I love the journey John goes on in these videos. From "HOW DO THEY KNOW IT'S NETWIRE??" to "Oh here's a super unique obfuscation key that's an obvious IOC and they literally create directories named 'Netwire'"
Thank you for doing more of these! They're my favorite type of videos by you. I know you love doing CTFs because you enjoy it. Don't quit either series. Just know people love this series too
Last week I dig into a .Net Assembly with some base64 encoded string in it. And thanks to the Videos of John I recognize the string and I know what to do with it.
The context of a request with curl is different, for example the user agent is different so the server would know the request didn’t came from a browser.
21:04 "I don't know why I'm asking, as if you can answer" well, I don't know why I'm answering, as if you can hear me. But that was still a bit small for me on my phone screen.
Love this content. I know precisely nothing about coding, but this really makes me want to pick it up - the logic is pretty straightforward to follow even though I couldn't replicate it, and it just looks like a really interesting puzzle.
Very nice video! One question. I am sharing data from REMnux to FLARE VM, but when I look at the paths, they are interacting like local data. How do you build such a lab environment? I am interested because I always use KVM to share files over a virtual network.
Browsing through LOLBAS and the possibilities alone in findstr make me wanna puke. And there is so much more available in the plethora of tools and binaries MS ships to their users in Windows ... and most of these things can be run under a simple User account, not even local admin or alike.
My community collection to click skills and tools 25 you explaining the videos I can I have in the purview handling in the file handling never to you want handling you should me your decision what my handling is why what's your opinion opinion pass for your reply place
To be honest, I'm surprised that you haven't tried using Windows Terminal + SSH to connect to your remnux box for these deobfuscation videos... That'd be pretty slick.
I just recently discovered CTF's and John your content is GOLD! i am trying to transition into Cyber security, thank you for all the work you are doing.
It makes since why it works fine in firefox but not with curl because according to cloudflare, error code 1010 means that the owner of the website has banned your access based on your browser's signature
Blindly search-replacing variable names is a VERY breakable thing. Imagine someone deliberately starting with a "Set aaabbbccc = myObject" , and using "aaabbbcccqqq" and "CustomObjectqqq" further down. You are going to mess up when someone starts doing that.
@@blinking_dodo it does though, I just tested in on my machine. Would you like a video? Go test it yourself. You can have it set to find 'ab' and it will find all or you can have exact match where it does care about only ab and not abc. But either way, even if he didnt use exact search the code would obviously stick out after the replaced text unless it was the exact amount of characters.
can't you just regex replace? I am no regex expert but something like w/word shouldn't that find the exact word and not if it is part of a word? you can do that in sublime, no?
Hey John Hammond, Can you please make a video on Configuring Ubuntu as a Lab? I was trying to setup Ubuntu-latest LTS version, but somehow when I install some git-software(specifically: portkali), the whole GUI crashes and boots only on Terminal. i tried different article to install GUI or boot into it, but no outcome. I maybe tried 4times for 3 days, but it didn't worked. Also, my Ubuntu navigation wasn't great, don't know, is it that I am not used to Ubuntu or just it's like that. But, yeah, hopefully you can help.
I love the journey John goes on in these videos. From "HOW DO THEY KNOW IT'S NETWIRE??" to "Oh here's a super unique obfuscation key that's an obvious IOC and they literally create directories named 'Netwire'"
John please do not ever stop doing this kind of videos. As a student i really love them, there super interesting, keep the great job!
I agree, these videos are super fascinating.
Ikr
I swear, I learn more on YT than in college
I appreciate the dark mode. I watch these videos on break during my night shift. LOL Great job with the content. Your dissections make it look easy.
Thank you for doing more of these! They're my favorite type of videos by you. I know you love doing CTFs because you enjoy it. Don't quit either series. Just know people love this series too
Thank you John for using dark mode. I've been called a vampire since I was 17 :)
Last week I dig into a .Net Assembly with some base64 encoded string in it. And thanks to the Videos of John I recognize the string and I know what to do with it.
31:40 I was getting worried that he wasnt going to upload the video
🤣🤣🤣
"dark mode for all you vampires that watch my content" 💀 am dead john 🤣🤣🤣 19:58 that gave me a good laugh and energy to finish this video 😂 soo good.
Fantastic video! Hope you continue this series
John, would you care to do a piece on firmware/UEFI malwares, their persistence and how to approach deobfuscation and/or removal?
4D 5A is the hex representation of 'MZ', the magic string at the start of a Windows executable file.
was super excited for this vid! great watch and more valuable info! thx john
Hi john hammond please do a analysis on xmrig miner software, it shows a lot of red flags in malware scan
thanks man. love this kind of vids
Cyber Chef would make your life easier at times lol.
Can't wait.
Why would something not respond to curl but to a browser ? 10:25 , didn't know that can happen.
The context of a request with curl is different, for example the user agent is different so the server would know the request didn’t came from a browser.
Hell yeah! Thanks John. Love your content!
21:04 "I don't know why I'm asking, as if you can answer" well, I don't know why I'm answering, as if you can hear me. But that was still a bit small for me on my phone screen.
