Detect Hackers & Malware on your Computer (literally for free)

Рет қаралды 319,590

John Hammond

Күн бұрын

Пікірлер: 415

@sync9827 Жыл бұрын

Step 1: Download and execute a binary from a random website I've never heard of. xD

@LennyMiller739 4 ай бұрын

It wasn't a binary, it was an exe. Silly billy

@vladimirpain3942 4 ай бұрын

exe? Now I am all calm and comfortable.

@LennyMiller739 4 ай бұрын

@@vladimirpain3942 And to make it even better I'll put it in a little winrar archive. Everybody has a least one memory of opening that little atack of books to decompress the roms and play the games they had as a kid - it's so nostalgic, isn't it. CLICK ME, COME ON - YOU KNOW YOU WANT TO.

@thisunity 3 ай бұрын

@@LennyMiller739 exe is a binary file, silly willy

@mvstermlnd 2 күн бұрын

I wanted to say i hope noone does it this way... . But i dont wanna give bad people ideas.

@FIXm8 Жыл бұрын

best way to not get hacked is to live in the woods without any technology

@Hid4ri Жыл бұрын

What if there is a psycho there with an axe??

@franklinndubuisi7479 Жыл бұрын

@@Hid4riYou GAZA the Psycho

@hamburgerbuns9752 Жыл бұрын

@@Hid4ri lol physiclly "hacked"

@Hid4ri Жыл бұрын

@@franklinndubuisi7479who's that?

@Hid4ri Жыл бұрын

@@franklinndubuisi7479don't get it sorry dude, I was only making a joke because in the woods you may come across a crazy person who is looking to "hack" with his axe. I'm sorry 😢

@max06de Жыл бұрын

A word of advice: Be careful who you trust. Even a software promising your security can be a disguised bad actor. (Not saying aurora is one of those!)

@siren_grnk Жыл бұрын

But it very well could be, who knows what they collect and store. Trust no one.

@ftincel Жыл бұрын

exactly what i thought.

@kipchickensout Жыл бұрын

@@TheStevenWhitingthat's exactly what I also want

@AbandonedVoid Жыл бұрын

@@TheStevenWhitingCybersecurity used to be a place for computer nerds, now it's filled with Machiavellian sell outs trying to make a quick buck. But if you really care about a project like this being open source, then you should start the project yourself. If it gets enough momentum, I'd probably do bug bounties for it as volunteer work.

@farmeunit Жыл бұрын

@@TheStevenWhitingWazuh… or Security Onion.

@SEAhawkstwelfthman Күн бұрын

"Paranoia! Paranoia! Everybody's coming to get me...Just say you never met me..." Nah, just playing. This is an interesting tool. Thanks for the video and educating the community on it man!

@Rennu_the_linux_guy Жыл бұрын

Bruh John's icon sizes getting progressively bigger in every video like the sheriff's hat in scary movie is killing me

@KieSeyHow Жыл бұрын

Probably holding that CTRL key too long when hyperactive scrolling through windows. :D

@5ter1ingNothings Жыл бұрын

Ah! Thank you for this. This won you a subscription from me because this is a great way for me to dive deeper into cyber security and discover more. I appreciate this. New student of Cybersecurity Technician so this will be of incredible use.

@myekuntz Жыл бұрын

Hey just want to say thank you for taking the time and going step by step on not just this but how to open a zip file ,us noobs gotta start somewhere, thanks again 😊

@CC-Pi Жыл бұрын

Looks interesting but my first thoughts are that the plain text yml based signatures are vulnerable, they should be locked in an encrypted vault, otherwise an attacker can just change the rules before running their attack on a machine and then ta da no alert pops up.

@dgfokfgxfglhmkfmlgh 8 ай бұрын

You can prolly make a rule to detect the rules manipulations I guess

@youreale 11 ай бұрын

Every software you install is increasing your attack surface. It would actually be better to show signs of malware infection rather than installing a magical black box to do it.

@itsallasimulationman Жыл бұрын

"it's not a matter of if, but when." ancient cybersecurity proverb.

@megsman4749 Жыл бұрын

My internal sigma rule detects adware.

