Heck yeh! These are awesome tips, thank you! You sir get the pinned comment for this video : ))

j u s t b a s e 64 d e c o d e this: Izg2ZjJkNDJmZSBJIGhhdmUgYSBwcm9ibGVtIHVucGFja2luZyB0aGlzIHByb2dyYW0uIElmIHlvdSBjYW4gdW5wYWNrIHRoaXMgaSBjYW4gZ2l2ZSB5b3UgNTAgZG9sbGFycyEgSGVyZSB0aGUgcHJvZ3JhbTogaHR0cDovL3d3dy5tZWRpYWZpcmUuY29tL2ZpbGUvMjlzZm9uNXJuMWljdHkzL3RhcmdldC43ei9maWxlICM4NmYyZDQyZmU=

Thank you! : ))

Hey thanks very much Eli, glad you are finding these interesting : ))

Thanks so much : )) We are just trying to show how we do stuff for real, failures, dead ends, wins, and all. I should also mention I'm really digging your x86 tutorial series, post more videos! Please : )

Yeah I got at least 1 coming out today at 5PM pacific. Might do another bonus one too here soon. Thanks a lot, that means a lot coming from you!

Exactly how it works in real life 😂🤣😂🤣

So all I am doing is using the PE header to locate the PE file in the dump. Then I remove all the data before the header (since the header is the start of the PE). With regards to "How can you be sure that you are not including junk memory when carving? " the answer is I don't really care if there is junk in the buffer since I know there is a PE in there I know that I can always use the above trick to remove the junk after I have dumped it.

I don't use it as I use different VMs for static analysis and debugging and I found the remote debugging configuration required some network connectivity between the hosts that wasn't comfortable with. It's almost impossible to troubleshoot via KZbin comments like this but the fist thing I would check is the log info in IDA in the Output Window when you load a new binary into IDA. That is when IDA loads the plugins so if there is an error you should see some sort of log message in the output window. If you are really stuck hop on our Discord and maybe someone can help discord.gg/UWdMC3W2qn

IDA Pro ... says so in the title 😉 When this video was released there was no really good option for free IDA but now with their free cloud decompiler (64bit only) I think it would be possible to actually use the free version for some reverse engineering tasks. Still need the paid version for 32bit though (or g-hydra).

Thanks for the support. I replied to your comment on our other video... still love the name though 😹😹

No worries! One of the best places to get new relevant malware samples is from Brad's awesome blog over at www.malware-traffic-analysis.net/2018/index.html Not only is his analysis great but he also uploads the malware samples to his site (zip + password protected) so you can download them and analyze yourself. The links for the samples are at the end of each one of his posts. Hope this helps : )

malware-traffic-analysis.net - Click a year in red, then you can go to town or do ctrl+f to search for specific sample. Note that you will want the zip files which contain the actual sample instead of just the pcaps. He has both on each page.

This does help. Thank you both :)

Also, how could I forget!? Karsten made a whole video about this over on his channel kzbin.info/www/bejne/iXSth4pnep2XfKM

crap I didn't even see this reply somehow haha. Ah well, I bet he knows where to get samples now right?? :P

I think at some point we may make a "how I got into reversing" type video ... but until then the short answer is we both have been working in security for 10+ years with a pretty broad base of experience ranging from appsec, to full-on pentesting, to incident response. Personally I (Sergei) have been reversing professionally for about five years... and as a hobby for maybe eight years. But as you can see in the videos I am nowhere near an expert in the field, and I'm always learning new techniques and tricks. I also do a lot of software dev and that helps with honing the reversing skills. If you have any other questions feel free to ask : )