AhmedS Kasmani
AhmedS Kasmani
  • 36
  • 70 528
Malware 101: Hiding Shellcode in the Resource Section of PE File.
This is a continuation of the series where I will share the basics of Malware.
In this video we discuss how to hide shellcode in the resources section of a pe file and then execute it from there.
Offensive Development Course: ask-academy.live/courses/offensive-development-and-tradecraft/
Code: discord.gg/SpdTFCAAzG
Please provide feedback in the comments.
To continue the conversation hit me up on twitter:
🐦 Twitter - nu11charb
Переглядів: 472

Відео

Malware 101: Injection Basics - Remote Shellcode Injection
Переглядів 9393 місяці тому
This is a continuation of the series where I will share the basics of Malware. In this video we discuss one of the many ways for a process to inject shellcode into another process. Offensive Development Course: ask-academy.live/courses/offensive-development-and-tradecraft/ Code: discord.gg/SpdTFCAAzG Please provide feedback in the comments. To continue the conversation hit me up on twitter: 🐦 T...
Malware 101: Injection Basics - Local Shellcode Injection
Переглядів 1,1 тис.3 місяці тому
This is a continuation of the series where I will share the basics of Malware. In this video we discuss a couple of simple ways for a process to inject shellcode into its process. Offensive Development Course: ask-academy.live/courses/offensive-development-and-tradecraft/ Code: discord.gg/SpdTFCAAzG Please provide feedback in the comments. To continue the conversation hit me up on twitter: 🐦 Tw...
Malware 101: Injection Basics - Dll Injection
Переглядів 7264 місяці тому
In this video we continue our journey in the world of Malware. This is a continuation of the series where I will share the basics of Malware. Here we discuss Dll Injection, this is a very important technique to understand as it forms the basics of Process Injection. This is also important to understand for Api Hooking. Offensive Development Course: ask-academy.live/courses/offensive-development...
Malware Evasion 101: Detecting Debugger and Analysis Software
Переглядів 4064 місяці тому
In this video we continue our journey in the world of Malware. This is a continuation of the series where I will share the basics of Malware. Offensive Development Course: ask-academy.live/courses/offensive-development-and-tradecraft/ Code: discord.gg/SpdTFCAAzG Please provide feedback in the comments. To continue the conversation hit me up on twitter: 🐦 Twitter - nu11charb
Malware 101: Writing your first Exe and Dll in C
Переглядів 2,9 тис.4 місяці тому
In this video we dive into the world of Malware. This will be a series where I will share the basics of Malware. Offensive Development Course: ask-academy.live/courses/offensive-development-and-tradecraft/ Basics of PE File: learn.microsoft.com/en-us/windows/win32/debug/pe-format Code: discord.gg/SpdTFCAAzG Please provide feedback in the comments. To continue the conversation hit me up on twitt...
Latrodectus - Malware Analysis Part 2
Переглядів 6945 місяців тому
This is part 2 of the analysis of the Latrodectus Malware. In this video we will look at the final payload. Final Payload Download Link: hxxps[://]bazaar[.]abuse[.]ch/sample/d843d0016164e7ee6f56e65683985981fb14093ed79fde8e664b308a43ff4e79/ Code Repo: github.com/nullcharb/LatrodectusYT Course Link: courses.null-char.com/courses/the-art-of-malware-analysis Academy Link: ask-academy.live/ Please p...
Latrodectus - Malware Analysis Part 1
Переглядів 1,1 тис.5 місяців тому
In this part 1/2 we will be doing analysis of Latrodectus Malware. Stage1: Javascript Download Link: hxxps[://]bazaar[.]abuse[.]ch/sample/4ff60df7d165862e652f73752eb98cf92202a2d748b055ff1f99d4172fa4c92f/ Stage3: Msi File Download Link: hxxps[://]bazaar[.]abuse[.]ch/sample/3a950d7e6736f17c3df90844c76d934dc66c17ec76841a4ad58de07af7955f0f Course Link: courses.null-char.com/courses/the-art-of-malwa...
Introducing new course "Offensive Development and Tradecraft"
Переглядів 3297 місяців тому
Hey Friends, In this video I am introducing my new course "Offensive Development and Tradecraft" The course website: ask-academy.live/courses/offensive-development-and-tradecraft/ Please provide feedback in the comments. To continue the conversation hit me up on twitter: 🐦 Personal Twitter - nu11charb 🐦 Academy Twitter - askacademylive
Shellcode Loader Analysis and Python3 Scripting in Ghidra
Переглядів 53410 місяців тому
