"hippity hoppity your code is now my property" 😂

Very informative thanks, I have been interested in learning how to craft shellcode recently.

You n danooct1 have been an inspiration for me to do CySec, still going through what I wanna focus mainly on, but I love both red/blue team jazz, so time will tell, mby I go purple team c: Thank you again, John, hope all good happens in your life

One extra trick: check for a file you placed somewhere else on the filesystem. If it does not exist, your executable is running on another computer or inside a sandbox. (But it does NOT protect against debugging though. You need something else for that)

This is amazing man, what a great video

Always got great videos

It strikes me that checking the time delta as a quick way of determining if the software is sandboxed would lead to a perverse incentive, where old and slow computers (and VMs or containers without many resources) can't get infected because the shellcode stager thinks it's a sandbox

thanks cuz of u i bring some 66G db logs u deserve that ❤️

The GOAT strikes again ❤

9:00 remember, if you've got procmon rename it to prankmin or something, same for x64dbg, make it x69dgb or something, ida can be ide, something you'll remember but won't match a blacklist.

Thank You John !! :)

Sounds good 💯

From India love you sir❤❤❤

8:10 - Nice, mine did the same too, but I think it's because you have submitted a debug build, cause if I compile it with “-s -O3” options the detection falls to just 1. Edit 1: I also tried submitting unoptimized bin with just “puts” and other stdio functions - and virus-total seems to flag it with the same 6 flags, so most of the problem are from submitting debug builds.

John The way i see you You are one in a million ❤❤

Hey John, How it's going with OSEE, can you make a video about it?

Let’s make a malware just for fun 😂

Is your correction in 14:07, correct? Previously in the video, at 12:06 it says "__readfsdword" for 32 bit.

Good to know about new tools and techniques

Can you do full course about sliver c2 framework from zero? Thank you❤

Anyone got resource recommendations for learning the Sysinternals tools and WinDbg? Maybe John can start a series on them.

Which is the best course for malware development Sector7 OR MalDevAcademy

Hey John I enjoy watching your videos. They are informative. There's a new malware called whiffy recon which infects vulnerable windows devices by wi-fi access point by scanning every 60 seconds and tries to triangulate a device's location. if you can find a sample code could you please do some analysis

Damn Grey hats I love you

I like to hear that out track song fearless.

john please stop looking at me so scarily in these thumbnails

Nice :D

I have the sektor7 malware development course!

Well, if I would be a blue-teamer, I'd just Ghidra into the binary and reverse the If statement. I can run it with a debugger attached but it can't run standalone. ^^

Hi John I'm I want get the maldev academy course but they don't have account security 2fa or any paying 500$ with no account security I sent them a massage with no response

YEA BOOOOOIIIII!!!!

NICEE

could you not use this kind of behavior to spoof and make believe maleware that its inside a debug enviroment so it doesn‘t fire on a regular system?

Hey Mr.John! I am a beginner in the field of cybersecurity. Could you please help me with some resources which help to start my career in offensive security. Thanks in advance!

good

How to convert it to useable shell code?

try all debug detction methods in virustotal (don't include malware, just `if(isdebugged())puts("debugged");`)

I hope we don't get put on a list by watching these sort of videos...

Do you also have a casio clock? Same as me if you say yes :P

K, this has nothing to do with this video but figured this was the community to help answer a question. Seems Facebook has a phishing scam circulating thats proposed as a post on someones wall with a "guess whose died" car crash headline thats provides a link. Apparently, as John has shown/demoed, its the whole fake signin spoof workflow where your creds will then go to 💀. My question though is, all times Ive seen this the link has clearly been a vercel application which A) makes me think the jerkoff mastermind apparently has backend skills about as sophisticated as mine but more importantly B) wouldnt/shouldnt Vercel sniff this transparent nonsense out and put a quick rm -rf on things? And certainly, if anyone reads this and decides to phish the phisher, well, i applaud and respect da skills. But ya, mainly just seems weirder an apparent 'prod' malware thats breached FB would still carry a transparent vercel domain.

Your thumbnail predicted the Trump mugshot insider info?? 😂

6:56 9:10

lmao when malware know to make blacklist on its own

This won't work, exe files are always checked if they are from a trusted publisher or not, UAC will probably block it if it runs on a different machine, even if the defender is turned off.

c and c++ can determine the array size if you initialize it in the same line. that said, bare arrays are deprecated. Use std:array. Why are you using boolean macros instead of the proper types? And why don't you just "return pPeb->BeingDebugged == 1;"

\tell us how to hack the Fed

If john notices this comment [heart or comment]. Im convincing my mom to give my laptop back for cybersecurity and personally loves these videos. I regret using a chromebook. Luckily i have linux

i clearly dont know what is going on

You often talk too quickly.

Couldn't you just read your own memory and look for soft breakpoints?

Sounds good 💯