Detect Hackers & Malware on your Computer (literally for free)
ฝัง
- เผยแพร่เมื่อ 9 ต.ค. 2023
- jh.live/soc || Join me for the SOC Analyst Appreciation Day! A completely FREE event on October 18th by DEVO! jh.live/soc
Free Cybersecurity Education and Ethical Hacking with John Hammond
📧 JOIN MY NEWSLETTER ➡ jh.live/email
🙏 SUPPORT THE CHANNEL ➡ jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ jh.live/sponsor
🌎 FOLLOW ME EVERYWHERE ➡ jh.live/twitter ↔ jh.live/linkedin ↔ jh.live/discord ↔ jh.live/instagram ↔ jh.live/tiktok
💥 SEND ME MALWARE ➡ jh.live/malware
🔥 TH-cam ALGORITHM ➡ Like, Comment, & Subscribe!
Step 1: Download and execute a binary from a random website I've never heard of. xD
best way to not get hacked is to live in the woods without any technology
What if there is a psycho there with an axe??
@@Hid4riYou GAZA the Psycho
@@Hid4ri lol physiclly "hacked"
@@franklinndubuisi7479who's that?
@@franklinndubuisi7479don't get it sorry dude, I was only making a joke because in the woods you may come across a crazy person who is looking to "hack" with his axe. I'm sorry 😢
A word of advice: Be careful who you trust. Even a software promising your security can be a disguised bad actor. (Not saying aurora is one of those!)
But it very well could be, who knows what they collect and store. Trust no one.
And as soon as it becomes popular it switches to a paid for model. These always go that way. Get some big security people to promote it, then flip and remove the free version and charge. Would like to see more open source stuff and not promo stuff.
exactly what i thought.
@@TheStevenWhitingthat's exactly what I also want
@@TheStevenWhitingCybersecurity used to be a place for computer nerds, now it's filled with Machiavellian sell outs trying to make a quick buck. But if you really care about a project like this being open source, then you should start the project yourself. If it gets enough momentum, I'd probably do bug bounties for it as volunteer work.
Bruh John's icon sizes getting progressively bigger in every video like the sheriff's hat in scary movie is killing me
Probably holding that CTRL key too long when hyperactive scrolling through windows. :D
Great stuff! Thank you! I am very excited about your idea to have more content exploring Aurora EDR. Can't wait 🙂
Ah! Thank you for this. This won you a subscription from me because this is a great way for me to dive deeper into cyber security and discover more. I appreciate this. New student of Cybersecurity Technician so this will be of incredible use.
Thank you, John, for sharing content like this with us.
Hey just want to say thank you for taking the time and going step by step on not just this but how to open a zip file ,us noobs gotta start somewhere, thanks again 😊
Great Job I absolutely love it I already have something flagged that antivirus did not flag and I think this is one of the ways to get familiar with how ones system works even from a beginners level of understanding.
love it as always. would love to see more along this path!
Looks interesting but my first thoughts are that the plain text yml based signatures are vulnerable, they should be locked in an encrypted vault, otherwise an attacker can just change the rules before running their attack on a machine and then ta da no alert pops up.
You can prolly make a rule to detect the rules manipulations I guess
You always find the coolest tools and resources! Awesome stuff, John, as always!
Amazing content always John! Thank you!
loved this one!! always great education, and inspirational! keep it up!
Very interesting topic, would love to see more series about it. Like & Subscribed!
I love this! please do more, thank you!
nice work john...love all the way from Kenya
Hi John, thank you for sharing this. I was actually setting up wazuh through another great video you made. Essentially are they the same except wazuh does give you central management?
Thank you SOC Analysts!
Thanks for very useful content. Very interesting for every Cyber Security Specialist.
"it's not a matter of if, but when." ancient cybersecurity proverb.
