Hey watched all the 16 videos of this series and liked it vl.. Very informative and very well explained . Where are the other parts of analysis.. I Mean Dynamic Analysis... Please post videos on Dynamic analysis.. ..Thanks for posting such videos it helps a lot!!
Bonjour, pouvez-vous m'aider j'ai écrit la règle yara j'ai pris l'échantillon du malware mais quand je fais le test avec l'option -r et -s on me renvoi rien comme le résultat qu'il y a bien des chaines que j'ai spécifié pour la correspondance. Merci de m'aider s'il vous plait
I'm not sure if you'll see this, but in your demo, you "anded" the $MZ variable. it ran, because the three URLs were present so the Boolean logic returned true. But if the MZ wasn't present, you'd still return true if variable A or B was present, correct? I read this s "If A is true, or if B is true or if C AND MZ is true, return". Should the logic not be (($A or $B or $C) AND $MZ)? New user, only experienced with other nested boolean queries.
Someone told me that "Yara rules can also be used to convert a big data set in the form of clusters in machine learning " and it has a different use at different platforms. Is it true?
hi brother, can you make a tutor for Linux package update problems, because when updates always occur errors and enter grub rescue mode which when I enter for normal insmod mode the result is always that the file does not exist, x86_amd64 / normal.mod Thanks 🙏
YARA rules are a way of identifying malware (or other files) by creating rules that look for certain characteristics. Now you can write some Yara Rules and plug them into your EDR/AV solution to identify any behavioral aspect and hence block/quarantine the sample in question so that you can stop the attack before reaching to delivery stage in Kill-chain. That would solve your problem.
So is this how experts are able to say "this sample that has never been seen before is actually a variant of Emotet", for example? What if a sample is packed?
Bit of a late reply, but they can detect that its packed which can be very suspicious especially if the file is not digitally signed (often times antiviruses simply just classify a file as malicious if its packed in such a manner because they are unable to properly read and analyze its code; however, this naturally can lead to false positives). What anti-viruses typically do is something called "Heuristic analysis" by where they run the executable in a sandbox (a virtual machine if you will) and dynamically analyze its behavior on runtime (if its creating a registry key to achieve persistence such as making the executable run on startup, if its trying to delete system32 files, connecting to a weird IP, etc.). They also scan for patterns (typically a series of assembly op codes unique to that malware or family of malware) and other malicious strings/values once the executable loads and unpacks itself in memory. If the executable is deemed to be malicious during this heuristic scan, naturally the anti-virus will prevent it from running on the host computer and alert the user/quarantine the binary. Even though heuristic scanning can sound very performance heavy, this is often done quite quickly and thus is a viable solution for AV vendors and end users alike. I hope this answers your question!
Great content, thank you! A kind request, please...Even watching in 1080HD, the screen of the Windows machine is not readable. Could you please address that? Once again, thank you a lot! Referring to the app used to extract the URLs and MZ (Hexadecimal Value)
My fb account was hacked and then my pubg mobile account hacked 😥😥😥😥 I am very disappointed Hacker disable my fb account Plsss help me anyone plssss help🙏🙏
brother please can you make the video how to connect any mobile phone using python command please brother iam asking any video how to connect any mobile phone using python
Good tutorial, much better than those with powerpoint only. Thanks for sharing!
Subbed. Waiting for the rest of this course. Great work, man!
Thanks for this amazing Bootcamp. Please upload next videos.
We want more videos about web app pentesting ..👍
U r doing great job..thank you.
Waiting for your...dynamic analysis videos.
Hey watched all the 16 videos of this series and liked it vl.. Very informative and very well explained . Where are the other parts of analysis.. I Mean Dynamic Analysis... Please post videos on Dynamic analysis.. ..Thanks for posting such videos it helps a lot!!
Helped a lot in starting with YARA !
You have bug in your Yara rule (check how evaluation of url strings affects AND operator)
Awesome video man Love from India Appreciating you hard work for the community. Love you
can i write a rule based on "This program cannot be run in dos mode" this string?
