Detect Hackers & Malware on your Computer (literally for free)

Рет қаралды 311,363

Күн бұрын

jh.live/soc || Join me for the SOC Analyst Appreciation Day! A completely FREE event on October 18th by DEVO! jh.live/soc
Free Cybersecurity Education and Ethical Hacking with John Hammond
📧 JOIN MY NEWSLETTER ➡ jh.live/email
🙏 SUPPORT THE CHANNEL ➡ jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ jh.live/sponsor
🌎 FOLLOW ME EVERYWHERE ➡ jh.live/twitter ↔ jh.live/linkedin ↔ jh.live/discord ↔ jh.live/instagram ↔ jh.live/tiktok
💥 SEND ME MALWARE ➡ jh.live/malware
🔥 KZbin ALGORITHM ➡ Like, Comment, & Subscribe!

Пікірлер: 406

@FIXm8 Жыл бұрын

best way to not get hacked is to live in the woods without any technology

@Hid4ri Жыл бұрын

What if there is a psycho there with an axe??

@franklinndubuisi7479 Жыл бұрын

@@Hid4riYou GAZA the Psycho

@hamburgerbuns9752 Жыл бұрын

@@Hid4ri lol physiclly "hacked"

@Hid4ri Жыл бұрын

@@franklinndubuisi7479who's that?

@Hid4ri Жыл бұрын

@@franklinndubuisi7479don't get it sorry dude, I was only making a joke because in the woods you may come across a crazy person who is looking to "hack" with his axe. I'm sorry 😢

@max06de Жыл бұрын

A word of advice: Be careful who you trust. Even a software promising your security can be a disguised bad actor. (Not saying aurora is one of those!)

@siren9375 Жыл бұрын

But it very well could be, who knows what they collect and store. Trust no one.

@ftincel Жыл бұрын

exactly what i thought.

@kipchickensout Жыл бұрын

@@TheStevenWhitingthat's exactly what I also want

@AbandonedVoid Жыл бұрын

@@TheStevenWhitingCybersecurity used to be a place for computer nerds, now it's filled with Machiavellian sell outs trying to make a quick buck. But if you really care about a project like this being open source, then you should start the project yourself. If it gets enough momentum, I'd probably do bug bounties for it as volunteer work.

@farmeunit Жыл бұрын

@@TheStevenWhitingWazuh… or Security Onion.

@sync9827 11 ай бұрын

Step 1: Download and execute a binary from a random website I've never heard of. xD

@LennyMiller739 2 ай бұрын

It wasn't a binary, it was an exe. Silly billy

@vladimirpain3942 2 ай бұрын

exe? Now I am all calm and comfortable.

@LennyMiller739 2 ай бұрын

@@vladimirpain3942 And to make it even better I'll put it in a little winrar archive. Everybody has a least one memory of opening that little atack of books to decompress the roms and play the games they had as a kid - it's so nostalgic, isn't it. CLICK ME, COME ON - YOU KNOW YOU WANT TO.

@thisunity Ай бұрын

@@LennyMiller739 exe is a binary file, silly willy

@Rennu_the_linux_guy Жыл бұрын

Bruh John's icon sizes getting progressively bigger in every video like the sheriff's hat in scary movie is killing me

@KieSeyHow 11 ай бұрын

Probably holding that CTRL key too long when hyperactive scrolling through windows. :D

@youreale 9 ай бұрын

Every software you install is increasing your attack surface. It would actually be better to show signs of malware infection rather than installing a magical black box to do it.

@CC-Pi 10 ай бұрын

Looks interesting but my first thoughts are that the plain text yml based signatures are vulnerable, they should be locked in an encrypted vault, otherwise an attacker can just change the rules before running their attack on a machine and then ta da no alert pops up.

@dgfokfgxfglhmkfmlgh 6 ай бұрын

You can prolly make a rule to detect the rules manipulations I guess

@5ter1ingNothings 11 ай бұрын

Ah! Thank you for this. This won you a subscription from me because this is a great way for me to dive deeper into cyber security and discover more. I appreciate this. New student of Cybersecurity Technician so this will be of incredible use.

