How Hackers Write Malware & Evade Antivirus (Nim)
Рет қаралды 405,118
Күн бұрынjh.live/maldev... || Learn how to write your own modern 64-bit Windows malware with Maldev Academy! For a limited time you can use code 'HAMMOND10' to save 10%! jh.live/maldev...
🔥 KZbin ALGORITHM ➡ Like, Comment, & Subscribe!
🙏 SUPPORT THE CHANNEL ➡ jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ jh.live/sponsor
🌎 FOLLOW ME EVERYWHERE ➡ jh.live/discord ↔ jh.live/twitter ↔ jh.live/linkedin ↔ jh.live/instagram ↔ jh.live/tiktok
💥 SEND ME MALWARE ➡ jh.live/malware
@volodymyrdrapak3842 Жыл бұрын
Never said "Don't try this at home" or "Only for educational purposes". My hero.
@siummuis4640 Жыл бұрын
My father
@opus_X Жыл бұрын
My daddy
@fuckbitchesgehmoney Жыл бұрын
my sperm donor
@AlterraLaboratories Жыл бұрын
@@timelessnesses nonono, hes OURS
@ChickenGamingFlamingoLegs Жыл бұрын
@@opus_Xuwu
@SkeeterPondRC Жыл бұрын
When John says "I know this video is already getting long" and you are like "huh? keep going cause this is really interesting" Dont cut your videos short because you think we might be getting bored. This is awesome stuff! I would LOVE to see a longer video on this. Im a red teamer so building custom malware is something I really want to start playing with.
@Lampe2020 Жыл бұрын
I somehow always get motivated to program my own projects when watching your videos XD
@kent0n144 Жыл бұрын
its because you think it will be as easy as watching him do it , thats just how i feel
@data_eng_tuts Жыл бұрын
@@kent0n144very true😢
@stevelin3659 Ай бұрын
Programmers do things not because it’s easy, but because we think it would be easy.
@Lampe2020 Ай бұрын
@@stevelin3659 The sudden switch to the first person tells me you've been through that a bunch of times before... [EDIT]: And yes, none of the projects I'm currently working on _are_ easy, even though I started them thinking they _would_ be.
@Sevenigma777 Жыл бұрын
Its things like this that got me into computers as a child in the 80s. There was like this secret world of PCs that the casual user never would experience. Whether it was just pirating software or hacking into networks it made you feel like absolutely anything is possible you just had to acquire the knowledge for it. Even to this day with how streamlined the modern PC experience is there is still a hidden world filled with programs and operations that even a well versed daily PC user has no clue they exist and I absolutely love it!
@cracc_baby 4 ай бұрын
same bro.. my first pc ran DOS, and my class had two apple IIe's.. meaning i have never liked windows, learned to program in BASIC. i guess some folks like being sandboxed in by their OS under the guise of "security", but everyone should have the option to take control of their PC
@tea_otomo Жыл бұрын
Even thought the creators of the language said in their forum "please don't create malware with Nim" ... thanks for the video. It's nice when the language gets some attention. It is very nice, especially for the people who love Python.
@marianoaponte2518 Жыл бұрын
I love how Ed Sheeran is teaching me how to write a malware lol
@redjhone8209 Жыл бұрын
😂😂
@malwaretestingfan Жыл бұрын
On point.
@amirakmel123 Жыл бұрын
😂😂you make my day
@jg2283 Жыл бұрын
Whenever I read shit like this I cringe at how often the receiving person must get this joke, like when ultrasound techs hear "is it a boy or a girl?"
@radicc 7 ай бұрын
@@jg2283 you're not alone brotha 😭💀
@crr0ww Жыл бұрын
Awesome video, man! Keep up the great work :)
@abdullahshoukat8056 Жыл бұрын
🎉
@kushansingh6244 Жыл бұрын
Waiting for your malware development part 3 lol
@Timm2003 Жыл бұрын
Keep it up too, really like ur Videos!
@Gobillion160 Жыл бұрын
crow what are u doing here bro
@voodooexile2026 Жыл бұрын
Dude I love your content. You go very deep with basic language that takes me step by step. Good job and keep up the hard work :). Just want to ask you, why don't you make videos about cloud security. I know it is a massive topic, and I would love watching more about it, especially from you.
@neoninsv Жыл бұрын
I was about to skip the ad but stuck around when I heard the names. That looks like a solid platform.
