I've started watching your malware playlist and I must say that you're great at explaining these concepts. I understood this video very well, and it's a great resource. Keep it up
nice work teacher Cosmo, i´m learning too much, i'm new to malware and seeing thus type of content motivates me to continue learning; greetings to México
Really appreciate your malware development courses. If you could make more free videos please do! Aspiring malware developers like me would strongly appreciate. You earned a sub bro, keep up the great work!
Damn, making a trojan seemed so extraterestial to me, even though I am a CS student and I learned Assembly.(16 and 32 bits)They didnt rlly showcased us the power of it, only showed us how it works. Now making a trojan seems easier than ever xD. Love your videos
hey thanks for creating this series! there's not a lot especially here on youtube, as a beginner its nice to see things like this, if you got any other resources you used while you were trying to branch into malware development I would love you forever
I have a question (it might be a dumb question ) but since the modified program wait for the shellcode to act before executing the program, will it still work for another kind of malware like a reverse shell that use for loops or something (without blocking the original executable)? Also i love your videos it teaches so many things. Thank you.
I actually have no idea. You should try it and see how it goes!! If it ends up looping and not letting the main executable run, then have the shellcode execute a new *hidden* process for the revshell👍🏽
@@DuckyChannel It's as i thought it will keep executing the injected shellcode. To avoid that i made so that the shellcode i inject reach another file and start a process/Thread (equivalent of "start" in the cmd ).
Wow! I’m learning how to develop malware as a project for school currently, it was originally supposed to be on rootkits/boot kits but I couldn’t make it that far I basically just made a bad shellcode injector, I’m wondering if you have made or have any plans on rootkit/boot kits? Great video tho! I’m gonna play around with it asap!
Pushad and pushfd are NOT recognized in x64 architecture. I tried as you do but it doesn't work. After the shellcode I inserted a jmp instruction to the head of the disassemble, where the call to display the messagge is. Moreover the entry point in my case is not identified with a jmp instruction but with a call.
Hey!… did u watch the video😭? I had to have said “32bit” at least eight times…we pulled out a 32bit architecture manual to showcase pushfd/ad and popfd/ad..and we put that jmp instruction there..🙈
Just found your channel! Subscribed really good content! Thanks for sharing. I am not gonna lie I BBQ m very noob in this subject. I would appreciate beginners content 😊
Great videos thank you! a question, I used vs insider and MinGW-w64 toolchain , and I don't see the eros/NOP at the end, which compiler I need to use? what am I missing? thank you!
Sup!! U should ue clangd, it should be preinstalled with visual studio and accessible via the native tools cmd prompt (also installed with visual studio). My video covering tools for maldev can help you with this as well 🤙🏽
Thanks for the video but i have a question. Since downloading that metasploit program is pretty impossible and annoying on windows, how can i generate the binary file from the shell command manually?
Awesome video and channel! I've been messing with the zoomit part for days, and I can't get it to run. I go step by step, do the same thing as you in the video, and the mf gives me a last chance exception and terminates (in the debugger). What am I doing wrong?
a question though, in my xdbg i can't find the entry point - weird - am using x64dbg And i dont have jmp address like you do in the video - is it because am using a 64 bit windows machine and not a 32 bit? thanks
@@CosmodiumCS hey man, thanks for the reply ✌🏻 I was reading Microsoft documentation and they recommended not to use ANSI encoding functions only Unicode UTF-16, in this video, are the functions still relevant to use? As their explanation was for global language compilation if am not mistaken
@@CosmodiumCS I tried to recreate your steps for an Elf. As soon as I attempt the JMP to the code cave I get a segmentation fault. Also attempted with only push/pop and no shell code (it's like the code cave is read only or something) :(
Could you explain about how to obfuscate shellcode and how after embeding into program decrypt it? I have created few programs on C# for crypt encrypt shellcode so It works without problems, but in your guide, I can't understand if you embed clean shellcode without obfuscation etc. that will be detecteble in AV so that's why I'm asking.
