This is one of the best videos on youtube, Colin doesn't skip over any critical information like other youtubers that make tons of assumptions. Also there is no additional fluff like intro bs, is literally 11min packed of good information which felt like 1hr. From this video alone, I can configure VMs network setttings, and setup both VMs for safe malware fake communications. Great video!
Awesome video! So question, how do you approach updating your VM when newer versions of the software have been released that is in REMworkstation/REMnux?
Jason Sevilla great question. I actually don’t often / if ever update. Firstly I like to have my VM as vulnerable as possible so usually run outdated browsers, apps etc. I should update security tooling more often, eg wire shark, sysinternals etc; but I’m too lazy!
Hi Colin , When you set up host only adaptor , how you can download malware sample from google? When you want to download sample , are you changing your adaptor setting with NAT? after then are you changing with host only setting again during exemanition? I meant for windows7. Thank you.
I learnt Something new Collin @ 9:13. You siad it wasn't a DNS request. However, shouldn't the Fake DNS have picked the request to an IP? i.e the GET request needs to find out where the IP address is.
Thanks Colin. Very informative and now easy to set up without worrying something might slip through. Already did test it with few network propagating malware and it just cant go anywhere. I know there are some VM zerodays out there (src: Blackhat EU 2017) but I doubt they will be used for malware to possibly escape VM from "ordinary" analysts :) Regards.
Thanks for the comment. Never say never with VM Escape malware though, if you're in a large enterprise those who respond to malware attacks are likely to have privileged accounts and are therefore good targets for malicious Actors to infiltrate a network. That's why I'd recommend using a dedicated malware analysis machine (e.g. Macbook) which is completely isolated from the corporate network and is not used for anything personal, that way if the VM does get popped you have reduced the attack surface.
Thanks, Colin, for your awesome channel. It’s a great resource. I am revisiting this video to ask a quick question (sorry if it is stupid!). Is it a security problem to be connected to the internet on your malware analysis VMs if they are configured to NAT and your host is using a VPN? Hope this makes sense. Cheers. :)
John Slyer makes perfect sense and thanks for the comment. I use that setup exactly, so NAT guest and VPN on the host. Careful if you ever use bridged mode as that will likely avoid your host VPN.
Since you work in a CERT, this is likely not one of your main areas of interest, but everything related to attribution is super exciting (and also super relevant, especially these days where political decision makers put much weight on cyber deterrence, threating with kinetic retaliation in response to cyberattacks on critical infrastructure… regardless of attribution problems -- I am writing my thesis on this). It could be awesome see you uncover different deception tactics that adversaries use to mislead attribution efforts. For example, how the authors of the malware you studied in your most recent video, OlympicDestroyer, intentionally planted similarities to Lazarus/NK in the PE metadata (see securelist.com/the-devils-in-the-rich-header/84348/ for an in-depth analysis). Anyway, just a thought. Everything you upload is extremely educative, so I am just happy every time I see that subscription notification. :)
Great video. @Colin Hardy I have a question. In my VM lab I have 3 VMs running connected to each other (Analysis Machine: Win32-64-> Win32-32(Victim usually) Linux(fake internet, analysis)) but don't have access to the internet at all. On the side (another computer) is where I do a live testing. I was wondering, what would be the easiest and "safest" way to also allow internet on my first machine so that malware that is ran on Windows 32bit goes through my Linux and goes to the internet instead of fakedns\inetsim and others. It might make life easier a bit. Cheers.
Hey thanks for reaching out, good questions! To answer the point about 'safety' well, as long as you're using a VM, which is NAT'd, and you're using a good VPN then I think that's the safest config for connecting malware to the internet. As for your setup; could you not let your Linux box talk to the internet? That way, your Win32 box could talk to the internet via your Linux box (if that's what you intended). Or just open your Win32 box to the internet and monitor the network traffic locally, e.g. using Wireshark, Burp, Fiddler etc.Just don't forget to run a VPN (on your host).
