Finished it! This was literally the first room I completed. Ran into a few hurdles, had to redownload the remote ability, use a new account when logging into the remote desktop (using the cred's provided by THM), and then found the files and did the do. Your step by step video really helped and I like the way you deviated from what THM originally said to do to find the name of the folder, and instead just reverse engineered the file, instead of running the file. Smart. You're legend, bruv! Now, just 23 more rooms to complete, eh >_
This was a great video. Initially, this challenge rather stumped me and I was having trouble focusing on it. Halfway through your video, it started making sense, and I managed to get through it on my own. In the end I actually starting enjoying this! All in all, you made a huge difference in this challenge for me.
Wow, I don't often write comments, but you explained this so well that even as a non-programmer I was able to follow along. And thanks for the kill switch :D
Wow. Yeah, I'm downloaded this vid and will walk through it very slowly, while taking notes! Glad to see you're rocking out bro! At some point, we will work together. Definitely looking forward to it.
tbh, i hate reverse engineering until i watch your video. still I wouldn't say I love reverse engineering or malware analysis, but its not bad. your teaching is so good. would try to learn some lessons from your videos in the future (not necessarily malware analysis, but anything).
Hi Marcus, thank you for your great explanation! I appreciate that you don't just read the challenge, but showing examples, reformulate and elaborate. Nevertheless, I am not sure to understand fully the malware's workflow. Please correct me: "Form1()" calls "InitializeComponent()". Then I guess it calls "Form1_Load()" with this line: "base.Load += new System.EventHandler(Form1_Load);" Next, you said that "timer1.Start()" calls "timer1_Tick" and then "DownloadAndExecuteFile()". The second file (explorer.exe) is directly executed with "Process.Start(text);" because "webClient.DownloadFile" is synchronous.
Yooo!!!....you're "the Marcus"??😅 I've literally just gone through your story man.........with Vinny, Kryptos, MalwareTech, Tarah Wheeler, LA and off course Wikipedia :) How are you so calm man?😂😭❤
You can learn so much with this kind of explanation and voice. lol.
The man the myth the legend Mr. Hutchins is back. Yo legend how you doing.
Finished it! This was literally the first room I completed. Ran into a few hurdles, had to redownload the remote ability, use a new account when logging into the remote desktop (using the cred's provided by THM), and then found the files and did the do. Your step by step video really helped and I like the way you deviated from what THM originally said to do to find the name of the folder, and instead just reverse engineered the file, instead of running the file. Smart. You're legend, bruv! Now, just 23 more rooms to complete, eh >_
This is super awesome, and I am always trying to learn reversing. CHEF WUZ HERE!
Amazing! Perhaps the best video in the advent so far.
Very clear about what/why you are doing things without going into the weeds.
This was a great video. Initially, this challenge rather stumped me and I was having trouble focusing on it. Halfway through your video, it started making sense, and I managed to get through it on my own. In the end I actually starting enjoying this! All in all, you made a huge difference in this challenge for me.
I've been appreciative of everyone that has contributed to this event, but today I will admit is extra. Thank you for contributing, Marcus!
One of the best and most clear explanations of such an advance topic. Thank you so much!
Wow, I don't often write comments, but you explained this so well that even as a non-programmer I was able to follow along. And thanks for the kill switch :D
Kudos brother ! It's always amazing to see you mate 🎃 Merry Christmas though :)
Thanks for explaining every piece of code and the architecture of the different files in simple language. I really appreciate it, bro! ❤❤❤❤
Wow. Yeah, I'm downloaded this vid and will walk through it very slowly, while taking notes! Glad to see you're rocking out bro! At some point, we will work together. Definitely looking forward to it.
Thank you for doing the Walkthrough!! 😊Happy to see you here!
tbh, i hate reverse engineering until i watch your video.
still I wouldn't say I love reverse engineering or malware analysis, but its not bad.
your teaching is so good. would try to learn some lessons from your videos in the future (not necessarily malware analysis, but anything).
Let's go the guy is back🔥🙌🏾🙌🏾
😮Another great video 🙌
Great tutorial! Merry Christmas🎄
Great video Marcus! Thank you.
Wonderful as always my guy
great detailed video, Thanks for sharing. enjoyed and learn a lot
That was a really nice explanation! Thank you!
Great tutorial, thanks!
merry christmas and happy New Year😃
Thanks for explaining this. Really interesting!
Great Explanation! Thanks man
Great explanation and thanx for sharing
Very good! Many thanks 👍🎄
great explanation! thanks
First!!! Thnx For the Video 👍👍
Thank you for sharing!!
Oh,its the guy who saved the internet
Thanks for this. Could you talk about the difference between stripped and non-stripped binaries and how it makes a difference?
bestt!!!
Thank you so much
Hi Marcus,
thank you for your great explanation! I appreciate that you don't just read the challenge, but showing examples, reformulate and elaborate.
Nevertheless, I am not sure to understand fully the malware's workflow.
Please correct me:
"Form1()" calls "InitializeComponent()". Then I guess it calls "Form1_Load()" with this line: "base.Load += new System.EventHandler(Form1_Load);" Next, you said that "timer1.Start()" calls "timer1_Tick" and then "DownloadAndExecuteFile()". The second file (explorer.exe) is directly executed with "Process.Start(text);" because "webClient.DownloadFile" is synchronous.
Yooo!!!....you're "the Marcus"??😅
I've literally just gone through your story man.........with Vinny, Kryptos, MalwareTech, Tarah Wheeler, LA and off course Wikipedia :)
How are you so calm man?😂😭❤
When I click connect, it says connection failed, attempting to connect to the open VPN. Attempted it several times and it doesn't want to connect.
Had to regenerate the config file and used a "port" or something closer to my base country, so it then worked.
yessssssssssss
what do you guys rate this room 1/10 on difficulty, i strugggleddd...