yo! the pushad/fd popad/fd with MSF generated shellcode is likely flagged. so you will have to throw some arbitrary assembly instrucions betweent he pushes and pops as well as writing better shellcode
I would say yes. Utilizing the code cave makes it so that the trojan looks as close to the original file as possible. While the batch converted exe would load both, it could still be detected as malware as it doesn’t have any functionality past the loading of those executables👍
Yes, I have AV disabled in my development environment. However it usually goes undetected, especially if you don’t utilize metasploit generated shellcode. You may also want to add some additional instructions as there could be detections for the pushad/fd and popad/fd instructions being used as they are
Yeah, for the sake of simplicity i used metasploit to demonstrate the concept. Using something like donut or writing ur own shellcode is far more ideal
I've started watching your malware playlist and I must say that you're great at explaining these concepts. I understood this video very well, and it's a great resource. Keep it up
Glad it was helpful! Hope the malware journey goes well! You can always reach out on discord if you have any questions🤙🏽
I've been doing sektor7 courses on malware development and your videos have really helped, thank you!!!
Ayy! Always happy to this stuff helps out🙏🏽🕺🏽
nice work teacher Cosmo, i´m learning too much, i'm new to malware and seeing thus type of content motivates me to continue learning; greetings to México
Greetings!!👋😄
Really appreciate your malware development courses. If you could make more free videos please do! Aspiring malware developers like me would strongly appreciate. You earned a sub bro, keep up the great work!
Damn, making a trojan seemed so extraterestial to me, even though I am a CS student and I learned Assembly.(16 and 32 bits)They didnt rlly showcased us the power of it, only showed us how it works. Now making a trojan seems easier than ever xD. Love your videos
Love to hear that man!! I’m putting together some more assembly material don’t worry ;)
Best Course, Appreciate your Efforts, Attended the Sector 7 Training, Your Explaination is best. Keep it Up Bro...
Thanks a ton!!
hey thanks for creating this series! there's not a lot especially here on youtube, as a beginner its nice to see things like this, if you got any other resources you used while you were trying to branch into malware development I would love you forever
Hey thanks! Not much that i have used personally, but the discord community is pretty helpful and could be a good resource for people to learn from
GOATT!! appreciate for the video i love it
I wish i could watch this right now but i am busy for the rest of the day so i hope that i will get to it when i have time tommorow.
No worries at all dude, appreciate the support!🤙
I have a question (it might be a dumb question ) but since the modified program wait for the shellcode to act before executing the program, will it still work for another kind of malware like a reverse shell that use for loops or something (without blocking the original executable)?
Also i love your videos it teaches so many things. Thank you.
I actually have no idea. You should try it and see how it goes!! If it ends up looping and not letting the main executable run, then have the shellcode execute a new *hidden* process for the revshell👍🏽
@@CosmodiumCSThankf for responding, i'll try and post a comment if it worked
@@xenoas1er197 How did it go?
@@DuckyChannel
It's as i thought it will keep executing the injected shellcode.
To avoid that i made so that the shellcode i inject reach another file and start a process/Thread (equivalent of "start" in the cmd ).
Wow! I’m learning how to develop malware as a project for school currently, it was originally supposed to be on rootkits/boot kits but I couldn’t make it that far I basically just made a bad shellcode injector, I’m wondering if you have made or have any plans on rootkit/boot kits? Great video tho! I’m gonna play around with it asap!
Heyy how do compile the 32bit code in vs code ??
Pushad and pushfd are NOT recognized in x64 architecture. I tried as you do but it doesn't work. After the shellcode I inserted a jmp instruction to the head of the disassemble, where the call to display the messagge is. Moreover the entry point in my case is not identified with a jmp instruction but with a call.
Hey!… did u watch the video😭? I had to have said “32bit” at least eight times…we pulled out a 32bit architecture manual to showcase pushfd/ad and popfd/ad..and we put that jmp instruction there..🙈
@@CosmodiumCS the executable I found in your GitHub is x64
If I compile my own x86, the entry point is call instruction and not a jmp. I adopted another approach to do so. Thank you the same.
Just found your channel! Subscribed really good content! Thanks for sharing. I am not gonna lie I BBQ m very noob in this subject. I would appreciate beginners content 😊
Ay thanks for the sub! Glad u enjoy the vid. I’ll be sure to start introducing some more beginner friendly content in this subject 👍
it says 91/201 patches applied, can u help?
were you able to fix it ?
Great videos thank you! a question, I used vs insider and MinGW-w64 toolchain , and I don't see the eros/NOP at the end, which compiler I need to use? what am I missing? thank you!
