Information Stealer - Malware Analysis (PowerShell to .NET)
Рет қаралды 51,616
2 жыл бұрынIf you would like to support the channel and I, check out Kite! Kite is a coding assistant that helps you code faster, on any IDE offer smart completions and documentation. www.kite.com/get-kite/?... (disclaimer, affiliate link) Come play the June 22nd GuidePoint Security CTF! www.guidepointsecurity.com/re...
For more content, subscribe on Twitch! / johnhammond010
If you would like to support me, please like, comment & subscribe, and check me out on Patreon: / johnhammond010
PayPal: paypal.me/johnhammond010
E-mail: johnhammond010@gmail.com
Discord: johnhammond.org/discord
Twitter: / _johnhammond
GitHub: github.com/JohnHammond
@Oeoaea 2 жыл бұрын
finally some malware analysis
@stevenspring9889 2 жыл бұрын
yes Im so excited, i am a system admin in my day, and I wouldn't change that for almost anything, malware analysis would be one of those things
@nikolas8741 2 жыл бұрын
a' s' s' comm
@Wastelander1972 2 жыл бұрын
Thank you for this, John. My EDR detected this at a client’s endpoint. Thanks for your help.
@NathanChambers 2 жыл бұрын
When you were trying the login page, it wasn't 'login?' it was '/j/login?' the subdirectory you missed was probably important :)
@arvydasgasparavicius7231 2 жыл бұрын
damn so easy to miss something out.
@noni9639 2 жыл бұрын
Yeah, this version called Jupyter so its /j/login John should have tried /m/login because his version was called Mars. No Dirbuster needed :D
@MrFontaineInc 2 жыл бұрын
Love it!!!! It's nice to see the methodology in real time and to see some of the tools I practice with in action.
@jackjoshlin8030 2 жыл бұрын
Thanks for the dive into it. please do more!
@SB-nd6kn 2 жыл бұрын
Thanks mate, I really appreciate your work and how you do it!
@megaman75100 2 жыл бұрын
Awsome Video, watched alot of your work and the indepth explaination (which i'm sure you do often) was particularly helpful in explaining, to a novice like me, your process and thinking on this one. Love the content 👍
@willievandermerwe907 2 жыл бұрын
Great content, awesome presentation had a blast watching the video - Thanks John!
@MsJoeshmoo 2 жыл бұрын
Kudos to Lenny for developing Remnux to enable malware profiling.
@AlexElement 2 жыл бұрын
Yeah, outro music is dope!!! Nice analysis John! hope one day I'll reach some of your knowledge. Keep up!
@Maybehassanawad 2 жыл бұрын
FINALLY, Some good malware videos
@viv_2489 2 жыл бұрын
There are people who grab knowledge and then there are people like John Hammond who share knowledge to grab knowledge and serve the community...
@duncan3144 Жыл бұрын
Great video. I enjoy your analysis of these programs. I am currently analyzing the happy99 worm.
@christophertharp7763 2 жыл бұрын
thanks john, love the vids.
@mozstro5904 2 жыл бұрын
Great content love these videos!
@logsentinel9131 2 жыл бұрын
Great video! Thanks for the REMnux link :)
@Mysticsam86 2 жыл бұрын
The outro was some awesome !!
@stijnvanstrijen9285 2 жыл бұрын
Waiting for the next video!
@b391i 2 жыл бұрын
Awesome as usual 😁👍
@GiFiGinaisCZ 2 жыл бұрын
"NO! TAKE ME BACK, I DIDN'T MEAN IT!" 🤣🤣 That's why I love watching your videos
@shitcoder6326 2 жыл бұрын
John is in full mood. Laughed really hard watching this. xD
@henry-yu2ju 2 жыл бұрын
amazing
@AlexMerlin1985 2 жыл бұрын
Just like in the movie/tv series "The Net": Look, a virus! Hmm, let's see what makes it tick :)
@kryptux2463 2 жыл бұрын
Loving this malware analysis. More, give me more!!!!......... please haha
@awesomesauce804 2 жыл бұрын
I would absolutely run gobuster against that IP :) No questions asked.
