Developing Trojans With Shellcode

แชร์
ฝัง
  • เผยแพร่เมื่อ 28 ธ.ค. 2024

ความคิดเห็น •

  • @amiriki
    @amiriki ปีที่แล้ว +6

    I've started watching your malware playlist and I must say that you're great at explaining these concepts. I understood this video very well, and it's a great resource. Keep it up

    • @CosmodiumCS
      @CosmodiumCS  ปีที่แล้ว +1

      Glad it was helpful! Hope the malware journey goes well! You can always reach out on discord if you have any questions🤙🏽

  • @mahetsiedahi6530
    @mahetsiedahi6530 11 หลายเดือนก่อน +4

    nice work teacher Cosmo, i´m learning too much, i'm new to malware and seeing thus type of content motivates me to continue learning; greetings to México

    • @CosmodiumCS
      @CosmodiumCS  10 หลายเดือนก่อน

      Greetings!!👋😄

  • @snatchables9015
    @snatchables9015 ปีที่แล้ว +8

    I've been doing sektor7 courses on malware development and your videos have really helped, thank you!!!

    • @CosmodiumCS
      @CosmodiumCS  ปีที่แล้ว +1

      Ayy! Always happy to this stuff helps out🙏🏽🕺🏽

    • @HolyHash
      @HolyHash หลายเดือนก่อน

      Hey, can you help me get the courses, please?

  • @ameerhamza4017
    @ameerhamza4017 ปีที่แล้ว +1

    Best Course, Appreciate your Efforts, Attended the Sector 7 Training, Your Explaination is best. Keep it Up Bro...

  • @laurentiumocacoca175
    @laurentiumocacoca175 5 หลายเดือนก่อน

    Damn, making a trojan seemed so extraterestial to me, even though I am a CS student and I learned Assembly.(16 and 32 bits)They didnt rlly showcased us the power of it, only showed us how it works. Now making a trojan seems easier than ever xD. Love your videos

    • @CosmodiumCS
      @CosmodiumCS  5 หลายเดือนก่อน

      Love to hear that man!! I’m putting together some more assembly material don’t worry ;)

  • @michaelswahla4927
    @michaelswahla4927 ปีที่แล้ว +3

    Really appreciate your malware development courses. If you could make more free videos please do! Aspiring malware developers like me would strongly appreciate. You earned a sub bro, keep up the great work!

  • @gabesky9
    @gabesky9 ปีที่แล้ว

    hey thanks for creating this series! there's not a lot especially here on youtube, as a beginner its nice to see things like this, if you got any other resources you used while you were trying to branch into malware development I would love you forever

    • @CosmodiumCS
      @CosmodiumCS  ปีที่แล้ว

      Hey thanks! Not much that i have used personally, but the discord community is pretty helpful and could be a good resource for people to learn from

  • @micahjoshua6653
    @micahjoshua6653 10 หลายเดือนก่อน

    GOATT!! appreciate for the video i love it

  • @marianonicolini8119
    @marianonicolini8119 ปีที่แล้ว

    amazing content man, thanks so much. Greetings from Argentina

    • @CosmodiumCS
      @CosmodiumCS  ปีที่แล้ว

      Argentinwhaaa!?!? That’s awesome ha!! Thanks so much:)

  • @2meSE5ikCRm
    @2meSE5ikCRm ปีที่แล้ว

    Super interesting, thanks for the video!

  • @Mauzy0x00
    @Mauzy0x00 ปีที่แล้ว

    Cool. Liked, commented and subbed 👍🏼

  • @gamingmob6750
    @gamingmob6750 7 หลายเดือนก่อน

    Wow! I’m learning how to develop malware as a project for school currently, it was originally supposed to be on rootkits/boot kits but I couldn’t make it that far I basically just made a bad shellcode injector, I’m wondering if you have made or have any plans on rootkit/boot kits? Great video tho! I’m gonna play around with it asap!

