Hey everyone, I messed up the editing for this release and two clips are out of order. The correct order for Parts I and II of Dynamic Analysis of an Unknown Binary should be as follows: 3:00:54 - Part 1 Basic Dynamic Analysis 2:39:37 - Part 2 Basic Dynamic Analysis I apologize for the confusion!

A side note for anyone who runs wannacry at the first detonation and nothing happens, Make sure you disable inetsim on the remnux box as the first thing wannacry does is reach out for a dns host and if it replies, it wont run. Thats how Marcus disabled it in the first place.

I recently completed the full 9 hour course on TCM and loved it. Great class!

Thank you! I managed to pick up the full course (as well as others) during the $1-$6 discount event! You guys are awesome! I am halfway through PMAT and I am enjoying it. This is definitely worth the money! TCM Security has high quality and very affordable training.

Im about 60% through your course loving it gotta stalk your youtube for everything i need more.. MOOORE 👁️👄👁️ Would definetly recommend his course for anyone reading :D

Excellent resource. Certainly appreciate the effort that went into this! I encountered an issue with the Windows machine where it wouldn't be fed any fake html page after manually setting the DNS on the Windows machine for the Remnux host. The issue was with the LAN Settings Automatically Detect Settings configuration. Unchecking this box within Internet Explorer resolved the matter. Just in case anyone oberves this as well.

Great course! I just made it through the tutorial! I was able to solidify my understanding on basic malware analysis. I have taken a course in my graduate studies and it was a great supplement.

i just completed the course , i really want to thank you for sharing that for free

I don't usually comment on KZbin but you deserve admirations. I will make sure to mention you in every interview I have for Threat Intel position and to everyone who is interested in Threat Intel/Malware analysis career path. Thank you is not enough.

Hey fam! I just released a new, free section of PMAT that includes more detail about the security of Host Only networks and how to set up an Internal Network for malware analysis. It fits right in after the video at 51:39:00. Check it out here: notes.huskyhacks.dev/blog/malware-analysis-labs-internal-network-vs-host-only

this is why they say that teaching is an art... you can make someone who knows nothing understand things and slowly take them to the next level is spectacular... as soon as I finish these 5 hours I can't wait to go to buy the rest of the course.

This has been such an amazing journey. Much respect to Husky! Heath's crew @ TCM are awesome! 🎉

Just completed this course its soooo awsome

Man you are so generous. Now I can tell my Junior to learn from here to know if he's into malware analysis. Btw I already have the full course and I'm halfway done.

In remnux when i mount it said no medium found on dev/sro what i can do for these

Some may have noticed that the part of Basic Dynamic Analysis was not mounted in the proper order. 3:00:54 - Part 1 Basic Dynamic Analysis 2:39:37 - Part 2 Basic Dynamic Analysis Thank you @huskyhacks531 for a fantastic tutorial

really realley excellent course, thank you

Glad I found this video. I'm getting in to malware analysis in my job and I think your course will be a great intro. Do you cover analysis of malicious websites too?

best malware analysis course. Thanks for this amazing course

Good to see you share this much for free to many people God bless you.

It was an amazing and helpful tutorial for beginner malware analiyst. Thank you so much, I was searching something like this and your content is exactly what I was looking on the internet. Thank you again🤗

I can't wait to watch this all the way through! Thank you!

You earned a sub, my friend 😊

I already have your course, but its good to see it on youtube :)

Excellent intro to malware analysis ! great job ! looking fwd at many more videos ..

Thank you my friend. Excelent tutorial :) I'm cheering for you to do more. hhaha

How am I only finding your channel now.. great tutor. I'll slowly watch all your videos now.

awesome video, thank you for all the information. I am a cybersecurity student and found this video invaluable.

Thank you Matt, we truly appreciate the 🎁

Thank you so much for this amazing tutorial Please release next set of malware analysis video

Thank You for this. i actually finished your course,it was really awesome experience lots of good learning, Highly recommended your course. A very good teacher😍😇

One tip, personally I would go the extra step and by ensuring clipboard sharing is disabled when deploying malware. I don't think he mentioned that and did notice he had it enabled when copying hashes to virus[.]total just my two cents. But great video none the less!

Thank you for the awesome course

Im curious, has the FLAREVM installation changed? I went through the process but simply get a folder named Tools instead of FLARE. Also it seems the packages that get installed are different than those seen the video, for example no peview. Is that just necause theyve changed their tool lost in the config file?

How to filter on Procmon: 2:27:00 3:28:42

I bought this and im so happy i did

I can't thank you enough, Matt 🌸💝

21:56 I get error "no medium found on /dev/sr0" :(

Hello, I’m stuck at the remnux phase where I’m supposed to mount a media It’s keeps telling me “/decdrom” does not exist I look forward to your assistance, thank you

Subscribed!!

Appreciate the effort you put in this video. Amazing content. What i liked about the video is the way it has been explain which clear and to the point. Thanks husky.

I cannot thank you enough.

Great Video..Thank you

Good Lecture man!

You're the best bruh

Great video and was wondering if you have AV enabled when you run your samples on the VM or did you disable

Thank you so much

Brilliant !!!

The vbox files on the cdrom exist but on Remnux the files do not exist in cdrom anywhere. I have watched the video up the the sudo mount segment 3x but not sure what to try differently. Thanks

Hi, I have an issue with the inetsim. I have done everything correctly step by step but I only get the message about the fake mode when I navigate to the 10.0.0.3 remnux IP. When I try to run any other site I get 'this site can't be reached'. Can I have some help, please?

