Uncovering NETWIRE Malware - Discovery & Deobfuscation
Рет қаралды 90,447
2 жыл бұрынMake security 100x better in 2022 with Snyk's "The Big Fix" event! Get started here → j-h.io/snyk-bigfix
Help the channel grow with a Like, Comment, & Subscribe!
❤️ Support ➡ j-h.io/patreon ↔ j-h.io/paypal ↔ j-h.io/buymeacoffee
Check out the affiliates below for more free or discounted learning!
🖥️ Zero-Point Security ➡ Certified Red Team Operator j-h.io/crto
💻Zero-Point Security ➡ C2 Development with C# j-h.io/c2dev
👨🏻💻7aSecurity ➡ Hacking Courses & Pentesting j-h.io/7asecurity
📗Humble Bundle ➡ j-h.io/humblebundle
🌎Follow me! ➡ j-h.io/discord ↔ j-h.io/twitter ↔ j-h.io/linkedin ↔ j-h.io/instagram ↔ j-h.io/tiktok
📧Contact me! (I may be very slow to respond or completely unable to)
🤝Sponsorship Inquiries ➡ j-h.io/sponsorship
🚩CTF Hosting Requests ➡ j-h.io/ctf
🎤 Speaking Requests ➡ j-h.io/speaking
💥 Malware Submission ➡ j-h.io/malware
❓ Everything Else ➡ j-h.io/etc
@jonharper5919 2 жыл бұрын
I love the journey John goes on in these videos. From "HOW DO THEY KNOW IT'S NETWIRE??" to "Oh here's a super unique obfuscation key that's an obvious IOC and they literally create directories named 'Netwire'"
@plut4580 2 жыл бұрын
John please do not ever stop doing this kind of videos. As a student i really love them, there super interesting, keep the great job!
@MrSilkutz 2 жыл бұрын
I agree, these videos are super fascinating.
@verolyn8459 2 жыл бұрын
Ikr
@andrewmingst1797 2 жыл бұрын
I swear, I learn more on YT than in college
@rstech10 2 жыл бұрын
I appreciate the dark mode. I watch these videos on break during my night shift. LOL Great job with the content. Your dissections make it look easy.
@zer001 2 жыл бұрын
Last week I dig into a .Net Assembly with some base64 encoded string in it. And thanks to the Videos of John I recognize the string and I know what to do with it.
@securedigitsplus 2 жыл бұрын
To be honest, I'm surprised that you haven't tried using Windows Terminal + SSH to connect to your remnux box for these deobfuscation videos... That'd be pretty slick.
@bbelsito 2 жыл бұрын
Thank you for doing more of these! They're my favorite type of videos by you. I know you love doing CTFs because you enjoy it. Don't quit either series. Just know people love this series too
@y.vinitsky6452 2 жыл бұрын
Thank you John for using dark mode. I've been called a vampire since I was 17 :)
@DM-qm5sc 2 жыл бұрын
31:40 I was getting worried that he wasnt going to upload the video
@davidsii4173 2 жыл бұрын
🤣🤣🤣
@kadoskreeper 2 жыл бұрын
More more more! I love just learning new things. I like how you notice things that are the same. This is so cool
@nv_takeout 2 жыл бұрын
was super excited for this vid! great watch and more valuable info! thx john
@letlaka8812 2 жыл бұрын
I just recently discovered CTF's and John your content is GOLD! i am trying to transition into Cyber security, thank you for all the work you are doing.
@quangvinhnguyen7649 2 жыл бұрын
Fantastic video! Hope you continue this series
@abdirahmann 2 жыл бұрын
"dark mode for all you vampires that watch my content" 💀 am dead john 🤣🤣🤣 19:58 that gave me a good laugh and energy to finish this video 😂 soo good.
@cdenver 2 жыл бұрын
Hell yeah! Thanks John. Love your content!
@joacoordonez1973 2 жыл бұрын
thanks man. love this kind of vids
@jovanpoursamadi7477 2 жыл бұрын
John, would you care to do a piece on firmware/UEFI malwares, their persistence and how to approach deobfuscation and/or removal?
@davidmarley5577 2 жыл бұрын
4D 5A is the hex representation of 'MZ', the magic string at the start of a Windows executable file.