@edwinrosales6322 Жыл бұрын
Dude, I like how you cover so much material in such a efficient time, I really appreciate it!
@Aziqfajar Жыл бұрын
Finally, Nim will be shone into light. Great video, even though Nim don't endourse making malware with it 😂
@anta40 Жыл бұрын
Any language than can be compiled into native executable (with relatively smallish runtime) will be used to write malwares. In the past: asm, C/C++, delphi. Now what: go, rust, nim, D?
@cracc_baby 4 ай бұрын
too late!! xD
@0xSingularity Жыл бұрын
I’ve been studying exploit dev for the last month or so, I already have programming experience and work in cyber. I picked up Maldev Academy yesterday, and feel like it is going to give me a years worth of experience in just a couple weeks by how in-depth it is. It’s expensive, but I justified the cost by thinking about how many hours I’d spend researching to find all of the same info. The framework they give you for learning maldev is amazing.
@rxtechandtrading Жыл бұрын
how much is it ? and can you get ur money back if u find it worthless..so many companies claim that they are the best, then when u pay for a subscription, it SUCKS
@0xSingularity Жыл бұрын
@@rxtechandtrading lifetime access is $499, with Johns discount code it was $450. IMO I think it's very good. Like I said in my comment above, you can find all of the info from doing your own research, but the time save this gives is worth it.
@anupkarki8237 Жыл бұрын
Hey any idea how hackers bypass 2FA in facebook. How they get the code or do something else? I had 2FA in fb was hacked. Fb has no customer support either. Wondering if ya have any idea. Thanks.
@rxtechandtrading Жыл бұрын
@@anupkarki8237 I think it has something to do with a technique called CSF -client side forgery request -but there is some phishing involved with that i believe-you essentially need the token or session cookie of another authenticated user -if that is what u r trying to do
@xTwistCinema Жыл бұрын
@@rxtechandtradingfrom what I know, you’d be very lucky to find Facebook allowing CSRF on any of their pages
@zsi Жыл бұрын
Writing malware is easy. In an airgapped network, deploy AV, EDR, and IPS+IDS to a couple of VMs and at a gateway. That takes maybe 1 day. Now you have a lab. Write custom malware, deploy, and see what gets caught. Don't even need to be complicated malware, just basic functions that do what you want it to do. Now, be creative in how you obfuscate its code and operations. Live off the land. On one red team, I got Mimikatz to slip right past their EDR simply by prefixing the PowerShell with 200 MB of comments. It's too large to analyze, so the EDR didn't bother. A few months ago, I got a basic reverse shell to work by having the code hide itself in new LNK files that pulled the rest of the code from environment variables.
@xTwistCinema Жыл бұрын
Parsing junk to files to bypass AV is such a funny thing to see work. So trivial to do as well!
@FitnessNationOfficial Жыл бұрын
"GPT4 please explain this like if I was 5 years old"
@eduardabramovich1216 Жыл бұрын
I wish you could create a series of Nim focused on offensive and defensive tools.
@ligiat134 Жыл бұрын
0:34 no!
@juanvalcecchi3464 Жыл бұрын
@@ligiat134xplain
@TheHangman1995 Жыл бұрын
I have been wanting to learn NIM for a while. I might try to use it for my upcoming OSEP (I know that they want me to use python and C# but I don't think it matters.).
@creed404 Жыл бұрын
This is my first time hearing about this nim it’s syntax looks a little similar to python, tnx for this interesting tutorial
@XenoTravis 9 ай бұрын
This is a nice video on how to read code manuals. A big thing I wish I was taught earlier is how to not rely on examples of code and be able to know what to do from the manuals.
@cracc_baby 4 ай бұрын
on linux you can type --help after any command to get some help/optional switches/examples.. or put "man" before the command to see the full manual.. i copy the important stuff to the mousepad so i can refer back to it easily
@dolorsitametblue Жыл бұрын
I'm not a fan of malware (for obvious reasons), but if people will start learning Nim because of it, maybe they will see all that's good about Nim outside of it's offensive application. Good Video, as usual.
