Information Stealer - Malware Analysis (PowerShell to .NET)

Подписаться 1,9 млн

Просмотров 53 тыс.

50% 1

If you would like to support the channel and I, check out Kite! Kite is a coding assistant that helps you code faster, on any IDE offer smart completions and documentation. www.kite.com/g... (disclaimer, affiliate link) Come play the June 22nd GuidePoint Security CTF! www.guidepoint...
For more content, subscribe on Twitch! / johnhammond010
If you would like to support me, please like, comment & subscribe, and check me out on Patreon: / johnhammond010
PayPal: paypal.me/john...
E-mail: johnhammond010@gmail.com
Discord: johnhammond.or...
Twitter: / _johnhammond
GitHub: github.com/Joh...

Опубликовано:

15 окт 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 99

@Wastelander1972 3 года назад

Thank you for this, John. My EDR detected this at a client’s endpoint. Thanks for your help.

@Oeoaea 3 года назад

finally some malware analysis

@stevenspring9889 3 года назад

yes Im so excited, i am a system admin in my day, and I wouldn't change that for almost anything, malware analysis would be one of those things

@nikolas8741 3 года назад

a' s' s' comm

@NathanChambers 3 года назад

When you were trying the login page, it wasn't 'login?' it was '/j/login?' the subdirectory you missed was probably important :)

@arvydasgasparavicius7231 3 года назад

damn so easy to miss something out.

@noni9639 3 года назад

Yeah, this version called Jupyter so its /j/login John should have tried /m/login because his version was called Mars. No Dirbuster needed :D

@MsJoeshmoo 3 года назад

Kudos to Lenny for developing Remnux to enable malware profiling.

@MrFontaineInc 3 года назад

Love it!!!! It's nice to see the methodology in real time and to see some of the tools I practice with in action.

@viv_2489 3 года назад

There are people who grab knowledge and then there are people like John Hammond who share knowledge to grab knowledge and serve the community...

@duncan3144 Год назад

Great video. I enjoy your analysis of these programs. I am currently analyzing the happy99 worm.

@GiFiGinaisCZ 3 года назад

"NO! TAKE ME BACK, I DIDN'T MEAN IT!" 🤣🤣 That's why I love watching your videos

@megaman75100 3 года назад

Awsome Video, watched alot of your work and the indepth explaination (which i'm sure you do often) was particularly helpful in explaining, to a novice like me, your process and thinking on this one. Love the content 👍

@AlexMerlin1985 3 года назад

Just like in the movie/tv series "The Net": Look, a virus! Hmm, let's see what makes it tick :)

@TataruTaru 3 года назад

Doesn’t free Any Run only go for 60 seconds, so if the script takes longer, any run stops before it ends?

@tizzfizzz335 3 года назад

you can add 60 seconds at a time

@originalgaming9062 3 года назад

You can add time but it maxes at 5 minutes I think

@awesomesauce804 3 года назад

I would absolutely run gobuster against that IP :) No questions asked.

@gameglitcher 3 года назад

Wonder how many traffic watchers noticed encrypted traffic being sent through port 80 >.>

@FaZekiller-qe3uf 2 года назад

seems to be an index page for that ip now 🤔

@AlexElement 3 года назад

Yeah, outro music is dope!!! Nice analysis John! hope one day I'll reach some of your knowledge. Keep up!

@houdaifachirifi3821 3 года назад

Can you do malware analysis for the noEscape.exe

@ROOTDNB 3 года назад

Guys do you know? Is it illegal to run dirbuster on a foreign IP address? :D Just curious

@JmbFountain 3 года назад

Depends on your local jurisdiction

@itsnee 3 года назад

the youtube algorithm thing john told me to do!!

@Gabbasuperhero 3 года назад

It works better if you add words from the title to the comment too... I AM HAX!

@3xpl0i79 3 года назад

Can a Student participate in the GuidePoint security Ctf because there is Input box for Job Title ?

@_JohnHammond 3 года назад

Absolutely, you can put "Student" :) The game is open to anyone!

@3xpl0i79 3 года назад

Okayy Thank you : )

@robinhood3841 3 года назад

Participating in ctf offer you jobs? 🤔🤔

@Gabbasuperhero 3 года назад

@@_JohnHammond I'm still really green, I'm working on my net+, do you think I could pull something from it or not jump the gun

@logsentinel9131 3 года назад

Great video! Thanks for the REMnux link :)

@kate34101 2 года назад

This is my first time following along. I was given a sha-256 hash to look up for a job application and it led to a newer version of yellow cockatoo. From what I see, it looks pretty similar to what is being reverse engineered here. When I do a trid on stage2.dll it identifies an executable but not a .net. I still tried to put it in ILSpy but I'm kind of lost. Anyone know if it doesn't show as .NET assembly in trid/file it won't work in ILSpy. Also, anyone have any good noob documentation for using ILSpycmd?

@stijnvanstrijen9285 3 года назад

Waiting for the next video!

@ANTGPRO 3 года назад

Did you learn python3 or not? :D

@spencer2069 3 года назад

You can add time up to 4-5 min for free in any run

@Maybehassanawad 3 года назад

FINALLY, Some good malware videos

@tortotifa5287 3 года назад

John it's time to write a PS beautifier!!

@jackjoshlin8030 3 года назад

Thanks for the dive into it. please do more!

