They Say This Malware is INSANE
ฝัง
- เผยแพร่เมื่อ 3 ต.ค. 2024
- jh.live/htb-sh... || Join Hack The Box to solve Sherlock tasks just like this one! jh.live/htb-sh...
Learn Cybersecurity - Name Your Price Training with John Hammond: nameyourpricet...
Learn Coding: jh.live/codecr...
Don't listen to other "influencer" VPN crap -- host YOUR OWN: jh.live/openvpn
WATCH MORE:
Dark Web & Cybercrime Investigations: • Tracking Cybercrime on...
Malware & Hacker Tradecraft: • Malware Analysis & Thr...
📧JOIN MY NEWSLETTER ➡ jh.live/email
🙏SUPPORT THE CHANNEL ➡ jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ jh.live/twitter ↔ jh.live/linkedin ↔ jh.live/discord ↔ jh.live/instagram ↔ jh.live/tiktok
💥 SEND ME MALWARE ➡ jh.live/malware
🔥TH-cam ALGORITHM ➡ Like, Comment, & Subscribe!
![ลองสั่งของจากแอพ temu ถูกจริงหรอ?? ( part : 1/2 ) [โกงไหมครับ ep.89 ] | DOM](http://i.ytimg.com/vi/RTcZSQTiDZw/mqdefault.jpg)
![The Wall Song ร้องข้ามกำแพง | EP.213 | กรีน อัษฎาพร | 3 ต.ค. 67 [1/5]](http://i.ytimg.com/vi/3KrlLbCsadI/mqdefault.jpg)
the word "kindly" is like a dog whistle to me lol
It's sooo interesting to watch these kind of videos where you reviewing the source code and see how malwares behave on infected hosts
the clue is in the wording "... we _kindly_ request..."
Lol the real clue is in the fact that your IT team would not / should not email an executable out to users to execute - this would be scripted or deployed via other means.
You'd think anyone with the technical know-how to run JS files would also find the request to run one from IT highly suspicious.
in windows it is just a simple double click or "run". it doesnt require any skill
@@northholdgames8596 ah fair play, I didnt know that
@@northholdgames8596 he's saying that it's bizarre that someone fell for one of the most common and obvious "hey, run this file, it's totally safe!" phishing schemes to ever exist without even a single thought of double-checking anything. it's like getting a text from a random unaffiliated scammers number that says "it's me, your mom. send me $500, it's urgent!" while sitting a room away from your mom and still sending the scammer $500 anyways
This is probably the first in-depth digital forensics video I've sat around and watched, and honestly...thanks! I learned a helluva lot, and I'll be experimenting with those debug tools myself... (once I have a stronger foundation in assembly, mind you.)
Great education here digging into IDA. I'm just getting into this field and this is very helpful to see your process, thank you!
Neat video. Yes. Yes you loose nerd cred for not knowing LoTR.
"loosing a little bit of street cred" ? With a lot of luck there is a little bit left thanks to you at least recognising it as lotr.
Thanks for taking us with you at this journey there and back again.
Is this a 57 minute commercial? Been to many of those lately, and I don’t want to waste my time.
Yes. For HackTheBox
I mean... it's a commercial showing HTB's sherlock exercises, but the "how it's solved" is great learning info regardless of the original source
@@TotesCraycoolest username ever, well done. Must have used freon.
I'm probably gonna try this box with your guide, thanks as always John
Even though I could see the info on screen, I was still w8ing for John to say LTT. 😂😝
Seems someone is a Lord of the Rings fan lol. Finding Middle-Earth, bringing the god of everything Eru and then using the Palantir to get into Gondor haha!
windows pro includes a secure isolated ephemeral VM, it's called Sandbox. it's awesome for testing things. Also a good tip if using VMs is to take snapshots between steps, just in case ... lol.
35:46 it's reading the resource table on the .dll, not the .exe that's probably why the entropy was meh in the .exe resourrces
awesome work man
Nice channel, love learning from you
Wow. Learnt a lot today. Thanks john
Not too bad at all. The insane rating was about right if you've never done this before. Be prepared for layers of obfuscation (in the scripting parts) in real malware, just to frustrate even more. Nice to see this test also having an encrypted part to extract.
Nicely done - I didn't know IDA Free had a debugger. I don't do much RE, I guess.
Another john hammond classic
Pretty cool demo, thank you. That was rated insane? Some sites I think would honestly rate that as Medium out of easy, medium, hard. Not all CTF sites are the same I guess.
If we weren't already aware, the "WinHTTP" autofill in IDA shows you've prepared this walkthrough which is fine, but I for one would find exponentially more value in the footage of you when you're first running through it. Because to see how you go about figuring shit out when things don't work as you would expect them to would be a lot more informative imo.
Yes and no. John does some things live and you get to see him go through problems in real time.
For a video like this, that style of video would be impractical.
@@IJH-Music You'll never see his first go at a box, even the "live" shit is scripted (or at least outlined). I don't care if it took 6 hours instead of less than 1, if you can show me HOW TO FIGURE OUT how to figure out the unknowns, this would be greatly more valuable than showing me how to complete a challenge. But for the same reason the crowd boos when the fight is painstakingly being grappled on the ground, youtubers will forever be playing the youtube game more than providing truly meaningful information at the advanced levels.
Great video John! Love these reverse engineering videos
Nerd cred would be to read Lord of the Rings, not just watch the movies.
W PowerShell investigation
Hey John, let's get OSEE+ right the flipp now
They ?
They 😳
Why dont as many of the malware coming out have vm evasion like how it spiked a few years ago? Or is it just that it's easier now to disguise a vm now?
If chat gpt is capable and can be used to learn this obfuscated code?
So what happened at the end? Did you encrypt your VM or something else?
Nah, the encryption only acts on a few folders and a few filetypes within those folders so it's mostly benign. See 41:33
@@74Gee So those were encrypted, for an average user, if it happened in their real computer, pretty much everything they have there. Riight LOL
And so I have a clone of my OSs and data backed up multiple times elsewhere. That the ransomware transfers some of my data to the dark web, I won't be able to fix that. Just I will be one of millions other folks out there. A drop in an ocean. My data already is out there, from various hacks of databases...
13:54: 'Mining bitcoin cash" -?
hi John, I'm getting into malware analysis, is it enough to just boot up a VM then run malware inside it ? cause I read there're types of malware that could escape and infect the host machine, given that I'm doing both static & dynamic analysis
Hey although it isn't impossible for malware to escape a VM it's highly unlikely, if your doing a lot of analysis maybe have separate hardware and network segregation just to make sure 😁
Who is they? What does INSANE mean? Could we tone down the hyperbole?
Watch the video and find out
They is HTB, Insane is the difficulty rating.
Also welcome to TH-cam.
Man's gotta play the youtube game. Chill.
Everybody asks "who is they?!" but no one asks "how is they?"
how am i here so fast
does this sherlock challenge retired?
No
Maybe
lee epik
❤❤❤❤❤❤❤