Malware's LAST Stand: SELF-DELETION

Подписаться 84 тыс.

Просмотров 53 тыс.

50% 1

#Malware #Development
Use code "CROW10" for 10% off your order when you checkout at Maldev Academy! maldevacademy.com/?ref=crow
⚠️ Disclaimer:
The information presented in this video is for educational purposes only. It is not intended to be used for illegal or malicious activities. The creator and any individuals involved in the production of this video are not responsible for any misuse of the information provided. It is the responsibility of the viewer to ensure that they comply with all relevant laws and regulations in their jurisdiction.
🤖 Based on:
/ 1350401461985955840
full credits to the author of this super cool technique: / jonaslyk
💖 Support My Work
/ cr0w
ko-fi.com/cr0ww
www.buymeacoffee.com/cr0w
Join this channel to get access to perks:
/ @crr0ww
🔖 My Socials:
/ discord
crows-nest.gitbook.io/
github.com/cr-0w
/ cr0ww_
❤️ Friends Mentioned:
x0reaxeax:
- github.com/x0reaxeax
- / @x0reaxeax
5pider:
- / c5pider
- github.com/Cracked5pider
- / @c5pider
🎵 Music/Videos Used:
Wizet, Nexon © Copyright Wizet, Nexon
• [Twitch safe] Animal C...
• Hiding Data Using NTFS...
• MGS V: The Phantom Pai...
• Mouse eating M&M’s wit...
• Metal Gear Rising Reve...
• PC Explosion Project: ...
• Chroma key "enemy spot...
Motion Graphics
Video used: • VJ LOOP NEON Colorful ...
RU-vid Channel: / @chillrelaxwithvisuale...
- stock images/videos: vecteezy.com, pexel
🌐 Websites Mentioned:
maldevacademy.com/
www.vergiliusproject.com/
www.geoffchappell.com/studies...
www.geoffchappell.com/studies...
www.sentinelone.com/blog/edr-...
www.sentinelone.com/blog/what...
usa.kaspersky.com/resource-ce...
/ what-edr-why-important...
The images and music used in this video are used under the principle of fair use for the purpose of criticism, comment, news reporting, teaching, scholarship, and research. I do not claim ownership of any of the images/music and they are used solely for the purpose of enhancing the content of the video. I respect the rights of the creators and owners of these images and will remove any image upon request by the rightful owner.
Copyright Disclaimer under section 107 of the Copyright Act of 1976, allowance is made for “fair use” for purposes such as criticism, comment, news reporting, teaching, scholarship, education, and research. Fair use is a use permitted by copyright statute that might otherwise be infringing.
🕰️ Timestamps:
00:00 - Intro
00:32 - Disclaimer
01:10 - Why Learn Malware Development?
02:54 - Start Here!
04:57 - Antivirus
08:30 - Heuristic Detection
11:56 - EDRs
13:53 - Anti-Debugging
16:51 - Thread Environment Block
20:16 - Custom GetLastError Function
29:13 - Process Environment Block
31:16 - Custom IsDebuggerPresent Function
34:53 - PEB Patching (BeingDebugged)
38:14 - Self-Deletion
01:01:16 - Outro

Наука

Опубликовано:

26 июн 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 155

@crr0ww 11 месяцев назад

📌 Use code "CROW10" for 10% off your order when you checkout at Maldev Academy FOR A LIMITED TIME! ---> maldevacademy.com/?ref=crow I better see you dorks in kernel-land soon >:) 🫠 ERRATA: - 51:43 I meant the opposite. You're copying data from your SOURCE into your DESTINATION. Y'KNOW, LIKE A NORMAL PERSON WOULD SAY.

@peppidesu 11 месяцев назад

CROOOOOOOOOOOOOOOOOOOW

@DaxSudo 11 месяцев назад

Ahhh this is only for the lifetime subscription. Dang

@PlanetComputer 11 месяцев назад

YES

@crckrbrrs 9 месяцев назад

see you next year on your next upload

@_JohnHammond 11 месяцев назад

YEAHH!!!!!