Windows Defender is not letting me detonate de virus :(

Thank you so much for all your hard working ,but I do not know why the commands did not work for with me at the beginning?

Hello , I am not able to drag the malware folder from the host to FlareVM, anyone please help

at the 4.00.31 i don't understand how i find the metasploit module for use the reverse shell?

can you tell me where should i download all tools for malware analysis I have Installed Flare VM but some tools are not compelety download

is it ok to enable the clipboard share feature on flarevm ?

Gonna need to make some time for this.

Just a quick question.. why does my Network setting is not working? I tried everything but the configuration is just not working in my case? Any solution?

Hi, mr Husky. I have a little bit problem. As you showed at 59:09 to run wannacry then try it in my flare VM but wannacry.exe didn't run. I wonder why this happened(defender was off) Thanks in advance

Waiting for Remnux to install 20:58 I’ll be back whenever I remember to continue 24:40

I have a questio, didn't u disable windows updates and windows defender? bcause im trying to do but when i disable MsMp mi VM explode

hey husky i tried to download the repo on my physical host but the defender and browser didn't let me download the repo as it was detection viruses into it can you help me with it please

floss cmmand not working in my cmd said that it is not recognizeble how to solve this issue

Edit: I found the answer to the below from your later explanation. However I did waste plenty of time trying to figure out myself. Here what took me further in the wrong direction is when I tried to open the malz file with 7zip and it did actually open it and presented a heirarchy of files and even 2 executables inside. So perhaps you need to rearrange the video so the safety part comes before any detonation. This is so others don't waste time like me (or worse, do something harmful) Thanks. Original post: Hi. At 57:08 you jumped to the next video and started working with the wanacry exe. However the file from the repository extracted in the previous video is ransomeware.wanacy.exe.malz So how did we jump from that to that?!?

For Vmware users: If anyone face problem after configuring Static DNS in Flarevm, and on visiting any url or ip you are not getting any output. Please follow below steps: - uncheck connect a host to virtual adapter in vmnet interface - disconnect & reconnect network adapter of remnux and flarevm. - then please do allow port 53, 80, 443, 21 on firewall as it might block incoming traffic. (or simply disable ufw). - Also, always turn on inetsim utlity as inetsim user only. if you will turn on inetsim from root user, dns will not work. dont know the reason

When I try to mount the cdrom I get this error message, mount: /media/cdrom: no medium found on /dev/sr0.

This is phucking fantastic. Very well explained

Congrats for ur great work and thanks for the content! I wanted to ask u if the host only adapter is safe because somewhere i read that this is not the case since the vm can communicate with the host.

Hello Sir, I am facing one issue, whenever I try to arm any binary, win10 defender or firewall removes it, Although all security options are turned off, Via Real Time Protection, Registry entry, group security policy etc. Still whenever any binary is converted to armed mode, windows automatically removes it. Kindly help what to do?

cutter and PEview are missing on flarevm

While mounting th CD-ROM directory It says no media found under /dev/sr0

I am still a beginner, how to install the files to my flare vm and I have no connection to the internet ?

@105:10 did you adjust your DNS and just edit that portion out?

Hello , I am not able to drag the malware folder from the host to FlareVM, any idea?

Was hoping someone could answer a question regarding downloading file samples directly from an EDR dashboard. For example, 365 Defender from MS allows me to download a password protected zip file with the sample in question. However, as I am signed in with the company admin account used to access the EDR dashboard and subsequently have to download the sample to my work machine, how can this be done safely? Do I create a read only account for the dashboard access and sign in to that account in a lab environment and then download the sample? Do I just download the zipped sample on my work machine and send it elsewhere? I'm trying to limit as much possible risk from downloading a sample during an investigation and unfortunately Microsoft don't make this easier in the 365 defender dashboard.

i cannot find the flare-vm github repo

Hello, I am trying to find a way to contact Matt Kiely to ask him about his training video i just purchased and i am not able to mount the file.

Can you show the same lab setup using VMware Workstation Pro? I haven't been able to find a single video on this topic.

My laptop doesn't support virtualization what to do in this condition?

I'm trying to download labs from the URL given in description but it says "Virus detected" and then stopped downloading. Please solve my query

That first malware file from close to an hour in just will not execute.

man disabling the Defender is a real PIA, I tried everything. Being Denied access, even with Administrator access. Does anyone here have any ideas.😰

listening to all the safety spiels as a linux user is funny. I have a habit of just leaving malware .exes lying around my pc because it can't do anything aha

Do this course teach you how to build your own

is malware analysis job generally full time job or are there part time jobs as well?

5:02 5:03 5:05

i installed inetsim and configured it like you did but i dont get a page when i try to access any web site

WannaCry doesnt work((

this course related to TCM security pratical malware analysis

Thank you very much for this video, can I get your mail id so that can discuss which are related to this in details. Am a PhD student and faculty in an organization, my work on this is very interesting.

Cool :)

Is this course basic or advanced?

hello

Thanks a lot sir. Just what to know for after ransomware detonation which tools I can use for dynamic analysis like you have shown how to use procmon and procexp but when I detonate the ransomware tools get crash.

Martin Scott Garcia Charles Young Anthony

Malware analysis didn't work anymore.

Williams Daniel Williams Karen Clark Thomas

Isn't this a paid course?

Can anyone get past the "The Installer GUI" where you can select the different packages you want installed? I dont have the option to confirm yes or no and proceed.

why i cant open the Malware.Unknown.exe ? if i renamed it from .exe.malz to .exe it wont run at all. it says i have to look in the microsoft store to search an app to run it. And could anyone tell me how to get the malware on the vm without compromising my main operating system? Thanks and Great video!