@@cybercdh First, thanks for reply! One of best channels on YT :D And sorry for the long post :) Yes, that is my intention, Win32 Linux (Remnux) Internet and grab payload if any. I wouldn't want to grant Win32 machine internet access because of ransomware analysis and general security issues of the OS (weak sec, not patched up to date, etc). If I make mistake during unpack\debug it could potentially get to my host. (not sure about this, but always doing it just out of caution). Also I have decent VPN running on my Live Setup. It is also installed on my 'three way setup' on my host OS but not running most of the time since VMs are closed as stated in my comment. So, I should turn on the VPN on my 'three way setup' host and let Linux go to internet (NAT config in VMWare)? I was wondering though, if Malware that is ran on Win32 and goes through Linux(share is enabled), grabs a payload from the internet, will the payload download un on the Win32 or be stuck in Linux somewhere? Ransomware for example or any of the downloaders. EDIT: I tried a lot of things and I got what I wanted but there is a catch. I can now connect to internet with linux VM but Win32 VM can only communicate with linux VM (ping, etc), it won't go to the internet. Wireshark sniff says port unreachable if I try to visit some site so I think it is a port forwarding issue. That might be a bit complicated since I am not that good on Linux side of things for networking. I have it set up: Linux VM: NAT, Win32 VM: Custom NAT Adapter with IPv4 settings: IP: (192 168 26 134), Subnet standard, default gateway and prefered DNS server IP of my Linux VM (192 168 26 136) I googled a lot and couldn't find any workaround.
Hey, apols for the delayed reply, TH-cam filtered your comment due to the presence of a link (the IP address). What do you have as you Default Gateway and Preferred DNS servers on your Windows machine...
@@cybercdh Hey. No problem, it was my mistake. YT comments are not a good way to describe these issues. I just typed too much. My Win32 VM Ipv4 settings (default gateway and pref. dns) are pointing to my Remnux VM. I the meantime of posting this I did have some success by adding iptable rules to the Remnux but Win32 still won't go to the internet but now in Wireshark it doesn't say "Port unreachable". It looks like everything is fine but browser won't open any site and can't ping also.
I'm on Windows XP SP3, i have all of your settings but I cant see the requests of my malware sample in Burp. The redirection to REMnux works fine. Any idea how to troubleshoot this? I can see requests my browser makes even without specifying a proxy in firefox so I guess my settings under "Control Panel - Internet Options - .." work fine.
ThaLiquidEdit could be that the malware uses an api call that is not proxy aware. Eg wannacry uses specific flags in its call to InternetOpenA to ignore the system proxy settings. Could be that...
Hey colin, great video! This will help us follow your videos better, another question though, could you suggest/make a video on how security researchers find bugs/exploits? Like how tf did google project zero find spectre/meltdown? A step-by-step video on the theory/application of the concepts of this exploit would be amazing (though I know you'll never do it).
honestly, if i knew how Project Zero knew their stuff, I'd be a rich man for sure :) Those guys are on another planet. Best advice, follow the likes of Tavis Ormandy on twitter and learn from his work, he's unreal.
It is hard. And as Colin says, some people are just out of this world in that field. But if you want to try your luck: - learn about fuzzing - make\modify a fuzzer for your target and run it against it. It might take a long time depending on what you are targeting and is it over tcp or such... - you will hope to get crashes of the target and then you have to analyze them - somewhere in those crashes is possibly a EXPLOITABLE bug because not every crash will be exploitable. But even if you re SURE 100% it is exploitable you still need to write the exploit which can be quite hard depending on what it is. - analyzing crash dumps and exploiting the vulnerability is a nightmare for individual and that is why for this kind of work you really need more people with strong knowledge of several fields... from writing\modifying the fuzzer, analyzing dumps, finding the vulnerability, exploiting it... good luck
Hi Colin, thank you for these good quality videos, one question if you allow , how then do you download the malware samples after isolating the machine ? I guess you do it before , or maybe you drag and drop from the host machine ? what is the safe method . Thank you.
If I am using VMWare workstation, should I use host-only? Can you explain how a malware can infect the host if I am using NAT/Bridge compared to host-only?
Great work there men. I got 1 question. From your video basically you executing the virus which is already there or you get it from virus total. What if in definite situation where the PC is attacked by the malware, and you just get there don't know what software and program that launch the malware. What i mean here how to find the exact source (specific location, file name,) of the file that contain malware in my host system? (other then asked the victim which file he executed before he get the malware attack)
Hey Colin, this was very helpful. Just a couple of questions: doesn't inetsim include a DNS server; that is, do you need to run fakedns as well? Also, what is the significance of the accept-all-ips alias (will REMnux drop traffic under some circumstances)? Also, how do you feel about FireEye's fakenet tool, if you've used it? Thanks again for a great video.
yes, inetsim does contain a DNS server, there's no real difference in using either. accept-all-ips is an alias to intercept all traffic destined for IP addresses.
Kjelle Have seen the same issue in PCs, windows VMs. In order to avoid freezes I have to use at least 4gb ram for the VM, and even with that the SIFT vm freezes, do you know why that happens?