Would love to know more about the sigma rules and how to create custom ones
Thanks for the video, this tool is certainly one I'll look into more deeply
Interview reply from employer when I inquired about expectations: "No incidents." I almost popped off, "How do you know you aren't in one now?" heh
There are two psychology thought experiments to try on prospective employees, one is the Gift Scenario, and the other is the Meadow Scenario. But the bottom line is, threats not perceived or expected result in different behaviour than otherwise. Good perception, leads to mitigating behaviour, before threat vectors resolve. All intelligence assets undergo such training, perhaps IT security personnel should also be taught to think in similar ways. Expect threats, when there are none. Just because none is detected, does not mean it is not there. This also applies to industrial maintenance, inspection, police work, intelligence, public works, and actuarial work.
It's quite confusing to determine the number of EDR/SIEM/SOAR tools available, as there are numerous options such as Splunk, Aurora, Corelight, Zeek, MS Sentinel, Snort, Wireshark, Datadog, Graylog, Security Onion, ELK, LogRhythm, and Google Chronicle. As a beginner, it can be overwhelming to choose the right tool. Can someone please explain the differences between these tools and offer guidance on which one I should focus on?
Focus on your company that already have, or in budget.
Choosing the right security tool can indeed be overwhelming, especially with such a diverse landscape! Understanding the differences between EDR, SIEM, SOAR, and specific tools like the ones you mentioned is crucial for making an informed decision. Let's break it down:
Types of Tools:
EDR (Endpoint Detection and Response): These tools focus on protecting endpoints (laptops, servers) from malware, exploits, and intrusions. They monitor endpoint activity, detect anomalies, and enable incident response. Examples: Crowdstrike Falcon Insight, McAfee Endpoint Security, SentinelOne.
SIEM (Security Information and Event Management): SIEM tools aggregate security data from various sources (firewalls, logs, servers) to provide a unified view of security events. They help with log analysis, threat detection, and compliance. Examples: Splunk, ArcSight, LogRhythm.
SOAR (Security Orchestration, Automation and Response): SOAR tools automate repetitive security tasks like incident ticketing, remediation workflows, and playbook execution. They integrate with other security tools to streamline incident response. Examples: Demisto, Palo Alto Cortex XSOAR, Rapid7 Nexpose.
Understanding the Differences:
EDR is focused on endpoints, while SIEM has a broader scope, covering all security data.
SIEM provides visibility, while EDR offers deeper analysis and response capabilities for endpoints.
SOAR automates tasks based on SIEM and EDR data, streamlining incident response.
Choosing the Right Tool:
Consider your needs: What are your main security concerns? Do you need endpoint protection, centralized event management, or automated response?
Evaluate your budget: Tools vary in pricing and complexity. Choose one that fits your budget and skillset.
Start small: Don't try to implement everything at once. Begin with a core tool (e.g., EDR for endpoint protection) and expand later.
Research and compare: Look for independent reviews, test demos, and compare features before making a decision.
Specific Tools:
Splunk: SIEM platform with advanced analytics and reporting capabilities.
Aurora: Open-source SIEM platform known for its flexibility and customization.
Corelight: Open-source network traffic analysis tool for intrusion detection.
Zeek: Another open-source network traffic analysis tool with strong threat detection capabilities.
MS Sentinel: Cloud-based SIEM and SOAR solution from Microsoft.
Snort: Open-source network intrusion detection and prevention system.
Wireshark: Network traffic analyzer for troubleshooting and security investigations.
Datadog: Cloud-based monitoring platform with security features.
Graylog: Open-source SIEM platform with a user-friendly interface.
Security Onion: Open-source security suite with various security tools.
ELK Stack: Open-source stack combining Elasticsearch, Logstash, and Kibana for log analysis and visualization.
LogRhythm: SIEM platform with built-in SOAR capabilities.
Google Chronicle: Cloud-based SIEM and SOAR solution from Google.
For beginners:
Start with a free or open-source tool: Many excellent options are available like Corelight, Zeek, Security Onion, ELK Stack.