Love this content. I know precisely nothing about coding, but this really makes me want to pick it up - the logic is pretty straightforward to follow even though I couldn't replicate it, and it just looks like a really interesting puzzle.
PATRICK LIKE "CODING"
PATRICK BE A "CODER," SPONGEBAHHB
Hi John, first time to this channel and so far your content is awesome! Wanted to know if there was a safe way for us to follow along with you.
Fantastic
hello jhon hammond could you make a vid on your ubuntu VM the settings you use and themes thank love ur vids
I love how happy and giddy you get when you figure something out. It's adorable, but I know deep down there is a serial killer in you. ;b
Good job John
That was awesome. Keep it up
Great tour..
i was waiting for months for new malware video lol
Once again, wonderful shit sir. Keep it up!
Lets start 😁
Very nice video!
One question.
I am sharing data from REMnux to FLARE VM, but when I look at the paths, they are interacting like local data.
How do you build such a lab environment?
I am interested because I always use KVM to share files over a virtual network.
What’s the song in the outro called?
Ohhhh spicy
santa is loosing christamas gift
Vir ,ras data definitely
I'm laughing John we're going to get Justice for all
Not working
my frd laptop recently got ransomware djvu file type march 2022 file type xcbg file
cool
Browsing through LOLBAS and the possibilities alone in findstr make me wanna puke. And there is so much more available in the plethora of tools and binaries MS ships to their users in Windows ... and most of these things can be run under a simple User account, not even local admin or alike.
Entertain me John
20:00 We set dark mode because light attracts bugs.
nice video ^^
👍!
Siml litre size small
SMTP server files
случайно все остановились на 665?))
Man all I hear is "haha your never getting a job once you get out of school now!!"
Agent
ITS A MONKEY OVERLAY
Random comment. I just jnstalled subl on kali and its fucking cool lmfao
help
4D5A MZ
Iocs
My community collection to click skills and tools 25 you explaining the videos I can I have in the purview handling in the file handling never to you want handling you should me your decision what my handling is why what's your opinion opinion pass for your reply place
Agent dells explaining .
Madl work headel '4wondrs' looking.
This video zoom add files cod opening 🪟 asml
To be honest, I'm surprised that you haven't tried using Windows Terminal + SSH to connect to your remnux box for these deobfuscation videos... That'd be pretty slick.
Ah yes.. John.. John hammond does it again
More more more! I love just learning new things. I like how you notice things that are the same. This is so cool
U have play scary movies 😄
Thank you amazing and informative video. It's almost morning time to go to sleep - The Vampire 🤓
I just recently discovered CTF's and John your content is GOLD! i am trying to transition into Cyber security, thank you for all the work you are doing.
It makes since why it works fine in firefox but not with curl because according to cloudflare, error code 1010 means that the owner of the website has banned your access based on your browser's signature
Blindly search-replacing variable names is a VERY breakable thing.
Imagine someone deliberately starting with a "Set aaabbbccc = myObject" , and using "aaabbbcccqqq" and "CustomObjectqqq" further down.
You are going to mess up when someone starts doing that.
from the 10 malware videos i have watched , the method works very well most of the time .
You can use exact match which negates your point.
@@boomson3082 exact match doesn't care about what is directly after your search.
replacing "ab" with "x" in "abc" will still result in "xc".
@@blinking_dodo it does though, I just tested in on my machine. Would you like a video? Go test it yourself. You can have it set to find 'ab' and it will find all or you can have exact match where it does care about only ab and not abc. But either way, even if he didnt use exact search the code would obviously stick out after the replaced text unless it was the exact amount of characters.
can't you just regex replace?
I am no regex expert but something like
w/word
shouldn't that find the exact word and not if it is part of a word?
you can do that in sublime, no?
Good video, good content 👌 and always something interesting hidden 👍
That's right John because my z flip att phone front screen was completely copied completely compromising my accounts and device keys
Maybe that's because I didn't put an image because I I don't know how someone else is to blame
Employee is blind.
This work?hot what this time 10
Sir it is very super hacker has gone some time attack thanks
Community video is video nost
Entertain me John
Rat
Cat
Detyls.
Hey john great video as always. Intezer is great! I am scared for what will happen with the upcoming ukraine and russia conflicts
I would LOVE to see some beginner friendly tutorials on Python and Javascript. Any plans for videos of that type? Thanks for your content!
That thumbnail though.
Work headel
do you use linux for daily use ??
Hey John Hammond,
Can you please make a video on Configuring Ubuntu as a Lab? I was trying to setup Ubuntu-latest LTS version, but somehow when I install some git-software(specifically: portkali), the whole GUI crashes and boots only on Terminal. i tried different article to install GUI or boot into it, but no outcome. I maybe tried 4times for 3 days, but it didn't worked.
Also, my Ubuntu navigation wasn't great, don't know, is it that I am not used to Ubuntu or just it's like that.
But, yeah, hopefully you can help.
arch based
You should take a look at some discord/"test my game" malware
Excitement!
The content is enjoyable and informative, as always. Keep up the good work!
premieres suck