Information Stealer - Malware Analysis (PowerShell to .NET)
ฝัง
- เผยแพร่เมื่อ 8 มิ.ย. 2021
- If you would like to support the channel and I, check out Kite! Kite is a coding assistant that helps you code faster, on any IDE offer smart completions and documentation. www.kite.com/get-kite/?... (disclaimer, affiliate link) Come play the June 22nd GuidePoint Security CTF! www.guidepointsecurity.com/re...
For more content, subscribe on Twitch! / johnhammond010
If you would like to support me, please like, comment & subscribe, and check me out on Patreon: / johnhammond010
PayPal: paypal.me/johnhammond010
E-mail: johnhammond010@gmail.com
Discord: johnhammond.org/discord
Twitter: / _johnhammond
GitHub: github.com/JohnHammond
finally some malware analysis
yes Im so excited, i am a system admin in my day, and I wouldn't change that for almost anything, malware analysis would be one of those things
a' s' s' comm
Thank you for this, John. My EDR detected this at a client’s endpoint. Thanks for your help.
Love it!!!! It's nice to see the methodology in real time and to see some of the tools I practice with in action.
Awsome Video, watched alot of your work and the indepth explaination (which i'm sure you do often) was particularly helpful in explaining, to a novice like me, your process and thinking on this one. Love the content 👍
Great content, awesome presentation had a blast watching the video - Thanks John!
Thanks mate, I really appreciate your work and how you do it!
Thanks for the dive into it. please do more!
When you were trying the login page, it wasn't 'login?' it was '/j/login?' the subdirectory you missed was probably important :)
damn so easy to miss something out.
Yeah, this version called Jupyter so its /j/login John should have tried /m/login because his version was called Mars. No Dirbuster needed :D
FINALLY, Some good malware videos
Great content love these videos!
Kudos to Lenny for developing Remnux to enable malware profiling.
thanks john, love the vids.
Yeah, outro music is dope!!! Nice analysis John! hope one day I'll reach some of your knowledge. Keep up!
Awesome as usual 😁👍
"NO! TAKE ME BACK, I DIDN'T MEAN IT!" 🤣🤣
That's why I love watching your videos
John is in full mood. Laughed really hard watching this. xD
There are people who grab knowledge and then there are people like John Hammond who share knowledge to grab knowledge and serve the community...
Waiting for the next video!
Great video! Thanks for the REMnux link :)
Great video. I enjoy your analysis of these programs. I am currently analyzing the happy99 worm.
The outro was some awesome !!
This is my first time following along. I was given a sha-256 hash to look up for a job application and it led to a newer version of yellow cockatoo. From what I see, it looks pretty similar to what is being reverse engineered here. When I do a trid on stage2.dll it identifies an executable but not a .net. I still tried to put it in ILSpy but I'm kind of lost. Anyone know if it doesn't show as .NET assembly in trid/file it won't work in ILSpy. Also, anyone have any good noob documentation for using ILSpycmd?
Doesn’t free Any Run only go for 60 seconds, so if the script takes longer, any run stops before it ends?
you can add 60 seconds at a time
You can add time but it maxes at 5 minutes I think
amazing
Just like in the movie/tv series "The Net": Look, a virus! Hmm, let's see what makes it tick :)
Loving this malware analysis. More, give me more!!!!......... please haha
I would absolutely run gobuster against that IP :) No questions asked.
Anyone in the info and sec field have any tips on what certs to try to have before finishing college. I am currently working towards my associates degree and have only 2 semesters left but plan on taking an extra semester. Within this extra semester I want to try and get a cert in a comp language but not really sure which one just yet. TIA!
So I have been trying to get into your discord, but it tells me that it can't be reached. So I am wondering if this is one of those test things to see if you can find the link hidden somewhere in the HTML and I kinda just want to verify that before I go digging around in John's website to try and find a hidden discord link.
That was 👏
👏👏👏👏👏👏👏
This hair cut suits you John, Keep it
Hey guys. Here before the premiere :)
ive been looking for hours but i really didnt find who tf asked !!
very instresting
Loving the new haircut :)
Hello john 🙋♂️!!! Big Fan... Stay Sweet...
Can you do malware analysis for the noEscape.exe
Nerd lore... LOL... I figured that Deimos was one of the moons of Mars from the gate lol. Thanks for another great video!
Wonder how many traffic watchers noticed encrypted traffic being sent through port 80 >.>
John it's time to write a PS beautifier!!
the youtube algorithm thing john told me to do!!
It works better if you add words from the title to the comment too... I AM HAX!
How to open all apps creation.
43:26 The descent into madness is nigh 👀😂.
You can add time up to 4-5 min for free in any run
Can a Student participate in the GuidePoint security Ctf because there is Input box for Job Title ?
Absolutely, you can put "Student" :) The game is open to anyone!
Okayy Thank you : )
Participating in ctf offer you jobs? 🤔🤔
@@_JohnHammond I'm still really green, I'm working on my net+, do you think I could pull something from it or not jump the gun
seems to be an index page for that ip now 🤔
Which Firefox extensions is he using? Anyone knows?
"What's happening computer 😑" 🤣
Why is so commom to see base64? Is there any advantage to encoded that way?
the main reason you see base64 a lot is its a common way to obfuscate ( make hard to read) code, as far as im aware, someone correct me if im wrong
hi John, Love your Channel. Can you do something about Stuxnet? Would be amazing!
why you dont use Kali?
Did you learn python3 or not? :D
Hi John mame🔥
Guys do you know? Is it illegal to run dirbuster on a foreign IP address? :D Just curious
Depends on your local jurisdiction
Canr 2+3+4?
Thank you
Where can I get this ps file?
Awesome malware analysis. It’s just a bit advance for me though 😅 could you do some more of this but for newbies? Awesome work as always 👏
I don't think it can be made for newbies as malwares usually try to hide their stuff to avoid being discovered even by people who know their stuff. Maybe learning powershell's basics and watching more of his videos would help you?
@@louisrobitaille5810 yeah I realized that as soon as I made the comment but didn’t want to delete it 😅 but yeah you’re right and I’m doing that
It's a me.. Brute force your I/O.
AnsiMF!!
Will Ass Comm be the new insider?
🤴🤴🤴🤴🤴🤴🤴🤴🤴🖤🖤🖤🖤
hello there
MORE MALAWARE
Cnn? files open master
At face value it looks like Romanians borrowed something Russian and modified it. Of course nothing about attribution should be regarded as that simple.
Tails ;) john sus
:D
d4.
f# ?
how does he reply to live chat even though he is not typing?
5:20 What does Basic from visual basic mean
im here to leverage natural language while sacrificing security for load balancing. dont mind me.
Seriously, how is he replying to chat while scripting. Is this pre recorded?
9:31 that was byte count for PII formatting?
Why is tamil usually language of choice for hacking tutorials?
i hope that this isn't your main machine...
Because one time i will be making malware specially for you to be fooled by... :p
(I subbed and hit that bell after your bat obfuscation video, so no worries)
Joker😂
Little better understanding for you are talking.
You're not factorization .
you have in the lod balance server files your not development there files comming.
On lod balance attending.
Hey John, you're not the only one, but also you have severe mic popping issues. It's terrible to listen to on a audio installation with a sub-woofer or headphones. Please adjust your mic and/or filter lower frequencies.
or a pop filter
didnt notice that running OTT, Highpass >128 hz with EqualizerAPO :)
Bufr funs ,satchrdatabase