Focus on learning the fundamentals: Understand the concepts of EDR, SIEM, and SOAR before diving into specific tools.
Seek help from the community: Join online forums and communities to learn from other security professionals.
Remember, the best tool is the one that fits your specific needs and budget. Take your time, research, and don't hesitate to ask for help.
Both question and answer was brought to you by ChatGPT 😅
@@CYBERSECURITY.101 okay, AI
how about asking yourself if you need any of them? they are for sysadmin or for a corporate segment. In that case it might be wise to use what is already purchased, installed and working.
Otherwise, and especially for a private/small home network it's recommended to use standard security package included in your windows defender, like HIPS and similar utilities.
If you feel it's not enough, consider enhanced protection from Eset, or Kaspersky, or Comodo, or Zonealarm, or similar
Every software you install is increasing your attack surface. It would actually be better to show signs of malware infection rather than installing a magical black box to do it.
Unwatchable ads every 30 seconds.
Man, get the premium bro
John I think you're trying to appeal to the "average user" but the average user doesn't have the technical knowledge for this stuff. I didn't realize until scrolling through the comments how many people outside the industry are watching these videos. People in the industry know you're a legend and take you seriously. Alot of your viewers right now dont even know who you are. I'm honestly not sure how they found this video. They probably got a virus and searched "how to know if i got hacked" lol. Anyways, you're great. So is the content. We appreciate it! Keep it up!
IMO I think as John's audience grows, more and more people are joining (watching) for reasons other than the "core" of his channel's message/content. From day one, his content has been on focusing on Red/Blue Team day-to-day with some videos being very technically detailed while others (his most popular, ironically) are John installing TOR and trolling the *Dark Web.* If you look at John's video catalog you can see the spectrum from Skiddie to Malware Analyst/Engineer and everything in between. Rather than people criticizing John's content for it not being "double-clicking on the .exe file and selecting Accept, Next, Next, Finish" they should challenge themselves, step up their game and possibly learn something, gain a little insight and experience.
Funnily enough that's roughly how I found John's channel 2 years ago! Now working in IT and doing a degree in Cyber Security, so it worked out ok for me.
After so many years of following John I start to feel like I’m just watching ad videos for companies idk
Yep
So we need a dashboard for every endpoint? I don't fully understand what is the use case for Aurora, I find it very impractical bc it's zero scalable.. or is it for specific IR investigations?
Or maybe a sandbox malware analysis VM could be a very valuable tool
It was mainly created for analysts. Scaling could be done via the --udp-target/--tcp-target flag with the events being sent to a SIEM
"Security" guy....
"...fine, you can take my cookies..."
"...enter your [real] email here..."
"...here's a way to check the [file] integrity..." (Fails to show HOW)
"...and just open this zip..." (without checking it)
LOL!
+ firefox with all the ads included, and no indication of ublock origin, no script and other useful extensions or hardening
EULA? nah, just click check box and continue,
"Johnh" looks like an everyday-used admin account
The day I get infected and I am looking for something to remove the malware this video comes out and I find out about it to late this is why y’all need to turn notifications on!!!
Notifications don't mean a damn thing when you're subscribed to dozens of channels.
@@lumikarhu Not true actually, Aurora has response actions, although limited in the Lite version.
in order to be able to make a meaningful response action, the utility should be host-based
Most of famous software companies are in fact selling user data to aggregators. I know this because I bought these when I worked in a famous consulting co😢😅
bro can you do a video on sumologic siem tool which is advance ai baesd cloud siem enterprise it whould be usefull for next gen fellows , in sumologic also we use sigma rules to detect attack vectors
hi John can you share a content about VOLATILITY TOO? PLEASE
Can it be out on routers or other network devices or is it only on end user devices?