@EliteTech24 Жыл бұрын

A little bit of click bait and knowledge not simplified for the public viewers who is really trying to find solutions. But great work from the ones who understands.

@floridapenguin6330 Жыл бұрын

Great Job I absolutely love it I already have something flagged that antivirus did not flag and I think this is one of the ways to get familiar with how ones system works even from a beginners level of understanding.

@FuzzerHash Жыл бұрын

Thank you, John, for sharing content like this with us.

@xCheddarB0b42x Жыл бұрын

Interview reply from employer when I inquired about expectations: "No incidents." I almost popped off, "How do you know you aren't in one now?" heh

@KieSeyHow Жыл бұрын

There are two psychology thought experiments to try on prospective employees, one is the Gift Scenario, and the other is the Meadow Scenario. But the bottom line is, threats not perceived or expected result in different behaviour than otherwise. Good perception, leads to mitigating behaviour, before threat vectors resolve. All intelligence assets undergo such training, perhaps IT security personnel should also be taught to think in similar ways. Expect threats, when there are none. Just because none is detected, does not mean it is not there. This also applies to industrial maintenance, inspection, police work, intelligence, public works, and actuarial work.

@luiytheninja3655 3 ай бұрын

@@KieSeyHow Idk why you got your information for this comment, but... From day one, I've been taught to be proactive, and look for threats before they occur, which is exactly how to do what you described. Guess, I'm just having trouble, understanding the purpose, of your comment.

@holetarget4925 11 ай бұрын

Most of famous software companies are in fact selling user data to aggregators. I know this because I bought these when I worked in a famous consulting co😢😅

@TC-hl1ws Жыл бұрын

Too complicated for the general public including me but thanks for bringing this to our attention.

@aDaily1222 Жыл бұрын

This video isnt for the general public lol

@jjann54321 Жыл бұрын

I think John said something about "Blue Team Professionals" or aspiring Blue Team Pros? This must be your first John Hammond video...? Oh, and the CLI isn't scary once you've worked with it for a while, give it a shot.

@OGMann Жыл бұрын

Funny how i lived in the command line for 35 years, and people today are just discovering it. Thank God for gui's, eh? 😂

@wooshbait36 Жыл бұрын

@@OGMann wow you are so cool. You want a medal?

@sCiphre Жыл бұрын

@@wooshbait36 we'd be just fine without one if you'd kindly step off the lawn.

@aDaily1222 Жыл бұрын

John I think you're trying to appeal to the "average user" but the average user doesn't have the technical knowledge for this stuff. I didn't realize until scrolling through the comments how many people outside the industry are watching these videos. People in the industry know you're a legend and take you seriously. Alot of your viewers right now dont even know who you are. I'm honestly not sure how they found this video. They probably got a virus and searched "how to know if i got hacked" lol. Anyways, you're great. So is the content. We appreciate it! Keep it up!

@jjann54321 Жыл бұрын

IMO I think as John's audience grows, more and more people are joining (watching) for reasons other than the "core" of his channel's message/content. From day one, his content has been on focusing on Red/Blue Team day-to-day with some videos being very technically detailed while others (his most popular, ironically) are John installing TOR and trolling the *Dark Web.* If you look at John's video catalog you can see the spectrum from Skiddie to Malware Analyst/Engineer and everything in between. Rather than people criticizing John's content for it not being "double-clicking on the .exe file and selecting Accept, Next, Next, Finish" they should challenge themselves, step up their game and possibly learn something, gain a little insight and experience.

@alfonzo7822 11 ай бұрын

Funnily enough that's roughly how I found John's channel 2 years ago! Now working in IT and doing a degree in Cyber Security, so it worked out ok for me.

@BenjaminTiessen Жыл бұрын

I hate that i have to give my personal information to download it... Not worth it.

@itssoaztek4592 Жыл бұрын

Great stuff! Thank you! I am very excited about your idea to have more content exploring Aurora EDR. Can't wait 🙂

@zuberkariye2299 Жыл бұрын

It's quite confusing to determine the number of EDR/SIEM/SOAR tools available, as there are numerous options such as Splunk, Aurora, Corelight, Zeek, MS Sentinel, Snort, Wireshark, Datadog, Graylog, Security Onion, ELK, LogRhythm, and Google Chronicle. As a beginner, it can be overwhelming to choose the right tool. Can someone please explain the differences between these tools and offer guidance on which one I should focus on?

