@natedunlap9226 7 ай бұрын
This is an amazing video! Your content is phenomenal and I hope your channel grows! You deserve lots of recognition for your work and I will say I believe 2k subs is a crime for the amazing videos you are putting out. Keep up the good work and I look forward to watching more of your videos!
@sonianuj 7 ай бұрын
Wow thank you so much! That is so kind of you to say. Another video coming soon!
@DeNikow 6 ай бұрын
@@sonianuj This has to be one of the best videos on KZbin about API unhooking. Great content. Very clear voice, well explained. Didn't understand everything (you lost me about 70% through), but that's because I don't have enough knowledge about reverse engineering. I'm just a simple system engineer.
@matthewlandry5946 8 ай бұрын
🎉 The most thorough step by step explanation of windows API Ghidra and debug use. I like your style. Excited for more videos and thanks for spending all this time helping others in the community. Salute!
@sonianuj 8 ай бұрын
Thank you so much!
@mojack624 6 ай бұрын
Interesting anuj hope to see more future videos
@sonianuj 6 ай бұрын
Will do, thanks for watching!
@mojack624 6 ай бұрын
your concepts explanation are straight forward and the videos are concise and very educative@@sonianuj
@ByteHax_ 5 ай бұрын
Amazing ❤❤
@sonianuj 5 ай бұрын
Thanks 😄
@Tchubakk 8 ай бұрын
A big fan of your detailed-explain approach... 😊 looking forward to a video explaining "how to identify API hashing technique"
@sonianuj 8 ай бұрын
Thank you!
@postelnicuiulian2527 6 ай бұрын
Hi, great content.... only one small suggestion if I may: if you want to get more views you must change the channel name by adding something related to malware reverse engineering. I know you from sans because I'm interested in 610. Great content & looking forward for next ones!
@Starckoo 8 ай бұрын
Amazing content, thank you!
@sonianuj 8 ай бұрын
Thanks for watching!
@mosaabalhaddad3146 8 ай бұрын
Very Amazing Video, needed this as i may start my career in malware reversing in a company soon (you're videos helped me get this job btw), thanks a ton
@sonianuj 8 ай бұрын
Wow, thank you so much for sharing this. Your comment inspires me to continue putting in the work to create these videos.
@designzonebeats 8 ай бұрын
Very nice. Well worth staying in the office for :)
@sonianuj 8 ай бұрын
Wow that’s great to hear! Thank you for watching.
@Teo97b 5 ай бұрын
hi Anuj, I have been learning a lot with your videos but I have a question; I find very interesting what you described at 06:55 in the video and I want to ask what is the difference between attaching the executable after putting this infinite loop and just putting a breakpoint at the entry point of it without attaching it? Both the breakpoint and the infinite loop won't let it execute further right? Always nice to learn new things.
@sonianuj 5 ай бұрын
Hi there! Thanks for watching. So, if my goal was simply to debug find.exe, I could absolutely set a breakpoint at the entry point of find.exe like you suggested. However, at this point in my analysis (06:55), I wanted to debug a version of find.exe that had been hooked by frida-trace. This means I first need to launch find.exe via frida-trace and *then* debug it - my solution was to insert the infinite loop so that I could attach to the running (but hooked) find.exe before it terminates. I hope that makes sense!
@Teo97b 5 ай бұрын
I see, thank you
@noahblackburn5470 8 ай бұрын
Might just be me, but the description (In this video, we analyze the FBI's Qakbot takedown code using malware analysis techniques) is for another video of yours I believe - kzbin.info/www/bejne/kHW7oqWcfJybjcU Thanks for the great content!😃
@sonianuj 8 ай бұрын
Whoops, thanks for noticing that! Just fixed it.
@w22iwi22w 7 ай бұрын
what build of windows are you using?
@sonianuj 7 ай бұрын
Hi there. I'm using a Win10 enterprise build where I've installed all my tools (all free). Hope that helps!
@ukaszgeras6600 8 ай бұрын
Hi, could you mention any ideas how to detect unhooking techniques? Provided that you already unhooked ntreadfile function (or use it's syscall), you can load any unhooked native api function from disk to avoid EDR/XDR detection. Being deaf to api monitoring, static rules seem to be applied. Any thought how to approach the topic and detect the manipulation statically? Love your meterials❤
@sonianuj 8 ай бұрын
Great question. Capa or YARA rules could help with this. YARA is often discussed, capa less so. Maybe I'll make a video on using capa rules to detect this sort of thing. Thanks for the idea!
@ukaszgeras6600 8 ай бұрын
@@sonianuj I was thinking about looking for binary string reaching the pointer to PEB from TIB. It may be a preety constant thing.
Дима Масленников
Рет қаралды 9 МЛН
Фани Хани
Рет қаралды 1,4 МЛН
Дима Масленников
Рет қаралды 9 МЛН