Reinstalling windows from a USB drive to an NVME drive literally takes 5minutes. No internet connection. All worry free. Also, reinstalling windows could reset some program trials for you (if they're not connected to social media account)
Hello, I'm from Brazil, your channel for me is a reference on the subject of cybersecurity
I´m from Brazil too, can you explain to me what this is all about ? I´m a completely noob
Block all incoming connections at firewall built in setting with some exception rules. Plus VPN and DNS leak tweak at regedit you should be gold.
With Windows 10 and above you'd have to start with zero trust, blocking both out and in, so each connection can be verified and researched. My local systems (both Linux and Windows) have run like that for more than 10 years.
indeed the most of the job is done by properly configured firewall.
the rest of the job is done by properly configured HIPS utility
and you might want to get an antivirus just for your convenience , to help you make a right decision
secure DNS with or witthout filters to avoid phishing,
other stuff like ublock origin are for a better protection and mostly for convenience
With so many tools & tech, do you think reviewing so many would eventually have a negative impact on the I.T community? Deluding the pool of options so great that paralysis by analysis inevitably sets in. I find myself overwhelmed with tools when coming to your page.
Maybe IT isn't for you then? Tech is always advancing so it's always changing, ya gotta keep up or else YOU become irrelevant.. feel me?
I can see an opportunity for someone to write a little beautiful soup that skims the LOLbins and generates sigma files on the fly as new attack vectors are published.
Yes Yes Yes !! Thanks for the idea, If I can manage to it (I’m ChemE not software lol) I’ll even give you cut 😂
thank you John for sharing This software
I hate that i have to give my personal information to download it... Not worth it.
My internal sigma rule detects adware.
In the past when I had my computer....I confuse whether my computer hacked or administrated..... because I didn't know what standard computer system is...a few years ago I noticed several an official from police force went to US for learning about what is the standard computer system is...
Too complicated for the general public including me but thanks for bringing this to our attention.
This video isnt for the general public lol
I think John said something about "Blue Team Professionals" or aspiring Blue Team Pros? This must be your first John Hammond video...? Oh, and the CLI isn't scary once you've worked with it for a while, give it a shot.
Funny how i lived in the command line for 35 years, and people today are just discovering it. Thank God for gui's, eh? 😂
@@OGMann wow you are so cool. You want a medal?
@@wooshbait36 we'd be just fine without one if you'd kindly step off the lawn.
Interesting. Thanks for sharing!
Thanks John...👍
This is awesome!
Great video!
Question, does this work over the network? Or just the local machine?
Great Video 👌🏾
A little bit of click bait and knowledge not simplified for the public viewers who is really trying to find solutions. But great work from the ones who understands.
is it actually Cisco using TCP? and how do we confirm that it is, maybe it's one of the unassigned UDP ports.
Thanks John. Was this a paid presentation?
Why do they have to ask for my email??
JH, Thnx _____ Great Video as well
The jump scare when this came on after a softly spoken Tib3rius video
really and I thought all i had to do was design a second air gapped unix that snoops all the busses and lan
That is a way, but these days you can use a hyper efficient client for that, running from read-only storage on an IP-less system.
Hey!
How do hackers make it look like I’m using Facebook and dating apps/sites on my phone if I don’t have any of those ?
Great Information
Video is all about getting hacked... clicks accept on cookies prompt without an ounce of care.
"Sometimes it misses..." Lols! Deliberately even! 😝
Could this be done with a complete copy of a device or through data?
Would be interesting to try, but they don't seem to have any Linux support as far as I can tell :(
:(
why
anything like this for Mac?
Not sure what I'm doing wrong but I can't access aurora in the terminal. So it won't let me run the scripts. Any help is appreciated
What if you bought a laptop / Desktop from eBay with windows already installed ? How can I check that they haven't installed a key logger or Malware etc ? I bought a laptop and moved the 1TB M2 Drive onto the 2nd drive and not primary drive. My primary drive is 512gb has a Dual boot Ubuntu / Win11 but I want to use the 1TB M2 drive but don't want to add my personal details till Im sure it's clean. Thanks
No matter how thoroughly you "clean" it you won't ever be 110% sure,. So it's ALWAYS best to wipe it and clean install an OS on it. PEACE
is there an open source software that do stuff like aurora agent? the free version very lack feature and I could add the feature I need my self but it is not open source
To be fair, if someone preaches this to me I feel like it’s gonna probe my stuff regardless. I’ll look into it 😂.