In this video I share how use Python3 Scripting in Ghidra to scripts for Shellcode loader Analysis and Shellcode Extraction. Links to the Github Repo for the code: github.com/nullcharb/GhidraScripting Link to the sample: hxxps[://]bazaar[.]abuse[.]ch/sample/733be2c75022f979e6568281e76da5fd3c709ddac41a3e644f0ff88432c5d248/ This is a must watch video for people interested in Malware Analysis, Sec...
Ghidra UI Updates for Malware Analysis and Introduction to python3 scripting in Ghidra
Переглядів 37510 місяців тому
We continue our series of Ghidra basics; in this video I share how I improve the UI to make it better for Malware Analysis and introduction to python3 scripting in Ghidra via Ghidrathon. Matthews Article: embee-research.ghost.io/understanding-and-improving-ghidra-ui-for-malware-analysis/ Ghidra Scripting Repo: github.com/nullcharb/GhidraScripting This is a must watch video for people interested...
Malware Analysis Lab Basics - Part 2 - Installing Ghidra
Переглядів 1,1 тис.10 місяців тому
We continue our series of Malware Analysis Lab basics; in this video I share how I install and configure Ghidra. Ghidra Link: ghidra-sre.org/ Ghidra Dark Theme: github.com/huettenhain/ghidradark Ghidrathon: github.com/mandiant/Ghidrathon Gradle: gradle.org/releases/ This is a must watch video for people interested in Malware Analysis, Security Operations and Security Analyst roles. Course Link:...
Malware Analysis Lab Basics - Part 1 - Installing Flare VM
Переглядів 4 тис.10 місяців тому
We continue our series of Cyber Security Lab basics; in this video I share how I install and configure FlareVM. FlareVM Github Link: github.com/mandiant/flare-vm This is a must watch video for people interested in Malware Analysis, Security Operations and Security Analyst roles. Course Link: courses.null-char.com/courses/the-art-of-malware-analysis Academy Link: ask-academy.live/ Please provide...
Cyber Security Lab Basics - Installing EDR in Malware Development Lab
Переглядів 2,6 тис.11 місяців тому
In the previous video I showed how to setup Malware Development Lab. In this video we add Elastic EDR to the lab. This is a must watch video for people interested in Security Analyst, Security Engineer, SOC Analyst roles. Course Link: courses.null-char.com/courses/the-art-of-malware-analysis Academy Link: ask-academy.live/ Please provide feedback in the comments. To continue the conversation hi...
Cyber Security Lab Basics - Setting up Malware Development Lab
Переглядів 1,5 тис.Рік тому
In this video, I walk through how I setup a Malware Development Lab. This is a very basic Lab where I use Kali linux for compiling code and Windows 10 for debugging and testing the code. This kind of a lab can be the building block for a very comprehensive lab for testing EDR and Security Solutions. Source code link: github.com/nullcharb/MalwareDevelopmentLab-YT Kali Linux Setup commands: sudo ...
NjRat Malware Analysis
Переглядів 4,9 тис.Рік тому
NjRat Malware Analysis
Vidar Stealer Malware Analysis
Переглядів 4,5 тис.Рік тому
Vidar Stealer Malware Analysis
Racoon Stealer V2 Malware Analysis
Переглядів 4,7 тис.2 роки тому
Racoon Stealer V2 Malware Analysis
Qakbot Dropper Analysis
Переглядів 4,5 тис.2 роки тому
Qakbot Dropper Analysis
Zloader Malware Analysis - 1. Unpacking First stage.
Переглядів 1,7 тис.2 роки тому
Zloader Malware Analysis - 1. Unpacking First stage.
Malware Analysis of Hancitor maldoc and initial Dlls
Переглядів 1,9 тис.3 роки тому
Malware Analysis of Hancitor maldoc and initial Dlls
Analysis of Malware from Kaseya/Revil Supply Chain attack.
Переглядів 2 тис.3 роки тому
Analysis of Malware from Kaseya/Revil Supply Chain attack.
Analysis of AppleJeus Malware by Lazarus Group
Переглядів 1,3 тис.3 роки тому
Analysis of AppleJeus Malware by Lazarus Group
Analysis of malware dropped by Nobelium.
Переглядів 2 тис.3 роки тому
Analysis of malware dropped by Nobelium.
Malware Analysis: Agent Tesla Part 2/2 Final Payload Analysis
Переглядів 1,6 тис.3 роки тому
Malware Analysis: Agent Tesla Part 2/2 Final Payload Analysis
Analysis of ICEID Malware Installer DLL
Переглядів 1,8 тис.3 роки тому
Analysis of ICEID Malware Installer DLL
Malware Analysis: Agent Tesla Part 1/2 Extraction of final payload from dropper.
Переглядів 2,5 тис.3 роки тому
Malware Analysis: Agent Tesla Part 1/2 Extraction of final payload from dropper.
Extract Comrat Malware Dll's from Powershell Dropper
Переглядів 7843 роки тому
Extract Comrat Malware Dll's from Powershell Dropper
Malware Analysis: VBScript dropper for NJRat.
Переглядів 1,2 тис.3 роки тому
Malware Analysis: VBScript dropper for NJRat.
Malware Analysis of a Password Stealer
Переглядів 2 тис.3 роки тому
Malware Analysis of a Password Stealer