@scootergirl3662 Жыл бұрын
The point of learning to write malware is to better understand how to identify and protect against it, at least from a ethical hacking perspective
@ycart_tech6726 Жыл бұрын
@@scootergirl3662 when I was younger I was into all things strategic warfare, biological warfare, WMD, stuff like that... it got to a point where I had downloaded every piece of literature that places like think tanks working for the US government, Janes, Los Alamos Laboratories and that famous Russian Biopreparat scientist defector allowed to leak in the public domain(I am not from the States but we are allied close enough that I still thank my lucky stars for not ending up in Guantanamo...)... I don't know why others study malware but I just love me some forced complex system disassembly... a string of code bringing a whole system down? I get off on that!!! I also once cried when I accidentally suffocated a praying mantis I had caught in a jar... holes in the lid, y'all... holes in the lid...
@madmax7539 Жыл бұрын
@scootergirl3662 that's what i thought he was gonna do but ok.
@fullmetaltheorist Жыл бұрын
When I learn a new programming language I write "What's up bitches?!" Instead of "Hello World."
@PySnek Жыл бұрын
Nim is such a great language! The syntax of Python and the speed of C
@marcinnawrocki1437 Жыл бұрын
First: do not use common required APIs, use something exotic that does same work. Make malware work slowly, do not trigger suspicious behavior. All that usual stuff is tracked by AV software, so do not use it. Use some zero day exploit, do not mass stuff, do slow polymorphic or metamorphic code encryption. But best way: if you can do all of it find legal job, get money there.
@guilherme5094 Жыл бұрын
Thanks John, great video👍! I just love the Nim language.
@JoakimBB Жыл бұрын
Was waiting for this to be posted.
@officialCLOZVRE Жыл бұрын
with a thumbnail like that who could resist clicking 🙃
@hamedranaee5641 Жыл бұрын
Hey Johny ! I like that the way you teach something, you Rock dude 🤘
@cot3chcot3ch96 Жыл бұрын
nice tutotorials, i think john ippsec trix are the best in our era.
@leetbrain5592 Жыл бұрын
who's trix .??
@paranormal5042 Жыл бұрын
Him: we gonna see how we can write malware Me: print("malware")
@pavi013 Жыл бұрын
That was very technical, but interesting video!
@AmazingJayB51 Жыл бұрын
Not watching to learn how to do but to understand how it’s done 😌
@LeadinLP Жыл бұрын
Am I the only one who think John needs to do a tutorial series on Sublime text? 😂
@learning_with_irving4266 Жыл бұрын
This is what a hero looks like
@xiaoyi982 Жыл бұрын
If I write a good App, it feels good to know it's out there providing values to end users. If I spend same amount of time writing a piece of malware, then it gets patched, as if never existed, it'll be feelsbadman. So, I don't know... Cool knowledge though.
@ian562ADF52E Жыл бұрын
Once it's patched just leak the source code and let everyone run rampant with it. Like RAASNet, Zeus/zbot, apfell, etc.
@ian562ADF52E Жыл бұрын
Also being patched doesn't mean much lol. I've seen Server 2008 R2 in production as recently as 2023.
@filipepinho3319 Жыл бұрын
A malware for many is a goodware for someone else :D
@the-matrix-has-you Жыл бұрын
Seeing from the comments I can see anybody has no idea how to evade anti viruses really. So here is a hint Obfuscation is the key... we encrypt the strings compress them... And Change methods name into random string arrays, adding dummy codes, masking data... etc. Thats the most basic. The advanced obfuscation requires subjects like anti debug and anti tampering the most important of all inventing your own compression algorithms...
@skydrige Жыл бұрын
Hey big fan of yo man (Cyber Security Student)
@goohbr Жыл бұрын
thanks man. liked a lot.
@AlgoRhytm Жыл бұрын
i wonder if anti-social people actually writes "Hello World!" or if they write "Just you wait motherfuckers...."
@tanhowseng Жыл бұрын
dang, just paid for maldev academy after seeing your tweet, 2 days before this 10% off dropped 🤦
@TheStrafendestroy Жыл бұрын
How it the course work for maldev?
@ianm00n Жыл бұрын
Nim is a new programming language for me, but maybe i should check that.
@cot3chcot3ch96 Жыл бұрын
good job john keep it up. i love you
@khackney86 Жыл бұрын
John you’re the man!!!!!
@sreejishnair5922 Жыл бұрын
To be honest a bit costly if you see the life time plan if compared with TCM Malware analysis course... Not complaining about the course content.
@Jonathondelemos Жыл бұрын
What’s the limit of this applications applicability? How can you use this method to install data gathering, keystroke loggers, and zombies?
