How Hackers & Malware Spoof Processes 

Good breakdown, John. Assuming you haven't already made a similar video, it would be cool to see the flipside of this, which is how to evade being detected by malware. (VM detection, debugger evasion, etc). You could cover some of the different techniques that malware uses to know it's in a VM.

quite comprehensive, watched the whole vid and never got bored despite no actual xp with c. cool, thanks!

Very good stuff! I would love to see more malware techniques sharing, such as AV evasion or process hollowing (or process doppelganger), which is also kind of fun too. Thanks!

Hey John, just a small observation: The function Process32First() already populates the PROCESSENTRY32 struct with a process, so when you call Process32Next() you are effectively skipping the first process entry. I think it would be better to change it to a do-while so that the first process doesn't get skipped. Great video btw!

Great video. Super fun to follow, try, and learn. Thank you! 👍

Hi Hammond, Can you make a video about Scammer Payback How he does the hacking via anydesk

Bro! Thank you so much for all you do! 🙇🏼

Another banger, keep em' coming John!

Awesome video, thanks for the breakdown.

these videos are amazing please do more maldev videos these are your best videos in years

Hey, John thank you so much for this incredible video. And I was wondering if it's possible to write all the C++ code using Nim language. I've developed a great fondness for Nim's syntax, finding it incredibly user-friendly and easy to work with.

now THIS is the type of content I like!

Aha bring more malware stuff if possible loved this vid it would be awesome too see a vid on some kernal malware

"Does this make sense?" spilled my coffee, and yes, mostly it does :D

Hei. Little info for using VS. You can press ctrl + shift + space to view intelisence if it disappear while typing your parameter. Edit: Or any other time writing a variable

BANGER TYSM

Hi jh. Love ur code even if it breaks my brain (I'm a beginner)

You are a Giga Chad honestly love your vids !!

great video love it!

*WE NEED MOOOOOOOOOOOOORE MALDEV VIDEOS LIKE THIS PLEASE*

Oh i am in love with this

What are your top edr and av recommendations?

Does the technique illustrated required elevation? Also, is the code available somewhere?

Any recommendations to learn os and computer architecture? What resources can I use? Can you do some fundamentals tutorials on os and architecture and how it works! Thanks man

You're doing all this in a VM? This is on my list of things to learn deploy ect. I enjoy your videos BTW and that face when you asked if it made sense made me lol 😂😂

Dope, just as I got into maldev, Timing too perfect, I really suspect you're in my walls

You Are Fire Bro 🔥🔥 I Love Your Videos

I would pay to sit in a room and have this guy teach me

John make a video on wazuh ? Open source edr tool and it's awasome.

How come John doesn't have more than "just" 603K subs? Such a cool and knowledgeable guy. Keep up the great work buddy!!! 💪

I thought I knew things until I watched this video lol. Still a great video john

This thing is tough....damn you windows 32 api

"tricknique".. i like it.

If 'tricknique' isn't official tech-jargon, it should be.

I'm interested in that kind of stuff so that tech support scammers will get punished.

What should I learn to understand this code better?

more!

Let's be honest As L1 SOC Analyst You cannot detect these without the EDR alerting you This is honestly scares me as SOC Analyst

C code is so ugly when compared to c++... I think you want a do loop instead of a while loop here 8:40 because you're skipping the first process it found. You also most certainly want to return an error value, an std::expected or throw if your name is not found. Not returning from a function with a return value declared is UB. See stmt.return#2. Use "-Werror-return-type". If I were to do this, I would just return the entire process handle instead of just the ID.

I sent you an invite in linked in but you didn't respond

I wish every malware came with the file name of "evil.exe"

first comment

Bro course are costly, I honestly want to purchase but cannot afford such a costly course to be honest. Otherwise great content

Sup

Hmm, you're a good presenter John, but ... coder ... sorry, my friend. At least in a C/C++ sense. This is not Python, you need to close handles and release memory. Also after you call Process32First you are missing whatever it returned by calling Process32Next right away. Additionally, there are so many bugs in what you wrote I don't even know where to begin. But ... malware authors I guess don't care about memory leaks, hah?

very poor explanation, bro not everybody is a low level guru.

Why is your code SO BAD. Please stop nesting everything, there is literally no point in doing that

@john Sektor7 or Maldev academy?

You could have make it with NIM

Too fast and confusing unless Im stupid.

Hay Bro @_JohnHammond how we can open malware or viruses in our system to examine that like you . Also scary about got harmed so plzz guide ❤🎉🎉 Even u r professional but you didn't care about malware abusing nature Big Fan Bro 😎 ❤ Love from India 🇮🇳❤

Also, I am surprised you are using visual studio instead of your favorite sublime text. I could never get into sublime text. I am considering going into the neovim croud a la @ThePrimeagen

Sup