Hands-on Ransomware: Exploring Cybercrime
Рет қаралды 56,768
Күн бұрынCheck out what Ryan is up to: / rj_chap
My Lockbit tweet: / 1572562824878239745
00:00 - Ryan Chapman, Malware Analyst
00:30 - Introduction
04:29 - First Demo
07:29 - Configuring RAASNet
15:58 - Building RAASNet
18:17 - Detonating RAASNet
21:41 - Builder Archive
23:37 - Second Demo
26:20 - Building Yashma
27:54 - Third Demo
30:08 - Configuring Lockbit
35:01 - Building Lockbit
37:50 - Final Thoughts
🔥 KZfaq ALGORITHM ➡ Like, Comment, & Subscribe!
🙏 SUPPORT THE CHANNEL ➡ jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ jh.live/sponsor
🌎 FOLLOW ME EVERYWHERE ➡ jh.live/discord ↔ jh.live/twitter ↔ jh.live/linkedin ↔ jh.live/instagram ↔ jh.live/tiktok
💥 SEND ME MALWARE ➡ jh.live/malware
@creengton8594 Жыл бұрын
I’d love to see more of Ryan, hoping he’ll start his own yt channel
@rj_chap Жыл бұрын
Much appreciated! I have a channel @ryanchapmanj, but I don't curate content like our man John here. I mostly add my various presentations to my playlists, as they are often hosted elsewhere.
@ThisIsJustADrillBit Жыл бұрын
Thank you! The shadowy world relies on secrecy and silence. This effort to teach and explore is so important. The more light you shine, and the more sparks of interest it inspires, the less room there is for the darkness.
@rj_chap Жыл бұрын
Agreed!
@DDBAA24 Жыл бұрын
Tyler Durden , interesting handle.. 1st rule of fight club ?
@ThisIsJustADrillBit Жыл бұрын
@@DDBAA24 I've read the ending :)
@cyberguide_in 11 ай бұрын
Extremely informative. I'd love to see Ryan discussing malware analysis as he mentions at the video's end. Much appreciated Ryan and John!
@reanimationxp Жыл бұрын
Wild to see an old work buddy on one of my favorite KZfaq channels.. go Ryan!
@rj_chap Жыл бұрын
Heya! Good to see you too!
@user-vp7ld6qb1x Жыл бұрын
Great content! Good to see that you synced up with John Hammond! Keep up the great work Ryan!!
@axjv Жыл бұрын
26:46 The ASCII art actually broke the builder. Probably would have worked if you took it out. Whoever wrote that should sanitize their strings…
@rj_chap Жыл бұрын
I wouldn't be surprised if many builders had input sanitization issues. In fact, that could be a cool research project/video! "How many builders can be break with silly input?" Fun idea!
@lightningdev1 Жыл бұрын
Yeah. C# probably didn't like the unescaped backslashes .
@Jesse_Johnson 11 ай бұрын
Some of the best cysec content on planet earth. Thanks Ryan. Killer vid
@tmcarter3 11 ай бұрын
Great content and advisors.. Thanks for keeping this topic in the front of the line!
@CosmodiumCS Жыл бұрын
Really enjoyed this, john!
@PS_Fantasy Жыл бұрын
Thanks for this Type of Content
@sutfuf6756 Жыл бұрын
It's happened before, it will happen again! I saw something similar in the 90's. VCL, IIRC, by Nowhere man of nuke. It was a DOS TUI for creating viruses and the like. It was basically an x86 ASM code generator. You'd select type: com, exec infectors, droppers, etc... type of payload, custom strings and the like. It was password protected, but, if you were skilled with debug tools, you could extract it.
@WanderlustVisual5 11 ай бұрын
Waiting for Ryan's Malware analysis things and how he does it in real world cases.
@AM-og2oi Жыл бұрын
Love the video!
@guilherme5094 Жыл бұрын
Really amazing👍!
@anivibe7322 Жыл бұрын
This man really like to talk, thx it was interesting.
@lordlightspeed 2 ай бұрын
There was actually an option to change the extension when building it. You just skipped past that screen.