Hey colin, in forensics how would capture the network traffic of the infected machine. I.e the clients laptop is infected. The laptop obviously wont be connected to the internet, but will need to capture the network traffic. Basically simulating what your doing in vmware but instead doing it on the actual infected machine and using another laptop as the lab machine. A forensic image e01 of the laptop can be taken/converted to vmdk and be used in vmware but thats a long process. Any thoughts?
if you're dealing with an actual infected device it's probably best to take a RAM image and analyse the process / network based activity using Volatility, or similar.
This is great. The only hiccup is that your lab setup was on VirtualBox and this is VMWare. Settings are a bit different and I can't figure it out. And how do you put Burpe Suite on Windows?
I really like all your videos which underline your grand capacity and competence to handle all this stuff in a way that one can theoretically follow and understand. However, you are talking so incredibly fast pushing through things in 15 mins which "normally" would take at least 30 min, in fact so fast as though you were running away from someone behind you trying to shoot you from a short distance. Life and also reverse-engineering malware is not about speed - it is about coming to the right conclusions by the right means. Especially if you want to not only show people how brilliant you are but also if you want to make them learn and follow your way of handling things. Thus, my personal wish is that you try to rev down the speed of your talking a bit for the sake of better understandability and ability to follow your every single step in order to be able to learn. Thank you very much.
Thanks for taking the time to post such a detailed comment. My channel aims to appeal to those with capabilities ranging from beginner through to advanced and as such the nature of my content does vary. I will say that this video was posted nearly 3 years ago and in that time I have posted many videos covering a wide range of tools, tactics, techniques and analysis of samples which having varying pace and complexity, so I'm confident you will find other interesting content which resonates with the way you consume information. Also, please note, my aim is to not speed through any topic and leave people behind. I take pride in explaining topics in a clear, concise way which also doesn't dive into too much unnecessary detail; but if you ever feel like you want something further explaining or want to chat more, my twitter DMs are always open and I openly advertise an AMA via email. Thanks again for the feedback, hope you enjoy my other content also.
Hello, Colin, I absolutely appreciate the way you are showing up ways and solutions in your videos. However, the only drawback for me personally is the speed of your speech. Often I need to pause the video to rethink what you just said before you speeded to the next issue. Since one sentence is very important for the next one, I want to make sure to get the entire context to my brain and not "overread or overhear" something important for the context. I know how it is: Once you are so deep into a subject matter, you start to spread your thoughts with massive speed since everything is so clear to you. Becoming older, I have reversed my own speed of talking to a slower pace again as I have realized that people were both fascinated by the depth of my knowledge and overwhelmed by what I was saying / lecturing / teaching so that in the end, most of them only realized the distance of their to my knowledge. Yes, sometimes it is hard to follow, maybe only for me ... For the rest: please to continue to deliver these exciting videos.
This is one of the best videos on youtube, Colin doesn't skip over any critical information like other youtubers that make tons of assumptions. Also there is no additional fluff like intro bs, is literally 11min packed of good information which felt like 1hr. From this video alone, I can configure VMs network setttings, and setup both VMs for safe malware fake communications. Great video!
Thank you so much for the comment and kind words; really pleased to hear you enjoyed the content. ✌️
Hey Colin, guys here, hope you're well :)
hey :)
Recent events really rather suck for channels like yours, Colin. More content please!
You absolute legend, made it soo easy and straight forward
I'm your number 1 fan. Excellent contents
useful, concise, on point video and very important stuff to get right, just awesome :)
thank you :)
Awesome video! So question, how do you approach updating your VM when newer versions of the software have been released that is in REMworkstation/REMnux?
Jason Sevilla great question. I actually don’t often / if ever update. Firstly I like to have my VM as vulnerable as possible so usually run outdated browsers, apps etc. I should update security tooling more often, eg wire shark, sysinternals etc; but I’m too lazy!
@@cybercdh Thank you Colin! That makes sense and awesome insight on your approach. I'll make sure to apply that on my side!
Hi Colin , When you set up host only adaptor , how you can download malware sample from google? When you want to download sample , are you changing your adaptor setting with NAT? after then are you changing with host only setting again during exemanition? I meant for windows7. Thank you.
Tysm for actually making the video I asked for! Great as always!
Pleasure. other suggestions welcome.
thnx for the tutorial .... but how you activate this low bar that shows info about disk usage???
