Ransomware Attack Simulation

Рет қаралды 94,206

2 жыл бұрын

Lockard Security conducted a ransomware simulation that started off by exploited a fully patched and updated Windows 10 pro system running Office 2021. The exploit was using a Word document that was able to establish a reverse tcp shell. From there Lockard Security was able to setup persistence by backdooring Google Chrome and deployed ransomware. The ransomware attack was successful and was able to move laterally into different subnets by abusing the trust between zones. For a security assessment by Lockard Security, contact us at www.lockardsecurity.com to schedule your assessment today.

Пікірлер: 73

@SamuraiJack1881 2 жыл бұрын

Thank you for everyting bro, have a good job.

@marvinokapo3321 Жыл бұрын

Hey mate the Infection-Simulation document that you used to maintained the connection and to upload the malware in the victim machine where did you get it from? (Educational purpose). Thanks.

@user-li3hv4ok7t 2 ай бұрын

I would thank you if you could give a link to your research with all the commands you used for the persistence part, of course just for educational purposes

@alexbrasilia6459 7 ай бұрын

Do you have a paid course to be possible we learn step by step about this ?

@magnese7993 2 ай бұрын

Which kali tool did you used?

@Dr.Yuzerssif 6 ай бұрын

Thank you for this video. I need your help.. My laptop was exposed to a JAWR ransomware attack. I see that you are an expert in this field. I hope you can help me solve this complex problem. Thank you very much in advance

@rersheed Жыл бұрын

HI! I have been trying to simulate ransomware traffic for testing a countermeasure but I couldn't. How can I simulate wannacry ransomware traffic? Best Regards

@udohpele1696 2 жыл бұрын

Thanks for this demo. On question please, if the user is not a local admin and is unable to run the file after clicking, will the hack still be successful?

@lockard452 Жыл бұрын

Hi, I'm sorry for the delayed response as I'm just now seeing your question. A non admin user would still be able to open this file. In doing so the malicious code would still run, however it would be in the context of the users permissions. When this happens, the attack much do a privilege escalation attack to get admin / root access.

@jaydave4696 Жыл бұрын

Hey! It's an absolute amazing video..but how can i get this codes..for my Ransomware project?can u reply pls.

@InternetVet 2 ай бұрын

just drop all inbound connections on port 5985 & 5986 to prevent this?

@conan5890 Жыл бұрын

Nice video, explanation and demonstration. I think you should try again against a computer who has a paid license of antivirus (e.g ESET etc). The free version Windows defender has nothing in order to defend any attack.

@detective5253 Жыл бұрын

this is interesting technique and similar somehow to a signed malware with a company's private signing key typically to backdoor whitelisted applications. modern cyber sec are getting way more sophisticated than ever.

@starboyy__y 9 ай бұрын

I Was Also Looking For That Type Of Videos Bro 🥲

@MAG320 7 ай бұрын

I would like to see how the ransomware was created (for ed purposes) so I can provide a debrief to a couple clients.

@UniqueMappingSequence 2 ай бұрын

🤨🤨

@mohammadiaa Ай бұрын

Yeeees clients

@samajbhanproduction1520 8 күн бұрын

IKIK

@meowtrox1234 8 ай бұрын

how about if you have a DYNAMIC IP ADDRESS? will ransomware be possible?

@zilverfox-wu1yd Жыл бұрын

i assume you made a backdoor first, just how do you crypt it in kali linux plus exploit?

@lockard452 Жыл бұрын

Its a broken Macro technique, I recommend taking the OSEP training to learn more about this method. I avoid using crypters as they are easily flagged as suspicious.

@zilverfox-wu1yd Жыл бұрын

@@lockard452 okay thanks lol

@kasinoFlow 11 ай бұрын

@@lockard452I want to learn more about hacking can you make a discord by anychance

@paradownload2051 7 ай бұрын

Sir can i have a copy ofnthat simulation? For educational purposes, im into cybersec right now

@rafaelsandoval6472 2 жыл бұрын

do you have a video where you put the malicious code into the macro file? Thank you

@lockard452 Жыл бұрын

Hi, I'm sorry for the delayed response as I'm just now seeing your question. No I do not, the main reason for that is so AV vendors doesn't pick up some of my methods. That said, this one already is being detected, which is expected over time. I'll consider creating move videos on the entire process, start to finish. Along with diving deeper into the code and methods used.