@myekuntz 11 ай бұрын

Hey just want to say thank you for taking the time and going step by step on not just this but how to open a zip file ,us noobs gotta start somewhere, thanks again 😊

@FuzzerHash Жыл бұрын

Thank you, John, for sharing content like this with us.

@powerstock9464 3 ай бұрын

When I was dwonloading i had 2 threats by windows saying two trojons

@EdwardPresleyWalker 3 ай бұрын

I got 3 trojans

@floridapenguin6330 11 ай бұрын

Great Job I absolutely love it I already have something flagged that antivirus did not flag and I think this is one of the ways to get familiar with how ones system works even from a beginners level of understanding.

@megsman4749 10 ай бұрын

My internal sigma rule detects adware.

@itsallasimulationman 11 ай бұрын

"it's not a matter of if, but when." ancient cybersecurity proverb.

@holetarget4925 9 ай бұрын

Most of famous software companies are in fact selling user data to aggregators. I know this because I bought these when I worked in a famous consulting co😢😅

@BenjaminTiessen 11 ай бұрын

I hate that i have to give my personal information to download it... Not worth it.

@GhostRevenge36 4 ай бұрын

Ive got a problem. My antivirus won't let me download this because it wants to tamper with Windows defender. And the antivirus sees this as a threat. I just don't want a hacker piggy backing on any downloads. Did anyone else get this?

@EdwardPresleyWalker 3 ай бұрын

yes. my windows defender said it was a virus

@zuberkariye2299 11 ай бұрын

It's quite confusing to determine the number of EDR/SIEM/SOAR tools available, as there are numerous options such as Splunk, Aurora, Corelight, Zeek, MS Sentinel, Snort, Wireshark, Datadog, Graylog, Security Onion, ELK, LogRhythm, and Google Chronicle. As a beginner, it can be overwhelming to choose the right tool. Can someone please explain the differences between these tools and offer guidance on which one I should focus on?

@denissetiawan3645 11 ай бұрын

Focus on your company that already have, or in budget.

@CYBERSECURITY.101 9 ай бұрын

Choosing the right security tool can indeed be overwhelming, especially with such a diverse landscape! Understanding the differences between EDR, SIEM, SOAR, and specific tools like the ones you mentioned is crucial for making an informed decision. Let's break it down: Types of Tools: EDR (Endpoint Detection and Response): These tools focus on protecting endpoints (laptops, servers) from malware, exploits, and intrusions. They monitor endpoint activity, detect anomalies, and enable incident response. Examples: Crowdstrike Falcon Insight, McAfee Endpoint Security, SentinelOne. SIEM (Security Information and Event Management): SIEM tools aggregate security data from various sources (firewalls, logs, servers) to provide a unified view of security events. They help with log analysis, threat detection, and compliance. Examples: Splunk, ArcSight, LogRhythm. SOAR (Security Orchestration, Automation and Response): SOAR tools automate repetitive security tasks like incident ticketing, remediation workflows, and playbook execution. They integrate with other security tools to streamline incident response. Examples: Demisto, Palo Alto Cortex XSOAR, Rapid7 Nexpose. Understanding the Differences: EDR is focused on endpoints, while SIEM has a broader scope, covering all security data. SIEM provides visibility, while EDR offers deeper analysis and response capabilities for endpoints. SOAR automates tasks based on SIEM and EDR data, streamlining incident response. Choosing the Right Tool: Consider your needs: What are your main security concerns? Do you need endpoint protection, centralized event management, or automated response? Evaluate your budget: Tools vary in pricing and complexity. Choose one that fits your budget and skillset. Start small: Don't try to implement everything at once. Begin with a core tool (e.g., EDR for endpoint protection) and expand later. Research and compare: Look for independent reviews, test demos, and compare features before making a decision. Specific Tools: Splunk: SIEM platform with advanced analytics and reporting capabilities. Aurora: Open-source SIEM platform known for its flexibility and customization. Corelight: Open-source network traffic analysis tool for intrusion detection. Zeek: Another open-source network traffic analysis tool with strong threat detection capabilities. MS Sentinel: Cloud-based SIEM and SOAR solution from Microsoft. Snort: Open-source network intrusion detection and prevention system. Wireshark: Network traffic analyzer for troubleshooting and security investigations. Datadog: Cloud-based monitoring platform with security features. Graylog: Open-source SIEM platform with a user-friendly interface. Security Onion: Open-source security suite with various security tools. ELK Stack: Open-source stack combining Elasticsearch, Logstash, and Kibana for log analysis and visualization. LogRhythm: SIEM platform with built-in SOAR capabilities. Google Chronicle: Cloud-based SIEM and SOAR solution from Google. For beginners: Start with a free or open-source tool: Many excellent options are available like Corelight, Zeek, Security Onion, ELK Stack. Focus on learning the fundamentals: Understand the concepts of EDR, SIEM, and SOAR before diving into specific tools. Seek help from the community: Join online forums and communities to learn from other security professionals. Remember, the best tool is the one that fits your specific needs and budget. Take your time, research, and don't hesitate to ask for help.