@ronin0x_ Жыл бұрын
Hello John, can you review PNPT certification? How the course is, and what are the preps to do for the exam. And suggestions for machines to do in THM and HTB. It'll be helpful for me to uptake the certification 🥺
@woritsez Жыл бұрын
that was very interesting
@hackwithprogramming7849 Жыл бұрын
Finally 🔥🔥🔥🔥🔥🔥🔥🔥😘😘😘😘😘😘
@Lodakia Жыл бұрын
I may have missed this if it was already answered in the video. But is the VM image he's using with all of those analysis programs on the desktop publicly available?
@jonuldrick Жыл бұрын
I would bet that you would have to build it out yourself. You might get something similar by taking the SANS course he is teaching.
@ArthursHD Жыл бұрын
🏴☠It's not legal to re-distribute Windows. I Bet it's not available even if it were I would not trust it cause it is modified.
@Aaron199s Жыл бұрын
Flare VM from Mandiant has a large collection of useful malware analysis/reverse engineering tools.
@InuYasha-SitBoy 3 ай бұрын
i wonder if any ransomware type crypters have ever used something like sdelete to overwrite empty space on disk to mitigate possible file recovery. or just create a file that eats up free space than deletes after disk is full
@ian562ADF52E 11 ай бұрын
That login is ridiculously easy to bypass. Just supply a profile dictionary object and execute the code in the last if statement in the login function.
@popeyehacks Жыл бұрын
Wow♥️‼️
@onmc4754 Жыл бұрын
The nanocore of ransomware
@RoomTwentyNine Жыл бұрын
Cool
@bhagyalakshmi1053 10 ай бұрын
Medal
@gooniesfan7911 Жыл бұрын
Can u do video on LOLDrivers
@AndokDev Жыл бұрын
I think i found my new VXUG love xoxo
@slr150 Жыл бұрын
16:35 Rust doesn't have a runtime!
@monthoramemi1937 Жыл бұрын
❤
@Gobillion160 Жыл бұрын
w vid
@wwdevil8771 Жыл бұрын
How did you get the password for the 7z?
@wwdevil8771 Жыл бұрын
Infected
@MaisonKrown 6 ай бұрын
@wwdevil8771 it tells me header incrypted, any idea?
@arunrmyt 11 ай бұрын
Wow this is old LockBit though. New versions have made the decrytor not available on the system. They are preparing this on thir systesm and dropping to the victim.
@AlienWarTycoon 4 ай бұрын
I'd like to know what coffee Ryan drinks. I'll have some of that please.
@jugalchaudhary8943 Жыл бұрын
how can we stop lockbit ramsomeware from getting into my computer?
@spookyleo2589 Жыл бұрын
i think we can't do much on your computer 😂 (good question tho)
@iam-py-test Жыл бұрын
I could be wrong, but I don't think LockBit targets home users.
@jugalchaudhary8943 Жыл бұрын
@@iam-py-test I researched a bit, I think it targets vm files, I could also be wrong
@jugalchaudhary8943 Жыл бұрын
@@spookyleo2589 you could use prelude detect to see if your pc can be affected by it or not, it does lot of tests and detects it
@bader.office Жыл бұрын
pliz pass for vx-underground, folders
@AnimeeHints 10 ай бұрын
infected
@AgentM124 Жыл бұрын
Ronsomeware
@nullkv Жыл бұрын
я тоже могу рассказать как использовать билды, ума для этого не нужно. Очень конечно интересно. Но суть Не понял. Зачем рассказывать как работают билдеры этих зловредов.
@landless-wind Жыл бұрын
mga bisaya
@ReligionAndMaterialismDebunked Жыл бұрын
Early :3
@kimobonbon7 Жыл бұрын
im the 12th person to comment 13th*
@thenesquicc Жыл бұрын
First
@x3nooo Жыл бұрын
bro no don't show this shit to skiddies
@Diemf74 11 ай бұрын
Now the only problem for script kiddies is to encrypt their build.
@Diemf74 11 ай бұрын
"Dont download this" 😂 then stop showing us this. If you never showed it in the firstplace a lot of the low hanging fruit wouldnt exist like it does.
@DDBAA24 Жыл бұрын
Can we look at UFOnet, b0tnet . Its strange the way its structured, but similar in ways to what we're already talking about..