I learnt Something new Collin @ 9:13. You siad it wasn't a DNS request. However, shouldn't the Fake DNS have picked the request to an IP? i.e the GET request needs to find out where the IP address is.
Thanks Colin. Very informative and now easy to set up without worrying something might slip through. Already did test it with few network propagating malware and it just cant go anywhere.
I know there are some VM zerodays out there (src: Blackhat EU 2017) but I doubt they will be used for malware to possibly escape VM from "ordinary" analysts :)
Regards.
Thanks for the comment. Never say never with VM Escape malware though, if you're in a large enterprise those who respond to malware attacks are likely to have privileged accounts and are therefore good targets for malicious Actors to infiltrate a network. That's why I'd recommend using a dedicated malware analysis machine (e.g. Macbook) which is completely isolated from the corporate network and is not used for anything personal, that way if the VM does get popped you have reduced the attack surface.
Love the content and pace. Remember me when you reach you reach 100k subs!
haha :) Thanks, I will. :)
Thanks, Colin, for your awesome channel. It’s a great resource. I am revisiting this video to ask a quick question (sorry if it is stupid!). Is it a security problem to be connected to the internet on your malware analysis VMs if they are configured to NAT and your host is using a VPN? Hope this makes sense. Cheers. :)
John Slyer makes perfect sense and thanks for the comment. I use that setup exactly, so NAT guest and VPN on the host. Careful if you ever use bridged mode as that will likely avoid your host VPN.
Thank you very much for your quick and concise response. Hope everything is well and that you continue to enjoy making videos. Cheers. :)
all is good thank you :) always looking for inspiration for more videos too, so suggestions welcome. Peace.
Since you work in a CERT, this is likely not one of your main areas of interest, but everything related to attribution is super exciting (and also super relevant, especially these days where political decision makers put much weight on cyber deterrence, threating with kinetic retaliation in response to cyberattacks on critical infrastructure… regardless of attribution problems -- I am writing my thesis on this). It could be awesome see you uncover different deception tactics that adversaries use to mislead attribution efforts. For example, how the authors of the malware you studied in your most recent video, OlympicDestroyer, intentionally planted similarities to Lazarus/NK in the PE metadata (see securelist.com/the-devils-in-the-rich-header/84348/ for an in-depth analysis). Anyway, just a thought. Everything you upload is extremely educative, so I am just happy every time I see that subscription notification. :)
Hi Colin! Thanks for such a great video. Could you also give us a walkthrough on FireEye’s FLARE VM?
Hey thanks for the suggestion I’ll give it some thought.
Can you recommend some intermediate level books or websites to learn more of this kind of thing?
Practical Malware analysis is a good book...
Great video. @Colin Hardy I have a question. In my VM lab I have 3 VMs running connected to each other (Analysis Machine: Win32-64-> Win32-32(Victim usually) Linux(fake internet, analysis)) but don't have access to the internet at all. On the side (another computer) is where I do a live testing.
I was wondering, what would be the easiest and "safest" way to also allow internet on my first machine so that malware that is ran on Windows 32bit goes through my Linux and goes to the internet instead of fakedns\inetsim and others. It might make life easier a bit.
Cheers.
Hey thanks for reaching out, good questions! To answer the point about 'safety' well, as long as you're using a VM, which is NAT'd, and you're using a good VPN then I think that's the safest config for connecting malware to the internet. As for your setup; could you not let your Linux box talk to the internet? That way, your Win32 box could talk to the internet via your Linux box (if that's what you intended). Or just open your Win32 box to the internet and monitor the network traffic locally, e.g. using Wireshark, Burp, Fiddler etc.Just don't forget to run a VPN (on your host).
@@cybercdh First, thanks for reply! One of best channels on YT :D And sorry for the long post :)
Yes, that is my intention, Win32 Linux (Remnux) Internet and grab payload if any. I wouldn't want to grant Win32 machine internet access because of ransomware analysis and general security issues of the OS (weak sec, not patched up to date, etc). If I make mistake during unpack\debug it could potentially get to my host. (not sure about this, but always doing it just out of caution).
Also I have decent VPN running on my Live Setup. It is also installed on my 'three way setup' on my host OS but not running most of the time since VMs are closed as stated in my comment.
So, I should turn on the VPN on my 'three way setup' host and let Linux go to internet (NAT config in VMWare)? I was wondering though, if Malware that is ran on Win32 and goes through Linux(share is enabled), grabs a payload from the internet, will the payload download
un on the Win32 or be stuck in Linux somewhere? Ransomware for example or any of the downloaders.
