cool video. just be aware that you have to handle the errors returned by win32 apis (VirtualAlloc, CreateThread, etc.). It is good progamming pratice to do so :P and you will figure out faster on why something doesnt work.
The detection isn’t because of the encrypted Shellcode itself rather it was the use of AES encryption most of AVs signature these as malicious cause who would encrypt some BYTEs and call VirtualAlloc, CreateThread functions other than hackers
I'm no professional so I can't tell you what to do step-by-step. My way of learning things is to do it "on the fly". Think about something cool that you whould like to build (something that will use win32 api), and start researching. Google, "how to do X using win32api" or something simmilar. Learning by doing projects is never boring and very rewarding Also Microsoft's documentation will always be your best friend (link in the description). Good luck!
@@screeckI would advise you to find out how to create sandboxes to test such files. In fact, the “Virus Total” is the same sandbox with antiviruses that sends reports about each file to the company. Of course, there are other services that may be analogues of this and “not send reports”, but I personally trust only what I can create myself.
@@screeckI would suggest you learn how to create sandboxes to test such files. Essentially, “VT” is the same sandbox with antiviruses that sends reports to companies about each file.
I would suggest you learn how to create sandboxes to test such files. Essentially, “VT” is the same sandbox that sends reports to companies about each file.
cool video. just be aware that you have to handle the errors returned by win32 apis (VirtualAlloc, CreateThread, etc.). It is good progamming pratice to do so :P and you will figure out faster on why something doesnt work.
Good point, I forgot about it. And thanks :)
yooo spider from maldev accademyyy
screeck: "I was a fool that night" LOL
The detection isn’t because of the encrypted Shellcode itself rather it was the use of AES encryption most of AVs signature these as malicious cause who would encrypt some BYTEs and call VirtualAlloc, CreateThread functions other than hackers
Thanks for the effort !!!
is it detected by most AV now? Do you use any NTDLL.dll and is it not hooked by the AV ?
u are seriously skilled
Thanks, but I'm still a beginner, there is a long way ahead of me to master this things
@@screeck same
Siemson, masz dc do siebie?
bro please post more vids about malware development thank you!
Thanks, there will be a lot more but in february, I have tons of exams at uni right now 😂
@@screeck okay bro goodluck
Bro, can you cover Windows Registry hacking BRO
you should xor windows apis
And bro plz try and test your payloads on EDR as well :)
do the full course for maldev
thanks for info!
nice, but virustotal redistribute the results
Could you please tell me how can i learn about win32 api to write well?
I'm no professional so I can't tell you what to do step-by-step.
My way of learning things is to do it "on the fly".
Think about something cool that you whould like to build (something that will use win32 api), and start researching.
Google, "how to do X using win32api" or something simmilar.
Learning by doing projects is never boring and very rewarding
Also Microsoft's documentation will always be your best friend (link in the description).
Good luck!
nice vid
Well, no matter how much everyone asks not to upload to virustotal, they still upload it... why!?
Hah, after this I won't upload my binaries to VT anymore, but I still need a place to test them tho. You know any good alternatives?
@@screeckI would advise you to find out how to create sandboxes to test such files. In fact, the “Virus Total” is the same sandbox with antiviruses that sends reports about each file to the company. Of course, there are other services that may be analogues of this and “not send reports”, but I personally trust only what I can create myself.
@@screeckI would suggest you learn how to create sandboxes to test such files. Essentially, “VT” is the same sandbox with antiviruses that sends reports to companies about each file.
I would suggest you learn how to create sandboxes to test such files. Essentially, “VT” is the same sandbox that sends reports to companies about each file.
@@screeck use Cuckoo Sandbox
Never upload to virustotal. It will be worked through and day later your work is scratched