@denissetiawan3645 Жыл бұрын

Focus on your company that already have, or in budget.

@CYBERSECURITY.101 11 ай бұрын

Choosing the right security tool can indeed be overwhelming, especially with such a diverse landscape! Understanding the differences between EDR, SIEM, SOAR, and specific tools like the ones you mentioned is crucial for making an informed decision. Let's break it down: Types of Tools: EDR (Endpoint Detection and Response): These tools focus on protecting endpoints (laptops, servers) from malware, exploits, and intrusions. They monitor endpoint activity, detect anomalies, and enable incident response. Examples: Crowdstrike Falcon Insight, McAfee Endpoint Security, SentinelOne. SIEM (Security Information and Event Management): SIEM tools aggregate security data from various sources (firewalls, logs, servers) to provide a unified view of security events. They help with log analysis, threat detection, and compliance. Examples: Splunk, ArcSight, LogRhythm. SOAR (Security Orchestration, Automation and Response): SOAR tools automate repetitive security tasks like incident ticketing, remediation workflows, and playbook execution. They integrate with other security tools to streamline incident response. Examples: Demisto, Palo Alto Cortex XSOAR, Rapid7 Nexpose. Understanding the Differences: EDR is focused on endpoints, while SIEM has a broader scope, covering all security data. SIEM provides visibility, while EDR offers deeper analysis and response capabilities for endpoints. SOAR automates tasks based on SIEM and EDR data, streamlining incident response. Choosing the Right Tool: Consider your needs: What are your main security concerns? Do you need endpoint protection, centralized event management, or automated response? Evaluate your budget: Tools vary in pricing and complexity. Choose one that fits your budget and skillset. Start small: Don't try to implement everything at once. Begin with a core tool (e.g., EDR for endpoint protection) and expand later. Research and compare: Look for independent reviews, test demos, and compare features before making a decision. Specific Tools: Splunk: SIEM platform with advanced analytics and reporting capabilities. Aurora: Open-source SIEM platform known for its flexibility and customization. Corelight: Open-source network traffic analysis tool for intrusion detection. Zeek: Another open-source network traffic analysis tool with strong threat detection capabilities. MS Sentinel: Cloud-based SIEM and SOAR solution from Microsoft. Snort: Open-source network intrusion detection and prevention system. Wireshark: Network traffic analyzer for troubleshooting and security investigations. Datadog: Cloud-based monitoring platform with security features. Graylog: Open-source SIEM platform with a user-friendly interface. Security Onion: Open-source security suite with various security tools. ELK Stack: Open-source stack combining Elasticsearch, Logstash, and Kibana for log analysis and visualization. LogRhythm: SIEM platform with built-in SOAR capabilities. Google Chronicle: Cloud-based SIEM and SOAR solution from Google. For beginners: Start with a free or open-source tool: Many excellent options are available like Corelight, Zeek, Security Onion, ELK Stack. Focus on learning the fundamentals: Understand the concepts of EDR, SIEM, and SOAR before diving into specific tools. Seek help from the community: Join online forums and communities to learn from other security professionals. Remember, the best tool is the one that fits your specific needs and budget. Take your time, research, and don't hesitate to ask for help.

@MogensHertz 11 ай бұрын

Both question and answer was brought to you by ChatGPT 😅

@jollygrimreaper 11 ай бұрын

@@CYBERSECURITY.101 okay, AI

@ТоварищКамрадовСоциалистКоммун 9 ай бұрын

how about asking yourself if you need any of them? they are for sysadmin or for a corporate segment. In that case it might be wise to use what is already purchased, installed and working. Otherwise, and especially for a private/small home network it's recommended to use standard security package included in your windows defender, like HIPS and similar utilities. If you feel it's not enough, consider enhanced protection from Eset, or Kaspersky, or Comodo, or Zonealarm, or similar

@LennWeltmeister Жыл бұрын

Video starts at 7:16

@FlyboyHelosim Жыл бұрын

Video is all about getting hacked... clicks accept on cookies prompt without an ounce of care.