@SB-nd6kn 3 года назад

Thanks mate, I really appreciate your work and how you do it!

@yasiraslaam 3 года назад

This hair cut suits you John, Keep it

@willievandermerwe907 3 года назад

Great content, awesome presentation had a blast watching the video - Thanks John!

@alisufyan6784 3 года назад

why you dont use Kali?

@vladdrugal6580 3 года назад

So I have been trying to get into your discord, but it tells me that it can't be reached. So I am wondering if this is one of those test things to see if you can find the link hidden somewhere in the HTML and I kinda just want to verify that before I go digging around in John's website to try and find a hidden discord link.

@shitcoder6326 3 года назад

John is in full mood. Laughed really hard watching this. xD

@hassigerschweizer1098 3 года назад

hi John, Love your Channel. Can you do something about Stuxnet? Would be amazing!

@christophertharp7763 3 года назад

thanks john, love the vids.

@retfede 3 года назад

Awesome malware analysis. It’s just a bit advance for me though 😅 could you do some more of this but for newbies? Awesome work as always 👏

@louisrobitaille5810 3 года назад

I don't think it can be made for newbies as malwares usually try to hide their stuff to avoid being discovered even by people who know their stuff. Maybe learning powershell's basics and watching more of his videos would help you?

@retfede 3 года назад

@@louisrobitaille5810 yeah I realized that as soon as I made the comment but didn’t want to delete it 😅 but yeah you’re right and I’m doing that

@fordorth 3 года назад

Nerd lore... LOL... I figured that Deimos was one of the moons of Mars from the gate lol. Thanks for another great video!

@Mysticsam86 3 года назад

The outro was some awesome !!

@highlui4222 3 года назад

Anyone in the info and sec field have any tips on what certs to try to have before finishing college. I am currently working towards my associates degree and have only 2 semesters left but plan on taking an extra semester. Within this extra semester I want to try and get a cert in a comp language but not really sure which one just yet. TIA!

@CyroCoders 3 года назад

Hello john 🙋‍♂️!!! Big Fan... Stay Sweet...

@mozstro5904 3 года назад

Great content love these videos!

@bhagyalakshmi1053 Год назад

How to open all apps creation.

@gaboloquendero 3 года назад

Why is so commom to see base64? Is there any advantage to encoded that way?

@wavey1236 3 года назад

the main reason you see base64 a lot is its a common way to obfuscate ( make hard to read) code, as far as im aware, someone correct me if im wrong

@louisrobitaille5810 3 года назад

43:26 The descent into madness is nigh 👀😂.

@maakthon5551 2 года назад

Where can I get this ps file?

@edoardottt 3 года назад

Which Firefox extensions is he using? Anyone knows?

@bhagyalakshmi1053 Год назад

Canr 2+3+4?

@kryptux2463 2 года назад

Loving this malware analysis. More, give me more!!!!......... please haha

@brunosampaio8599 2 года назад

"What's happening computer 😑" 🤣

@gameglitcher 3 года назад

It's a me.. Brute force your I/O.

@b391i 3 года назад

Awesome as usual 😁👍

@ezmooj 3 года назад

very instresting

@bullittstarter4408 3 года назад

That was 👏

@nikolas8741 3 года назад

👏👏👏👏👏👏👏

@henry-yu2ju 3 года назад

amazing

@Cavemannnnnn 3 года назад

Loving the new haircut :)

@arivanhouten6343 3 года назад

Will Ass Comm be the new insider?

@CZghost 3 года назад

Hey guys. Here before the premiere :)

@stoique10 3 года назад

ive been looking for hours but i really didnt find who tf asked !!

@ChristopherBruns-o7o 5 месяцев назад

f# ? how does he reply to live chat even though he is not typing? 5:20 What does Basic from visual basic mean im here to leverage natural language while sacrificing security for load balancing. dont mind me. Seriously, how is he replying to chat while scripting. Is this pre recorded? 9:31 that was byte count for PII formatting? Why is tamil usually language of choice for hacking tutorials?

@0xp4ul 3 года назад

Hi John mame🔥

@logiciananimal 3 года назад

At face value it looks like Romanians borrowed something Russian and modified it. Of course nothing about attribution should be regarded as that simple.

@MaximusIA 3 года назад

Thank you

@LouisSerieusement 3 года назад

@bhagyalakshmi1053 Год назад

Cnn? files open master

@GStev-qf1zl Год назад

AnsiMF!!

@bhagyalakshmi1053 Год назад

Little better understanding for you are talking. You're not factorization . you have in the lod balance server files your not development there files comming. On lod balance attending.

@blinking_dodo 3 года назад

i hope that this isn't your main machine... Because one time i will be making malware specially for you to be fooled by... :p (I subbed and hit that bell after your bat obfuscation video, so no worries)

@ronin0x_ 11 месяцев назад

Joker😂

@JosephH Год назад

MORE MALAWARE

@rrkatamakata7874 3 года назад

hello there

@Explor1ngth3w0rld 3 года назад

🤴🤴🤴🤴🤴🤴🤴🤴🤴🖤🖤🖤🖤

@__theycallmeaadi3316 3 года назад

Tails ;) john sus

@IgnoreMyChan 3 года назад

Hey John, you're not the only one, but also you have severe mic popping issues. It's terrible to listen to on a audio installation with a sub-woofer or headphones. Please adjust your mic and/or filter lower frequencies.