КОМЕНТАРІ

  • @theyapper1337
    @theyapper1337 Місяць тому

    So refreshing to see a cybersecurity channel that gets straight down to business. No sponsors. No annoying thumbnails. No clickbait titles, just good malware analysis.

  • @JW-rd7wd
    @JW-rd7wd Місяць тому

    Your channel is awesome. Please keep uploading!

  • @mkwise5996
    @mkwise5996 Місяць тому

    Great video. Thank you!

  • @Valli-NayagamChokkalingam
    @Valli-NayagamChokkalingam Місяць тому

    Awesome Explanation! Blog Posts usually just give a basic idea about the analysis - videos are much clearer! Thanks Ahmed!

  • @Valli-NayagamChokkalingam
    @Valli-NayagamChokkalingam Місяць тому

    Amazing Explanation!

  • @dev-null-7w7
    @dev-null-7w7 2 місяці тому

    I love your channel 🎉❤❤❤❤

  • @neotokyo98
    @neotokyo98 2 місяці тому

    it was a long wait for the next video in this playlist

    • @ahmedskasmani
      @ahmedskasmani 2 місяці тому

      yeah, been really busy at work.

  • @firosiam7786
    @firosiam7786 3 місяці тому

    I have a 2 3 doubts sir once u chaged the name tp payload to the demon x64 bin in all places there was already some shell stored in the tp payload variable right so does that get overwriten by the payload inside the demon x64 bin. Also the whole paters of creating memmory space writing payload to it then later executing the thread wont all be beacons in itself for any av solutions can threadless injection be done to maybe a process and execution be done through some Nt function ???

  • @firosiam7786
    @firosiam7786 3 місяці тому

    What is the best way to obfuscate shellcodes i know most would get flagged but just asking to knw some best ways to obfuscate shellcode

  • @AlienCode-ss
    @AlienCode-ss 3 місяці тому

    Great series! It will be a valuable resource for new malware developer learners. As you suggested in one of the comments, prerequisites like learning X64Dbg and Windbg are important. Could you suggest some good online learning materials on these topics? Additionally, could you please create a video from a new learner’s perspective, (or might be this is first video showing a trailer for a larger series).