@sagenorris693 Жыл бұрын

You always find the coolest tools and resources! Awesome stuff, John, as always!

@2b2tJourney Жыл бұрын

The day I get infected and I am looking for something to remove the malware this video comes out and I find out about it to late this is why y’all need to turn notifications on!!!

@FlyboyHelosim Жыл бұрын

Notifications don't mean a damn thing when you're subscribed to dozens of channels.

@_noizmusic Жыл бұрын

@@lumikarhu Not true actually, Aurora has response actions, although limited in the Lite version.

@ТоварищКамрадовСоциалистКоммун 9 ай бұрын

in order to be able to make a meaningful response action, the utility should be host-based

@2Kayz177 4 ай бұрын

it’s easy to remove if it’s in temp or application data but… if it’s in your kernel it’s a different chapter

@pedrobarthacking Жыл бұрын

Amazing content always John! Thank you!

@justinpinson8575 Жыл бұрын

love it as always. would love to see more along this path!

@joshmorgantech Жыл бұрын

Why do they have to ask for my email??

@techfan7808 Жыл бұрын

A very nice ad for aurora

@TheCodingHat Жыл бұрын

I saw it was you and was bamboozled by the comments. Surprised you arent a bit more popular

@Wildmikes Жыл бұрын

Block all incoming connections at firewall built in setting with some exception rules. Plus VPN and DNS leak tweak at regedit you should be gold.

@KieSeyHow Жыл бұрын

With Windows 10 and above you'd have to start with zero trust, blocking both out and in, so each connection can be verified and researched. My local systems (both Linux and Windows) have run like that for more than 10 years.

@ТоварищКамрадовСоциалистКоммун 9 ай бұрын

indeed the most of the job is done by properly configured firewall. the rest of the job is done by properly configured HIPS utility and you might want to get an antivirus just for your convenience , to help you make a right decision secure DNS with or witthout filters to avoid phishing, other stuff like ublock origin are for a better protection and mostly for convenience

@Felttipfuzzywuzzyflyguy Жыл бұрын

Thank you SOC Analysts!

@powerstock9464 5 ай бұрын

When I was dwonloading i had 2 threats by windows saying two trojons

@DataWalkerSolutions 4 ай бұрын

I got 3 trojans

@KCM25NJL Жыл бұрын

I can see an opportunity for someone to write a little beautiful soup that skims the LOLbins and generates sigma files on the fly as new attack vectors are published.

@seansingh4421 Жыл бұрын

Yes Yes Yes !! Thanks for the idea, If I can manage to it (I’m ChemE not software lol) I’ll even give you cut 😂

@8eck Жыл бұрын

Very interesting topic, would love to see more series about it. Like & Subscribed!

@5c4rfAc3 11 ай бұрын

loved this one!! always great education, and inspirational! keep it up!

@GhostRevenge36 6 ай бұрын

Ive got a problem. My antivirus won't let me download this because it wants to tamper with Windows defender. And the antivirus sees this as a threat. I just don't want a hacker piggy backing on any downloads. Did anyone else get this?

@DataWalkerSolutions 4 ай бұрын

yes. my windows defender said it was a virus

@Robert.C-z2x 2 ай бұрын

Big fan of your videos ! For all the beginners out here ,is the AV detecting a false positive because Aurora is using sigma rules ? Would be great to hear your take on this matter

@evanottinger1672 11 ай бұрын

The jump scare when this came on after a softly spoken Tib3rius video

@imaantagonist6322 11 ай бұрын

Was this a giant ad? Felt like it.

@Vicorcivius 11 ай бұрын

Running windows and talking about detecting malware on your computer. :D

@OHWRDAMI1 11 ай бұрын

Unwatchable ads every 30 seconds.

@JohnnyARants 6 ай бұрын

Man, get the premium bro

@JoshHookerJoshhook123 4 ай бұрын

Not having KZbin premium is crazy

@sippingthe 3 ай бұрын

it’s propaganda!! don’t get premium!!!

