Hey!! Always love your videos. I noticed in the older version of your volatility folder you ran "vol.py -h | grep mal" and you found the mal plugins, but the new volatility folder you ran "python vol.py -h | grep -i mal" and you do not see the plugins. Although when I run "vol.py" I see all the mal plugins and when I run "python vol.py" I see only malfind (after cloning from git). What does this mean? why is there a difference when we execute it with python? Sorry If you find my comment confusing!! But would love to know the reason. Thank you!!! Again love your videos...
What memory acquisition tool did you use for your test ? I haven't had great results with winpmem. Using Comae DumpIt, FTK RAM Imager, VMware vmem has had better results with no smear, offset alignments etc.
Hi..... A perfect video from a perfect person. The mem file is very huge to download(5GB) but anyway thanks for the Video and mem sample. Again THANKS FOR THE VIDEO..........
nice video!! I know its too late but i have a question on the challenge? i tried cracking the hash value for the password but i found no matches. Here is the hash value for the 13 cubed user i extracted from the memory. (9fd84669988d0ec5e1662d47c06a35c6) Please confirm if it is the right hash value? Thanks in advance.
Hey!! Always love your videos. I noticed in the older version of your volatility folder you ran "vol.py -h | grep mal" and you found the mal plugins, but the new volatility folder you ran "python vol.py -h | grep -i mal" and you do not see the plugins.
Although when I run "vol.py" I see all the mal plugins and when I run "python vol.py" I see only malfind (after cloning from git).
What does this mean? why is there a difference when we execute it with python?
Sorry If you find my comment confusing!! But would love to know the reason.
Thank you!!! Again love your videos...
What memory acquisition tool did you use for your test ? I haven't had great results with winpmem. Using Comae DumpIt, FTK RAM Imager, VMware vmem has had better results with no smear, offset alignments etc.
DumpIt or Magnet RAM Capture would be my go-tos.
@@13Cubed Thanks appreciate you sharing
Saw the video-challenge too late :( Do more of this!
Great video as always! Thank you
really thank you for this video .. i have a question why those hashes for three processes didn't detected on virustoltal
They are not malicious, just test "malware" for learning purposes.
ch @@13Cubed thank you so much for all this information
Hi.....
A perfect video from a perfect person.
The mem file is very huge to download(5GB) but anyway thanks for the Video and mem sample.
Again
THANKS FOR THE VIDEO..........
Thanks for the awesome videos.
nice video!! I know its too late but i have a question on the challenge? i tried cracking the hash value for the password but i found no matches. Here is the hash value for the 13 cubed user i extracted from the memory. (9fd84669988d0ec5e1662d47c06a35c6) Please confirm if it is the right hash value? Thanks in advance.
That's the hash extracted from memory, but there is an easier way. Try using the "lsadump" Volatility plugin. ;)
@@13Cubed thanks alot. "lsadump" plugin worked and i got to view the default password. For sure its the easiest way.
can you unpack packed malware in a video
Check out "Some Assembly Required", the first episode of the Introduction to Malware Analysis series. th-cam.com/video/-Ml04jPMH3U/w-d-xo.html
4 years later-markinho..*7¡Vamos!
format nt with rocktou.txt using john?