DID YOU KNOW that (obviously intentionally) placing a TYPO within the first THREE seconds of your video helps increase audience engagement and boosts your videos in the algorithm?????/// Please do take a look at all of the sweet stuff that HTB Academy's Certified Penetration Testing Specialist has to offer!! j-h.io/htb-cpts
The inspiration and "try harder" attitude to create Villain came from the video you made about hoaxshell. For that reason, as well as your remarkable effort to educate people in IT/Cybersec for a decade now, I dedicate Villain to you. Thank you🙏
i love you sir but one question how did you learn writing your own script can you start a series on this i have asked this to john hammond sir but he didn't respond to that at all so i want you to do it sir it will be really great for the people like me.
Definitely love the multiplayer aspect, much like cobalt strike's team server concept. Very useful for actual red team engagements where there's multiple operators.
A dude said in a previous vid of your "John doesn't need fancy thumbnails, has face does it all" and yeah it really does, man! Keep putting nice content 🙂, coool tool. That OTP thing is the coolest one. You haven't done any writeups lately though ;) + Video is nice enough, editing, music. If possible plz share pc specs the one which is running 1 host + 4 vms without any lag.
Appreciate the feedback, thank you! We're experimenting with some of those new flashy video effects and thought we would test the water with the audio visualizer around the face cam. I had a thought it might be too distracting from the content, but wanted to try it in the wild. We will think on it and see if we can scheme up some other nice quality-of-life touches!
Sadly your videos alerted Microsoft to Defender's issue of missing this. Sooooooooo... now Defender catches this and Hoaxshell, even with obfuscation. Bummer.
Thank you very much for showcasing that. Tbh I have actually really been looking for a framework like that to when ever I play ctf's ( specially if I ever are going to attend where its teams agenst teams ) so its great to have it in my tools folder
Regards from Dominican Republic 🇩🇴. I think your channel is pretty cool and I've learned a lot since I found this Channel, I was stuck with the Reverse Shell thing, but thanks to you I got out of that corner, brother. THANK YOU!.
the small differences in this video like the sound track used and the "waves shennanigans on John's head" at the bottom right corner is kinda slick though 👌
Hey John.. I am back ! And that voice interactive background that you have on your thumb during the video... Does sell the HTB theme.. And hey.. Another C2 framework to the arsenal... Pretty cool..
Hi Mr.John i have tested the tool(Villain) the code is executed smoothly ,but unable to get shell and i have tested in multiple win10 machines using obfuscate,encode and constraint_mode . I'll waiting for response.
Thanks John for the Education but I am afraid of that someone of this community would use this for bad things. I am not very sure how dangerous it would be using it on an enterprise network landscape by sending an inconspicuous attachment to an victim email-address ?
That looks really interesting. Question: let's say I generate a linux payload and put it on my (remote) laptop; will it automatically connect if I start my local Villain _after_ that remote machine has run its crontab? Or would it be sufficient to run it every 5 (or so) minutes on the remote machine, so once I start my local Villain, it will take 4:59 secs max to connect (in that case, will the remote machine's crontab kill any active sessions once the payload runs again??)?
Thank you very much 🙏My S14 Flip laptop. I was working and left it for a few minutes. When I came back, I was surprised to be asked for a new PIN code and that the old one was disabled and could not be accessed (explorer.exe - System Error). The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application) I felt frustrated and spent 9 hours trying to solve the problem, but the problem was not solved, and I do not know what is the reason for this problem. By the way, it is a completely new laptop that has been in service for only 4 months, an Asus S14Flip Ryzen 5600 laptop, a Radeon card, and RAM. 8 JB and its performance was very slow when browsing websites, but I noticed that sometimes its temperature increased.
The thumbnail faces are getting out of hand. Does it hurt your face muscles? I like to imagine the process of people posing for the thumbnail. Seems funny. The algorithm must be hard to please.