@sinatra02 11 месяцев назад

CROW'S FIRST SPONSER???? LETS GOOOOOOOOOOOO

@danomaly8943 11 месяцев назад

2:37 I mentioned this in a seminar and everyone including the professor talked about me like I was crazy or I’m a bad guy or that ethical hackers wouldn’t dream of doing such a thing. We just run nmap and metasploit…don’t mean to vent but it’s good to know I’m not crazy for thinking that way

@real2late 11 месяцев назад

This is one of the few Tutorials I know that actually are fun to watch, love the way you make the videos

@captdev 11 месяцев назад

I love the shear joy CROW shares when everything comes together at the end 😁

@bollamebendrikb1923 11 месяцев назад

Bro I literally thought of this and was trying to make it yesterday how tf am I this lucky that crow is covering it

@danomaly8943 11 месяцев назад

Another masterpiece. I have learned SO much from these videos and what I have read from the discord.

@PeteClean 10 месяцев назад

This is the only channel i know where sponsors doesn't feel like garbage, my lifetime subscription to MDA is going BRRRRRRR

@danielolayinka8739 10 месяцев назад

Can you do persisting next. @crow

@cryptohoagie963 10 месяцев назад

This is f*cking awesome, never knew this was even possible lol, was literally creating a new process to delete my malware for self deletion 🙃 keep it up crow best mal dev on youtube for sure

@vespervenom2343 11 месяцев назад

Keep coming out with these videos. Love them 🔥

@D3ltaLabs 10 месяцев назад

I'm itching for the 4th video in this series. Thanks for the videos crow.

@byte-sec 11 месяцев назад

Perfect content, Perfect quality, Perfect explanation 🔥

@believeit5450 11 месяцев назад

The Maplestory BGM is what keep me watching

@detective5253 11 месяцев назад

Ohhh yeaaaaa we need lots of videos like this about modern red team and malware development please

@omerfaruksonmez5668 10 месяцев назад

i mean, watching this at like literally 3 am and so inspired that im gonna try it out my self instead of sleeping. amazing content bro keep it up

@AM-og2oi 11 месяцев назад

Bro the video editing was great, awesome new vid!

@Sizzlik 10 месяцев назад

A wise man once said "With great power, comes great electricity-bill"

@ttj_ 11 месяцев назад

never have i clicked on an hour long youtube video faster than i have with this. I'm in a for a treat!

@TreeloPlays 11 месяцев назад

Babe wake up new crow just dropped!

@mohammedzaid6634 11 месяцев назад

What a interesting stuff!!!!!! I learned a TON!!!!!!!! CAN'T WAIT TO SEE YOUR NEXT VIDEO

@user-bg1xh3yl5o 11 месяцев назад

Great video and congrats on the sponsor man keep it up!

@nutbowl3459 11 месяцев назад

Amazing video, keep up the good work

@bsherman8236 11 месяцев назад

Crazy production, information and comedy

@Gobillion160 11 месяцев назад

oh my god mom cancel my plans new crow video just dropped!!

@black_wolf365 11 месяцев назад

Just yesterday, I was wondering when's your next video coming ... And today I get this notification! 😊 Thank you crow! 🍻 😊

@NightlockHayze 11 месяцев назад

YAYY!! NEW CROW VIDEOO WE MISSED YOUUU

@rozer4660 4 месяца назад

Let's go man this channel is amazing keep on the good work fr best channel on RU-vid damn

@donadoamed 11 месяцев назад

you're my hero.

@Limofeus 11 месяцев назад

So, intead of self deletion I had an idea once of a program that would embed some data inside the executable file. I wonder if it is possible to do with alternate data streams, would be cool to have a single exe that saves all the data it generated traveling between different machines.

@animeshshukla6758 10 месяцев назад

I saw a one hour video with A language i dont use A field i am not in terms i have no clue about OS i dont know much about 10/10 will watch again.

@torphedo6286 10 месяцев назад

Why write in assembly instead of implementing it in C like the kernel does? It's way more readable, you don't need to deal with linking in an assembly file, and there's no "extern"s required in your headers. Also, it's kinda overkill, but another fun approach to anti-anti-debugging would be to hook the program's anti-debugging function and force it to always return false (or just patch the binary). Anyway, loved the video! This was super informative. I've had a lot of issues with my non-malicious process injection getting flagged by Defender. I never even thought to re-implement suspicious imports myself.

@icoudntfindaname 10 месяцев назад

Your's is the only hour long video i'd watch

@lavender0666 11 месяцев назад

LET'S GOO C:

@crr0ww 11 месяцев назад

@dead-wi2el 11 месяцев назад

HYPEEEE NEW CROW VIDEO

@lowHP_ 11 месяцев назад

great video, thanks a lot 👍

@animeshshukla6758 10 месяцев назад

Sorry for asking, but the file that is still being viewed, it can not delete itself in the middle right? the deletion is only possible after the executable is done running. but this is a problem, if a file is being gives a command for self deletion, it is technically still running, and running file can not be deleted. Is it some sort of extrafile buffer? like, windows gets the command to delete and it does after the file is done running?

