I know you aren’t sure about the value of showing things like breaking user policy but I have to say, there is a ton of value in seeing that. I actually met you at B Sides in SF last year and mentioned that one of my favorite things about your videos is observing your process. So many of us have gotten where we are by trying and breaking things and once in a while, we feel…dumb lol. Seeing someone else going through a lot of the headaches we have or struggling with some of the same things we have is both valuable and extremely helpful. Please keep making awesome content good sir and thank you!
That is interesting, I am also curious about what it attempted to write and what about windows login writes to the HKCU. That if we know that and the agent or process of the system/user that does it, a tighter security measure could be put into control and a better understanding of what is and isn't needed. Though part of me suspects that HKCU is a fully temp tree, that is recreated each and every time on login, but I am not sure... a deeper dive on this would be of value I think.
i knew this would make a good and unusual educational video, glad to see u took my recommendation for a video idea and kinda used it in a more safe way. (if u even used my idea lol).
also a note: my situation actually had it posting a .log file, not downloading it. and as far as restricting, you should set powershell to only be interactive mode, which means it doesnt run scripts, this is what stopped mine from executing and made it a little more safe.
anyrun needs to improve their SEO because I was looking for this one a month ago!!! why don't just include "online virtual machine" in the description? please help others with this! make more easy and simple descriptions. I know it can do some fancy stuff but remember most of us just want to test a site to see if it's a malware etc.
most of modern antimalware softwares nowadays blocks PowerShell execution ( notify user for ask permission ) in HIPS technology so if anyone configure HIPS properly i think it would stop most of malicious codes
Nothing better than some John Hammond to start the morning
This guy got coffee too?
coffie will do the same to
id watch the unlisted video, always exciting seeing the journey
he is very good with sublime text editor!
Because of this videos i was able to be quite high in rankings on Huntress ctf so keep em coming friend (also first ctf ever).
love this kind of content ❤
That's the content we want to see john , Thank you !
You're looking for a very big applause to thank you so much john sir.
he may olso work for a government ....infidel FBI.
I know you aren’t sure about the value of showing things like breaking user policy but I have to say, there is a ton of value in seeing that. I actually met you at B Sides in SF last year and mentioned that one of my favorite things about your videos is observing your process. So many of us have gotten where we are by trying and breaking things and once in a while, we feel…dumb lol. Seeing someone else going through a lot of the headaches we have or struggling with some of the same things we have is both valuable and extremely helpful. Please keep making awesome content good sir and thank you!
That is interesting, I am also curious about what it attempted to write and what about windows login writes to the HKCU. That if we know that and the agent or process of the system/user that does it, a tighter security measure could be put into control and a better understanding of what is and isn't needed.
Though part of me suspects that HKCU is a fully temp tree, that is recreated each and every time on login, but I am not sure...
a deeper dive on this would be of value I think.
Haven't seen a lot of deobfuscation lately, nice one
Now to modify the kernel to make your changes actually functional. :)
pronunciation of the word "malware" as "meowlware" so cool😊
Hi John I am Heather Hammons, I went to school with a Hammond at Rio Linda High school
i knew this would make a good and unusual educational video, glad to see u took my recommendation for a video idea and kinda used it in a more safe way. (if u even used my idea lol).
also a note: my situation actually had it posting a .log file, not downloading it. and as far as restricting, you should set powershell to only be interactive mode, which means it doesnt run scripts, this is what stopped mine from executing and made it a little more safe.
John! In order for this to work, threat actors have to input those HKCU keys into the system, how would that be done?
i missed these
Was that website limited to 100 users? It seemed to be still active - very active
Fanglette9. You can't help but love these obfuscated function names.
Hi!
anyrun needs to improve their SEO because I was looking for this one a month ago!!! why don't just include "online virtual machine" in the description? please help others with this! make more easy and simple descriptions. I know it can do some fancy stuff but remember most of us just want to test a site to see if it's a malware etc.
Nice video @john
is this gonna be 'the epi-center of detonation' and a very big problem for the host?
I would just disable autoruns entirely if not necessary for the organization
I find it amusing that someone who was once Coast Guard is talking about *land* mines. Not a criticism of course, but ...
Hello
👍👍👍👍👍👍👍👍👍
Become my tutor.
That's Norwegian or Danish.
what is html ?
dang
Diddy ram
Is it love?
😂 duh!
Why are you selling malware on an anti-malware video
Pwsh
most of modern antimalware softwares nowadays blocks PowerShell execution ( notify user for ask permission ) in HIPS technology so if anyone configure HIPS properly i think it would stop most of malicious codes