Malware Analysis #3 - A Malicious YouTube Video with over 300,000 Views

แชร์
ฝัง
  • เผยแพร่เมื่อ 23 ธ.ค. 2024

ความคิดเห็น •

  • @johnxina1681
    @johnxina1681 2 หลายเดือนก่อน +4

    need to learn about breakpoints myself someday

    • @RyanWeil-r1n
      @RyanWeil-r1n  2 หลายเดือนก่อน

      I hope i gave an understandable explanation of why I used a hardware breakpoint. Let me know if there was anything you didn’t understand

    • @RyanWeil-r1n
      @RyanWeil-r1n  2 หลายเดือนก่อน

      Basically, if you are decrypting some bytes that are going to be executed and you put a normal breakpoint on those bytes intending to be hit once the instruction pointer is there, it will end up decrypting incorrectly since what a software breakpoint does is it injects an int3 instruction behind the scenes. So you are actually temporarily changing the content of whats there. So when it goes to decrypt, its going to try and decrypt the changed instruction and will decrypt to the wrong value.

  • @Eikenv1
    @Eikenv1 2 หลายเดือนก่อน +10

    Just came across this. I like the uncut raw type of videos with no music. I dont know much about reverse engineering but it looks hella interesting

  • @MiyazakisPVPexperience
    @MiyazakisPVPexperience 2 หลายเดือนก่อน +1

    this is such a great video, I kind of wish I understood the logic behind all the steps you take when debugging lmao, but I guess that comes with time. I'm very new to this

  • @wittingsun7856
    @wittingsun7856 2 หลายเดือนก่อน +4

    This guy needs to create a malware course and get big money from it

    • @RyanWeil-r1n
      @RyanWeil-r1n  2 หลายเดือนก่อน +1

      Haha that would be a dream

    • @wittingsun7856
      @wittingsun7856 2 หลายเดือนก่อน +2

      @@RyanWeil-r1n make it true then, I'm ready to pay 🤓

  • @alexandercharles8230
    @alexandercharles8230 2 หลายเดือนก่อน +2

    God bless you and your work buddy! I learned alot from your videos.

  • @Cameron-ex1ed
    @Cameron-ex1ed 2 หลายเดือนก่อน +2

    Watching you dance between IDA and x64/32 dbg was glorious. How would you recommend someone improve their skills and abilities within mal analysis/rev engineering? Do you have any good resources/samples/trainings you'd recommend?

    • @RyanWeil-r1n
      @RyanWeil-r1n  2 หลายเดือนก่อน +1

      Thanks for the kind words!
      For me, it was starting off with more 'basic' samples without any sort of obfuscation other than normal packing as well as learning the methods the malware authors use to inject code (Process Hollowing, CreateRemoteThread Injection, etc) **and actually writing my own PoC in C so I get an understanding of what's happening as opposed to just learning about it without actually knowing it in-depth**. People are good at hearing about something and just repeating what they hear, but to actually write the thing yourself and understand each step helps a ton.
      It's a bit more difficult to find simple packed samples nowadays than it used to be, I'll have to one day go find some good beginner ones and maybe make a video on them.

    • @Cameron-ex1ed
      @Cameron-ex1ed 2 หลายเดือนก่อน +1

      ​@@RyanWeil-r1n That's actually some great advice, thank you sir! I would definitely be interested to watch something like that :)

  • @ericwood3709
    @ericwood3709 2 หลายเดือนก่อน +2

    If people want free Photoshop, they should just get GIMP. Free and open, works on Mac, Linux and Windows. Very powerful.

  • @DartrIxBTD
    @DartrIxBTD 2 หลายเดือนก่อน +1

    Awesome video dude! I learned alot

  • @TalsonHacks
    @TalsonHacks 2 หลายเดือนก่อน +1

    Amazing video, good work! Hopefully YT will start taking action against these channels...

  • @groog
    @groog 2 หลายเดือนก่อน +2

    your channel reminds me of eric parker

    • @RyanWeil-r1n
      @RyanWeil-r1n  2 หลายเดือนก่อน +1

      I'd like to think I'm more technical than him :D

  • @vipetherap2722
    @vipetherap2722 2 หลายเดือนก่อน +1

    Last time I messed with debugging was on Windows XP with OllyDBG so it's been a while. I mainly learned how to get around file packers at the time and didn't learn a lot of basics of assembly that I probably should have but it was mainly for fun anyways. The x64 debugger you're using looks very similar to OllyDBG with a lot more features/fixes/updates I'm sure. The more complex obfuscation techniques used by viruses like this one I couldn't wrap my head around years ago due to lack of knowledge of assembly etc. Does Ghidra come in handy or does IDA do a good enough job that it's not necessary to use?

    • @RyanWeil-r1n
      @RyanWeil-r1n  2 หลายเดือนก่อน

      IDA is better than GHIDRA (in my opinion at least) and the debugger I am using is x64dbg which is the standard nowadays (and objectively WAY better than Ollydbg). I was remembering being a kid trying to use ollydbg on XP as well and having no clue what I was doing 😃.

  • @Lukewalker103
    @Lukewalker103 2 หลายเดือนก่อน +4

    Nice video! Dude🌹🤌

    • @bendover7988
      @bendover7988 2 หลายเดือนก่อน

      Thats what i was thinking

    • @RyanWeil-r1n
      @RyanWeil-r1n  2 หลายเดือนก่อน

      Thank you!

    • @Lukewalker103
      @Lukewalker103 วันที่ผ่านมา

      @@RyanWeil-r1nRyan how can l contact you If it’s possible?

  • @kylec.5476
    @kylec.5476 2 หลายเดือนก่อน +1

    What keyboard are you using?

    • @RyanWeil-r1n
      @RyanWeil-r1n  2 หลายเดือนก่อน +1

      G413 Carbon

  • @kramnecknerf
    @kramnecknerf 2 หลายเดือนก่อน +3

    Interesting but next time please sound +40dB

    • @RyanWeil-r1n
      @RyanWeil-r1n  2 หลายเดือนก่อน +3

      Promise I’ll find a solution to the microphone issue next video :)

    • @vilvd3934
      @vilvd3934 2 หลายเดือนก่อน

      ​@@RyanWeil-r1n+15 db gain on the whole vid shoukd be good

    • @RyanWeil-r1n
      @RyanWeil-r1n  2 หลายเดือนก่อน

      @@vilvd3934 Do the audio levels sound stable to you? I don't want to increase it entirely by +15 if there are peaks and valleys and have the audio peaks destroy your ears instead :D. I am going to look into borrowing a better microphone tonight