Hackers Use Github For Malware
Рет қаралды 56,616
13 күн бұрынjh.live/keeper || Keeper Security offers a privileged access management solution to deliver enterprise grade protection all in one unified platform -- keep your users, your data, and your environment secure with Keeper! jh.live/keeper
Learn Cybersecurity - Name Your Price Training with John Hammond: nameyourpricetraining.com
Read The Hacker Mindset by Garret Gee: jh.live/hackermindset
📧JOIN MY NEWSLETTER ➡ jh.live/email
🙏SUPPORT THE CHANNEL ➡ jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ jh.live/twitter ↔ jh.live/linkedin ↔ jh.live/discord ↔ jh.live/instagram ↔ jh.live/tiktok
💥 SEND ME MALWARE ➡ jh.live/malware
🔥KZfaq ALGORITHM ➡ Like, Comment, & Subscribe!
@_JohnHammond 11 күн бұрын
To clarify, with the comments upload drag-and-drop trick, you can't upload any file extensions outside of this allowlist (i,e., executable files not allowed): GIF, JPEG, JPG, MOV, MP4, PNG, SVG, WEBM, CPUPROFILE, CSV, DMP, DOCX, FODG, FODP, FODS, FODT, GZ, JSON, JSONC, LOG, MD, ODF, ODG, ODP, ODS, ODT, PATCH, PDF, PPTX, TGZ, TXT, XLS, XLSX or ZIP. Nothing stopping you from putting things in a release asset, though 😜 That trick looks to be doable on Gitlab just as well.
@tomashublik5586 11 күн бұрын
6hrs ago wtf
@blinking_dodo 11 күн бұрын
I hope you have properly reset your GitHub session... 😅
@nordgaren2358 11 күн бұрын
@@tomashublik5586 Video gets uploaded the day prior for scheduling. Can comment on it as much as you want, until then.
@xanderplayz3446 11 күн бұрын
Or just put an EXE in a password-protected zip and make a project with an issue, which you report on an alt, with logs in a zip, which has a password, and you fake a conversation between you and the alt, saying that it has a password, and then the alt sends real logs in a zip; There would be no evidence of malicious intent.
@us_f4rmer 11 күн бұрын
That´s an social engineer's wet dream. But the fact it works w/out even posting the issue is really the icing of the cake!
@discocat2500 11 күн бұрын
The issues-based file hosting is wild. You would think a person would at least need to submit the issue to have their files stored on a server for any length of time. I wonder how long those links are valid.
@archlinuxsys 11 күн бұрын
this is why i love john. he's so passionate and eager to share!
@jbmarkowicz3328 11 күн бұрын
No, he technically has a 'business' to run, i.e., his KZfaq channel. He posts what he knows will generate clicks while also using his skills.
@BillAnt 11 күн бұрын
@@jbmarkowicz3328 - While providing clear info understandable by most folks.
@Creeperfun12 8 күн бұрын
@@jbmarkowicz3328 so your saying he doesnt enjoy his job
@Bluegeneral05 11 күн бұрын
Dude, this is awesome, great video!
@dothex 11 күн бұрын
I see you changed the title of the video and thumbnail with the quickness.. I'm guessing "How to use Github to hack" wasn't as viable as you thought :D
@funil6871 11 күн бұрын
😂
@unknownlordd 11 күн бұрын
who would've thought 😱
@ronaldosd 11 күн бұрын
Lol, Microsoft is still using AWS for Github and not Azure 😂😂
@kcnl2522 11 күн бұрын
Migration is a pain on the ass even for msft
@cringesh1t427 4 күн бұрын
@@kcnl2522so are Russian hackers
@emc2847 11 күн бұрын
Hi John, great video. How can I connect with you about learning more.
@Leadshot 11 күн бұрын
So i am currently doing a cyber security course and theres a project coming up where we have to setup a metaspoiltable 2 box.. could anyone tell me some tools to use to pentest the box if i am on team red and or some tools to defend the box etc on team blue? Would i need to have python knowledge as i am very new to it and i am starting to dip my toes in it
@patrickslomian7423 11 күн бұрын
Python Selenium would be a simple solution. Imitate a web browser, "upload" your file, get the url and send it to the c2 server / client .
@funil6871 11 күн бұрын
Python selenium is pure love
@vaisakhkm783 10 күн бұрын
We can detect Hearless selenium's presence easly with cpu spike... 😂 but in windows it's doesn't make a dent, so it's fine but linux user would easly find it
@BluescreenSharp 10 күн бұрын
Would Not be. Its detected.