@yasiraslaam 2 жыл бұрын
This hair cut suits you John, Keep it
@gameglitcher 2 жыл бұрын
Wonder how many traffic watchers noticed encrypted traffic being sent through port 80 >.>
@hassigerschweizer1098 2 жыл бұрын
hi John, Love your Channel. Can you do something about Stuxnet? Would be amazing!
@MultiBadway 2 жыл бұрын
very instresting
@louisrobitaille5810 2 жыл бұрын
43:26 The descent into madness is nigh 👀😂.
@tortotifa5287 2 жыл бұрын
John it's time to write a PS beautifier!!
@TataruTaru 2 жыл бұрын
Doesn’t free Any Run only go for 60 seconds, so if the script takes longer, any run stops before it ends?
@tizzfizzz335 2 жыл бұрын
you can add 60 seconds at a time
@originalgaming9062 2 жыл бұрын
You can add time but it maxes at 5 minutes I think
@CyroCoders 2 жыл бұрын
Hello john 🙋♂️!!! Big Fan... Stay Sweet...
@FaZekiller-qe3uf 2 жыл бұрын
seems to be an index page for that ip now 🤔
@fordorth 2 жыл бұрын
Nerd lore... LOL... I figured that Deimos was one of the moons of Mars from the gate lol. Thanks for another great video!
@bullittstarter4408 2 жыл бұрын
That was 👏
@nikolas8741 2 жыл бұрын
👏👏👏👏👏👏👏
@Cavemannnnnn 2 жыл бұрын
Loving the new haircut :)
@spencer2069 2 жыл бұрын
You can add time up to 4-5 min for free in any run
@itsnee 2 жыл бұрын
the youtube algorithm thing john told me to do!!
@Gabbasuperhero 2 жыл бұрын
It works better if you add words from the title to the comment too... I AM HAX!
@houdaifachirifi3821 2 жыл бұрын
Can you do malware analysis for the noEscape.exe
@0xp4ul 2 жыл бұрын
Hi John mame🔥
@kate34101 Жыл бұрын
This is my first time following along. I was given a sha-256 hash to look up for a job application and it led to a newer version of yellow cockatoo. From what I see, it looks pretty similar to what is being reverse engineered here. When I do a trid on stage2.dll it identifies an executable but not a .net. I still tried to put it in ILSpy but I'm kind of lost. Anyone know if it doesn't show as .NET assembly in trid/file it won't work in ILSpy. Also, anyone have any good noob documentation for using ILSpycmd?
@retfede 2 жыл бұрын
Awesome malware analysis. It’s just a bit advance for me though 😅 could you do some more of this but for newbies? Awesome work as always 👏
@louisrobitaille5810 2 жыл бұрын
I don't think it can be made for newbies as malwares usually try to hide their stuff to avoid being discovered even by people who know their stuff. Maybe learning powershell's basics and watching more of his videos would help you?
@retfede 2 жыл бұрын
@@louisrobitaille5810 yeah I realized that as soon as I made the comment but didn’t want to delete it 😅 but yeah you’re right and I’m doing that
@3xpl0i79 2 жыл бұрын
Can a Student participate in the GuidePoint security Ctf because there is Input box for Job Title ?
@_JohnHammond 2 жыл бұрын
Absolutely, you can put "Student" :) The game is open to anyone!
@3xpl0i79 2 жыл бұрын
Okayy Thank you : )
@robinhood3841 2 жыл бұрын
Participating in ctf offer you jobs? 🤔🤔
@Gabbasuperhero 2 жыл бұрын
@@_JohnHammond I'm still really green, I'm working on my net+, do you think I could pull something from it or not jump the gun
@MaximusIA 2 жыл бұрын
Thank you
@CZghost 2 жыл бұрын
Hey guys. Here before the premiere :)
@stoique10 2 жыл бұрын
ive been looking for hours but i really didnt find who tf asked !!
