The detection isn’t because of the encrypted Shellcode itself rather it was the use of AES encryption most of AVs signature these as malicious cause who would encrypt some BYTEs and call VirtualAlloc, CreateThread functions other than hackers
cool video. just be aware that you have to handle the errors returned by win32 apis (VirtualAlloc, CreateThread, etc.). It is good progamming pratice to do so :P and you will figure out faster on why something doesnt work.
No time. But I'll be back, I'm not giving up on this channel for sure.I also dont wanna make low quality content so I would rather wait for a good moment to start posting videos again thatn post random stuff now.
I'm no professional so I can't tell you what to do step-by-step. My way of learning things is to do it "on the fly". Think about something cool that you whould like to build (something that will use win32 api), and start researching. Google, "how to do X using win32api" or something simmilar. Learning by doing projects is never boring and very rewarding Also Microsoft's documentation will always be your best friend (link in the description). Good luck!
@@screeckI would advise you to find out how to create sandboxes to test such files. In fact, the “Virus Total” is the same sandbox with antiviruses that sends reports about each file to the company. Of course, there are other services that may be analogues of this and “not send reports”, but I personally trust only what I can create myself.
@@screeckI would suggest you learn how to create sandboxes to test such files. Essentially, “VT” is the same sandbox with antiviruses that sends reports to companies about each file.
I would suggest you learn how to create sandboxes to test such files. Essentially, “VT” is the same sandbox that sends reports to companies about each file.
screeck: "I was a fool that night" LOL
you should xor windows apis
The detection isn’t because of the encrypted Shellcode itself rather it was the use of AES encryption most of AVs signature these as malicious cause who would encrypt some BYTEs and call VirtualAlloc, CreateThread functions other than hackers
cool video. just be aware that you have to handle the errors returned by win32 apis (VirtualAlloc, CreateThread, etc.). It is good progamming pratice to do so :P and you will figure out faster on why something doesnt work.
Good point, I forgot about it. And thanks :)
yooo spider from maldev accademyyy
Siemson, masz dc do siebie?
is it detected by most AV now? Do you use any NTDLL.dll and is it not hooked by the AV ?
u are seriously skilled
Thanks, but I'm still a beginner, there is a long way ahead of me to master this things
@@screeck same
Thanks for the effort !!!
hi screeck, why you dont post anymore ?
No time. But I'll be back, I'm not giving up on this channel for sure.I also dont wanna make low quality content so I would rather wait for a good moment to start posting videos again thatn post random stuff now.
bro please post more vids about malware development thank you!
Thanks, there will be a lot more but in february, I have tons of exams at uni right now 😂
@@screeck okay bro goodluck
do the full course for maldev
Could you please tell me how can i learn about win32 api to write well?
I'm no professional so I can't tell you what to do step-by-step.
My way of learning things is to do it "on the fly".
Think about something cool that you whould like to build (something that will use win32 api), and start researching.
Google, "how to do X using win32api" or something simmilar.
Learning by doing projects is never boring and very rewarding
Also Microsoft's documentation will always be your best friend (link in the description).
Good luck!
Bro, can you cover Windows Registry hacking BRO
And bro plz try and test your payloads on EDR as well :)
nice, but virustotal redistribute the results
thanks for info!
Well, no matter how much everyone asks not to upload to virustotal, they still upload it... why!?
Hah, after this I won't upload my binaries to VT anymore, but I still need a place to test them tho. You know any good alternatives?
@@screeckI would advise you to find out how to create sandboxes to test such files. In fact, the “Virus Total” is the same sandbox with antiviruses that sends reports about each file to the company. Of course, there are other services that may be analogues of this and “not send reports”, but I personally trust only what I can create myself.
@@screeckI would suggest you learn how to create sandboxes to test such files. Essentially, “VT” is the same sandbox with antiviruses that sends reports to companies about each file.
I would suggest you learn how to create sandboxes to test such files. Essentially, “VT” is the same sandbox that sends reports to companies about each file.
@@screeck use Cuckoo Sandbox
Never upload to virustotal. It will be worked through and day later your work is scratched