@kubagow 2 жыл бұрын
Thank you amazing and informative video. It's almost morning time to go to sleep - The Vampire 🤓
@donovanelliott9060 2 жыл бұрын
It makes since why it works fine in firefox but not with curl because according to cloudflare, error code 1010 means that the owner of the website has banned your access based on your browser's signature
@bullittstarter4408 2 жыл бұрын
That was awesome. Keep it up
@4Da_Tech 2 жыл бұрын
Good video, good content 👌 and always something interesting hidden 👍
@jasonb2221 Жыл бұрын
Hi John, first time to this channel and so far your content is awesome! Wanted to know if there was a safe way for us to follow along with you.
@blinking_dodo 2 жыл бұрын
Blindly search-replacing variable names is a VERY breakable thing. Imagine someone deliberately starting with a "Set aaabbbccc = myObject" , and using "aaabbbcccqqq" and "CustomObjectqqq" further down. You are going to mess up when someone starts doing that.
@tobiwonkanogy2975 2 жыл бұрын
from the 10 malware videos i have watched , the method works very well most of the time .
@boomson3082 2 жыл бұрын
You can use exact match which negates your point.
@blinking_dodo 2 жыл бұрын
@@boomson3082 exact match doesn't care about what is directly after your search. replacing "ab" with "x" in "abc" will still result in "xc".
@boomson3082 2 жыл бұрын
@@blinking_dodo it does though, I just tested in on my machine. Would you like a video? Go test it yourself. You can have it set to find 'ab' and it will find all or you can have exact match where it does care about only ab and not abc. But either way, even if he didnt use exact search the code would obviously stick out after the replaced text unless it was the exact amount of characters.
@doyoufeel...thatyoulackcri6760 2 жыл бұрын
can't you just regex replace? I am no regex expert but something like w/word shouldn't that find the exact word and not if it is part of a word? you can do that in sublime, no?
@hypedz1495 2 жыл бұрын
Ah yes.. John.. John hammond does it again
@user-uj8bo5bc7e 2 жыл бұрын
Very nice video! One question. I am sharing data from REMnux to FLARE VM, but when I look at the paths, they are interacting like local data. How do you build such a lab environment? I am interested because I always use KVM to share files over a virtual network.
@slamscaper128 Жыл бұрын
I would LOVE to see some beginner friendly tutorials on Python and Javascript. Any plans for videos of that type? Thanks for your content!
@mathieucartier2678 2 жыл бұрын
hello jhon hammond could you make a vid on your ubuntu VM the settings you use and themes thank love ur vids
@Paasj 2 жыл бұрын
Great tour..
@johnwickey4179 2 жыл бұрын
Can't wait.
@rkgnanesh5465 2 жыл бұрын
Hi john hammond please do a analysis on xmrig miner software, it shows a lot of red flags in malware scan
@ivailopashov4463 2 жыл бұрын
i was waiting for months for new malware video lol
@snakebite1538 Жыл бұрын
Good job John
@manoharbaratam8792 2 жыл бұрын
Fantastic
@jeffarends8843 2 жыл бұрын
The content is enjoyable and informative, as always. Keep up the good work!
@agoodshadow 2 жыл бұрын
Lets start 😁
@scottch4444 2 жыл бұрын
Cyber Chef would make your life easier at times lol.
@luthfisukma9787 2 жыл бұрын
do you use linux for daily use ??
@ripcityraider9469 2 жыл бұрын
I love how happy and giddy you get when you figure something out. It's adorable, but I know deep down there is a serial killer in you. ;b
@snakebite1538 Жыл бұрын
That's right John because my z flip att phone front screen was completely copied completely compromising my accounts and device keys
@hamadkhan7236 2 жыл бұрын
Why would something not respond to curl but to a browser ? 10:25 , didn't know that can happen.
@casper64 2 жыл бұрын
The context of a request with curl is different, for example the user agent is different so the server would know the request didn’t came from a browser.
@MemesandLeague 2 жыл бұрын
Hey john great video as always. Intezer is great! I am scared for what will happen with the upcoming ukraine and russia conflicts
@tikkj 2 жыл бұрын
Love this content. I know precisely nothing about coding, but this really makes me want to pick it up - the logic is pretty straightforward to follow even though I couldn't replicate it, and it just looks like a really interesting puzzle.