@justanothergrunt9053 Жыл бұрын

To be fair, if someone preaches this to me I feel like it’s gonna probe my stuff regardless. I’ll look into it 😂.

@Sloptit Жыл бұрын

Specially when its this guy saying that stuff

@justanothergrunt9053 Жыл бұрын

@@Sloptit Yeah. It's a product push. TRUST ME I AM- . No one's taking that away from him but come on this is an advertisement video. No you can't have my data.

@KieSeyHow Жыл бұрын

Pretty much the same vibes here, especially when delivered by some guy who feels like he is on uppers or speed. I learned in my work to never fully trust people with that kind of energy.

@justanothergrunt9053 Жыл бұрын

@@KieSeyHow Yeah

@aDaily1222 Жыл бұрын

its literally John Hammond. Dudes a legend. You must not be in the CyberSecurity field lol. @@KieSeyHow

@mranonymous9355 11 ай бұрын

Thanks John. Was this a paid presentation?

@hugohernandez6968 9 ай бұрын

Hi John, thank you for sharing this. I was actually setting up wazuh through another great video you made. Essentially are they the same except wazuh does give you central management?

@drmalc0m 3 күн бұрын

I want to see John in 35 years... If he looks like the CEO of Jurassik Park

@Muziek37414 Жыл бұрын

Would love to know more about the sigma rules and how to create custom ones

@rakesharman4203 3 ай бұрын

My windows defender is considering this as malware 😮

@gaganshesha2171 2 ай бұрын

Same brother

@gaganshesha2171 2 ай бұрын

Have you found any solution?

@ShinobuFX Жыл бұрын

I love this! please do more, thank you!

@JeffNoel Жыл бұрын

They need to add the ---board command just for the sake of it.

@humpalum Жыл бұрын

Kudos... that one -ed right over my head

@overthe1 Жыл бұрын

Thanks for very useful content. Very interesting for every Cyber Security Specialist.

@LokiScarletWasHere Жыл бұрын

Eww. Proprietary. Definitely want to use it in a virtual playground only.

@petefluffy7420 11 ай бұрын

That's all too easy, there will be adolescent wearing an "anonymous" style mask sitting in my chair.

@TwinShards Жыл бұрын

I just got an ads playing from you ... while watching this video 😂 *Edit TWICE

@custume Жыл бұрын

on this business our mantra is : "there are NO invulnerable systems, only hard to crack"

@Abbaking-i4b Жыл бұрын

Buying softwares norton and more have been brutal

@Dominik-K Жыл бұрын

Thanks for the video, this tool is certainly one I'll look into more deeply

@joshuameaders8053 11 ай бұрын

With so many tools & tech, do you think reviewing so many would eventually have a negative impact on the I.T community? Deluding the pool of options so great that paralysis by analysis inevitably sets in. I find myself overwhelmed with tools when coming to your page.

@phabeondominguez5971 8 ай бұрын

Maybe IT isn't for you then? Tech is always advancing so it's always changing, ya gotta keep up or else YOU become irrelevant.. feel me?

@stoltzld 11 ай бұрын

SHA1, lovely and secure.... *cough*

@batmob8437 Жыл бұрын

"Sometimes it misses..." Lols! Deliberately even! 😝

@joelanzo 3 ай бұрын

Huntress Agent similar to Aurora uses a web browser dashboard, why not a local dashboard installed on the computer ?

@tonderaishowmoretaruvings84 11 ай бұрын

Thanks John

@sirdewd2197 Жыл бұрын

Can it be out on routers or other network devices or is it only on end user devices?

@prive_ik_ben_wie_ik_ben 11 ай бұрын

Looks good but still a fan of Wazuh.

@gibsonav 11 ай бұрын

"Security" guy.... "...fine, you can take my cookies..." "...enter your [real] email here..." "...here's a way to check the [file] integrity..." (Fails to show HOW) "...and just open this zip..." (without checking it) LOL!

@ТоварищКамрадовСоциалистКоммун 9 ай бұрын

+ firefox with all the ads included, and no indication of ublock origin, no script and other useful extensions or hardening EULA? nah, just click check box and continue, "Johnh" looks like an everyday-used admin account

@richardglabella Жыл бұрын

Interesting. Thanks for sharing!

