A Malware Analysis On The LinusTechTips Hack - YouTube Sponsor Scams
Рет қаралды 6,937
Күн бұрын
@johnwig285 Жыл бұрын
Btw 1 thing i learnt is that sophisticated malware will have anti-analysis features for instance, it has to detect an internet connection or else the kill switch will be activated because the author assumes that malware analysis will be done in a VM with no connection. Analysts can also be misled by code obfuscation and fake strings that actually mean nothing. Thanks for making me dive into this domain man, im lovin it!
@codebeta_cr Жыл бұрын
The additional files are included to inflate the size of the ZIP archive so that it doesn't get automatically scanned, besides the password that is used, increasing the size further avoids the file being scanned by automated systems.
@collinsinfosec Жыл бұрын
Great point Nicole!
@thevault1575 Жыл бұрын
Ur close Nicole. Those extra files are just there to make it look legit. Typically threat actors pump their PE files with 0s to increase the size to 650MB to prevent scanning (max file size for virus total).
@SweDownhill Жыл бұрын
Not sure if you can do this in procmon, but in the regular task manager you can right click the headers and add more headers that you’d like to show, most importantly there is an option to show the command that the process is actually running. It can be quite helpful to get an even clearer view of what is going on.
@MrZap722 Жыл бұрын
I really love the fact that you are explaining What are you doing love your channel ❤
@super_sergioo4704 Жыл бұрын
This breakdown was very interesting, keep it up!
@collinsinfosec Жыл бұрын
I appreciate the feedback!
@alessioHD Жыл бұрын
Hi there Grant, Thank you for taking the time to make this video, it was very informative. I recently fell victim to a scam like this and ended up running a file similar to the ones mentioned unknowingly. At the moment, I’m not sure what steps to take to remove it, as a couple different anti virus softwares I’ve tried haven’t found it. Would getting a brand new SSD to replace the current one fix the problem or do you have any suggestions in particular? Thank you in advance for any response. -Alessio
@4ephyyr Жыл бұрын
You should reinstall(clean install) your operating system(windows if it is windows) and you don't have to buy a new SSD or harddrive. Only if and only if you are wishing to increase perfomance of your system an SSD is recommended.
@intifadayuri Жыл бұрын
An infected drive (either SSD or HDD) is perfectly fine phisically. You just need to properly wipe it and you can use it again
@johnwig285 Жыл бұрын
Solid video as always! Is there a logging tool that will show specifically what changes the malware did instead of having to open different tools & actively monitor? I use bridged connection when downloading the files itself & change to host-only before executing the malware. Is this isolation process good enough? Thanks!
@aimanelaaqdi5245 Жыл бұрын
Hey Grant, could you please provide a download link for the samples? I would like to get a look of them on my end. Thanks!
@collinsinfosec Жыл бұрын
I am not sure if I can directly link them in KZbin. If you email me, I can forward you the emails. (grant@cybercademy.org)
@Mr_Hilarious0 Жыл бұрын
Amazing Content
@ReemJarikji-xq4cn Жыл бұрын
From your experience what certifications can help strengthen the resume as a cybersecurity student? Like the cisco certification...
@collinsinfosec Жыл бұрын
Good question. I'd suggest a possibly the Security+ or some of the cloud certifications (if you are interested in the cloud). These may help you get past the first round of filtering. I do recommend building a holistic portfolio, which includes certifications, projects, and possibly getting involved in local cyber communities if possible. Feel free to reach out to my email for more information (grant@cybercademy.org).
@ReemJarikji-xq4cn Жыл бұрын
@@collinsinfosec Thank you!
@konnerharris9821 Жыл бұрын
Hey Grant, Love the videos. What are your thoughts on the CIS degree at SEMO? Looking into it and just wanted your thoughts as an alum, thanks!!
@collinsinfosec Жыл бұрын
Hi Konner, I knew a couple of students who pursued the Computer Information Systems (CIS) degree at SEMO. They liked it. It's a well-rounded curriculum with computer science, business, network, and security. If you are not sure of which area in technology you would pursue, the CIS curriculumn could be a good option. It will make you versatile in multiple areas of industry. Hope this helps!
@guilherme5094 Жыл бұрын
👍
@matlakowski Жыл бұрын
boring video, after 13 minutes you only found out what kind of software Linus was hacked with, the antivirus would say the same thing in 5 seconds.
@exheproject8362 Жыл бұрын
tbh, watching the process was fun
@collinsinfosec Жыл бұрын
Yeah fair points.
@johnwig285 Жыл бұрын
You're clearly missing the point of the video. It is abt how to analyse malware. So what if the antivirus can tell you what is it? Can it tell you which API it called? Can it tell you the network traffic that it sent? How attempts at lateral movement are being made? Whether it has a kill switch? The antivirus wont tell u these details that can be helpful at devising specific anti-malware defence which generic antivirus can't do.
@vojta7552 Жыл бұрын
Its LinusTechTips btw. Not Linux 😉
@collinsinfosec Жыл бұрын
Thank you :)
@moutchou-ss4ht Жыл бұрын
Hello, I am a follower from Morocco. Thank you for the great information, but I hope to improve the quality of the video, because the words cleanse me of poor quality🤍
@collinsinfosec Жыл бұрын
Hi Mout, the video for the isolated malware lab was a bit distorted unfortunately. I will make sure to change the video settings moving forward!
@moutchou-ss4ht Жыл бұрын
@@collinsinfosec 🧡
Fabiosa Best Lifehacks
Рет қаралды 16 МЛН
Двое играют | Наташа и Вова
Рет қаралды 48 МЛН
Fabiosa Best Lifehacks
Рет қаралды 16 МЛН