@MogensHertz 9 ай бұрын

Both question and answer was brought to you by ChatGPT 😅

@jollygrimreaper 9 ай бұрын

@@CYBERSECURITY.101 okay, AI

@ТоварищКамрадовСоциалистКоммун 8 ай бұрын

how about asking yourself if you need any of them? they are for sysadmin or for a corporate segment. In that case it might be wise to use what is already purchased, installed and working. Otherwise, and especially for a private/small home network it's recommended to use standard security package included in your windows defender, like HIPS and similar utilities. If you feel it's not enough, consider enhanced protection from Eset, or Kaspersky, or Comodo, or Zonealarm, or similar

@Where-w1r 2 ай бұрын

it’s easy to remove if it’s in temp or application data but… if it’s in your kernel it’s a different chapter

@aDaily1222 11 ай бұрын

John I think you're trying to appeal to the "average user" but the average user doesn't have the technical knowledge for this stuff. I didn't realize until scrolling through the comments how many people outside the industry are watching these videos. People in the industry know you're a legend and take you seriously. Alot of your viewers right now dont even know who you are. I'm honestly not sure how they found this video. They probably got a virus and searched "how to know if i got hacked" lol. Anyways, you're great. So is the content. We appreciate it! Keep it up!

@jjann54321 11 ай бұрын

IMO I think as John's audience grows, more and more people are joining (watching) for reasons other than the "core" of his channel's message/content. From day one, his content has been on focusing on Red/Blue Team day-to-day with some videos being very technically detailed while others (his most popular, ironically) are John installing TOR and trolling the *Dark Web.* If you look at John's video catalog you can see the spectrum from Skiddie to Malware Analyst/Engineer and everything in between. Rather than people criticizing John's content for it not being "double-clicking on the .exe file and selecting Accept, Next, Next, Finish" they should challenge themselves, step up their game and possibly learn something, gain a little insight and experience.

@alfonzo7822 9 ай бұрын

Funnily enough that's roughly how I found John's channel 2 years ago! Now working in IT and doing a degree in Cyber Security, so it worked out ok for me.

@sagenorris693 11 ай бұрын

You always find the coolest tools and resources! Awesome stuff, John, as always!

@LennWeltmeister 11 ай бұрын

Video starts at 7:16

@saschafahling4698 4 ай бұрын

Edge won't let me download saying it is a trojan👍

@itssoaztek4592 Жыл бұрын

Great stuff! Thank you! I am very excited about your idea to have more content exploring Aurora EDR. Can't wait 🙂

@joshmorgantech 11 ай бұрын

Why do they have to ask for my email??

@xCheddarB0b42x Жыл бұрын

Interview reply from employer when I inquired about expectations: "No incidents." I almost popped off, "How do you know you aren't in one now?" heh

@KieSeyHow 11 ай бұрын

There are two psychology thought experiments to try on prospective employees, one is the Gift Scenario, and the other is the Meadow Scenario. But the bottom line is, threats not perceived or expected result in different behaviour than otherwise. Good perception, leads to mitigating behaviour, before threat vectors resolve. All intelligence assets undergo such training, perhaps IT security personnel should also be taught to think in similar ways. Expect threats, when there are none. Just because none is detected, does not mean it is not there. This also applies to industrial maintenance, inspection, police work, intelligence, public works, and actuarial work.

@luiytheninja3655 Ай бұрын

@@KieSeyHow Idk why you got your information for this comment, but... From day one, I've been taught to be proactive, and look for threats before they occur, which is exactly how to do what you described. Guess, I'm just having trouble, understanding the purpose, of your comment.