EDIT: I tried a lot of things and I got what I wanted but there is a catch. I can now connect to internet with linux VM but Win32 VM can only communicate with linux VM (ping, etc), it won't go to the internet. Wireshark sniff says port unreachable if I try to visit some site so I think it is a port forwarding issue. That might be a bit complicated since I am not that good on Linux side of things for networking.
I have it set up: Linux VM: NAT, Win32 VM: Custom NAT Adapter with IPv4 settings: IP: (192 168 26 134), Subnet standard, default gateway and prefered DNS server IP of my Linux VM (192 168 26 136)
I googled a lot and couldn't find any workaround.
Hey, apols for the delayed reply, TH-cam filtered your comment due to the presence of a link (the IP address). What do you have as you Default Gateway and Preferred DNS servers on your Windows machine...
@@cybercdh Hey. No problem, it was my mistake. YT comments are not a good way to describe these issues. I just typed too much. My Win32 VM Ipv4 settings (default gateway and pref. dns) are pointing to my Remnux VM.
I the meantime of posting this I did have some success by adding iptable rules to the Remnux but Win32 still won't go to the internet but now in Wireshark it doesn't say "Port unreachable". It looks like everything is fine but browser won't open any site and can't ping also.
Cool, there is an Alias in REMNUX, it’s called something like accept_all_ips or something like that. Try running that first then retry.
Hi Colin, could you pls provide the hash of both malware? Thx!
Colin, do you have any thoughts on Cuckoo Sandbox?
Martin Jones it rocks
Thanks for the short and sweet reply! :-)
I'm on Windows XP SP3, i have all of your settings but I cant see the requests of my malware sample in Burp. The redirection to REMnux works fine. Any idea how to troubleshoot this? I can see requests my browser makes even without specifying a proxy in firefox so I guess my settings under "Control Panel - Internet Options - .." work fine.
ThaLiquidEdit could be that the malware uses an api call that is not proxy aware. Eg wannacry uses specific flags in its call to InternetOpenA to ignore the system proxy settings. Could be that...
Do you see any traffic in burp like when u open chrome and try google? If not, then it’s a setting issue.
Hey colin, great video! This will help us follow your videos better, another question though, could you suggest/make a video on how security researchers find bugs/exploits? Like how tf did google project zero find spectre/meltdown? A step-by-step video on the theory/application of the concepts of this exploit would be amazing (though I know you'll never do it).
honestly, if i knew how Project Zero knew their stuff, I'd be a rich man for sure :) Those guys are on another planet. Best advice, follow the likes of Tavis Ormandy on twitter and learn from his work, he's unreal.
Thanks for the advice man, I appreciate it!
It is hard. And as Colin says, some people are just out of this world in that field. But if you want to try your luck:
- learn about fuzzing
- make\modify a fuzzer for your target and run it against it. It might take a long time depending on what you are targeting and is it over tcp or such...
- you will hope to get crashes of the target and then you have to analyze them
- somewhere in those crashes is possibly a EXPLOITABLE bug because not every crash will be exploitable. But even if you re SURE 100% it is exploitable you still need to write the exploit which can be quite hard depending on what it is.
- analyzing crash dumps and exploiting the vulnerability is a nightmare for individual and that is why for this kind of work you really need more people with strong knowledge of several fields... from writing\modifying the fuzzer, analyzing dumps, finding the vulnerability, exploiting it...
good luck
Hi Colin, thank you for these good quality videos,
one question if you allow , how then do you download the malware samples after isolating the machine ? I guess you do it before , or maybe you drag and drop from the host machine ? what is the safe method .
Thank you.
Yes I download prior on my host and drag and drop
If I am using VMWare workstation, should I use host-only?
Can you explain how a malware can infect the host if I am using NAT/Bridge compared to host-only?
Great work there men. I got 1 question. From your video basically you executing the virus which is already there or you get it from virus total. What if in definite situation where the PC is attacked by the malware, and you just get there don't know what software and program that launch the malware. What i mean here how to find the exact source (specific location, file name,) of the file that contain malware in my host system? (other then asked the victim which file he executed before he get the malware attack)
Hey Colin, this was very helpful. Just a couple of questions: doesn't inetsim include a DNS server; that is, do you need to run fakedns as well? Also, what is the significance of the accept-all-ips alias (will REMnux drop traffic under some circumstances)? Also, how do you feel about FireEye's fakenet tool, if you've used it? Thanks again for a great video.
yes, inetsim does contain a DNS server, there's no real difference in using either. accept-all-ips is an alias to intercept all traffic destined for IP addresses.
