Basic Linux Memory Forensics - Dumping Memory and Files with DD - Analyzing Metttle/Meterpreter

I feel like we've been getting more uploads than usual from you and its great! It's crazy to think I've learned much of what I know about offensive security from your videos. Now I'm OSCP certified and working towards OSWE and OSED. Can't thank you enough for the content!

Awesome explanation like always. I‘d love to see a deep-dive assembly with reversing malware from you.
Keep things up ipp!

This was super informative, with quick and spot on explanations without any unnecessary «fill» content👍🏼👍🏼👍🏼

I was just reading your reply on Liveoverflow's comment about not going technical. By the way Happy April Fool.☺️
Watching the video now..

the way you explain things is truly amazing ! can't get enough of your content

Awesome to see some new content from you my man! Please keep it up, much appreciated!

Thanks for that . Please continue with this type of content !! ❤️❤️

Thank you ippsec, you are the best. Keep uploads videos that can teach us

As always, just awesome content.

This was great, love it!

It's really very interesting, thank you IppSec.

Amazing!
Thank you!

great explanation

It's reminds me "Mr robot".
You always gem 💎❤️

Awesome video.

Good job we enjoying your vedio

hi sir why when i dumping memory and files always just get dump file with size 1 MB to 1.5 MB, but the original size file is more than 15 MB, do you know how to fix it sir?
here is my command:
dd if=/proc/pid/mem of=/temp/dump bs=1 count=dumpSize skip=StartAddress

Ports are 16 bits, and 4433 decimal works out to 1151. As x86 uses little endian, this will show up as 5111. So, the dword that you found was, in fact, the port for sys_socketcall().

Nice!

Thanks

Ohhh nicceee ❤️

Hello, ippsec can you provide me the flag that you used to reduce go file size while compiling ?

That was very nice forensics. From the video I gathered it was a 'malicious actor'? Maybe I am wrong and someone just left it there, didn't watch the stream :(
I am wondering though, what generally happens to people who put malware like this on certain HTB machines? Because I know you can track the IP to the account. I am asking because this might not be only scenario. Like what happens to people who actively try to hack another user. Not an "accident" or a bump during live machines.

4:00 ELF is a windows executeable? I thought ELF is for unix based systems and PE is the windows executable format?

Hey ipp,
For 21:18 part, the port and AF_INET are both taking 2 bytes:
The port is echo $((0x5111)) => 20753 and AF_INET=2 , you can check it in 14:47.
Awesome content as always, thanks alot for it, we learn everyday from you =)

So it is running even after removing the executable ? what about after rebooting a system, will still be working ?

What gdb config is that? Mine is seemingly boring compared to yours :(

Brother, please make a video on how to install dvwa on ubuntu

Who else likes how he uses legend of zelda related names in some of his VMs?

wow