@saschafahling4698 6 ай бұрын

Edge won't let me download saying it is a trojan👍

@emdxemdx 11 ай бұрын

So, it's basically like Snort, right?

@iWhacko Жыл бұрын

anything like this for Mac?

@amzakambou6762 Жыл бұрын

thank you John for sharing This software

@rdxdt Жыл бұрын

Another 16 minute ad

@CitizenFortress Жыл бұрын

Wouldn't Wazuh be able to do all this too?

@uuu12343 11 ай бұрын

Question, does this work over the network? Or just the local machine?

@snafu5563 Жыл бұрын

I am also sigma based 😎

@james_nash 8 ай бұрын

Noob here. Why do this instead of your av system off the shelf? What’s the benefit?

@johannjohann6523 5 ай бұрын

Thanks for the Aurora software tip. But 2 things : 1) Waaaayyyy too much caffeine before making the video. Still you spoke pretty well (meaning understandable) yet 2) But you still spoke far too fast. I didn't know it was a race. lol I'm curious however, you really didn't show any good examples. Just "theoretical" ones. "Use your imagination" is not why me and others get on this KZbin internet site. But I'm curious if you are putting out this information, wouldn't a good hacker be able to go under or around Aurora and still achieve their goals? I've been trying to find the procedures and software that would allow me to monitor my computer. But it seems VPN is the way to go, and no worries?? I haven't been convinced of that either.

@wilmamanzanillo6968 7 ай бұрын

Thanks you

@jacktaubl48 Жыл бұрын

Great video!

@JoeDF Жыл бұрын

This is awesome!

@abdallahhussein5997 Жыл бұрын

Too many ads come from any where

@gamereditor59ner22 Жыл бұрын

I am listening.......

@GAmerJUM 11 ай бұрын

It is mind boggling that the port 1900 and dns grouping is commonly turned on, it is simply reckless.

@menaced. 2 ай бұрын

Adobe gonna sue them for that logo they did it to the delta emulator which used the same logo basically

@tlskillman 8 ай бұрын

Just tried to download free Aurora. No go. Never got the verification email.

@martinhoneves 3 ай бұрын

I got the verification but never the links....

@j4r3kk88 9 ай бұрын

JH, Thnx _____ Great Video as well

@keylanoslokj1806 Жыл бұрын

Do the same guide about Android phones please!!!

@nevermankind Жыл бұрын

I see you been getting into websites you shouldn't have 😂😂😂😂

@ТоварищКамрадовСоциалистКоммун 9 ай бұрын

just relax and don't visit the dark side of the web, kids. This utility is for sysadmins and corporate segment. So that a big brother would be able to watch you and see what kind of software you tried to install or run What were the consequencies of it. How much damage was done. And finally what was the cost of it. In order to decide how much to deduct from the salary Muhahahaha

@oneandxero Жыл бұрын

Great Video 👌🏾

@bleakyfinder2692 11 ай бұрын

why fix, if it anit broke.

@nobodynowhere8890 8 ай бұрын

its an advertising video, isn't there a need to flag a video as "advertising" if its ?

@sushant12k23 Жыл бұрын

man oh man this man is really in a hurry!

@CoreyANeal2000 11 ай бұрын

Could this be done with a complete copy of a device or through data?

@jocularich Жыл бұрын

Thanks John...👍

@vladimirmisata 10 ай бұрын

To Watch This In Absolute SLO-MO Is Quite Annoying And Frustrating. Like Bro, Great Stuff, But What Could Be Even Greater Is The Speed To Mind Input Ratio. Like, Giving Some Time To Take In And Absorb The Info, Then Proccess The Information By A Couple Of Seconds Than The Causual Milli-seconds!? Would Love To Match And Be On Par, But Their Are Days That Go Against The Forces Of The Universe In Which The Universe Always Wins! A Couple Seconds Invested Would Be A Real Great Benifet As A Win, Win From A Team Perspective Angle. Much Gratitude. Thank You And Appreciated For Your Dedicated Service!