@0123bar 10 месяцев назад

Hi crow great content!! I really enjoy your videos,Can you do a video about how memory works, virtual memory, pages and memory protections?

@999_jah 11 месяцев назад

This video is amazing man, keep it up :)

@RandomDude_404 10 месяцев назад

Like always awesome vid! btw what IDE do you use?, and also, can you do a video on how to setup windows 10 for malware development? cuz downloading the C++ compiler (gcc) is making me want to "self delete" if u know what I mean

@kernelpanics 6 месяцев назад

It's just remembering me of 29a VX group in 2000's 😃

@uirwi9142 10 месяцев назад

it is illegal to delete this video! Crow=Legend!

@nocnoc146 11 месяцев назад

i love the maplestory music

@snk-js 11 месяцев назад

these are the best of the whole yt prove me wrong

@crafterboy27 11 месяцев назад

I cant believe I watched a 1 hour video involving a language I don't even code in on a daily basis (I do code in C++ rarely for a variety of reasons so don't go all: "C++ is superior" on me)

@jvmgang 11 месяцев назад

C++ is superior

@v01d_r34l1ty 10 месяцев назад

C++ is superior

@lavender0666 10 месяцев назад

C++ is superior

@danomaly8943 11 месяцев назад

Gotta take another crack at this from the beginning. Somehow my smart dumbass got the program to work but in reverse. I’ve played around with it and even tried some else statements but still a great video. I learned a lot…just gotta rest my eyes…

@danomaly8943 11 месяцев назад

I’m an idiot lol. The joys and pain of coding. Smh

@NopeNotThatGuy 10 месяцев назад

Lord Have Mercy on My Analyst Soul 😧

@Local_microwave 11 месяцев назад

Woke up to a new video let’s go

@grandjagon3190 Месяц назад

All your videos are amazing dude thanks ! Keep it up ! However here I don’t get why we need ADS, can’t the malware goes to deletion phase directly ?

@cjsmax75 3 месяца назад

Hello, thanks for the video, When getting a handle to the file, from where did we find that we can give the CreateFileW the values (delete | sync) for the dwDesiredAccess field, since I haven't found that documented anywhere !!!

@samthelamb0718 6 месяцев назад

can you make a video similar to the buffer overflow video but explain rop gadgets, rop chains, and rop in general

@crckrbrrs 11 месяцев назад

holy shit holy shit holy shit holy shit CONGRATS ON YOUR FIRST SPONSOR DUDE

@fxiqval 11 месяцев назад

mom crow finally uploaded a new vid

@PlanetComputer 11 месяцев назад

YES CROW

@vackor 11 месяцев назад

ur vids are great! i feel violated by the stream of information that we have access too in this day and age :^)

@-uz 11 месяцев назад

Another banger!

@PratyakshaBeri 10 месяцев назад

This is amazing content! I wish I found you sooner...

@trintlermint 11 месяцев назад

I am crying from happiness at the moment, I am truly happy that you got your video out which you worked hard on crow. I hope you take a break and dont suffer from burnout my brother :)

@kipsangjacob270 10 месяцев назад

Awesome content 🎉🎉🎉🎉

@hydradragonantivirus 3 месяца назад

Heuristics is most power come from at antivruses.

@meatdawizardpat 11 месяцев назад

4:40 what is that obsidian theme tho 🔥

@meatdawizardpat 10 месяцев назад

@@mathis5281 Thanks thats exactly it!

@amirakmel123 11 месяцев назад

why do I think of you as my personal mentor😊

@nickmullen9510 10 месяцев назад

the pricing is absolutely insane

@lavender0666 10 месяцев назад

Been on the platform for a month now and can say that it's completely worth it, there are cheaper options though (Sektor 7 for example) though they're not as in-depth/up to date as maldev academy

@mnageh-bo1mm 10 месяцев назад

this vid is god tier.

@_____666______ 10 месяцев назад

is it possible to patch memory that is protected by vmprotect ?

@pbnjdev 11 месяцев назад

Me compiling a hello world program and executing only for the executable to get blocked by Windows Defender as malware. Also me: IAM MALWARE DEVLOPER \o/

@lcizzlelc 5 месяцев назад

Thanks for the tutorial and infecting me with AdWare at the same time. Great! = D

@lcizzlelc 5 месяцев назад

I'm trolling. You do you boo boo. Videos are very entertaining even though I don't know wtf you are talking about. (I do, again trolling) You owe me a motherboard.