@AgeofReason 2 жыл бұрын
PATRICK LIKE "CODING" PATRICK BE A "CODER," SPONGEBAHHB
@abdulalimmahir 2 жыл бұрын
Hey John Hammond, Can you please make a video on Configuring Ubuntu as a Lab? I was trying to setup Ubuntu-latest LTS version, but somehow when I install some git-software(specifically: portkali), the whole GUI crashes and boots only on Terminal. i tried different article to install GUI or boot into it, but no outcome. I maybe tried 4times for 3 days, but it didn't worked. Also, my Ubuntu navigation wasn't great, don't know, is it that I am not used to Ubuntu or just it's like that. But, yeah, hopefully you can help.
@omega3fatass61 Жыл бұрын
arch based
@Tronic48 2 жыл бұрын
What’s the song in the outro called?
@pedallknife 2 жыл бұрын
Once again, wonderful shit sir. Keep it up!
@4Da_Tech 2 жыл бұрын
Ohhhh spicy
@TheSecretDev 2 жыл бұрын
Excitement!
@lorenzcyber 2 жыл бұрын
nice video ^^
@razaullahkhan8099 Жыл бұрын
Sir it is very super hacker has gone some time attack thanks
@guilherme5094 2 жыл бұрын
👍!
@cameronsmith1807 2 жыл бұрын
That thumbnail though.
@dani3l3_ 2 жыл бұрын
cool
@vpnonline5897 2 жыл бұрын
U have play scary movies 😄
@raremc1620 2 жыл бұрын
You should take a look at some discord/"test my game" malware
@bhagyalakshmi1053 10 ай бұрын
Vir ,ras data definitely
@snakebite1538 Жыл бұрын
I'm laughing John we're going to get Justice for all
@activelearner9924 2 жыл бұрын
my frd laptop recently got ransomware djvu file type march 2022 file type xcbg file
@activelearner9924 2 жыл бұрын
santa is loosing christamas gift
@nonlinearsound-001 2 жыл бұрын
Browsing through LOLBAS and the possibilities alone in findstr make me wanna puke. And there is so much more available in the plethora of tools and binaries MS ships to their users in Windows ... and most of these things can be run under a simple User account, not even local admin or alike.
@bhagyalakshmi1053 10 ай бұрын
Work headel
@bhagyalakshmi1053 10 ай бұрын
Not working
@snakebite1538 Жыл бұрын
Maybe that's because I didn't put an image because I I don't know how someone else is to blame
@snakebite1538 Жыл бұрын
Entertain me John
@joeborders Жыл бұрын
20:00 We set dark mode because light attracts bugs.
@bhagyalakshmi1053 10 ай бұрын
SMTP server files
@bhagyalakshmi1053 10 ай бұрын
Rat Cat Detyls.
@bhagyalakshmi1053 Жыл бұрын
Siml litre size small
@ctf59 2 жыл бұрын
случайно все остановились на 665?))
@Jonesy177x 2 жыл бұрын
ITS A MONKEY OVERLAY
@Theultimatebohab7137 2 жыл бұрын
Man all I hear is "haha your never getting a job once you get out of school now!!"
@bhagyalakshmi1053 10 ай бұрын
Community video is video nost
@bhagyalakshmi1053 9 ай бұрын
Agent
@bhagyalakshmi1053 Жыл бұрын
Employee is blind. This work?hot what this time 10
@activelearner9924 2 жыл бұрын
help
@shawn8163 2 жыл бұрын
4D5A MZ
@HTWwpzIuqaObMt Жыл бұрын
Random comment. I just jnstalled subl on kali and its fucking cool lmfao
@bhagyalakshmi1053 10 ай бұрын
Iocs
@bhagyalakshmi1053 Жыл бұрын
My community collection to click skills and tools 25 you explaining the videos I can I have in the purview handling in the file handling never to you want handling you should me your decision what my handling is why what's your opinion opinion pass for your reply place
@hingewichsterfick 2 жыл бұрын
premieres suck
@bhagyalakshmi1053 9 ай бұрын
Agent dells explaining . Madl work headel '4wondrs' looking.
@bhagyalakshmi1053 10 ай бұрын
This video zoom add files cod opening 🪟 asml
@snakebite1538 Жыл бұрын
Entertain me John
John Hammond
Рет қаралды 136 М.
thehackerish
Рет қаралды 237 М.