Thanks for great video.
Hey Colin!
Quick question: how much ram do you dedicate to your Virtual machines?
I usually leave the default config, which I think is 2GB. I've never had cause to increase it tbh.
Colin Hardy Thanks for the answer, for some reason your Virtual machines looks like its running a lot smoother than mine.
oh really? I use a MacBook Pro with 8GB RAM as the host, I find VMWare Fusion on the Mac's pretty slick...what are you running?
Colin Hardy im running a desktop with 16gb ram a gtx 970 and an i7 7700 and i use Vmware Workstation Pro for my Virtual machines.
Kjelle Have seen the same issue in PCs, windows VMs. In order to avoid freezes I have to use at least 4gb ram for the VM, and even with that the SIFT vm freezes, do you know why that happens?
1:52 How would I imitate this on VirtualBox?
What about flareVM?
Hey colin, in forensics how would capture the network traffic of the infected machine. I.e the clients laptop is infected. The laptop obviously wont be connected to the internet, but will need to capture the network traffic. Basically simulating what your doing in vmware but instead doing it on the actual infected machine and using another laptop as the lab machine. A forensic image e01 of the laptop can be taken/converted to vmdk and be used in vmware but thats a long process. Any thoughts?
if you're dealing with an actual infected device it's probably best to take a RAM image and analyse the process / network based activity using Volatility, or similar.
Colin - when I start wireshark in remnux, no interface appears. When I run using sudo, eth0 appears. How can I get wireshark to run without using su?
sorry, not sure tbh. remnux up to date?
This is great. The only hiccup is that your lab setup was on VirtualBox and this is VMWare. Settings are a bit different and I can't figure it out. And how do you put Burpe Suite on Windows?
Burp has a native windows binary...
Nice video, Colin
thank you :)
still work, thank you!
Very informative! Thanks!
Welcome.
How about Fiddler?
John Kasaki I like Fiddler too. Just not my preferred option
Awsome!
🙏
Love your videos, but you speak to fast, i get lost sometimes :/
its an evil ploy to make people watch my videos more than once and increase my view count. muhahahaha. :)
Colin Hardy hahaha best reply ever!
Hahaha, my only solution, download the video and play it slowly -.-
Haha....you nailed it mate!
I really like all your videos which underline your grand capacity and competence to handle all this stuff in a way that one can theoretically follow and understand.
However, you are talking so incredibly fast pushing through things in 15 mins which "normally" would take at least 30 min, in fact so fast as though you were running away from someone behind you trying to shoot you from a short distance.
Life and also reverse-engineering malware is not about speed - it is about coming to the right conclusions by the right means. Especially if you want to not only show people how brilliant you are but also if you want to make them learn and follow your way of handling things.
Thus, my personal wish is that you try to rev down the speed of your talking a bit for the sake of better understandability and ability to follow your every single step in order to be able to learn.
Thank you very much.
Thanks for taking the time to post such a detailed comment.
My channel aims to appeal to those with capabilities ranging from beginner through to advanced and as such the nature of my content does vary. I will say that this video was posted nearly 3 years ago and in that time I have posted many videos covering a wide range of tools, tactics, techniques and analysis of samples which having varying pace and complexity, so I'm confident you will find other interesting content which resonates with the way you consume information.
Also, please note, my aim is to not speed through any topic and leave people behind. I take pride in explaining topics in a clear, concise way which also doesn't dive into too much unnecessary detail; but if you ever feel like you want something further explaining or want to chat more, my twitter DMs are always open and I openly advertise an AMA via email.
Thanks again for the feedback, hope you enjoy my other content also.
Hello, Colin,
I absolutely appreciate the way you are showing up ways and solutions in your videos. However, the only drawback for me personally is the speed of your speech. Often I need to pause the video to rethink what you just said before you speeded to the next issue. Since one sentence is very important for the next one, I want to make sure to get the entire context to my brain and not "overread or overhear" something important for the context.
I know how it is: Once you are so deep into a subject matter, you start to spread your thoughts with massive speed since everything is so clear to you. Becoming older, I have reversed my own speed of talking to a slower pace again as I have realized that people were both fascinated by the depth of my knowledge and overwhelmed by what I was saying / lecturing / teaching so that in the end, most of them only realized the distance of their to my knowledge.
Yes, sometimes it is hard to follow, maybe only for me ...
For the rest: please to continue to deliver these exciting videos.
Excellent video. Thank you.
np