  • @xenoas1er197
    @xenoas1er197 ปีที่แล้ว +1

    I have a question (it might be a dumb question ) but since the modified program wait for the shellcode to act before executing the program, will it still work for another kind of malware like a reverse shell that use for loops or something (without blocking the original executable)?
    Also i love your videos it teaches so many things. Thank you.

    • @CosmodiumCS
      @CosmodiumCS  ปีที่แล้ว

      I actually have no idea. You should try it and see how it goes!! If it ends up looping and not letting the main executable run, then have the shellcode execute a new *hidden* process for the revshell👍🏽

    • @xenoas1er197
      @xenoas1er197 ปีที่แล้ว

      ​@@CosmodiumCSThankf for responding, i'll try and post a comment if it worked

    • @DuckyChannel
      @DuckyChannel 2 หลายเดือนก่อน

      @@xenoas1er197 How did it go?

    • @xenoas1er197
      @xenoas1er197 2 หลายเดือนก่อน

      ​​@@DuckyChannel
      It's as i thought it will keep executing the injected shellcode.
      To avoid that i made so that the shellcode i inject reach another file and start a process/Thread (equivalent of "start" in the cmd ).

  • @davidlu1003
    @davidlu1003 9 หลายเดือนก่อน

    only one word to say: COOOOOOOOOOOOOOOL!!! :D Thanks bro.😁😁😁

    • @CosmodiumCS
      @CosmodiumCS  9 หลายเดือนก่อน

      No problem 😊

  • @dante.alighieri
    @dante.alighieri ปีที่แล้ว

    Thanksss for the perfect malware development videos

    • @CosmodiumCS
      @CosmodiumCS  ปีที่แล้ว

      Thanks for watching them :D

  • @ewtiz5918
    @ewtiz5918 26 วันที่ผ่านมา

    Is it possible to maker code cave bigger? (add more null bytes). Ofc it will increase file size, which doesnt mater for me, my cmd function is just too long to fit

  • @konstantinrebrov675
    @konstantinrebrov675 ปีที่แล้ว

    Dude you are really awesome!

  • @lokluex3824
    @lokluex3824 หลายเดือนก่อน

    is it possible to instead of using a hex editor to just fill in the hex bytes itself that equal jmp etc. ?

  • @Counterhackingsafe
    @Counterhackingsafe ปีที่แล้ว +1

    Just found your channel! Subscribed really good content! Thanks for sharing. I am not gonna lie I BBQ m very noob in this subject. I would appreciate beginners content 😊

    • @CosmodiumCS
      @CosmodiumCS  ปีที่แล้ว +1

      Ay thanks for the sub! Glad u enjoy the vid. I’ll be sure to start introducing some more beginner friendly content in this subject 👍

  • @ZacLangston
    @ZacLangston ปีที่แล้ว

    I wish i could watch this right now but i am busy for the rest of the day so i hope that i will get to it when i have time tommorow.

    • @CosmodiumCS
      @CosmodiumCS  ปีที่แล้ว

      No worries at all dude, appreciate the support!🤙

  • @MJ-ud3yx
    @MJ-ud3yx ปีที่แล้ว +1

    hi, when i attempt to patch the code, I get 147/202 patches applied. I believe it might be the shell code but i was wondering if you had any pointers

    • @desktopm
      @desktopm ปีที่แล้ว

      did u found any fix? i get 90/202

    • @krimenet4376
      @krimenet4376 ปีที่แล้ว

      my x32dbg apply only 80/203 patches...

    • @cristianconstantin5754
      @cristianconstantin5754 25 วันที่ผ่านมา

      did you find a fix for this? i get 200/215 ....

  • @RandomAhhvids69
    @RandomAhhvids69 หลายเดือนก่อน

    Heyy how do compile the 32bit code in vs code ??

  • @LastButHere
    @LastButHere ปีที่แล้ว

    Well Done!

  • @nicholas3895
    @nicholas3895 7 หลายเดือนก่อน

    Thanks for the video but i have a question. Since downloading that metasploit program is pretty impossible and annoying on windows, how can i generate the binary file from the shell command manually?

