I tried, but somebody already deleted it lol

🧠

but first spam the webhook URL with "your webhook got thanos snapped" and GIFs of thanos doing fortnite dances

@@GateKeeper_Systems I saw ntts do that.

@@rodricbr same lol

@Michael DiGregorio really he is so stpid don't 😭

Hey i really made it for educationnal in the beggining

By your logic powershell and python as a language are malicious and shouldnt exist because they have the potential to be abused by its users. 🤦

@@User-kq3od by your logic operating systems like windows, macos, or linux shouldn’t be used because they could be used maliciously. your rational falls apart

@@majoryoshi that's not their point at all

I read your comment and thought "It can't be that bad, can it?" **a few moments later** John: "Hang on!" Me: **flinching** "Oh, it IS that bad!"

Same loool

Hey, at least the right to remain silent is something that they're legally forced to give you and need to inform the jury to not hold your silence against you (as well as judgements found to violate that clause getting thrown out entirely)

@@xana3961 I just love the fact that they say that and then keep you for hours and still keep asking you questions.

@@xana3961 yeah but the crypto bros and blackhats won't shut off their body cams before handcuffing me and breaking both of my kneecaps

There is no roadmap at all, this industry doesn't have a laid out plan for what you should do and what you should learn. It doesnt fit the mindset of a pentester either. A pentester or even any one in the infosec industry should be by nature very curious and eager to learn anything.

@@boogieman97 That's crazy! But also really interesting thank you for clearing that up! I'm pretty eager to learn as much as I can I guess I just worry about all the time I wasted not getting into this industry at a younger age and want to "supercharge" my way to catch up if that makes sense? Anyways, I'll keep that in mind thank you!

@@Sl33pySage Trust me when I say you're not behind if you're starting at a young age, I started at 15 and am still working my way to being a good pentester. Just enjoy the journey as there is a lot to have in store. Lots of cool knowledge that makes you feel awesome when you pull it off! Welcome to the world of cybersecurity!

@@Sl33pySage not sure where you're at since this was almost a year ago, but it's really never too late. Almost 30 and starting a job with a cybersecurity application startup in 1.5 weeks. I'll still only be in support, but it's as an engineer so it's still its on the path! I started out in biotech, and hit a deadend there. After floating around not really knowing what to do, as you said I eventually pulled a complete 180 because of videos like from @_JohnHammond. If you're interested my path was the following: studied the Network+ and A+ (still don't have the certs for them tho 😬decided a degree was more important), did some side projects and self study, got a wfh support call center job as a temp, worked hard to be hired on full time to their implementations department, and used their tuition reimbursement to go to school a bit. Then the company started to act shifty so I applied to a bunch of new jobs, advertised my new skills and talking about the school and personal projects during the interviews, then that was that! I made it real clear in the interviews that I need to learn a bunch still, and they said that seems like what they're looking for, so I'm hoping with this I'll get much more familiar with the field and actually work closer to the tech than ever. Like boogieman97 said, there's no real set path, and yeah it's a great analogy for the hacker's attitude of making it work for you, so you could look at it as practice for that mindset :)

AWESOME CTF challenge idea!!! 🔥🤩

Actually, most of malwares do that, to bypass sandboxes like Triage, Anyrun, VirusTotal. If name is like John, it will NOT execute malware

@@ImTimmy228 Many do that, yes. But of the samples John pulled apart this is the only one I know of. And I've watched many of his videos and I've actually pulled apart some malware samples myself, this is the first one I know of that does protect itself against debugging.

This is true, I borked it when I tested it against myself.

@@_JohnHammond btw if you send a get request to the webhook url it tells you the guild and channel id it's set at not really useful for anything other than reporting though, and I've learned not to count on discord staff

I'm curious why they can't do this for cheaters in games, I have always said they should just block or in some other way limit the possibilities from a particular IP address when dealing with hackers in CoD etc.

@@lfcbpro Changing your IP address is easy, and many people may share the same IP address. It's just not worth it.

@@lfcbproLike Checkium said, IP addresses are dynamic. Hardware bans are also ineffective, and can also lead to things like re-sale of HWID banned PC to someone who isn't a cheater, but they place the games the cheater is banned on. So essentially, innocent people wasting their money on a PC that they can't use for what they bought it for, because of the previous owner.

You'd write that clause too if you were handling people's private repo data and wanted to be absolved from being sued by sue-happy corporate crooks. Not saying you should feel comfortable. I'm saying, there's a real-world reason for writing such language. Source: Have worked with data recovery and security companies. Many of them have similar language to this.

@@Zancb Sure there are reason for writing that. One of the reasons being you protect the company from ANY kind of lawsuit. If you one day discover that your private repo is being used by some corporation who's paid Synk big money to grab data from their servers, you could do literally nothing. If they decide to charge your subscription more than it was advertised without any notice whatsoever, you are required to just shut up and take it. There are several examples that might be even worse, but you surely get why I don't think it's a service anyone should ever use at all. I am not even sure that the paragraph is legally worth anything since imho it might make them avoid accountability for virtually anything a customer might experience on their platform. I do think that is not lawful and they can't just write in their ToS anything they want, the ToS has to respect laws too. But I am a developer, not a lawyer and I might have misunderstood when that paragraph might be used. Maybe it does not mean what I do think it means, I am not completely sure. If anyone here has a legal background and is willing to elaborate on that you are more than welcome to do so.

i think you would be hard pressed to find any tos that lacks that verbiage

They legally cannot enforce any of that. It's there so that they aren't held liable if you use their software for illegal purposes (a catch-all, if you will). Plenty of software companies do this.