@EliteTech24 Жыл бұрын

A little bit of click bait and knowledge not simplified for the public viewers who is really trying to find solutions. But great work from the ones who understands.

@TC-hl1ws Жыл бұрын

Too complicated for the general public including me but thanks for bringing this to our attention.

@aDaily1222 11 ай бұрын

This video isnt for the general public lol

@jjann54321 11 ай бұрын

I think John said something about "Blue Team Professionals" or aspiring Blue Team Pros? This must be your first John Hammond video...? Oh, and the CLI isn't scary once you've worked with it for a while, give it a shot.

@OGMann 11 ай бұрын

Funny how i lived in the command line for 35 years, and people today are just discovering it. Thank God for gui's, eh? 😂

@wooshbait36 11 ай бұрын

@@OGMann wow you are so cool. You want a medal?

@sCiphre 10 ай бұрын

@@wooshbait36 we'd be just fine without one if you'd kindly step off the lawn.

@FlyboyHelosim 11 ай бұрын

Video is all about getting hacked... clicks accept on cookies prompt without an ounce of care.

@faxhack Жыл бұрын

The day I get infected and I am looking for something to remove the malware this video comes out and I find out about it to late this is why y’all need to turn notifications on!!!

@FlyboyHelosim 11 ай бұрын

Notifications don't mean a damn thing when you're subscribed to dozens of channels.

@_noizmusic 11 ай бұрын

@@lumikarhu Not true actually, Aurora has response actions, although limited in the Lite version.

@ТоварищКамрадовСоциалистКоммун 8 ай бұрын

in order to be able to make a meaningful response action, the utility should be host-based

@Wildmikes Жыл бұрын

Block all incoming connections at firewall built in setting with some exception rules. Plus VPN and DNS leak tweak at regedit you should be gold.

@KieSeyHow 11 ай бұрын

With Windows 10 and above you'd have to start with zero trust, blocking both out and in, so each connection can be verified and researched. My local systems (both Linux and Windows) have run like that for more than 10 years.

@ТоварищКамрадовСоциалистКоммун 8 ай бұрын

indeed the most of the job is done by properly configured firewall. the rest of the job is done by properly configured HIPS utility and you might want to get an antivirus just for your convenience , to help you make a right decision secure DNS with or witthout filters to avoid phishing, other stuff like ublock origin are for a better protection and mostly for convenience

@justinpinson8575 Жыл бұрын

love it as always. would love to see more along this path!

@tlskillman 7 ай бұрын

Just tried to download free Aurora. No go. Never got the verification email.

@martinhoneves Ай бұрын

I got the verification but never the links....

@techfan7808 11 ай бұрын

A very nice ad for aurora

@Robert.C-z2x 11 күн бұрын

Big fan of your videos ! For all the beginners out here ,is the AV detecting a false positive because Aurora is using sigma rules ? Would be great to hear your take on this matter

@pedrobarthacking Жыл бұрын

Amazing content always John! Thank you!

@mranonymous9355 9 ай бұрын

Thanks John. Was this a paid presentation?

@burulolor2192 Ай бұрын

Brave browser, download failed, virus detected.

@joelanzo Ай бұрын

Huntress Agent similar to Aurora uses a web browser dashboard, why not a local dashboard installed on the computer ?

@justanothergrunt9053 Жыл бұрын

To be fair, if someone preaches this to me I feel like it’s gonna probe my stuff regardless. I’ll look into it 😂.

@Sloptit Жыл бұрын

Specially when its this guy saying that stuff

@justanothergrunt9053 Жыл бұрын

@@Sloptit Yeah. It's a product push. TRUST ME I AM- . No one's taking that away from him but come on this is an advertisement video. No you can't have my data.

@KieSeyHow 11 ай бұрын

Pretty much the same vibes here, especially when delivered by some guy who feels like he is on uppers or speed. I learned in my work to never fully trust people with that kind of energy.

@justanothergrunt9053 11 ай бұрын

@@KieSeyHow Yeah

@aDaily1222 11 ай бұрын

its literally John Hammond. Dudes a legend. You must not be in the CyberSecurity field lol. @@KieSeyHow

@Muziek37414 Жыл бұрын

Would love to know more about the sigma rules and how to create custom ones

@Felttipfuzzywuzzyflyguy Жыл бұрын

Thank you SOC Analysts!