Sup!! U should ue clangd, it should be preinstalled with visual studio and accessible via the native tools cmd prompt (also installed with visual studio). My video covering tools for maldev can help you with this as well 🤙🏽
Thanks for the video but i have a question. Since downloading that metasploit program is pretty impossible and annoying on windows, how can i generate the binary file from the shell command manually?
Hey! Yes you cannot install msf on windows. Look into WSL or setting up a vm
@@CosmodiumCS is there an alternative method for windows?
Yes..LOOK INTO WSL OR A VM GAHHHHH!!!
only one word to say: COOOOOOOOOOOOOOOL!!! :D Thanks bro.😁😁😁
No problem 😊
Awesome video and channel! I've been messing with the zoomit part for days, and I can't get it to run. I go step by step, do the same thing as you in the video, and the mf gives me a last chance exception and terminates (in the debugger). What am I doing wrong?
hi, when i attempt to patch the code, I get 147/202 patches applied. I believe it might be the shell code but i was wondering if you had any pointers
did u found any fix? i get 90/202
my x32dbg apply only 80/203 patches...
Would it be too hard to generate my own custom shellcode instead of generating it with Metasploit?
Depends on what you consider hard😏. You can write it in raw assembly
amazing content man, thanks so much. Greetings from Argentina
Argentinwhaaa!?!? That’s awesome ha!! Thanks so much:)
a question though, in my xdbg i can't find the entry point - weird - am using x64dbg
And i dont have jmp address like you do in the video - is it because am using a 64 bit windows machine and not a 32 bit? thanks
go into options > set entry break point :)
@@CosmodiumCS hey man, thanks for the reply ✌🏻
I was reading Microsoft documentation and they recommended not to use ANSI encoding functions only Unicode UTF-16, in this video, are the functions still relevant to use?
As their explanation was for global language compilation if am not mistaken
Does this work for Linux? Having trouble making a POC
Elf files are a bit different than exe’s, but conceptually speaking I don’t really see why it couldn’t work
@@CosmodiumCS I tried to recreate your steps for an Elf. As soon as I attempt the JMP to the code cave I get a segmentation fault. Also attempted with only push/pop and no shell code (it's like the code cave is read only or something) :(
Super interesting, thanks for the video!
Glad you liked it!
Thanksss for the perfect malware development videos
Thanks for watching them :D
but NX is disabled?
Could you explain about how to obfuscate shellcode and how after embeding into program decrypt it? I have created few programs on C# for crypt encrypt shellcode so It works without problems, but in your guide, I can't understand if you embed clean shellcode without obfuscation etc. that will be detecteble in AV so that's why I'm asking.
Yeah, i can totally do a video on that. It’s relatively simple to do. As you can pull down the decrypted shellcode from memory
@@CosmodiumCS this would be cool )
Does these stuff work against EDRs and defender? Or will it be flagged?
yo! the pushad/fd popad/fd with MSF generated shellcode is likely flagged. so you will have to throw some arbitrary assembly instrucions betweent he pushes and pops as well as writing better shellcode
Cool. Liked, commented and subbed 👍🏼
Thanks!!
Is this method preferred over creating a batch file that loads both programs, and then converting it to exe?
I would say yes. Utilizing the code cave makes it so that the trojan looks as close to the original file as possible. While the batch converted exe would load both, it could still be detected as malware as it doesn’t have any functionality past the loading of those executables👍
@@CosmodiumCS Thank you!
Awesome, i really want to learn from you, can you let me know how to connect to you personally?please
Yep! Discord link in description 🫡
Dude you are really awesome!
Haha thank ya!
Ihave a question did u set MS defender out?
Yes, I have AV disabled in my development environment. However it usually goes undetected, especially if you don’t utilize metasploit generated shellcode. You may also want to add some additional instructions as there could be detections for the pushad/fd and popad/fd instructions being used as they are
great video
Really dope
Well Done!
Ayy thank ya bro!!
can trojans be used with documents too?
Yes! But ur usually better of with macros or some sort of polyglot
I don't want to seem like I am nagging but can you please put the wallpaper you use on the cyber store or give it to me in discord?
My bad, totally forgot. Just added it!
Surely that shellcode will be detected
Yeah, for the sake of simplicity i used metasploit to demonstrate the concept. Using something like donut or writing ur own shellcode is far more ideal
Subbed
Execute fake genuine valid process