Specially when its this guy saying that stuff
@@Sloptit Yeah. It's a product push. TRUST ME I AM- . No one's taking that away from him but come on this is an advertisement video. No you can't have my data.
Pretty much the same vibes here, especially when delivered by some guy who feels like he is on uppers or speed. I learned in my work to never fully trust people with that kind of energy.
@@KieSeyHow Yeah
its literally John Hammond. Dudes a legend. You must not be in the CyberSecurity field lol. @@KieSeyHow
Running windows and talking about detecting malware on your computer. :D
They need to add the ---board command just for the sake of it.
Kudos... that one -ed right over my head
How it works the MUI of Xiaomi un Android? Are they embebed sistems?
Love it!!!!!!!!!!!
Powerful tool !
Can you Show a Linux Solution?
it's like the saying goes "if it's free then YOUR THE PRODUCT"
Tried to download the license file from the link in the email, but getting a PR_END_OF_FILE_ERROR. could not access my license file.
ufffffff i got that same situation.
@@bartomiejb6730 Could you make sure that you're using an up-to-date browser? Which version of Firefox do you use?
Same - but its working now.
@@kimpedersen
Thank for sharing an update.
Will retry this evening 👍
What about protecting your privacy rights against Pegasus spyware on iOS?
Thks..
Thanks John
Wouldn't Wazuh be able to do all this too?
What is the difference between this and thor can you help me understand please?
Hi John, downloaded Aurora run it but damn Kaspersky keeps deleting the files
Noob here. Why do this instead of your av system off the shelf? What’s the benefit?
Just tried to download free Aurora. No go. Never got the verification email.
So, it's basically like Snort, right?
I just got an ads playing from you ... while watching this video 😂
*Edit TWICE
Best macOS equivalent?
Subbed!
I saw it was you and was bamboozled by the comments. Surprised you arent a bit more popular
is there no log of commands somewhere in windows?
Is there a rule in there or is there a similar software for mail spam detection, more specifically who is sending it and from where, not the physical adresses because you don't want me driving off with my baseballbat and paying them a visit (because I will), but the IP adresses, websites and stuff that can be reported to real cyberpolice and security sites and blocked, indefinitely
For that you need viable access to the mail server you are using (local admin). Yes, there are modules for most servers for that, but you need to be running your own. Why bother? Just get one in the cloud that has 99.9% of the maintenance done for you, and many allow remote admin, and the ability to add modules or plugins.
@@KieSeyHow becque they are not working, I keep getting more and more spam and It keeps me zorking 24/7 reporting them, blocking them, checking for adware; scanning for viruses...I don't wanna put in work after my actual work: I just want to relax, check my mail and game, but those pesky scammers are killing my vibe
Does aurora detect man in the middle attacks ?
I'm more interested in blue teaming, but...need to know red team stuff to be able to do so. Sooooo purple team for the win?😎
It's called the "Attacker-Defender Mindset" in other arenas. It never hurts to know the motivations and techniques of the adversary.
@@xCheddarB0b42x That's what I mean.😒😑
Same! I am interested in both but dont know which path i should go first!
When I ran the script I never got a warning from aurora what does that mean in?
Buying softwares norton and more have been brutal
on this business our mantra is : "there are NO invulnerable systems, only hard to crack"
It is mind boggling that the port 1900 and dns grouping is commonly turned on, it is simply reckless.
That's all too easy, there will be adolescent wearing an "anonymous" style mask sitting in my chair.
Can I use this for Android phone and tablet ?