It's sooo interesting to watch these kind of videos where you reviewing the source code and see how malwares behave on infected hosts
@likebot.Күн бұрын
the clue is in the wording "... we _kindly_ request..."
@nickcurrie303Күн бұрын
Lol the real clue is in the fact that your IT team would not / should not email an executable out to users to execute - this would be scripted or deployed via other means.
@edwardfildes2038Күн бұрын
You'd think anyone with the technical know-how to run JS files would also find the request to run one from IT highly suspicious.
@northholdgames8596Күн бұрын
in windows it is just a simple double click or "run". it doesnt require any skill
@edwardfildes2038Күн бұрын
@@northholdgames8596 ah fair play, I didnt know that
@bestcoolmaneverКүн бұрын
@@northholdgames8596 he's saying that it's bizarre that someone fell for one of the most common and obvious "hey, run this file, it's totally safe!" phishing schemes to ever exist without even a single thought of double-checking anything. it's like getting a text from a random unaffiliated scammers number that says "it's me, your mom. send me $500, it's urgent!" while sitting a room away from your mom and still sending the scammer $500 anyways
@fdertКүн бұрын
Great education here digging into IDA. I'm just getting into this field and this is very helpful to see your process, thank you!
@ismayonnaiseaninstrument8700Күн бұрын
This is probably the first in-depth digital forensics video I've sat around and watched, and honestly...thanks! I learned a helluva lot, and I'll be experimenting with those debug tools myself... (once I have a stronger foundation in assembly, mind you.)
@technikschaf157415 сағат бұрын
"loosing a little bit of street cred" ? With a lot of luck there is a little bit left thanks to you at least recognising it as lotr. Thanks for taking us with you at this journey there and back again.
@RelemZidin2 сағат бұрын
I legit thought was gonna say I've never sat (down and read them) oof
@ft4jemcКүн бұрын
Neat video. Yes. Yes you loose nerd cred for not knowing LoTR.
@shodannonymous9359Күн бұрын
I'm probably gonna try this box with your guide, thanks as always John
@jesperwall839Күн бұрын
Is this a 57 minute commercial? Been to many of those lately, and I don’t want to waste my time.
@Twoshoes22JasonКүн бұрын
Yes. For HackTheBox
@TotesCrayКүн бұрын
I mean... it's a commercial showing HTB's sherlock exercises, but the "how it's solved" is great learning info regardless of the original source
@capability-snobКүн бұрын
@@TotesCraycoolest username ever, well done. Must have used freon.
@draconic5796Күн бұрын
Seems someone is a Lord of the Rings fan lol. Finding Middle-Earth, bringing the god of everything Eru and then using the Palantir to get into Gondor haha!
@MultiDark2012Күн бұрын
Even though I could see the info on screen, I was still w8ing for John to say LTT. 😂😝
@RostolКүн бұрын
windows pro includes a secure isolated ephemeral VM, it's called Sandbox. it's awesome for testing things. Also a good tip if using VMs is to take snapshots between steps, just in case ... lol. 35:46 it's reading the resource table on the .dll, not the .exe that's probably why the entropy was meh in the .exe resourrces
@josemariolladomarti4935Күн бұрын
awesome work man
@redisbluegaming6696Күн бұрын
Nice channel, love learning from you
@ogunikittyКүн бұрын
Wow. Learnt a lot today. Thanks john
@ChemicalShots34 минут бұрын
All of this malware would be stopped easily with true zero trust.
@threeMetreJimКүн бұрын
Not too bad at all. The insane rating was about right if you've never done this before. Be prepared for layers of obfuscation (in the scripting parts) in real malware, just to frustrate even more. Nice to see this test also having an encrypted part to extract.
@logiciananimalКүн бұрын
Nicely done - I didn't know IDA Free had a debugger. I don't do much RE, I guess.
@aidengoiangos4577Күн бұрын
Another john hammond classic
@h4ckh3lpКүн бұрын
If we weren't already aware, the "WinHTTP" autofill in IDA shows you've prepared this walkthrough which is fine, but I for one would find exponentially more value in the footage of you when you're first running through it. Because to see how you go about figuring shit out when things don't work as you would expect them to would be a lot more informative imo.
@IJH-MusicКүн бұрын
Yes and no. John does some things live and you get to see him go through problems in real time. For a video like this, that style of video would be impractical.
@h4ckh3lpКүн бұрын
@@IJH-Music You'll never see his first go at a box, even the "live" shit is scripted (or at least outlined). I don't care if it took 6 hours instead of less than 1, if you can show me HOW TO FIGURE OUT how to figure out the unknowns, this would be greatly more valuable than showing me how to complete a challenge. But for the same reason the crowd boos when the fight is painstakingly being grappled on the ground, youtubers will forever be playing the youtube game more than providing truly meaningful information at the advanced levels.
@mitospha22 сағат бұрын
Pretty cool demo, thank you. That was rated insane? Some sites I think would honestly rate that as Medium out of easy, medium, hard. Not all CTF sites are the same I guess.
@crudmonkeyКүн бұрын
Great video John! Love these reverse engineering videos
@zerodoinkthirty0Күн бұрын
W PowerShell investigation
@dav1dwКүн бұрын
Nerd cred would be to read Lord of the Rings, not just watch the movies.
@shingareomКүн бұрын
They ?
@AUBCodeII15 сағат бұрын
Hey John, let's get OSEE+ right the flipp now
@hoosiercrypto9955Күн бұрын
They 😳
@QuantariousBitsoniTalvanenКүн бұрын
Why dont as many of the malware coming out have vm evasion like how it spiked a few years ago? Or is it just that it's easier now to disguise a vm now?
@viv_248918 сағат бұрын
If chat gpt is capable and can be used to learn this obfuscated code?
@D.von.NКүн бұрын
So what happened at the end? Did you encrypt your VM or something else?
@74GeeКүн бұрын
Nah, the encryption only acts on a few folders and a few filetypes within those folders so it's mostly benign. See 41:33
@D.von.NКүн бұрын
@@74Gee So those were encrypted, for an average user, if it happened in their real computer, pretty much everything they have there. Riight LOL And so I have a clone of my OSs and data backed up multiple times elsewhere. That the ransomware transfers some of my data to the dark web, I won't be able to fix that. Just I will be one of millions other folks out there. A drop in an ocean. My data already is out there, from various hacks of databases...
@zakzak24Күн бұрын
hi John, I'm getting into malware analysis, is it enough to just boot up a VM then run malware inside it ? cause I read there're types of malware that could escape and infect the host machine, given that I'm doing both static & dynamic analysis
@GarethBaddamsКүн бұрын
Hey although it isn't impossible for malware to escape a VM it's highly unlikely, if your doing a lot of analysis maybe have separate hardware and network segregation just to make sure 😁
@user_EsqКүн бұрын
13:54: 'Mining bitcoin cash" -?
@grant-isКүн бұрын
Who is they? What does INSANE mean? Could we tone down the hyperbole?
@orderandchaos_at_workКүн бұрын
Watch the video and find out
@pan_golinКүн бұрын
They is HTB, Insane is the difficulty rating. Also welcome to KZbin.
@arthurbruel5545Күн бұрын
Man's gotta play the youtube game. Chill.
@FirstnameLastname_officialКүн бұрын
Everybody asks "who is they?!" but no one asks "how is they?"
@paulmurgatroyd63728 минут бұрын
We are the microsofts all your files are belong to us