Fileless Malware Analysis & PowerShell Deobfuscation
Рет қаралды 47,617
23 күн бұрынIntegrate ANY.RUN solutions into your company: jh.live/anyrun-demo ||
Make security research and dynamic malware analysis a breeze with ANY.RUN! Try their online interactive cloud sandbox for free: jh.live/anyrun
Learn Cybersecurity - Name Your Price Training with John Hammond: nameyourpricetraining.com
WATCH MORE:
Dark Web & Cybercrime Investigations: • Tracking Cybercrime on...
Malware & Hacker Tradecraft: • Malware Analysis & Thr...
📧JOIN MY NEWSLETTER ➡ jh.live/email
🙏SUPPORT THE CHANNEL ➡ jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ jh.live/sponsor
🌎FOLLOW ME EVERYWHERE ➡ jh.live/twitter ↔ jh.live/linkedin ↔ jh.live/discord ↔ jh.live/instagram ↔ jh.live/tiktok
💥 SEND ME MALWARE ➡ jh.live/malware
🔥KZbin ALGORITHM ➡ Like, Comment, & Subscribe!
@goingcrazy-mg9sf 22 күн бұрын
id watch the unlisted video, always exciting seeing the journey
@Max-kl7il 22 күн бұрын
Nothing better than some John Hammond to start the morning
@Mr0rris0 22 күн бұрын
This guy got coffee too?
@donttrusttheape 22 күн бұрын
Because of this videos i was able to be quite high in rankings on Huntress ctf so keep em coming friend (also first ctf ever).
@0xazyz897 21 күн бұрын
That's the content we want to see john , Thank you !
@heatherhammons 20 күн бұрын
Hi John I am Heather Hammons, I went to school with a Hammond at Rio Linda High school
@user-vq3zt3xn3z 10 күн бұрын
You're looking for a very big applause to thank you so much john sir.
@tincup033 22 күн бұрын
I know you aren’t sure about the value of showing things like breaking user policy but I have to say, there is a ton of value in seeing that. I actually met you at B Sides in SF last year and mentioned that one of my favorite things about your videos is observing your process. So many of us have gotten where we are by trying and breaking things and once in a while, we feel…dumb lol. Seeing someone else going through a lot of the headaches we have or struggling with some of the same things we have is both valuable and extremely helpful. Please keep making awesome content good sir and thank you!
@BlendLogDev 22 күн бұрын
pronunciation of the word "malware" as "meowlware" so cool😊
@justinpinson8575 21 күн бұрын
love this kind of content ❤
@nixielee 21 күн бұрын
Haven't seen a lot of deobfuscation lately, nice one
@DePhoegonIsle 22 күн бұрын
That is interesting, I am also curious about what it attempted to write and what about windows login writes to the HKCU. That if we know that and the agent or process of the system/user that does it, a tighter security measure could be put into control and a better understanding of what is and isn't needed. Though part of me suspects that HKCU is a fully temp tree, that is recreated each and every time on login, but I am not sure... a deeper dive on this would be of value I think.
@notavoicechanger1808 21 күн бұрын
Now to modify the kernel to make your changes actually functional. :)
@LazyPlays_ 21 күн бұрын
i knew this would make a good and unusual educational video, glad to see u took my recommendation for a video idea and kinda used it in a more safe way. (if u even used my idea lol).
@LazyPlays_ 21 күн бұрын
also a note: my situation actually had it posting a .log file, not downloading it. and as far as restricting, you should set powershell to only be interactive mode, which means it doesnt run scripts, this is what stopped mine from executing and made it a little more safe.
@Ma-ug7ww 22 күн бұрын
John! In order for this to work, threat actors have to input those HKCU keys into the system, how would that be done?
@ulisesgezmain 22 күн бұрын
Excelente video 👌
@anonymode 22 күн бұрын
Nice video @john
@kenpachizero 21 күн бұрын
i missed these
@jvcss 22 күн бұрын
anyrun needs to improve their SEO because I was looking for this one a month ago!!! why don't just include "online virtual machine" in the description? please help others with this! make more easy and simple descriptions. I know it can do some fancy stuff but remember most of us just want to test a site to see if it's a malware etc.
@SirHackaL0t. 21 күн бұрын
Was that website limited to 100 users? It seemed to be still active - very active
@logiciananimal 22 күн бұрын
I find it amusing that someone who was once Coast Guard is talking about *land* mines. Not a criticism of course, but ...
@halloworld184 Күн бұрын
Hello
@51cle 22 күн бұрын
dang
@mitch381 21 күн бұрын
I would just disable autoruns entirely if not necessary for the organization
@ohmsohmsohms 22 күн бұрын
Diddy ram
@bertosudu9506 22 күн бұрын
👍👍👍👍👍👍👍👍👍
@Monothefox 22 күн бұрын
That's Norwegian or Danish.
@DWaseem89 20 күн бұрын
Become my tutor.
@domelessanne6357 19 күн бұрын
erlaerlar
@VSEC.Academy 21 күн бұрын
most of modern antimalware softwares nowadays blocks PowerShell execution ( notify user for ask permission ) in HIPS technology so if anyone configure HIPS properly i think it would stop most of malicious codes
@sunniglory514 22 күн бұрын
Is it love? 😂 duh!
@Iandavidandrino 21 күн бұрын
what is html ?
@jamesroycoronel4987 22 күн бұрын
Pwsh
@capability-snob 22 күн бұрын
Fanglette9. You can't help but love these obfuscated function names.
Полярная звезда - Kuzey Yıldızı
Рет қаралды 6 МЛН