@littleghoost 8 ай бұрын

how to disable antivirus before infecting?

@elelipappa3102 2 ай бұрын

Can you make a tutorial on how to create such ransomware?(Love your content)

@Hogrider6.9 Ай бұрын

lol

@Gm-Rifat 11 ай бұрын

What kind of mail you are using ? How can I use it ? Is it free ?

@andreazaric303 11 ай бұрын

Is tempmail

@ronwurdesagendasises9249 Жыл бұрын

How do you make this Word Document without Makros?

@lockard452 Жыл бұрын

Its a broken Macro technique. I recommend taking the OSEP training to learn more about this method.

@shadowsalah1484 3 ай бұрын

Hey guys hacker's control ransom with a C&C server?

@gernot4490 Жыл бұрын

does kaspersky allow opening the infected word-doc in the beginning of the vid? i dont think so so its preventing the ransomware attack?

@jacvbtaylor 2 ай бұрын

That probably all depends on the exploit in the doc

@mrgermanyhd Жыл бұрын

How did you make it without WinDef or AV noticing or alarming? Can u tell me in 1-2 sentences how this exploit works and what I need to do? (educational purposes only)

@zilverfox-wu1yd Жыл бұрын

crypter

@lockard452 Жыл бұрын

Hi, I'm sorry for the delayed response as I'm just now seeing your question. It requires creating the payload in away that is unique, without any suspicious indicators that would get flagged. Most crypters are easily detectable as suspicious,. It requires a lot of testing, trail and error. For example, the methods I used here no longer works, therefore you have to always continue to evolve the payloads to stay one step ahead of the detection engines.

@hack-talk9098 2 жыл бұрын

Start with the full video so I learn how to create the payload and listener

@lockard452 Жыл бұрын

I'll be creating an updated video with full end to end which will show the latest and greatest processes and methods.

@BlueZackMuthey 9 ай бұрын

how did you get access to the targets computer?

@BlockImmigrants 8 ай бұрын

The link the victim clicked gave away the IP address, and with the IP, the hacker can basically access the victim.

@TK-od8hd 7 ай бұрын

@@BlockImmigrantsso a Firewall rule will block this connection?

@issho8885 7 ай бұрын

@@TK-od8hdonly if the attacker IP was known beforehand and it was put in the rule

@sreerahul6663 Жыл бұрын

Hi bro If a pc is infected with ransomeware virus how to decrypt it please do a video

@HiChicken-zj7yc 9 ай бұрын

you can't, pay or format your pc

@networksolucoes7537 3 ай бұрын

Muito boa apresentação!!

@a6eu Жыл бұрын

Hello Lord, I have final project tomotrow, and I need to demonstrate this attack to get bonus points, I really need this. Can you help me, plsss?!!

@lockard452 Жыл бұрын

Dang, I'm just now seeing this comment! Hope you were able to do demonstrate this for your class.

@thewickedmma 5 ай бұрын

broo help me out. im going through the same thingg

@FrontendCss 7 ай бұрын

It's Kali Linux

@apitaremore9453 Жыл бұрын

how to remove ransomware??

@harshadsd90 10 ай бұрын

same question tried all decryption methods but not work 😢😢

@HiChicken-zj7yc 9 ай бұрын

cause u can't only the one who puts it in the system who can which u gonna need to pay for

@electragammingtech9801 Жыл бұрын

give me the google sheet documents

@lockard452 Жыл бұрын

You don't want it :D

@robertclark2607 Жыл бұрын

who would use windows ge

@SteveRoufosse 5 ай бұрын

Je parie que personne ne saurait m'envoyer un ransomware 😂

@Its_A_Me._A_Mario Жыл бұрын

So you don’t go to jail y’all, hack a vm lol

@danwolf1168 Жыл бұрын

Instead of “hacker” you should say cyber criminal.

@saji002 8 ай бұрын

generally its hacker

@mohamedamjath3884 Жыл бұрын

Hi, can i contact you pls

@user-uk3ut3qo8q 2 жыл бұрын

I watch the video but still couldn’t do it myself until he came to my aid👆(the above bio on social media). Thank you