Hey I don’t wanna sound stupid, but I can’t copy between my Kali vm and my Ubuntu vm? When I’ve got only one vm open the guest isolation can copy and paste but when there’s more then one I can’t?
yet againsame what we have. victim need launch it/install app/click. are yoiu sure there no admin backdoor LOL no mention bout macos mayby develeper use mac LOL
Hello who can help me. They ask me for a reverse shell, two devices that are in different places, that cross the WAN, does this work? Someone to help me
John from another John...you are a legend. Coming from and education and training background to cyber warfare now a security researcher. You encompass everything good in our industry. Keep it up! See you around!
Hey , I'm learning cyber warfare at the moment, but need some good software as I was helping a young mum getting bullied and was raped , so said I'll sort it out and protect your network till hes moves on , well he payed few different hackers , and they was good , 3 atack me from different countries, not sure if they new each other, but it took 3 days 2 hours sleep they burt out 4 laptop 3 pc towers , my 9 year old boys plug the earth burnt where it burst the plug like it was cheap plastic, I'm still with nothing but my phone, they got everything cloud haswell, so I lost everything's, and was going to give up, but seeing your comment, the only one in 7 years , so hi there and sorry for asking but my eyes lit up 🤝
@@_ismail8880 I did! I missed one flag but for the bonus points so 100/110 points. The course material is on point and is perfect to prepare your for the exam content.
This tutorial is all well and good, but how does one get a potential target to practically click on a payload? I seriously dought some rando layperson is going to go into powershell/cmd and copy/paste that long ass command line into it on their own volition lol.
Hi there, Unfortunately it's not working for me (anymore???). Whatever I try, obfuscate, encode... I always get the message at the powershell window: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This script contains malicious content and has been blocked by your antivirus software. + CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException + FullyQualifiedErrorId : ScriptContainedMaliciousContent This is for both Win 10 Pro and Win 11 Pro with Defender only. Windows Defender protection history says: "Detected: VirTool:PowerShell/Xoashell.F" and Affected Items: amsi: \Device\HarddiskVolume2\Windows\System32\WindowsPowerShell\v1.0\powershell.exe :(
Generating connectivity between two endpoints on a private network seems to be the dominant theme on RU-vid. Educational and informative, but how about showing how any of the tools work over the Internet, with firewalls and the usual network basic security practices in place?
Just saw a talk about hoaxshell on which a penetrationtester was hyping it up so much only to not work anymore after two days because everyone burned the signature haha. So interesting to see the new shell framework. Lets see for how long its working on engagements :D
I'm assuming it's pronounced "tuh-lem-ah-kiss" and he's named himself after the son of Odysseus, Telemachus, whose name means 'far-fighter'. Sweet tool though. Fairly nasty.
Amzing learning videos Can please upload about Andriod 11 SDK payload that can live recorder camera and voice with screen sharing abilities with bypass playstore security
This is cool, but relying on "curl" all the time? Would be awesome to have different revshell payloads relying on different programs. I've hit several machines where "curl" or "wget" wasn't available, mostly if running on a container environment. Awesome work t3l3machus and John!
hello John thanks for this amazing video as always. i tried this villain but when i tried to open it i got required argument PAYLOAD not supplied any help
Hopefully constructive feedback: I really really dislike the audio vu meter. I can't follow the text on screen with my eye constantly drawn to the bright movey-animatey-thing. May not apply to everyone, but I have a much harder time watching with it.
i been using this for a week so far .. i have tested it on many OS versions ,windows 7 - 10 -11 / linux ,always bypass any fiirewall/defender never let me down ,the good thing that i can get multiple reverse shell just in one click ,without having to setup a new listener for each reverse shell payload ... thats really amazing tool
what did u do at the cut at 4:49 im struggling to figure it out ive tried everything can anyone help it says module 'Crypto' not found so i checked the crypto file and the c is lowercase but doesnt let me change it to uppercase as it says file location was moved????