    • @CosmodiumCS
      @CosmodiumCS  7 หลายเดือนก่อน

      Hey! Yes you cannot install msf on windows. Look into WSL or setting up a vm

    • @nicholas3895
      @nicholas3895 7 หลายเดือนก่อน

      @@CosmodiumCS is there an alternative method for windows?

    • @CosmodiumCS
      @CosmodiumCS  7 หลายเดือนก่อน

      Yes..LOOK INTO WSL OR A VM GAHHHHH!!!

  • @hackwithprogramming7849
    @hackwithprogramming7849 ปีที่แล้ว

    but NX is disabled?

  • @melasonos6132
    @melasonos6132 ปีที่แล้ว

    Really dope

  • @TheDeepEnd7
    @TheDeepEnd7 ปีที่แล้ว

    Awesome video and channel! I've been messing with the zoomit part for days, and I can't get it to run. I go step by step, do the same thing as you in the video, and the mf gives me a last chance exception and terminates (in the debugger). What am I doing wrong?

  • @supernathan345
    @supernathan345 5 หลายเดือนก่อน

    Would it be too hard to generate my own custom shellcode instead of generating it with Metasploit?

    • @CosmodiumCS
      @CosmodiumCS  5 หลายเดือนก่อน

      Depends on what you consider hard😏. You can write it in raw assembly

  • @ninocrudele
    @ninocrudele 9 หลายเดือนก่อน

    Great videos thank you! a question, I used vs insider and MinGW-w64 toolchain , and I don't see the eros/NOP at the end, which compiler I need to use? what am I missing? thank you!

    • @CosmodiumCS
      @CosmodiumCS  9 หลายเดือนก่อน

      Sup!! U should ue clangd, it should be preinstalled with visual studio and accessible via the native tools cmd prompt (also installed with visual studio). My video covering tools for maldev can help you with this as well 🤙🏽

  • @mynameisIE123
    @mynameisIE123 9 หลายเดือนก่อน

    Pushad and pushfd are NOT recognized in x64 architecture. I tried as you do but it doesn't work. After the shellcode I inserted a jmp instruction to the head of the disassemble, where the call to display the messagge is. Moreover the entry point in my case is not identified with a jmp instruction but with a call.

    • @CosmodiumCS
      @CosmodiumCS  9 หลายเดือนก่อน

      Hey!… did u watch the video😭? I had to have said “32bit” at least eight times…we pulled out a 32bit architecture manual to showcase pushfd/ad and popfd/ad..and we put that jmp instruction there..🙈

    • @mynameisIE123
      @mynameisIE123 9 หลายเดือนก่อน

      @@CosmodiumCS the executable I found in your GitHub is x64

    • @mynameisIE123
      @mynameisIE123 9 หลายเดือนก่อน

      If I compile my own x86, the entry point is call instruction and not a jmp. I adopted another approach to do so. Thank you the same.

    • @lokluex3824
      @lokluex3824 หลายเดือนก่อน

      @@CosmodiumCS but how can we do that in x64 then

  • @LegitZero
    @LegitZero 10 หลายเดือนก่อน

    a question though, in my xdbg i can't find the entry point - weird - am using x64dbg
    And i dont have jmp address like you do in the video - is it because am using a 64 bit windows machine and not a 32 bit? thanks

    • @CosmodiumCS
      @CosmodiumCS  9 หลายเดือนก่อน

      go into options > set entry break point :)

    • @LegitZero
      @LegitZero 9 หลายเดือนก่อน

      @@CosmodiumCS hey man, thanks for the reply ✌🏻
      I was reading Microsoft documentation and they recommended not to use ANSI encoding functions only Unicode UTF-16, in this video, are the functions still relevant to use?
      As their explanation was for global language compilation if am not mistaken

  • @desktopm
    @desktopm ปีที่แล้ว +1

    it says 91/201 patches applied, can u help?

    • @krimenet4376
      @krimenet4376 ปีที่แล้ว

      were you able to fix it ?

