@xrootkits 3 жыл бұрын
If you have any issues or questions feel free to join the discord discord.gg/eZyqp8t
@JaxG467 2 жыл бұрын
So.. can i run RATS like agenttesla in this?
@Ultimah Жыл бұрын
the file is no longer availble on the site please do an update
@aguilalongeva1113 Жыл бұрын
Thanks works fine. Greetings from Italy
@CurtisCT Жыл бұрын
Question: ransomware programs contact their home sites to request a key which they then use to encrypt your data. You then have to pay the hackers to get a copy of the key to decrypt your data. How can we use this setup to test for ransomware if DNS requests never make it pass the Remnux VM?
@mmm-me4kk Жыл бұрын
yeah that's something I'm also wondering
@ShantanuBaviskar Жыл бұрын
Have you done this test yet? Curious if the encryption never starts or if the ransomware just encrypts with any random key? It's not like they care about person's data. They might just end all forms of communication to the victim once the payment is made
@mmm-me4kk Жыл бұрын
@@ShantanuBaviskar please watch the video of computerphile about wannacry (he has two vids) in one of them he explains this quite well.
@CurtisCT Жыл бұрын
@@ShantanuBaviskar I experienced this once with a client whose office was infected by ransomware. The virus made its way onto the entire network via an infected USB stick from an employee. First thing the virus did was to contact the hacker's server to request a key which it then used to encrypt all the files on the server. It even encrypted the backup files (this was just before the advent of cloud backup). The ONLY WAY to retrieve the data was to pay off the hackers, they wanted something like 2,000 Euros but I negotiated them down to about 700. They were surprisingly polite and accommodating, but then again this was when ransomware first became a thing a couple of years ago. The minute we paid them in bitcoins, they emailed us the decryption key. After entering the key in the ransomware exe, it immediately decrypted all our files. As I understand it though, if the ransomware exe can't reach its home server for an encryption key, then it simply ends itself because it can't encrypt your files without a key. That's why the first thing to do if you think you've been infected by ransomware is to IMMEDIATELY disconnect the internet connection.
@nikhilsulghur7589 Жыл бұрын
@@CurtisCT well i do think it depends on the type of malware used... leetcipher has a pretty good tutorial on how malware is written, check him out.
@ShantanuBaviskar Жыл бұрын
Your network's logical name won't be enp0s3. type "sudo lshw -C network" to find your netowrk's logical name. So in the video, everytime you see enp0s3, replace it with that. In my case, it was actually ens33. *Please pin it or like it so more people will see.*
@spelerkeerik4483 Жыл бұрын
Amazing I did it You made my day Thank you!!
@gromuk4849 Жыл бұрын
How do you save it at 8:09? I don't understand the keybinds
@ShantanuBaviskar Жыл бұрын
ctrl+o to save. then ctrl+x to exit out of nano editor
@sendlocation8476 Жыл бұрын
@rootkits I am testing hacking programs like RATs. My home router doesn’t have a VLAN option. So how can I make my VMWARE isolated from the host and networks but still having internet connection?
@slashingbison2503 9 ай бұрын
awesome guide thanks
@dadplays9599 2 жыл бұрын
how do i type in remnux? im pressing keys tried soft keyboard clicked on the remnux command terminal thing , went full screen but yet nothing worked. Can you help?
@piercasaz6320 7 ай бұрын
What extension are you using to change the user agent?
@user-ws2vi8bw4i Жыл бұрын
It works! Thanks a lot.
@tr1ton Жыл бұрын
Cant you enable dns service when configuring etc/inetsim/inetsim.conf Or is this different
@user-dd8eb3ni8g 2 жыл бұрын
When I open remnux from virtualbox, I get an error: "oh no something has gone wrong" "A problem has occurred and the system can't recover" Any solution for this?
@BenjO1755 2 жыл бұрын
today avast keeps showing up and it says that the threat is secured and I can see further and it means that it is malware ,can you help?
@mmm-me4kk Жыл бұрын
Sir thank you for the vid. For ransomware this would not work right? since it has to be connected to the internet to retrieve the keys. What would be your recommendation in such a case?