@emileberteloot6546 9 месяцев назад

Why renaming the default datastream before deleting it ? Can't you just delete the default one ?

@BakA-um3kb 10 месяцев назад

Большое спасибо за твои видео 😼💖

@repairstudio4940 8 месяцев назад

How'd you learn C and Assembly? MalDev Academy or TCM. DeWalt, Alex and the crew at TCM are awesome.

@Zetty 11 месяцев назад

very cool very pog very based

@crr0ww 11 месяцев назад

I LOVE YOU, CRYPTID

@newtonj1n 11 месяцев назад

Ooooh noooo, you missed UEBA!!!

@martin_nav 11 месяцев назад

You forgot to tickle Mr. Rat. He will not be happy. I hear 22kHz here. (Only people from discord server understand)

@nathanezra1 10 месяцев назад

This gonna last me for the next month

@phantompuma228 11 месяцев назад

A SPONSOR AND CROWS RAT VOICE REVEAL. TODAY'S A GOOD DAY.

@bv1495 10 месяцев назад

Hey awesome tutorial ! is the source code available? i couldn't find it in GH

@petevenuti7355 10 месяцев назад

So is there any defensive software you would recommend? That primarily uses behavioral heuristics without having to be online...‽

@lavender0666 10 месяцев назад

EDRs, XDRs and AVs rely on being online to update their signatures and whatnot, having them offline can make it harder for them to pick up newer malware strains

@petevenuti7355 10 месяцев назад

@@lavender0666 automatic updates feel like a good attack vector, heck if that were my thing that would be one of the first ways I'd try and get in, by emulating the antivirus vendors servers, even if I failed I'd be able to figure out what I was up against.

@lavender0666 10 месяцев назад

@@petevenuti7355 that's not a new thing, they're called Trojans and they've been around for decades

@AtomicBl453 10 месяцев назад

Their AI needs to train on a protection less computer so it can best serve both sides.

@THE_ONLY_REAL_WAFFLE 11 месяцев назад

Nice 👍

@piolix0004 11 месяцев назад

HOLY MOLY 1 ENTIRE HOUR NOW I GET WHY YOU'RE BEEN GONE SO MUCH GET THAT BREAD BRO

@Mika_565 11 месяцев назад

YIPPIEEEE

@lavender0666 11 месяцев назад

can we have a video on how to heck Roblox please 🥺

@Mauzy0x00 11 месяцев назад

I shall become a rat amongst men

@dvxv4016 11 месяцев назад

28:07 there actually was a 1337 process on my pc, i was wondering why it didn't and i was getting a handle wtf

@lavender0666 10 месяцев назад

The process is different for everyone, they're not hardcoded in but given on runtime (process creation)

@jonbikaku6133 10 месяцев назад

Bro do you also have courses?

@bam6693 10 месяцев назад

Make a video how malware can tell if the OS is updated using windows update.

@principleshipcoleoid8095 11 месяцев назад

Tbf, in a war malware can be handy. Like let's say hypothetically Russia starts a war with another country, but all their electronics suddenly show a ransomware message

@lavender0666 10 месяцев назад

Cyber Warfare is a real thing already, there are state sponsored hackers in all governments (see NSA/CIA for US)

@sinatra02 11 месяцев назад

crow can you make a video on how to hack into the hexagon >:)

@crr0ww 11 месяцев назад

hacking is 4 nerdz and ill eagle no tanks (they're in my walls listening to me)

@-uz 10 месяцев назад

drop more heat!

@Karanveer-hf4gu 11 месяцев назад

I'd really suggest you to upload videos to somewhere else other than RU-vid, Until and unless they delete this gem like content.

@moylababa8196 11 месяцев назад

kindly give us a roadmap "how to learn cyber security from scratch to advance"

@principleshipcoleoid8095 11 месяцев назад

2:45 can malware be a form of self defence?

@lavender0666 10 месяцев назад

you're gonna have to expand on that, if you're attacking someone without explicit permission then that's a crime

@principleshipcoleoid8095 10 месяцев назад

@@lavender0666 Russia. Well it's military. Didn't want to get attacked? Then should had not started a war in 2014 or escalated it.

@lavender0666 10 месяцев назад

@@principleshipcoleoid8095 Look up cyber warfware. If a country is attacking another country's assets as soldiers/military personnel then that's okay but if you're doing vigilante stuff that's a legal gray