  • @ronorocky
    @ronorocky ปีที่แล้ว

    Awesome, i really want to learn from you, can you let me know how to connect to you personally?please

    • @CosmodiumCS
      @CosmodiumCS  ปีที่แล้ว +1

      Yep! Discord link in description 🫡

  • @kubik9977
    @kubik9977 ปีที่แล้ว

    great video

  • @LegitZero
    @LegitZero 10 หลายเดือนก่อน

    Does these stuff work against EDRs and defender? Or will it be flagged?

    • @CosmodiumCS
      @CosmodiumCS  10 หลายเดือนก่อน

      yo! the pushad/fd popad/fd with MSF generated shellcode is likely flagged. so you will have to throw some arbitrary assembly instrucions betweent he pushes and pops as well as writing better shellcode

  • @halfbelf5923
    @halfbelf5923 ปีที่แล้ว

    Could you explain about how to obfuscate shellcode and how after embeding into program decrypt it? I have created few programs on C# for crypt encrypt shellcode so It works without problems, but in your guide, I can't understand if you embed clean shellcode without obfuscation etc. that will be detecteble in AV so that's why I'm asking.

    • @CosmodiumCS
      @CosmodiumCS  ปีที่แล้ว

      Yeah, i can totally do a video on that. It’s relatively simple to do. As you can pull down the decrypted shellcode from memory

    • @halfbelf5923
      @halfbelf5923 ปีที่แล้ว

      @@CosmodiumCS this would be cool )

  • @mohammadkhaled4263
    @mohammadkhaled4263 ปีที่แล้ว

    Ihave a question did u set MS defender out?

    • @CosmodiumCS
      @CosmodiumCS  ปีที่แล้ว

      Yes, I have AV disabled in my development environment. However it usually goes undetected, especially if you don’t utilize metasploit generated shellcode. You may also want to add some additional instructions as there could be detections for the pushad/fd and popad/fd instructions being used as they are

  • @barbabillios6180
    @barbabillios6180 ปีที่แล้ว

    Is this method preferred over creating a batch file that loads both programs, and then converting it to exe?

    • @CosmodiumCS
      @CosmodiumCS  ปีที่แล้ว +1

      I would say yes. Utilizing the code cave makes it so that the trojan looks as close to the original file as possible. While the batch converted exe would load both, it could still be detected as malware as it doesn’t have any functionality past the loading of those executables👍

    • @barbabillios6180
      @barbabillios6180 ปีที่แล้ว

      @@CosmodiumCS Thank you!

  • @DuckyChannel
    @DuckyChannel หลายเดือนก่อน

    Does this work for Linux? Having trouble making a POC

    • @CosmodiumCS
      @CosmodiumCS  หลายเดือนก่อน

      Elf files are a bit different than exe’s, but conceptually speaking I don’t really see why it couldn’t work

    • @DuckyChannel
      @DuckyChannel หลายเดือนก่อน

      @@CosmodiumCS I tried to recreate your steps for an Elf. As soon as I attempt the JMP to the code cave I get a segmentation fault. Also attempted with only push/pop and no shell code (it's like the code cave is read only or something) :(

  • @plogoman9723
    @plogoman9723 ปีที่แล้ว

    can trojans be used with documents too?

    • @CosmodiumCS
      @CosmodiumCS  ปีที่แล้ว

      Yes! But ur usually better of with macros or some sort of polyglot

  • @brianbrian3453
    @brianbrian3453 ปีที่แล้ว

    Subbed

  • @su8z3r03
    @su8z3r03 ปีที่แล้ว

    Surely that shellcode will be detected

    • @CosmodiumCS
      @CosmodiumCS  ปีที่แล้ว

      Yeah, for the sake of simplicity i used metasploit to demonstrate the concept. Using something like donut or writing ur own shellcode is far more ideal

  • @ZacLangston
    @ZacLangston ปีที่แล้ว

    I don't want to seem like I am nagging but can you please put the wallpaper you use on the cyber store or give it to me in discord?

    • @CosmodiumCS
      @CosmodiumCS  ปีที่แล้ว

      My bad, totally forgot. Just added it!

  • @МойТ-ю2р
    @МойТ-ю2р 3 หลายเดือนก่อน

    Execute fake genuine valid process