Also, "LS" is a valid powershell command, it's just an alias for get-childitem. But when you're running powershell in a Linux machine, you don't have all the same functionality. Probably why it wasn't working. Should have done a replace "LS" to "GCI"
hello jhon, i just want to say thank you for all your suggestions and insights around IT security. although i am far behind your skills i like watching your videos because you explain each of your steps in the approach as well. You would definitely be a good teacher!. Best regards and keep up the good work!
I'm a web dev, I love watching your videos even if I'm a noob in cyber sec, cool af, keep it up! I love this challenges btw, they are so cool to understand some notions/basics
Have really enjoyed several of your videos lately. Have answered quite a few of my own questions brought about by my general ineptitude... Mostly from not having touch code in the 11 years since I got my CS degree... Thanks!
Hi John, so I had a couple questions that I thought maybe you could clarify for me. I am currently working on getting into Pentesting/Malware hunting. I have been working as a SOC Analyst for the last 4years but trying to expand my horizon. 1. Did you learn programming languages before getting into this type of work? If so, which ones? As I noticed you tore apart Visual Basic pretty easily and ran through Python well. Not only that you knew what variables to change from VB to Python example & to + and _ to /. 2. What were the reasons for re-naming all the variables as you did in the VB script? 3. I assume you know Regex & PoweShell as well right? I have a lot to learn lol Thanks for the great videos you put out!!
I’ve looked at something similar to this in the past. I opened it up in developer mode in word and noticed it needed a password. I then put it into a hex editor and edited it to allow me in without a password (you only have to replace three characters but I can’t remember what they are at the moment). After that you can edit the code to print out the programs output instead of running it and you’re done
John could you please do some pwn and hardware category challenges? It would be awesome 🙏 Btw, I really love your videos, they have taught me so much! Keep this great work up! 💪
Is Linux the main OS you use ? In virtual box, you install two operating systems ? It's an interesting and inspiring video. Years ago, I've tried a similar challenge created by a hacker community in Indonesia, but it's much simpler than what you show in this video. Thanks for sharing.
No experience with powershell, but can't you just redeclare/replace the IEX function with your own? I would assume you could but I also wouldn't be surprised if they just didn't let you redeclare a "foundational" part of their libs
Absolutely possible. Here's the syntax so that rather than executing the strings it would print them. Set-Alias -Name IEX -Value Write-Host Of course that just changes the "IEX" alias, so if they wrote out Invoke-Expression in full or the payload is something unrelated like Invoke-WebRequest then you're still pwned. If you're working on something more trustworthy, most experienced users write functions with -whatif support. Disclaimer: It's not guaranteed that all scripts will have this parameter, certainly not in malware, and it doesn't cascade down nested functions unless also implemented in those lower levels.
Wow. That is a very old stuff... macros. Did not know people still uses that. It is normally flagged when ran right. weird if they just agreed to run it.
So much knowledge in that brain🙇
Its almost scary 👀
As always, this was very helpful and interesting to see how thing can be deconstructed. Thanks John!!
Also, "LS" is a valid powershell command, it's just an alias for get-childitem. But when you're running powershell in a Linux machine, you don't have all the same functionality. Probably why it wasn't working. Should have done a replace "LS" to "GCI"
hello jhon, i just want to say thank you for all your suggestions and insights around IT security. although i am far behind your skills i like watching your videos because you explain each of your steps in the approach as well. You would definitely be a good teacher!. Best regards and keep up the good work!
You deserve more views dude. Your content is awesome
"The Surgeon" - that's what you are, good sir.
Anyone else see that the IP address at 13:40 is invalid? Lol
I'm a web dev, I love watching your videos even if I'm a noob in cyber sec, cool af, keep it up! I love this challenges btw, they are so cool to understand some notions/basics
About utf-16, you can use iconv to convert it to utf8. Like so: base64 -d | iconv -f utf16 -t utf8 or something like that
Omg !! This is unbelievable !! Thnks
I like your videos man, it's amazing to see how broad the IT world really is!
Ah I think oledump helps in outputting the vb scripts olevba detects!
Don’t you just love john for content like this ?
Have really enjoyed several of your videos lately. Have answered quite a few of my own questions brought about by my general ineptitude... Mostly from not having touch code in the 11 years since I got my CS degree... Thanks!
