I hope i gave an understandable explanation of why I used a hardware breakpoint. Let me know if there was anything you didn’t understand
@RyanWeil-r1n15 күн бұрын
Basically, if you are decrypting some bytes that are going to be executed and you put a normal breakpoint on those bytes intending to be hit once the instruction pointer is there, it will end up decrypting incorrectly since what a software breakpoint does is it injects an int3 instruction behind the scenes. So you are actually temporarily changing the content of whats there. So when it goes to decrypt, its going to try and decrypt the changed instruction and will decrypt to the wrong value.
@Eikenv115 күн бұрын
Just came across this. I like the uncut raw type of videos with no music. I dont know much about reverse engineering but it looks hella interesting
@MiyazakisPVPexperience11 күн бұрын
this is such a great video, I kind of wish I understood the logic behind all the steps you take when debugging lmao, but I guess that comes with time. I'm very new to this
@wittingsun785614 күн бұрын
This guy needs to create a malware course and get big money from it
@RyanWeil-r1n14 күн бұрын
Haha that would be a dream
@wittingsun785614 күн бұрын
@@RyanWeil-r1n make it true then, I'm ready to pay 🤓
@ericwood370912 күн бұрын
If people want free Photoshop, they should just get GIMP. Free and open, works on Mac, Linux and Windows. Very powerful.
@Cameron-ex1ed13 күн бұрын
Watching you dance between IDA and x64/32 dbg was glorious. How would you recommend someone improve their skills and abilities within mal analysis/rev engineering? Do you have any good resources/samples/trainings you'd recommend?
@RyanWeil-r1n12 күн бұрын
Thanks for the kind words! For me, it was starting off with more 'basic' samples without any sort of obfuscation other than normal packing as well as learning the methods the malware authors use to inject code (Process Hollowing, CreateRemoteThread Injection, etc) **and actually writing my own PoC in C so I get an understanding of what's happening as opposed to just learning about it without actually knowing it in-depth**. People are good at hearing about something and just repeating what they hear, but to actually write the thing yourself and understand each step helps a ton. It's a bit more difficult to find simple packed samples nowadays than it used to be, I'll have to one day go find some good beginner ones and maybe make a video on them.
@Cameron-ex1ed12 күн бұрын
@@RyanWeil-r1n That's actually some great advice, thank you sir! I would definitely be interested to watch something like that :)
@LinuxIsBetter4314 күн бұрын
Beginner RE & MA - you've earned a sub from me :). Was a bit too fast to follow, but I guess that's not a beginner malware as well.
@RyanWeil-r1n14 күн бұрын
I wasn't sure if people would rather want to watch a longer but more detailed video or a shorter but less detailed one. I'm glad you enjoyed it though!
@LinuxIsBetter4313 күн бұрын
@@RyanWeil-r1n I'm not content creator, so my opinion shouldn't matter too much, but I think it's just something you have to decide. If you want to appeal to a less experienced audience, your explanation has to be deeper and slower. Whatever you decide is fine though.
@ericwood370912 күн бұрын
@@LinuxIsBetter43 As a non-programmer, I got very little out of it. Just saw the name of some kind of apparently known malware at the end.
@groog13 күн бұрын
your channel reminds me of eric parker
@RyanWeil-r1n12 күн бұрын
I'd like to think I'm more technical than him :D
@alexandercharles823015 күн бұрын
God bless you and your work buddy! I learned alot from your videos.
@TalsonHacks15 күн бұрын
Amazing video, good work! Hopefully YT will start taking action against these channels...
@vipetherap272212 күн бұрын
Last time I messed with debugging was on Windows XP with OllyDBG so it's been a while. I mainly learned how to get around file packers at the time and didn't learn a lot of basics of assembly that I probably should have but it was mainly for fun anyways. The x64 debugger you're using looks very similar to OllyDBG with a lot more features/fixes/updates I'm sure. The more complex obfuscation techniques used by viruses like this one I couldn't wrap my head around years ago due to lack of knowledge of assembly etc. Does Ghidra come in handy or does IDA do a good enough job that it's not necessary to use?
@RyanWeil-r1n12 күн бұрын
IDA is better than GHIDRA (in my opinion at least) and the debugger I am using is x64dbg which is the standard nowadays (and objectively WAY better than Ollydbg). I was remembering being a kid trying to use ollydbg on XP as well and having no clue what I was doing 😃.
@DartrIxBTD15 күн бұрын
Awesome video dude! I learned alot
@kylec.547614 күн бұрын
What keyboard are you using?
@RyanWeil-r1n14 күн бұрын
G413 Carbon
@kramnecknerf15 күн бұрын
Interesting but next time please sound +40dB
@RyanWeil-r1n15 күн бұрын
Promise I’ll find a solution to the microphone issue next video :)
@vilvd393414 күн бұрын
@@RyanWeil-r1n+15 db gain on the whole vid shoukd be good
@RyanWeil-r1n13 күн бұрын
@@vilvd3934 Do the audio levels sound stable to you? I don't want to increase it entirely by +15 if there are peaks and valleys and have the audio peaks destroy your ears instead :D. I am going to look into borrowing a better microphone tonight
@WhiteSecz15 күн бұрын
About two weeks ago i was looking for the after effects activator and I was startled by the number of videos with the same malware and in the end I didn't find 1 video with the real activator, only malware
@iannalemme12 күн бұрын
i don't think there is any 'activator' possible with the subscription type payment for any Adobe product.