  • @alexhichamk6630
    @alexhichamk6630 3 місяці тому

    great video sir all the best we are waiting more videos

  • @neotokyo98
    @neotokyo98 3 місяці тому

    awsome video sir the quality of content is top notch

  • @user-uj4nq6gq5p
    @user-uj4nq6gq5p 3 місяці тому

    i was playing hamster kombat and my vpn get me this malware notificition and wont let me open hamster kombat , do they have it ?? :/:/

  • @disrael2101
    @disrael2101 3 місяці тому

    thanks but im not a windows fan can you make it for mac / ios / android?

  • @ranger5280
    @ranger5280 3 місяці тому

    Hello Ahmed, you said in the video that you have have your GitHub links to the source code in the video description, I do not see it. Could you please post it so we can review the code? Thanks

    • @ahmedskasmani
      @ahmedskasmani 3 місяці тому

      I am setting up a discord server where I will provide the code and answer questions related to the codes as well. Should be done this week.

    • @ranger5280
      @ranger5280 3 місяці тому

      @@ahmedskasmani Sounds good; looking forward to joining

  • @neotokyo98
    @neotokyo98 3 місяці тому

    could u please launch a course in udemy also for malware dev as itll be kind of cheaper and available for a many people who cant afford the 100's of dollars worth course

    • @ahmedskasmani
      @ahmedskasmani 3 місяці тому

      Let me think about it.

    • @neotokyo98
      @neotokyo98 3 місяці тому

      @@ahmedskasmani im telling that from india we dont make that much money and udemy makes a regional price parity comapred to the GDP of the country you are in many more student can learn this if it would be like that thanks for considering it hope it does happen at some point in time

    • @disrael2101
      @disrael2101 3 місяці тому

      @@ahmedskasmani +1 i'll buy it also but make it comprehensive for rev eng any app out there please

  • @chhachhiawan
    @chhachhiawan 4 місяці тому

    Kindly make a separate playlist for this series.

    • @ahmedskasmani
      @ahmedskasmani 3 місяці тому

      ua-cam.com/play/PLXlzLNcZf2-8RnKqZIYYetIuG7rnUmYz-.html

  • @oldgamerZone
    @oldgamerZone 4 місяці тому

    Great job man!

  • @neotokyo98
    @neotokyo98 4 місяці тому

    now waiting for the next video in this series sir so far loving this series wish i could have joined the course you have on maldev but its way out of my budget so following along here next time could u do a mini malware dev course for Udemy as it will kind of ensure a GDP based pricing for people from different countries around the world

  • @alexhichamk6630
    @alexhichamk6630 4 місяці тому

    Thank you sir, all the best

  • @kumaranshuman4227
    @kumaranshuman4227 4 місяці тому

    Awesome video

  • @rastakitten
    @rastakitten 4 місяці тому

    Just a noob question: why would you add logging feature in your malware?

    • @ahmedskasmani
      @ahmedskasmani 4 місяці тому

      Good Question, so the way logging is implemented is such that if u want to debug something it can be done, and when ur releasing it u can disable the logging.

  • @imranthoufeeque
    @imranthoufeeque 4 місяці тому

    Assalamualaikum... Kindly make a playlist of this please.

    • @imranthoufeeque
      @imranthoufeeque 4 місяці тому

      @@rlynotabot ha ha ha... I am ok to make if he gives me the creds 😂😂😂😂

    • @imranthoufeeque
      @imranthoufeeque 4 місяці тому

      @@rlynotabot No bro i appreciate what he is doing... I am not sure if I can make a playlist of his content in his channel itself.. As per my knowledge they only have to create a playlist... If its not included under the playlist it will scattered..

    • @ahmedskasmani
      @ahmedskasmani 3 місяці тому

      ua-cam.com/play/PLXlzLNcZf2-8RnKqZIYYetIuG7rnUmYz-.html

    • @imranthoufeeque
      @imranthoufeeque 3 місяці тому

      @@ahmedskasmani Jazakallahu khaira brother

  • @elliot-hacks
    @elliot-hacks 4 місяці тому

    Impressive demonstration 🙏, I'm always excited with malwares

  • @Br4dButt0wski
    @Br4dButt0wski 4 місяці тому

    Great content. I wish you had playlists for your different topics to make it easier to follow them.