That is going to be in any TOS, its a cover your ass statement, all that second part means is effectively "If you're really shit at writing code, and our software doesn't catch every single last exploit, so it still gets exploited, that's not on us, and you can't say it is, you can't just rely on software to do your job" Any reputable company will have a clause like that if they are doing something similar to snyk, trying to protect you, I'd imagine nearly every last anti-virus would have a similar one too

lmao

Pretty common, actually. It's an anti-analysis technique.

or just using a VM at all times

That's pretty funny actually. QubesOS reasonably secure indeed.

from another comment it looks like someone has already deleted it

Me too, me too !! I am dealing with this now.

@@maybemolly237 u're struggling?

Penetration Tester

@Thawne penetration tester (white hat hacker basically)

you can also add webhook in the url bar and it'll show you the same result as cUrl

@@ChrisTheCringe true

Yeah, I'm pretty sure ntts showed a website where you can get the webhooks deleted.

​@@imnotmarbin he did

@@imnotmarbin You don't need that. just open your terminal and do a 'curl -X DELETE'.

@@Serpensin wait, without authorization header? interesting

@@daleryanaldover6545 if you have the webhook url, you can entirely control it, including changing the name and avatar of it. you can also just plainly delete it by sending a DELETE to the url, but that's less fun than spamming it to death

If it was an exe, then it was a different malware. Python code packed into an exe doesn't come in script form, it comes as bytecode with it's own portable python.exe

@@nordgaren2358 You can definitely package a Python script into a single-file exe, I've done it before.

obviously

yeah... even python that is easy to learn

No.

@@rodricbr maybe python is easy to learn, but the code that was used to create this malware is not if you write it by yourself without using outside sources (which this person did not do)

@@radon-sp thanks Joswel

There's a way around their blocker tho, if I remember correctly, I think it's cloudflair. If you're using selenium, you can delete the cookies and cache. Doing so would bypass the block. That was for cloud flair, but I remember there was something for the discord API rate limiting as well for bypassing

This is true, I borked it since I had tested it against myself beforehand. :)

@@_JohnHammond lol I was messing with discord apis and malware a while back and was totally baffled as to why none of my API calls would ever work. A month later I found out 🤣

@@mastercodeon42 *proxie

@@huebnerite Nah, I don't think a proxy solves their API rate limiting, but I could be wrong tho

All credit to exyl for art in the thumbnail :)

You cannot report open source malware 🤨 it genuinely is educational and not illegal at all

I mean you can't really shut down someone's account for creating malware programs because it's not wrong to write them, just use them against people who have not given you explicit permission for such. Although ultimately it's up to Github themselves, and they do have the report option for it so I don't really know why they wouldn't.

user is still active as of today, March 9th. Github won't delete a user contributing to the security space. Malware is apart of that space and everyone needs to see how this malware works. Deleting it from GH would do nothing but harm as the owner still has the code on their local branches and now nobody can understand it to protect against if need be. The reality is. Users that get hit by it would probably never know and were never aware it could happen in the first place. Those that are aware are sophisticated users with some of them being us coming to watch hacking videos on youtube. We want to see that code. Not let it disappear.

no

but script kiddies don't know any better

Which music?

so an edgy french skid? gotcha

Someone writing sophisticated code like this obviously didn't just upload it there with no reasoning behind it. They most likely genuinely want others to see it... AND use it. AND contribute to it to help make it more dangerous.

@@Infamous159 hes a skid. "trying to help the world out". he can't code at all.

200 iq move

While true, even experienced people make simple mistakes like that. Look at the dummies that missed 1 single logic flaw that allowed for crypto smart contracts to get drained with reentrancy attacks.

I put it in the description just now. Thanks for the reminder! - Nordgaren

@@nordgaren2358 danke

I agree, and also reporting code seems crazy to begin with

There's already plenty of detection tools for stuff like this, it's unnecessary to keep it up.

Yes, but the average person is not going to think of that

@@mongmanmarkyt2897 It's actually a very common technique for reverse engineers, which is the average person who would be reverse engineering malware.

Oh thats how its always went. Its a constant race

@@elvingearmasterirma7241 yes bro

Credit to exyl for discord logo in the thumbnail from his video PING! :)

@@_JohnHammond wow, fast response.

Yea, they came into the Discord, and posted here that they did it for educational reasons. It's just a shame that the malware is very potent (steals CC info and stuff). Would probably be a good idea to keep stuff like that out of the educational repos :P

if they were savvy they could have used a magic method to auto execute the code, avoiding extra exec calls. he is lucky that skids aren't savvy

This is true, I borked it since I had tested it against myself beforehand. :)

plenty of them out there. i dont see how all of these comments dont get the fact that Open Source is used to not only make things public, but also get CONTRIBUTIONS to the project. Looks like all of his dangerous projects are frequently updated weekly/daily. BlackCap itself has 5 authors, 4 contributors and it was created from forks of Hazard Grabber PirateStealer Wasp-stealer Builder by Luna token grabber VERY common thing going on here. Malware is software like everything else. Some tools on Kali Linux can be found on GH as well. Those tools are dangerous. "but but it's Kali... It's for good guy pentester" Yea. And Of course malicious hackers as well because the tools can be good and bad.