@Jake-km7wp Жыл бұрын
I am so excited to check out MalDev, thanks for sharing your thoughts on it!
@gelbertrivas4211 8 ай бұрын
Can you give me your thoughts about MalDev when you take it, I’m so curious
@sophiophile Жыл бұрын
Hey man, Can you suggest/make some videos on how decompilation to assembly/key activation (and protections against this) work? It's a topic I've always found interesting, but pretty hard to make headway with, despite being an engineer myself.
@TheodoreWard Жыл бұрын
Not sure how current it still is, but there is a book called Practical Malware Analysis that you might like, comes with code examples etc...
@sophiophile Жыл бұрын
@@TheodoreWard Thanks. I'll check that out!
@exosfear512 Жыл бұрын
really want to finish OSEP so i can start modernising my tradecraft with nim, I really don't like Visual Studio + CSharp
@viperjay1 Жыл бұрын
John that service is over $200 dollars! I still am looking for work since Aug. 02.
@Br4dButt0wski Жыл бұрын
Please make more Nim content
@fahadkhalid2303 Жыл бұрын
Maldev Academy is quite exoensive
@nishantnarsale6279 Жыл бұрын
Hey John, we want a malware development playlist from you.
@imad6734 Жыл бұрын
Off topic but are you using a type 1 hypervisor ? if so which one ? cause that windows vm is more performant than my native install
@MrGencyExit64 Жыл бұрын
lol, I don't know why but hearing anyone talk about this stuff (MalDev) enthusiastically from _this_ perspective is funny to me. I've learned all those things over the years for completely different reasons, in modifying games I encounter lots of stupid anti-debug tricks and have to learn the same craft as malware authors to circumvent the anti-debug surrounding a lot of games DRM. I don't even have any interest in pirating games, but that shit gets in the way 😕
@simonrad Жыл бұрын
just increase the file size of the infected program goes undetected every time. on all windows based systems
@YannMetalhead Жыл бұрын
Great video.
@KeyserSoze407 7 ай бұрын
Thanks for this.
@bhagyalakshmi1053 Жыл бұрын
Modern technology of Nobita, bit understanding
@fedenfer 11 ай бұрын
Hello brother, greetings from Argentina. golang vs rust, for pentesting or red team?
@oldschoolgaming6538 Жыл бұрын
No matter what anybody says, videos about hacking/pentesting are always going to be used maliciously, and the knowledge is going to be exploited.
@AntoineVanGeyseghem Жыл бұрын
FR: Bonjour... oui... la police... c'est pour signaler un homme ! Qu'a-t-il fait ? C'est un hacker ! 0_ 0 EN: Hello... yes... police... this is to report a man ! What did he do ? It's a hacker ! 0_ 0
@kipchickensout Жыл бұрын
After heavily squinting my eyes I wanna tell you that that microsoft doc site has a dark theme when you scroll to the very bottom, on the left side
@IlliaZhdanov Жыл бұрын
12:38 isnt NULL = 0? Correct me if i'm wrong but i think that NULL is just 0
@myalterego2878 Жыл бұрын
I'm at if nothing on the internet can be trusted, I'm currently using a disposable phone anyway.
@VortexInfoTech-gw8hp Жыл бұрын
In Iran we should work 2 or 3 month for achieving 250$ for starter plan of maldev academy. sadly.
@maalikserebryakov 10 ай бұрын
Brutal Economypill
@troysmith9652 Жыл бұрын
You against the Chinese. Need you 😊
@aeligos Жыл бұрын
What’s the best way to become an ethical hacker? I have no IT background.
@RaGhav363 Жыл бұрын
Make a full vedio on NIM language full course complete ✅
@fakeacount1479 Жыл бұрын
use c/c++
@ian562ADF52E Жыл бұрын
@@sumitsangrampurkar8558c/c++ was designed to sit like right on top of registers. Any extensive low level projects should be done in c/c++ imo.
@amirbozorgmehrian8373 Жыл бұрын
I feel like my fbi agent is watching me since the moment I clicked this video😂😂
@0xAnomaly Жыл бұрын
NimGang!
@nikhilkarpe8230 Жыл бұрын
Nice information.
@gabrielconsec Жыл бұрын
I've seen some malware written in D. Languages such as Carbon, Zig, Haxe can be used. Could an AI help in these cases of detecting unconventional codes?