@patrickslomian7423 10 күн бұрын
@@BluescreenSharp Have you tried to run the script over a proxy ?
@wrathofainz 9 күн бұрын
That would be great if websites weren't able to detect things like selenium and chrome driver. Js and the dev tools are to blame. The people making browsers just aren't hardening them against developer tools being detected, so a site can refuse to work if you open it in selenium or even open the dev tools (like aniwave or 9anime)
@wrathofainz 9 күн бұрын
I can imagine having a command of some sort in a file hosted on github and malware hosted on a device which occasionally checks that repo for a commit to that file, or perhaps a comment in a reply chain or something... I was specifically thinking that your command & control changes a file on the repo and at some point the malware will pull that file (during a poll :P) and do the command like taking a screenshot and uploading it back to the repo. Idk Very interesting video. I'm already using github to share memes, but now I'm getting ideas about how I can use other sites I'd otherwise never touch, like Truth Social.
@exploittutorial8689 11 күн бұрын
I was once following your tutorial on burpsuite and I downloaded foxy-proxy extension on my Linux machine. Whenever I tried to use terminal as sudo the terminal freezed. I cannot recall the exact extension developer but clearly it was some variation of foxy-proxy. I uninstalled the extension and the terminal worked again. You should do a video on this
@user-jd3gf5xw1x 10 күн бұрын
10:14 I love that that's the video, idk it's hilarious
@yalekthelembine0391 10 күн бұрын
Why does the Linux community ignore this? Especially Linus Torvalds? Because they're also hackers. And by the way RMS, hacker is also ambiguous . Hacking is also dangerous because of its black hat definition.
@mentor_bajrami 11 күн бұрын
I keep reporting github malwares on a daily basis
@smnomad9276 10 күн бұрын
Thanks for your service man. This is the essence of open source, we need more people like you.
@mattd1957 11 күн бұрын
Hay John, I hope you're doing well, so I'm trying to find a websites Directory with Linux like Ubuntu, but I'm not sure how, can you make a video on how to find a websites directory please Thanks. 😊
@user-my2kp6js8o 11 күн бұрын
love from nepal
@VaibhavShewale 9 күн бұрын
well that was a fun until it lasted!
@xpower7125 11 күн бұрын
github is the new discord (kind of)
@funil6871 11 күн бұрын
True
@anselmoarantes 9 күн бұрын
When I Saw the title, what came to my mind was "Who Doesn't?"....
@dademurphy6123 11 күн бұрын
Are you Seth Rogens brother?
@zanidd 11 күн бұрын
Keep'er Security? I hardly know her!
@pliusleft 11 күн бұрын
discord was so much easier before they made the fix
@kcnl2522 11 күн бұрын
You are talking about the cdn links ye?
@zanidd 11 күн бұрын
You forgot my kind of hackers: the ugly
@zcavaleiro 11 күн бұрын
Looks like web 1.0
@cyber_space09 9 күн бұрын
Okay Sir that's what i want to do 🤣📈🚩
@c.n.crowther438 11 күн бұрын
Seth Rogan sounding breh
@arunprakash2426 11 күн бұрын
❤
@abdallamohamed5844 11 күн бұрын
Wow
@wrathofainz 9 күн бұрын
Lmao, this totally works 😂
@endoxidev 11 күн бұрын
dang just 4 minutes and I'm already here
@carsonjamesiv2512 11 күн бұрын
😀👍
@user-jd3gf5xw1x 10 күн бұрын
I thought it was gonna be the zoo
@iamwitchergeraltofrivia9670 11 күн бұрын
Hahahhhhhhahahh so many malware
@IlIIllIlIlIIlIlIlIlIIl 10 күн бұрын
.
@kevinroleke2769 11 күн бұрын
Clicked off video when ad was longer than 2 minutes
@ChristmasTvGames 11 күн бұрын
8th comment here
@zwanski.m 11 күн бұрын
I've been a follower since 2018 but he never response to my comment 😂
@insomniac-afk 11 күн бұрын
no one gives a fucking shit
@hollywoodhank591 11 күн бұрын
First!!!
@tomashublik5586 11 күн бұрын
nope
@uncleburu9464 11 күн бұрын
First
@tomashublik5586 11 күн бұрын
L, I am first
@tomashublik5586 11 күн бұрын
first
GG Cinema
Рет қаралды 1,2 МЛН
Fabiosa Best Lifehacks
Рет қаралды 6 МЛН
Bot2Root
Рет қаралды 884