📂Documents
└📁Videos
└📁 John Hammond
└📁 Bad Videos
└⚠️ This folder is empty
Congratulations for the first person completing osed. Awesome content😍😍
John never would need windows VM 😃, nice video.. thanks for sharing
Thank you!
outro is just a banger
Hi John, so I had a couple questions that I thought maybe you could clarify for me. I am currently working on getting into Pentesting/Malware hunting. I have been working as a SOC Analyst for the last 4years but trying to expand my horizon. 1. Did you learn programming languages before getting into this type of work? If so, which ones? As I noticed you tore apart Visual Basic pretty easily and ran through Python well. Not only that you knew what variables to change from VB to Python example & to + and _ to /. 2. What were the reasons for re-naming all the variables as you did in the VB script? 3. I assume you know Regex & PoweShell as well right? I have a lot to learn lol Thanks for the great videos you put out!!
13:42 isn't a bit weird that IP address?🤣🤣🤣🤣🤣
Probably deliberately invalid in case someone accidently runs the code.
I’ve looked at something similar to this in the past. I opened it up in developer mode in word and noticed it needed a password. I then put it into a hex editor and edited it to allow me in without a password (you only have to replace three characters but I can’t remember what they are at the moment). After that you can edit the code to print out the programs output instead of running it and you’re done
Cool to see another way to do it though
You are soo smart man!
John could you please do some pwn and hardware category challenges? It would be awesome 🙏
Btw, I really love your videos, they have taught me so much! Keep this great work up! 💪
Almighty Algo stuff!!!!
Is Linux the main OS you use ? In virtual box, you install two operating systems ?
It's an interesting and inspiring video. Years ago, I've tried a similar challenge created by a hacker community in Indonesia, but it's much simpler than what you show in this video.
Thanks for sharing.
i am very confused please help me ...... does buffer overflow, heap overflow etc exists in android apps and ios apps
I would love to know what should i start learning before going to this level of awesomeness.
Love this! Awesome video. :)
Hey John amazing content as always! Even tho I am running late these days
can android apps and ios apps can be exploitable with overflows , not kernal only apps ? i newb so forgive if this is a stupid question 🙂
🖤🖤🖤🖤🖤🖤🖤🖤
No experience with powershell, but can't you just redeclare/replace the IEX function with your own? I would assume you could but I also wouldn't be surprised if they just didn't let you redeclare a "foundational" part of their libs
Absolutely possible. Here's the syntax so that rather than executing the strings it would print them.
Set-Alias -Name IEX -Value Write-Host
Of course that just changes the "IEX" alias, so if they wrote out Invoke-Expression in full or the payload is something unrelated like Invoke-WebRequest then you're still pwned.
If you're working on something more trustworthy, most experienced users write functions with -whatif support.
Disclaimer: It's not guaranteed that all scripts will have this parameter, certainly not in malware, and it doesn't cascade down nested functions unless also implemented in those lower levels.
Which song is played in the end of his videos?
Fearless pt.II by Lost Sky
Ip shown at 13.39 is not a valid IP address.
The 'top' file (cls extension) is a 'class module', while the bottom (bas extension) was a regular module.
hey so im having trouble deciding an os I know i am going to run a kde plasma display but im not sure what distro anny suggestions :)
Kububtu. Distro barely matters, you just want decent support and a package manager you're familiar with
OSEP Stuff 😍. Loved the video!
Thanks for this, it was really interesting.
Wait, when did you summit the flag?
Hi John keep up and Thanks u
thanks again John. love the reverse eng videos
You wasy fist master in this cibersecurity road. :')
Video idea: reversing wannacry
What is power-shell?
Maybe you can say a pro mode of CMD
cmd , but with more features basically
Wow. That is a very old stuff... macros. Did not know people still uses that. It is normally flagged when ran right. weird if they just agreed to run it.
Greetings from the Great White North! Love the videos John!
Did tha IP really say 196.2333.x.x?? lol...might be a decoder error i guess. if not i guess this malware just never worked xD
This is why you never use MS Word.
Log out pass golbari
what i learn after python to become a CEH
I'm looking for a life partner...any pretty woman out there ☺️