@KCM25NJL Жыл бұрын

I can see an opportunity for someone to write a little beautiful soup that skims the LOLbins and generates sigma files on the fly as new attack vectors are published.

@seansingh4421 Жыл бұрын

Yes Yes Yes !! Thanks for the idea, If I can manage to it (I’m ChemE not software lol) I’ll even give you cut 😂

@8eck 11 ай бұрын

Very interesting topic, would love to see more series about it. Like & Subscribed!

@joshuameaders8053 9 ай бұрын

With so many tools & tech, do you think reviewing so many would eventually have a negative impact on the I.T community? Deluding the pool of options so great that paralysis by analysis inevitably sets in. I find myself overwhelmed with tools when coming to your page.

@phabeondominguez5971 7 ай бұрын

Maybe IT isn't for you then? Tech is always advancing so it's always changing, ya gotta keep up or else YOU become irrelevant.. feel me?

@sirdewd2197 11 ай бұрын

Can it be out on routers or other network devices or is it only on end user devices?

@Vicorcivius 9 ай бұрын

Running windows and talking about detecting malware on your computer. :D

@bleakyfinder2692 9 ай бұрын

why fix, if it anit broke.

@iWhacko Жыл бұрын

anything like this for Mac?

@OHWRDAMI1 9 ай бұрын

Unwatchable ads every 30 seconds.

@JohnnyARants 5 ай бұрын

Man, get the premium bro

@JoshHookerJoshhook123 3 ай бұрын

Not having KZbin premium is crazy

@sippingthe Ай бұрын

it’s propaganda!! don’t get premium!!!

@evanottinger1672 9 ай бұрын

The jump scare when this came on after a softly spoken Tib3rius video

@hugohernandez6968 7 ай бұрын

Hi John, thank you for sharing this. I was actually setting up wazuh through another great video you made. Essentially are they the same except wazuh does give you central management?

@TheCodingHat 10 ай бұрын

I saw it was you and was bamboozled by the comments. Surprised you arent a bit more popular

@5c4rfAc3 10 ай бұрын

loved this one!! always great education, and inspirational! keep it up!

@imaantagonist6322 9 ай бұрын

Was this a giant ad? Felt like it.

@rakesharman4203 Ай бұрын

My windows defender is considering this as malware 😮

@gaganshesha2171 Ай бұрын

Same brother

@gaganshesha2171 Ай бұрын

Have you found any solution?

@stoltzld 9 ай бұрын

SHA1, lovely and secure.... *cough*

@Helpexplorer 11 ай бұрын

Can you Show a Linux Solution?

@JeffNoel Жыл бұрын

They need to add the ---board command just for the sake of it.

@humpalum Жыл бұрын

Kudos... that one -ed right over my head

@petefluffy7420 10 ай бұрын

That's all too easy, there will be adolescent wearing an "anonymous" style mask sitting in my chair.

@louey2x 10 ай бұрын

is it actually Cisco using TCP? and how do we confirm that it is, maybe it's one of the unassigned UDP ports.

@SimonePGGG 11 ай бұрын

What is the difference between this and thor can you help me understand please?

@nobodynowhere8890 6 ай бұрын

its an advertising video, isn't there a need to flag a video as "advertising" if its ?

@james_nash 6 ай бұрын

Noob here. Why do this instead of your av system off the shelf? What’s the benefit?

@batmob8437 10 ай бұрын

"Sometimes it misses..." Lols! Deliberately even! 😝

@LokiScarletWasHere Жыл бұрын

Eww. Proprietary. Definitely want to use it in a virtual playground only.

@overthe1 Жыл бұрын

Thanks for very useful content. Very interesting for every Cyber Security Specialist.

@thegeminiclub 11 ай бұрын

Hey! How do hackers make it look like I’m using Facebook and dating apps/sites on my phone if I don’t have any of those ?