@vladdrugal6580 2 жыл бұрын
So I have been trying to get into your discord, but it tells me that it can't be reached. So I am wondering if this is one of those test things to see if you can find the link hidden somewhere in the HTML and I kinda just want to verify that before I go digging around in John's website to try and find a hidden discord link.
@highlui4222 2 жыл бұрын
Anyone in the info and sec field have any tips on what certs to try to have before finishing college. I am currently working towards my associates degree and have only 2 semesters left but plan on taking an extra semester. Within this extra semester I want to try and get a cert in a comp language but not really sure which one just yet. TIA!
@JosephH 8 ай бұрын
MORE MALAWARE
@brunosampaio8599 2 жыл бұрын
"What's happening computer 😑" 🤣
@GStev-qf1zl 7 ай бұрын
AnsiMF!!
@ROOTDNB 2 жыл бұрын
Guys do you know? Is it illegal to run dirbuster on a foreign IP address? :D Just curious
@JmbFountain 2 жыл бұрын
Depends on your local jurisdiction
@ANTGPRO 2 жыл бұрын
Did you learn python3 or not? :D
@gaboloquendero 2 жыл бұрын
Why is so commom to see base64? Is there any advantage to encoded that way?
@wavey1236 2 жыл бұрын
the main reason you see base64 a lot is its a common way to obfuscate ( make hard to read) code, as far as im aware, someone correct me if im wrong
@LouisSerieusement 2 жыл бұрын
@bhagyalakshmi1053 10 ай бұрын
Canr 2+3+4?
@bhagyalakshmi1053 Жыл бұрын
How to open all apps creation.
@alisufyan6784 2 жыл бұрын
why you dont use Kali?
@edoardottt 2 жыл бұрын
Which Firefox extensions is he using? Anyone knows?
@gameglitcher 2 жыл бұрын
It's a me.. Brute force your I/O.
@Explor1ngth3w0rld 2 жыл бұрын
🤴🤴🤴🤴🤴🤴🤴🤴🤴🖤🖤🖤🖤
@maakthon5551 Жыл бұрын
Where can I get this ps file?
@logiciananimal 2 жыл бұрын
At face value it looks like Romanians borrowed something Russian and modified it. Of course nothing about attribution should be regarded as that simple.
@jesseramsell1895 2 жыл бұрын
:D
@arivanhouten6343 2 жыл бұрын
Will Ass Comm be the new insider?
@rrkatamakata7874 2 жыл бұрын
hello there
@__theycallmeaadi3316 2 жыл бұрын
Tails ;) john sus
@bhagyalakshmi1053 Жыл бұрын
Cnn? files open master
@astphaire 2 жыл бұрын
d4.
@blinking_dodo 2 жыл бұрын
i hope that this isn't your main machine... Because one time i will be making malware specially for you to be fooled by... :p (I subbed and hit that bell after your bat obfuscation video, so no worries)
@ronin0x_ 5 ай бұрын
Joker😂
@user-td4pf6rr2t 3 күн бұрын
f# ? how does he reply to live chat even though he is not typing? 5:20 What does Basic from visual basic mean im here to leverage natural language while sacrificing security for load balancing. dont mind me. Seriously, how is he replying to chat while scripting. Is this pre recorded? 9:31 that was byte count for PII formatting? Why is tamil usually language of choice for hacking tutorials?
@IgnoreMyChan 2 жыл бұрын
Hey John, you're not the only one, but also you have severe mic popping issues. It's terrible to listen to on a audio installation with a sub-woofer or headphones. Please adjust your mic and/or filter lower frequencies.
@deepergodeeper7618 2 жыл бұрын
or a pop filter
@mfThump 2 жыл бұрын
didnt notice that running OTT, Highpass >128 hz with EqualizerAPO :)
@bhagyalakshmi1053 Жыл бұрын
Little better understanding for you are talking. You're not factorization . you have in the lod balance server files your not development there files comming. On lod balance attending.
@bhagyalakshmi1053 10 ай бұрын
Bufr funs ,satchrdatabase
John Hammond
Рет қаралды 136 М.
stacksmashing
Рет қаралды 1,3 МЛН