silence. This effort to teach and explore is so important. The more light you shine, and the more sparks of interest it inspires, the less room there is for the darkness.
Agreed!
Tyler Durden , interesting handle.. 1st rule of fight club ?
@@DDBAA24 I've read the ending :)
Wild to see an old work buddy on one of my favorite TH-cam channels.. go Ryan!
Heya! Good to see you too!
Extremely informative. I'd love to see Ryan discussing malware analysis as he mentions at the video's end. Much appreciated Ryan and John!
Great content! Good to see that you synced up with John Hammond! Keep up the great work Ryan!!
Some of the best cysec content on planet earth. Thanks Ryan. Killer vid
26:46 The ASCII art actually broke the builder. Probably would have worked if you took it out. Whoever wrote that should sanitize their strings…
I wouldn't be surprised if many builders had input sanitization issues. In fact, that could be a cool research project/video! "How many builders can be break with silly input?" Fun idea!
Yeah. C# probably didn't like the unescaped backslashes .
Waiting for Ryan's Malware analysis things and how he does it in real world cases.
Really enjoyed this, john!
Thanks for this Type of Content
It's happened before, it will happen again! I saw something similar in the 90's. VCL, IIRC, by Nowhere man of nuke. It was a DOS TUI for creating viruses and the like. It was basically an x86 ASM code generator. You'd select type: com, exec infectors, droppers, etc... type of payload, custom strings and the like. It was password protected, but, if you were skilled with debug tools, you could extract it.
Finally 🔥🔥🔥🔥🔥🔥🔥🔥😘😘😘😘😘😘
Love the video!
I may have missed this if it was already answered in the video. But is the VM image he's using with all of those analysis programs on the desktop publicly available?
I would bet that you would have to build it out yourself. You might get something similar by taking the SANS course he is teaching.
🏴☠It's not legal to re-distribute Windows. I Bet it's not available even if it were I would not trust it cause it is modified.
Flare VM from Mandiant has a large collection of useful malware analysis/reverse engineering tools.
Great content and advisors.. Thanks for keeping this topic in the front of the line!
That login is ridiculously easy to bypass. Just supply a profile dictionary object and execute the code in the last if statement in the login function.
This man really like to talk, thx it was interesting.
There was actually an option to change the extension when building it. You just skipped past that screen.
Really amazing👍!
i wonder if any ransomware type crypters have ever used something like sdelete to overwrite empty space on disk to mitigate possible file recovery. or just create a file that eats up free space than deletes after disk is full
ive been searching for a while now to help me learn about this subject, i want to start my own channel but its hard to get a hold of entire intact how to docs so i can teach this on my channel, i think its crazy how select education is blocked, because this is my ikigai
that was very interesting
Wow♥️‼️
Hello John, can you review PNPT certification? How the course is, and what are the preps to do for the exam. And suggestions for machines to do in THM and HTB. It'll be helpful for me to uptake the certification 🥺
I'd like to know what coffee Ryan drinks. I'll have some of that please.
16:35 Rust doesn't have a runtime!
can u send me the no login please ? 06:13
Medal
Wow this is old LockBit though. New versions have made the decrytor not available on the system. They are preparing this on thir systesm and dropping to the victim.
how can we stop lockbit ramsomeware from getting into my computer?
i think we can't do much on your computer 😂 (good question tho)
I could be wrong, but I don't think LockBit targets home users.
@@iam-py-test I researched a bit, I think it targets vm files, I could also be wrong
@@spookyleo2589 you could use prelude detect to see if your pc can be affected by it or not, it does lot of tests and detects it
How did you get the password for the 7z?
Infected
@wwdevil8771 it tells me header incrypted, any idea?
w vid
my gov just snapped this things..
Cool
I think i found my new VXUG love xoxo
The nanocore of ransomware
❤
Early :3
pliz pass for vx-underground, folders
infected
Ronsomeware
im the 12th person to comment 13th*
я тоже могу рассказать как использовать билды, ума для этого не нужно.
Очень конечно интересно.
Но суть Не понял. Зачем рассказывать как работают билдеры этих зловредов.
First
mga bisaya
bro no don't show this shit to skiddies
Now the only problem for script kiddies is to encrypt their build.
"Dont download this" 😂 then stop showing us this. If you never showed it in the firstplace a lot of the low hanging fruit wouldnt exist like it does.
Can we look at UFOnet, b0tnet . Its strange the way its structured, but similar in ways to what we're already talking about..