Good breakdown, John. Assuming you haven't already made a similar video, it would be cool to see the flipside of this, which is how to evade being detected by malware. (VM detection, debugger evasion, etc). You could cover some of the different techniques that malware uses to know it's in a VM.
@erickfurukawa1 Жыл бұрын
Hey John, just a small observation: The function Process32First() already populates the PROCESSENTRY32 struct with a process, so when you call Process32Next() you are effectively skipping the first process entry. I think it would be better to change it to a do-while so that the first process doesn't get skipped. Great video btw!
@Tygo69 Жыл бұрын
The code he wrote is absolute garbage, also forgets to close the handle of the snapshot. I basically stopped watching after this. His GetProcessId function is already a complete mess.
@deedos Жыл бұрын
@@Tygo69maybe you could make your own video with better code then?
@Tygo69 Жыл бұрын
@@deedos I write windows kernel drivers and reverse the windows kernel and anti-cheat drivers, I've also worked on uefi bootkits. Not responding to you anymore waste of my time
@deedos Жыл бұрын
@@Tygo69 I'm not questioning your abilities, I'm genuinely interested in watching your video if you think John's code is bad
@psixfour Жыл бұрын
True, nice observation. Sometimes I find Windows Programming really messy due its COM components nature. It reflects on its own API. Sometimes, I really miss these standardized structures like iterators from modern libraries that help us using for-loops when we do low-level programming.
@subashm9039 Жыл бұрын
Hi Hammond, Can you make a video about Scammer Payback How he does the hacking via anydesk
@mnymic Жыл бұрын
quite comprehensive, watched the whole vid and never got bored despite no actual xp with c. cool, thanks!
@eckersplode Жыл бұрын
Another banger, keep em' coming John!
@matthiasnicolai5523 Жыл бұрын
"Does this make sense?" spilled my coffee, and yes, mostly it does :D
@jeremyng1021 Жыл бұрын
Very good stuff! I would love to see more malware techniques sharing, such as AV evasion or process hollowing (or process doppelganger), which is also kind of fun too. Thanks!
@detective5253 Жыл бұрын
*WE NEED MOOOOOOOOOOOOORE MALDEV VIDEOS LIKE THIS PLEASE*
@nicojanen3015 Жыл бұрын
Hei. Little info for using VS. You can press ctrl + shift + space to view intelisence if it disappear while typing your parameter. Edit: Or any other time writing a variable
@vishalraj7532 Жыл бұрын
Hey, John thank you so much for this incredible video. And I was wondering if it's possible to write all the C++ code using Nim language. I've developed a great fondness for Nim's syntax, finding it incredibly user-friendly and easy to work with.
@scottspa74 Жыл бұрын
Great video. Super fun to follow, try, and learn. Thank you! 👍
@dmoney5221 Жыл бұрын
I would pay to sit in a room and have this guy teach me
@lollubrick Жыл бұрын
now THIS is the type of content I like!
@bluefal Жыл бұрын
Oh i am in love with this
@petevenuti7355 Жыл бұрын
What are your top edr and av recommendations?
@drushkyy2017 Жыл бұрын
Any recommendations to learn os and computer architecture? What resources can I use? Can you do some fundamentals tutorials on os and architecture and how it works! Thanks man
@neilthomas5026 Жыл бұрын
You are a Giga Chad honestly love your vids !!
@Acepwokk Жыл бұрын
BANGER TYSM
@Gobillion160 Жыл бұрын
these videos are amazing please do more maldev videos these are your best videos in years
@logiciananimal Жыл бұрын
Does the technique illustrated required elevation? Also, is the code available somewhere?
@Hacker_Baby Жыл бұрын
Bro! Thank you so much for all you do! 🙇🏼
@TediousSecurity Жыл бұрын
Awesome video, thanks for the breakdown.
@regulator5 Жыл бұрын
I thought I knew things until I watched this video lol. Still a great video john
@daljeetbhati8353 Жыл бұрын
Aha bring more malware stuff if possible loved this vid it would be awesome too see a vid on some kernal malware
@Md.Mashrur Жыл бұрын
You Are Fire Bro 🔥🔥 I Love Your Videos
@Red4mber Жыл бұрын
Dope, just as I got into maldev, Timing too perfect, I really suspect you're in my walls
@FalcoGer Жыл бұрын
C code is so ugly when compared to c++... I think you want a do loop instead of a while loop here 8:40 because you're skipping the first process it found. You also most certainly want to return an error value, an std::expected or throw if your name is not found. Not returning from a function with a return value declared is UB. See stmt.return#2. Use "-Werror-return-type". If I were to do this, I would just return the entire process handle instead of just the ID.