  • @aironmanDiver
    @aironmanDiver 4 місяці тому

    Hi ! From a point of view , it is fun to learn this techniques, but it exists a responsibility to tech the way to prevent and fix this malware

  • @alexhichamk6630
    @alexhichamk6630 4 місяці тому

    Hell Mr Ahmed, Inchaa Allah you are in good health, thank you for these great videos can you please make an introduction video for the beginners in malware dev, like the languages we need to learn and so on Thank you very much

  • @neotokyo98
    @neotokyo98 4 місяці тому

    greatfull for you to start this series, im from india and could not afford many courses out there which are worth 100s of dollars to learn mal dev hopefully this series continues in a timely manner and many people from different parts of the world could learn these techniques

  • @mohsinhafeez
    @mohsinhafeez 4 місяці тому

    thank you!

  • @lofi_spirit
    @lofi_spirit 4 місяці тому

    sir, i am gettig this error : error : " [+] Setting password to never expire to avoid that a password expiration blocks the installation... Set-LocalUser : The term 'Set-LocalUser' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At D:\flare-vm-main\flare-vm-main\install.ps1:318 char:5 + Set-LocalUser -Name "${Env:UserName}" -PasswordNeverExpires $tru ... + ~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (Set-LocalUser:String) [], ParentContainsErrorRecordException + FullyQualifiedErrorId : CommandNotFoundException " AND also showing a warning that we are not running it in virtual machine so will it affect our system?

  • @zyadelzyat
    @zyadelzyat 5 місяців тому

    great work ❤ may i ask if i want to make a script to resolve those hashes at once what can i do ?

  • @MalwareHunter_07
    @MalwareHunter_07 5 місяців тому

    hey great explanation but i wanted to know whats the final payload dll have impact on the system? or just a sideloading

  • @arizvisa
    @arizvisa 5 місяців тому

    setting operands to enum, and renaming frame members is something that you should also be scripting.

    • @ahmedskasmani
      @ahmedskasmani 5 місяців тому

      Good point. I was being lazy about it :)

  • @bilalsiddiqui9341
    @bilalsiddiqui9341 5 місяців тому

    brilliant. i love how you make something so detailed, like reverse engineering/malware analysis, seem so straightforward and clear. hope to see more vids in the future until i can afford the course!

  • @MalwareHunter_07
    @MalwareHunter_07 5 місяців тому

    make one video on blackmatter & lockbit ransomware analysis

  • @neotokyo98
    @neotokyo98 5 місяців тому

    could you do a video on how someone could look for malware if he has doubt wether his system is infected or not

  • @mohamedlmad
    @mohamedlmad 5 місяців тому

    goooood

  • @bhumiputra6108
    @bhumiputra6108 5 місяців тому

    Eagerly waiting for your next video

  • @Edison-newworldBlogspot
    @Edison-newworldBlogspot 5 місяців тому

    Super analysis

  • @bilalsiddiqui9341
    @bilalsiddiqui9341 5 місяців тому

    awesome!

  • @babbalaminou5956
    @babbalaminou5956 5 місяців тому

    Great work

  • @MalwareHunter_07
    @MalwareHunter_07 5 місяців тому

    elastic search service stopping after a while? any solution

  • @MalwareHunter_07
    @MalwareHunter_07 5 місяців тому

    you have changed the ip address is it ubuntu ip right?

  • @R3v0ult
    @R3v0ult 6 місяців тому

    brilliant video

  • @disrael2101
    @disrael2101 7 місяців тому

    great sounds amazing.. what about mac / linux / ios / android similar course? as i'm not a windows fan e.g. pegasus

  • @rizwanmehboob4725
    @rizwanmehboob4725 7 місяців тому

    Great work as always. The syllabus is indeed in-depth and full of advance topics. Note taking during a course is always painful and notion is looking promising. Thank you for sharing.