When you are trying to test malware please turn off automatic sample submission,and cloud deliver protection...if you turn on this the malware no longer stealth..it will be detected by defender
Salam 3aleykoum god bless you this is intresting video im french and its so hard to understant english for me while i speak well.. weird but if i understood this is cuz you are good educator
That isn't signature detection. Signature detection takes a sha hash of the entire file and compares it against a database of known malicious hashes. Only looking at strings is a bad and unreliable way to detect malware.
between C or C++ which one is better for mal dev? and if you obfuscate the winApi functions, will it even matter since the AV/defender will hook the winApi calls so if it's called the AV will know.
Hi, i am trying to run the c++ code but i am unable to run it , it gives me the following error: ::sockaddr_in has' has incomplete type and cannot be defined How can I fix this? Am i missing a step or something? I am not very familiar wih C++
Really good job, but what about the fact that the payload is executed through Visual Studio, which is a trusted process? In a real scenario, the victim would get the process from, let's say, his navigator, right? (which will already say that this is probably a virus cuz the source is unknown), then Windows will probably pop up the Windows smart-screen since the source of the exe is also not known. So if the victim still trust the payload from these two warnings, will the payload still bypass WD?
thank you for watching, yes it still bypass it, there are others scenarios to put the file on the machine not just the browser. and the video idea to learn more about winapi, how av works
i have win 10 with latest update but my system cannot detect simple socket revershell program [without any obuscation] as malicious and virus & threat protection setting in turn on [exception automatic sample submission]
thanks for watching bro, it's weird, but this obfuscated shell is working on other EDRs (not just win 10), i didn't want to show it since there is another video soon.
selamu aleykum akhi, can you make a video about crypters and shellcode encryption shellcode loader and stuff like this this would be good because i cant find much about it and i guess many guys like me need help in this i stuck on this for so long reverse shells with netcat its cool and nice to evade avs but its not real shit you know what i mean by that ? shellcode encryption and run it in memory to evade avs or make a simple shellcode encryptor to evade avs or a crypter with a stub and stuff like this can you help by this ? have a great day
Thank you for your effort
an adequate and professional explanation of the checking and skipping process. How lucky I was to visit your channel.
thanks rabih
ME TOO
When you are trying to test malware please turn off automatic sample submission,and cloud deliver protection...if you turn on this the malware no longer stealth..it will be detected by defender
ok chef
I was looking at this too lol
More than excellent!!! Very informative and great work. Hard work can be seen here.
thanks 🙏🙏🙏🙏🙏🙏🙏
really good video, informative and interesting! keep up the good work!
First comment, such a good video. Keep up the good work 💯💪
my bro
great vedio!!!! please never give up and always keep going your vedios are great its like dimond in my eye
🙏🙏🙏🙏🙏🙏🙏🙏🙏
Excellent material presented in an easy-to-understand manner.
Keep it up brother.
thanks brother 🙏
Holy crap this was such a fantastic video. You're very underrated, keep at it!!
thanks bro
Good stuff . I really enjoyed watching and learning thank you !
thanks bro
Salam 3aleykoum god bless you this is intresting video im french and its so hard to understant english for me while i speak well.. weird but if i understood this is cuz you are good educator
Merci BOSS
Hey man great video ❤ , waiting for ur edr evasion course:)
thanks bro, it's gonna be released soon
Many thanks for sharing, keep up the excellent work ;)
thanks bro
You are the best I used you method to my python script and it works perfectly well
nice bro, glad that it works for u
could you share your python version? Maybe github link?
That isn't signature detection. Signature detection takes a sha hash of the entire file and compares it against a database of known malicious hashes. Only looking at strings is a bad and unreliable way to detect malware.
hey thanks for watching, that was just a simplified way to explain things at the beginning.
Thank you for shariing and your effort Keep up the good work 💯💪
thanks bro 🙏
Really good Video hope that more is coming
You are a creative man.. good work ❤
Thank you 🙌
Thank you bro for this educative tuitorial.
Thank you for your kind words, it means a lot to me!
keep the good work Hicham
thanks
Thank you for your wonderful explanation
Glad it was helpful!
hope more such vedios in future comes
thanks for watching, more is coming
Is Defender for endpoint different? With Tampsr Protection?
between C or C++ which one is better for mal dev?
and if you obfuscate the winApi functions, will it even matter since the AV/defender will hook the winApi calls so if it's called the AV will know.
videos about advanced evasion techniques are coming soon
@@HichamElAaouad-s2u so is it C or C++ do you prefer?
but how can we bypass false positives check like wacatac in windows def ?
where is that course???
working on it
How to fix cannot convert 'const wchar_t*' to 'LPCSTR' {aka 'const char*} ?.
Hi, i am trying to run the c++ code but i am unable to run it , it gives me the following error:
::sockaddr_in has' has incomplete type and cannot be defined
How can I fix this? Am i missing a step or something? I am not very familiar wih C++
Really good job, but what about the fact that the payload is executed through Visual Studio, which is a trusted process? In a real scenario, the victim would get the process from, let's say, his navigator, right? (which will already say that this is probably a virus cuz the source is unknown), then Windows will probably pop up the Windows smart-screen since the source of the exe is also not known. So if the victim still trust the payload from these two warnings, will the payload still bypass WD?
thank you for watching, yes it still bypass it, there are others scenarios to put the file on the machine not just the browser. and the video idea to learn more about winapi, how av works
you would not put it in a .exe you would inject it into a running process so the the malware executes in memory and never touches disk.
Great video !! keep it up !!!
thanks bro
How did you convert the IPv4 to those offset values?
using the obfuscation function
What about loading custom apps after gaining shell without that new prog being detected by the user. I guess renaming it as a system file.
i didn't get the technique bro, if you can explain
@@Hicham_ElAaouadhe means once you own the machine how to install other applications wothout raising alerts or being blocked
i have win 10 with latest update but my system cannot detect simple socket revershell program [without any obuscation] as malicious and virus & threat protection setting in turn on [exception automatic sample submission]
thanks for watching bro, it's weird, but this obfuscated shell is working on other EDRs (not just win 10), i didn't want to show it since there is another video soon.
Can you do one about bypassing an antivirus
why not inshalah
معلم 👍🌷
Good job 👏♥️
Thank you 😁
Wow very good
Your course ready or not
Very soon
Hello brother how can I contact u
khdma n9iya, nadii
lyhfdek akhay
Does this still work?
yes bro
Noice
selamu aleykum akhi, can you make a video about crypters and shellcode encryption shellcode loader and stuff like this this would be good because i cant find much about it and i guess many guys like me need help in this i stuck on this for so long
reverse shells with netcat its cool and nice to evade avs but its not real shit you know what i mean by that ?
shellcode encryption and run it in memory to evade avs or make a simple shellcode encryptor to evade avs or a crypter with a stub and stuff like this can you help by this ? have a great day
thanks for watching bro, i appreciate it, i will do my best inshalah
@@Hicham_ElAaouadHi does it still work? Pls
\o/ awesome
thanks bro
it's working broo😇
واش نتا مغريبي 😅
wayih akhay 🙂
Did not get the idea of changing IP to offset ? i mean tried my own connection was not successful
bro put us code here
it's in the description down the video
@@Hicham_ElAaouad i need file malware ready
@@Hicham_ElAaouad pls bro
la la naadi a khay
englais n9iya
dont trust this guy's edr course he knows what hes doing but he should relearn c++