@johannjohann6523 3 ай бұрын

Thanks for the Aurora software tip. But 2 things : 1) Waaaayyyy too much caffeine before making the video. Still you spoke pretty well (meaning understandable) yet 2) But you still spoke far too fast. I didn't know it was a race. lol I'm curious however, you really didn't show any good examples. Just "theoretical" ones. "Use your imagination" is not why me and others get on this KZbin internet site. But I'm curious if you are putting out this information, wouldn't a good hacker be able to go under or around Aurora and still achieve their goals? I've been trying to find the procedures and software that would allow me to monitor my computer. But it seems VPN is the way to go, and no worries?? I haven't been convinced of that either.

@emdxemdx 9 ай бұрын

So, it's basically like Snort, right?

@johnarnold893 9 ай бұрын

This is a Windows only thing so what does that tell you?

@GAmerJUM 9 ай бұрын

It is mind boggling that the port 1900 and dns grouping is commonly turned on, it is simply reckless.

@custume 11 ай бұрын

on this business our mantra is : "there are NO invulnerable systems, only hard to crack"

@ShinobuFX Жыл бұрын

I love this! please do more, thank you!

@abdallahhussein5997 Жыл бұрын

Too many ads come from any where

@TwinShards 11 ай бұрын

I just got an ads playing from you ... while watching this video 😂 *Edit TWICE

@PurpleTeamer Жыл бұрын

Tried to download the license file from the link in the email, but getting a PR_END_OF_FILE_ERROR. could not access my license file.

@bartomiejb6730 Жыл бұрын

ufffffff i got that same situation.

@florian2251 Жыл бұрын

@@bartomiejb6730 Could you make sure that you're using an up-to-date browser? Which version of Firefox do you use?

@kimpedersen Жыл бұрын

Same - but its working now.

@PurpleTeamer Жыл бұрын

@@kimpedersen Thank for sharing an update. Will retry this evening 👍

@uuu12343 9 ай бұрын

Question, does this work over the network? Or just the local machine?

@Dominik-K Жыл бұрын

Thanks for the video, this tool is certainly one I'll look into more deeply

@CitizenFortress 11 ай бұрын

Wouldn't Wazuh be able to do all this too?

@Abbaking-i4b 10 ай бұрын

Buying softwares norton and more have been brutal

@gibsonav 9 ай бұрын

"Security" guy.... "...fine, you can take my cookies..." "...enter your [real] email here..." "...here's a way to check the [file] integrity..." (Fails to show HOW) "...and just open this zip..." (without checking it) LOL!

@ТоварищКамрадовСоциалистКоммун 8 ай бұрын

+ firefox with all the ads included, and no indication of ublock origin, no script and other useful extensions or hardening EULA? nah, just click check box and continue, "Johnh" looks like an everyday-used admin account

@wellox8856 11 ай бұрын

"sigma" "based" "free" I mean... They certainly know some good keywords to use 🤣

@CoreyANeal2000 10 ай бұрын

Could this be done with a complete copy of a device or through data?

@amzakambou6762 11 ай бұрын

hi John can you share a content about VOLATILITY TOO? PLEASE

@CoolFire666 Жыл бұрын

Would be interesting to try, but they don't seem to have any Linux support as far as I can tell :(

@Thuja814 10 ай бұрын

@TopGunUFS007 9 ай бұрын

why

@senshi01 5 ай бұрын

I received the email. Gone to the link to download it. No download button for me I guess...

@Unpluggeddddd 11 ай бұрын

Best macOS equivalent?

@thecircusb0y1 22 күн бұрын

too bad their website is broken now for the lite version registration.

@shawnhenderson2968 11 ай бұрын

Not sure what I'm doing wrong but I can't access aurora in the terminal. So it won't let me run the scripts. Any help is appreciated

@garycacoon 6 ай бұрын

Is this the same as sysdig and falco

@keylanoslokj1806 11 ай бұрын

Do the same guide about Android phones please!!!

@nevermankind 11 ай бұрын

I see you been getting into websites you shouldn't have 😂😂😂😂

@ТоварищКамрадовСоциалистКоммун 8 ай бұрын

just relax and don't visit the dark side of the web, kids. This utility is for sysadmins and corporate segment. So that a big brother would be able to watch you and see what kind of software you tried to install or run What were the consequencies of it. How much damage was done. And finally what was the cost of it. In order to decide how much to deduct from the salary Muhahahaha