@buffer-overflow Жыл бұрын
Yes, it may be trained to distinguish examples that are malware from legit ones. However, I recently saw a paper, they used machine learning to do essentially this and it could not detect malware when it was encrypted. Maybe a more sophisticated, fine-tuned setup yield better results.
@madmackenzie3459 8 күн бұрын
Sliver only works up until i try generate the listener then it just endlessly compiles
@thatsal327 Жыл бұрын
is it better to buy the course of sektor7 or maldev (or both)?
@auro1986 Жыл бұрын
how many will learn to make malware for your computer?
@SuperhumanFitness 11 ай бұрын
So would this be a Trojan?
@NTGNoahTheGamer Жыл бұрын
I have made a couple pieces of "EDUCATIONAL USE" Malware on Android and Windows. I try to make funny malware.
@kerryfreudenthaler2986 Жыл бұрын
when u hack can you skip steps or do u have to start in order? very confusing stuff i want to learn but damn
@jghuathuat Жыл бұрын
hi john, how long is the code valid until?
@terror403 9 ай бұрын
If this is allowed here, it's bc newest antimalware solution can detect it.
@bhagyalakshmi1053 Жыл бұрын
More explain Bing Medal How to time job joining
@artywatts4892 Жыл бұрын
love the idea of maldevacademy, but starting at 250$ is a bit XD
@neilfpv Жыл бұрын
Are most malwares made for Windows environment?
@bakeery Жыл бұрын
Yes
@gwnbw Жыл бұрын
Used to make malware like this in 3 seconds with scripts lol, wonder if its still possible
@snehbavarva8383 Жыл бұрын
What? How? I am thinking to make a malware which will store at code cave of PE file and i want a shell from that victim pc How can I do that?
@snehbavarva8383 Жыл бұрын
@ayyleeuz4892 that’s why I’m asking. I had started my new journey with maldev about 3-4 days ago and i want to learn that’s why I’m asking
@snehbavarva8383 Жыл бұрын
@ayyleeuz4892 I know how to put malicious code at code cave of the PE files but what after that? I want to learn, can you suggest me some good resources?
@geckwwo Жыл бұрын
@@snehbavarva8383I may suggest you to just stop writing malware - it will get you in a lot of trouble (and it got me too), but if you still want to - just don't talk about it on internet
@sethadkins546 Жыл бұрын
@@geckwwolmfao what there's nothing illegal about writing malware, the issues come in when you run it on machines that aren't your own
@RaymondsHangout Жыл бұрын
How are you guys able to subscribe to academies like maldev
@parkour.11parkour58 Жыл бұрын
Step 1.) Learn voltage manipulation
@user-bg1xh3yl5o Жыл бұрын
what is he using for the terminal autofill?
@maxdeploy 4 ай бұрын
i tried the same program in linux but got the error "execution of an external program failed: gcc -o......." I run nim c runner.nim
@cmkarlav855 Жыл бұрын
This is a cool video and nice to see, but I'd much rather it have been done in C or C++
@firos5381 Жыл бұрын
do more of these vedios
@JarppaGuru Жыл бұрын
make android notepad. ask all permission. read contacts sms gallery send internet to your server. user installed accept all permissions even notepad not need
@pamalapurplepantys4184 Жыл бұрын
Okay, Why?
@Mohammed-gs1wg 5 ай бұрын
i didn't write hello world in my life,, i always write Test1
@alienkeric617 Жыл бұрын
is this live ?
@ngudududlamini252 Жыл бұрын
Thank you Seth Rogan
@aleatoirealeatoire-s2j 11 ай бұрын
I have one question Why Nim ? Does this language have any special qualities ?
@cbite1976 Жыл бұрын
you are so fast man
@Error-33 Жыл бұрын
amazing video
@Alisdair67 Жыл бұрын
❤
@asem222kha9 Жыл бұрын
Am I trippin' or Qojqva turns into hacking stuff!!
@jimmydandy9364 Жыл бұрын
In my opinion anybody who is writing malicious code for the purpose of distributing, misleading and/or causing harm, should be considered and tried as a terrorist and do at least 25 to life prison sentence.
Аминка Витаминка
Рет қаралды 3,6 МЛН
Low Level
Рет қаралды 1,4 МЛН
Phd Corner : Computing
Рет қаралды 2,2 М.