@nordgaren2358 Жыл бұрын
The first entry is always system idle process. No need to check it.
@nordgaren2358 Жыл бұрын
Also, the process entry struct he is working with here is over 256 bytes long, so idk about returning the whole thing.
@neikidev Жыл бұрын
great video love it!
@aadhiseshandc7260 Жыл бұрын
Hi jh. Love ur code even if it breaks my brain (I'm a beginner)
@karanb2067 Жыл бұрын
This thing is tough....damn you windows 32 api
@ДмитрийКузнецов-я4д Жыл бұрын
What should I learn to understand this code better?
@nicojanen3015 Жыл бұрын
Hei. C++ or any other programming language with OOP (Object oriented programming) to understand the principle of classes, functions and objects.
@ДмитрийКузнецов-я4д Жыл бұрын
Thanks a million !
@preveenramcharan Жыл бұрын
How come John doesn't have more than "just" 603K subs? Such a cool and knowledgeable guy. Keep up the great work buddy!!! 💪
@d3c0deFPV Жыл бұрын
For someone making this kind of content, he has a ton of subs. General public interest just isn't huge.
@akt67 Жыл бұрын
Coz its hard to follow him, we arent all Kevin Mitnick's (RIP)
@gobords Жыл бұрын
"tricknique".. i like it.
@squid13579 Жыл бұрын
John make a video on wazuh ? Open source edr tool and it's awasome.
@islam7337 Жыл бұрын
I sent you an invite in linked in but you didn't respond
@inquisition.musician Жыл бұрын
I'm interested in that kind of stuff so that tech support scammers will get punished.
@GhostGamer3135 Жыл бұрын
first comment
@enadalotaibi8181 Жыл бұрын
Let's be honest As L1 SOC Analyst You cannot detect these without the EDR alerting you This is honestly scares me as SOC Analyst
@Rhiogh8462 Жыл бұрын
I wish every malware came with the file name of "evil.exe"
@davidcopenhaver5583 Жыл бұрын
more!
@sreejishnair5922 Жыл бұрын
Bro course are costly, I honestly want to purchase but cannot afford such a costly course to be honest. Otherwise great content
@janmillerty4528 Жыл бұрын
Sup
@paradiseexpress3639 Жыл бұрын
Why is your code SO BAD. Please stop nesting everything, there is literally no point in doing that
@nordgaren2358 Жыл бұрын
What was nested that shouldn't have been?
@paradiseexpress3639 Жыл бұрын
@@nordgaren2358 if statements
@paradiseexpress3639 Жыл бұрын
@@nordgaren2358 It looks like he introduced undefined behavior as well.
@nordgaren2358 Жыл бұрын
@@paradiseexpress3639 are you trying to say he shouldn't use if statements? What?
@nordgaren2358 Жыл бұрын
@@paradiseexpress3639 where is the undefined behavior?
@herzallahaymen5478 Жыл бұрын
very poor explanation, bro not everybody is a low level guru.
@sent4dc Жыл бұрын
Hmm, you're a good presenter John, but ... coder ... sorry, my friend. At least in a C/C++ sense. This is not Python, you need to close handles and release memory. Also after you call Process32First you are missing whatever it returned by calling Process32Next right away. Additionally, there are so many bugs in what you wrote I don't even know where to begin. But ... malware authors I guess don't care about memory leaks, hah?
@nordgaren23585 ай бұрын
Process32First always returns the system process as the first entry, and is a waste to check.
@nordgaren23585 ай бұрын
Where did he forget to close the handle?
@nordgaren23585 ай бұрын
Oh, the snapshot handle? That seems very nit-picky, considering he closed the other handle in the video. One mistake in a video where he hand typed a specific technique in C, and he forgot a handle. Do you write perfect code on camera the first time you write it?
@hectormorenocampo Жыл бұрын
@john Sektor7 or Maldev academy?
@akt67 Жыл бұрын
Too fast and confusing unless Im stupid.
@RaGhav363 Жыл бұрын
You could have make it with NIM
@ranjanji3518 Жыл бұрын
Hay Bro @_JohnHammond how we can open malware or viruses in our system to examine that like you . Also scary about got harmed so plzz guide ❤🎉🎉 Even u r professional but you didn't care about malware abusing nature Big Fan Bro 😎 ❤ Love from India 🇮🇳❤
@ranjanji3518 Жыл бұрын
@john
@lollubrick Жыл бұрын
Also, I am surprised you are using visual studio instead of your favorite sublime text. I could never get into sublime text. I am considering going into the neovim croud a la @ThePrimeagen