@user-qt2ol2sv5b 7 ай бұрын
Install VPN on host system? Should be okay?
@noufal560 2 жыл бұрын
7:02 it isn't installing with me! what can I do?
@BorisJohnsonMayor 2 жыл бұрын
Please show us how you actually download the malware samples. I've seen so many mixed messages for the best way to do this. Shared folders make me uncomfortable. Do you download the samples using a VM with internet access and then remove the network adapter and then analyse the malware with no internet connection? Is there no risk of downloading it first with internet enabled or is it relatively safe as long as the executable is not ran?
@xrootkits 2 жыл бұрын
Good question, I agree that connections with your host machine whether direct or indirect can be scary. What I would recommend is to create a snapshot (backup image) of the vm state where there is internet access - (during this point you should also download the samples on the vm) and then another snapshot directly afterwards, with no internet access. So essentially, whenever you need to download a new sample, you can revert back to an older snapshot instantly where your vm has internet access, and then you can download a new sample, disable internet, and run the malware.
@BorisJohnsonMayor 2 жыл бұрын
@@xrootkits Thanks, you could also clarify for others that most malware samples are compressed and password protected so there usually isn't a direct threat until you extract the sample from archive. Even then, the files in the archive have their file extension removed or changed to something so the .exe is not activated upon opening it.
@xrootkits 2 жыл бұрын
@@BorisJohnsonMayor You're welcome, and yeah that is completely true, I actually made a video on theZoo a while back on my tiktok, one of my first videos actually
@gromuk4849 Жыл бұрын
@@xrootkits If I have windows with admin rights separated from standard user, virus would need my password anyway to make changes right?
@magorzatat96 Жыл бұрын
Many thanks broh
@Vijjaymon 2 жыл бұрын
Love how you have a VM named Hannah Montana
@grizzlybear1715 2 жыл бұрын
Hannah Montana Distro !
@fancy4588 2 жыл бұрын
hello i wanted to ask what distro this is again i like it
@0xrusty Жыл бұрын
What's your host os
@sherinthomas943 2 жыл бұрын
Hello could you please tell where you downloaded the malware sample from that you ran in the video ? Would it possible for you to share it? I need it for a malware analysis demonstration for educational purposes.
@umbrafn_ Жыл бұрын
Does VMware work for this?
@williamjohansson934 3 жыл бұрын
How do i load the viruses to the vm
@xrootkits 3 жыл бұрын
I use a local web server, but you can also create a shared folder in vbox, or enable drag and drop, there are many different ways
@roundeed 3 жыл бұрын
nice
@mynamejeff2880 3 жыл бұрын
nice :)
@Foodster007 Жыл бұрын
are you still around?
@surrealhumor1235 9 ай бұрын
Apparently not. Apparently not. Apparently not.Apparently not.Apparently not. 😊
@MrVictorgrigoras Жыл бұрын
thx for soft mate
@user-ec8mo1jn4m Жыл бұрын
I heard some malwares can sneak into the host pc.
@ursadn3ss439 Жыл бұрын
If you turn on your WiFi I think
@ursadn3ss439 Жыл бұрын
It can't do it if it's turned off
@cyberrock9018 3 жыл бұрын
How much ram do you need to do this
@xrootkits 3 жыл бұрын
You wouldn't need a lot, you can create a good lab with >8 gigs, but even with 4 you can still create a malware lab
@zyncit 3 жыл бұрын
I have 16 GB and have no problems
@t-ubercomi 6 ай бұрын
8 GB here, I have no idea why GDI malware is so fast on Windows 7
@mynamejeff2880 3 жыл бұрын
your a manjaro user ?
@xrootkits 3 жыл бұрын
Yeah, it's an awesome distro imo, love it
@mynamejeff2880 3 жыл бұрын
@@xrootkits nice i will try arch linux someday
@hydradragonantivirus 5 ай бұрын
It sucks @@xrootkits
cybercdh
Рет қаралды 19 М.
Grant Collins
Рет қаралды 30 М.