@@garethevans9789 Pentesting tools are released open source because not only is open source more effective, but it makes sure that the developers are not potentially profiting off of malicious actors, intentionally or not.
I love how they went through six stages of obsfuscation, and a lot of effort into hiding what they were doing.... but their payload was literally called "Attack.jpg" like surely they could have named it something at least slightly less blatant.
Perhaps they didn't care to hide it at that point? I know that obfuscation helps to counter analysts, but when the code is downloading data from a URL, then I suppose it wouldn't've been worth their effort to obscure the name of the download. Then again, they could've made a second download with totally unnecessary data. Either way - this thing is bad (for you)! xD
But then he would have been on 8-12 screens and typed those 200k characters (hacking is typing fast), it's all hard to follow. It would be like watching the Matrix.
This style of video really helps me with my start in forensics and malware analysis. I love liveoverflow and other CTF summary channels but they often feel like magic in the way they present their findings. Keep up the great work :3
the evolving of rat is so amazing, i remember in late 90's where sub7, netbus and back orifice was so popular and inspired me into hacking. IRC was the channel to go to before and dial up is your connection.
John, as you are very good, you should stand this comment: In Powershell a "split (..)" is a regular expression splitten in string in portione of two characters, ie "4142" becomes "41", "42", in Hex AB
I've taken apart stuff like this (when I worked in large enterprise) but the samples were rarely more than 3-4 levels deep. This actually looks a lot more like a challenge you'd get at a CTF competition _(perhaps they're getting ideas from each other)_ ?
Whatever that quality is that great teachers have, you have it. Never change the format of your videos. I love seeing you troubleshoot and reason through everything live.
I'm just finding this channel and its quickly becoming my favorite content. Im fascinated with all of this. Really inspires me to get started with basic coding to get my feet wet.
Where have you been all my CS degree? This is awesome watching this stuff in action as you do it. I love the content! Definitely going to keep watching!
Dude you are simply awesome...it's so enriching for all of your viewers to see your hard work and all your skills, and the best of all is that we can see you enjoying so we enjoy and learn too. Regards from Spain!
Great video, I love this series. Also special thanks for zooming in this much, watching code-related stuff on phone is usually a pain, but not in your case. Keep up the good work!
I was watching some scam baiting videos and also doing some deep dives into RATs and just... CyberSec/CompSci things in general and found this video. I'm glad I bumped into your channel. Really good stuff you have going on here
Damn, I just watched over an hour of stuff I have no clue of and I still feel educated and entertained. It even kinda makes sense, when you talk about it and explain some stuff. Thank you very much! :)
John: releases a video with malware analysis Me after watching a video: *Lemme check real quick whether notepad.exe is running in the background or not in Task Manager*
@@Reelix I didn't even mention an OS? I am aware that Linux isn't perfect as so with every software product (opensource or not). The worst thing you can do to your security is to be over confident in your defense.
Loved the video! Can you share where or how you are picking your samples to analyze? In addition, for future videos can you post the hashes so if we want to follow along we have the option?
I love these malware analysis videos. You break stuff down to a fairly easy to understand level for most technical people. I'm just getting into cyber security and I'm really enjoying your content, thank you.
It's actually not a bad way to learn, at least starting out - if you're interested. I have a background in software engineering, but I only understand maybe 75% of what's going on.
Amazing stuff. Learned a lot from this video. I have a question: how did you come across this script? Did someone give it to you? Anything like that? Loving these malware analysis videos, John. Keep 'em coming!
I just want to know how it’s humanly possible to obtain the level of programming and CS knowledge needed to be capable of doing what he does in this video
Actually, not too much. Deobfuscating such stuff is not very complicated, but he is still doing a good job. But tbh .. most parts could be much faster by debugging functions step by step instead of trying to deobfuscating every var and func.
Totally enjoyed the video. It was an absolute rollercoaster ride. I love the way you present and explain the details in all your videos. And also none of your videos ever seem to be monotonous even when we are dealing with such mind boggling stuff because of the way you laugh and get excited when you crack/deobfuscate a piece of code. 😁 Thank you so much for taking the effort and sharing the awesome work😊
I honestly never appreciated Search and Replace until today. Everything is so clear now! 19:35 One learns more every day 33:44 What the hell this is hilarious 44:00 I hope you saved 56:13 I judt read a Online Keylogger Started so I guess yes 1:01:52 Oh so test hacks? Was this retrofitted to be malicious or you just were smart? 1:03:08 Imagine if Jim's Scammers used this crap. My god 1:10:00 Fresh off the oven and unobfudcated
You make easy to understand videos as you break things down. i really enjoy them. I have a vague understanding of coding and the way you work is easy to follow.
59:06 love how scrolls past when looking at string in the executable "Offline Keylogger Started" "Online Keylogger Started" "Online Keylogger Stopped" "Offline Keylogger Stopped" Yes John sees the key strokes and is like, "is this doing keylogging?"
Thanks Peter, I wanted to comment also on this. COVID-19 after the temporary name “2019-nCoV”. In mid-February it was also known in many countries (including Germany ... Trend Micro), the WHO had warned (January 30, 2020). Unfortunately, it wasn't taken very seriously. We all know what happened next ... see also: www.euro.who.int/en/health-topics/health-emergencies/coronavirus-covid-19/novel-coronavirus-2019-ncov
You can also Ctrl+Scroll Wheel to zoom into notepad Edit: I watched the whole thing and I really had fun, really interesting and high quality Your circlular camera mask and your energy break reminded me of networkchuck and his coffee break xD You got a new subscriber :)
As a prospective sw engineer, at ~54:00 that obfuscated spaghetti mess made me never want to be a malware analyst 🤣😂🤣 glad to have people with your mettle in this world