Bonjour, pouvez-vous m'aider j'ai écrit la règle yara j'ai pris l'échantillon du malware mais quand je fais le test avec l'option -r et -s on me renvoi rien comme le résultat qu'il y a bien des chaines que j'ai spécifié pour la correspondance. Merci de m'aider s'il vous plait
Sir,I like your viedeos very much, I am waiting for you next vedio,I like binary analysis very much.Thanks!
I'm not sure if you'll see this, but in your demo, you "anded" the $MZ variable. it ran, because the three URLs were present so the Boolean logic returned true. But if the MZ wasn't present, you'd still return true if variable A or B was present, correct? I read this s "If A is true, or if B is true or if C AND MZ is true, return". Should the logic not be (($A or $B or $C) AND $MZ)? New user, only experienced with other nested boolean queries.
Can default Yara become a 24 hours background running process and if it is matched it will fire and email?
Someone told me that "Yara rules can also be used to convert a big data set in the form of clusters in machine learning " and it has a different use at different platforms. Is it true?
hi brother, can you make a tutor for Linux package update problems, because when updates always occur errors and enter grub rescue mode which when I enter for normal insmod mode the result is always that the file does not exist, x86_amd64 / normal.mod
Thanks 🙏
Where can I learn more about malware analysis?
Loved the tip about the free VMs, even though they are 90 day versions.
take snapshots
Nicely done. Thanks!
great, always after 4 Years :)
Hi
I tried to communicate with you but I couldn't I have a problem with Kali Linux
Bach: jarsigner command not found
What should I do ??
batch
Will this course continue?
can we create Yara rules for malware prevention or it can be used only for malware detection
YARA rules are a way of identifying malware (or other files) by creating rules that look for certain characteristics. Now you can write some Yara Rules and plug them into your EDR/AV solution to identify any behavioral aspect and hence block/quarantine the sample in question so that you can stop the attack before reaching to delivery stage in Kill-chain. That would solve your problem.
the sample files asks for password, what is it?
Great explanation thankyou!
make more videoss on yara and ida pro and olly debugger
So is this how experts are able to say "this sample that has never been seen before is actually a variant of Emotet", for example? What if a sample is packed?
Bit of a late reply, but they can detect that its packed which can be very suspicious especially if the file is not digitally signed (often times antiviruses simply just classify a file as malicious if its packed in such a manner because they are unable to properly read and analyze its code; however, this naturally can lead to false positives). What anti-viruses typically do is something called "Heuristic analysis" by where they run the executable in a sandbox (a virtual machine if you will) and dynamically analyze its behavior on runtime (if its creating a registry key to achieve persistence such as making the executable run on startup, if its trying to delete system32 files, connecting to a weird IP, etc.). They also scan for patterns (typically a series of assembly op codes unique to that malware or family of malware) and other malicious strings/values once the executable loads and unpacks itself in memory. If the executable is deemed to be malicious during this heuristic scan, naturally the anti-virus will prevent it from running on the host computer and alert the user/quarantine the binary. Even though heuristic scanning can sound very performance heavy, this is often done quite quickly and thus is a viable solution for AV vendors and end users alike. I hope this answers your question!
thanks waiting for more
Thanks for this!
Hi the malware sample has a password on it , what is the password
Great job!
Great content, thank you! A kind request, please...Even watching in 1080HD, the screen of the Windows machine is not readable. Could you please address that? Once again, thank you a lot! Referring to the app used to extract the URLs and MZ (Hexadecimal Value)
Password for unzip file?
ZIP password is “infected”
😊😊😊😊
Lol that’s my channel name such a coincidence
very good
thank u alotttt... :D
Sir malware analysis please
My fb account was hacked and then my pubg mobile account hacked 😥😥😥😥
I am very disappointed
Hacker disable my fb account
Plsss help me anyone plssss help🙏🙏
Yikes watched all episodes until here and still feel like a maleware noob.
منور اسمي😍
بالضبط 😂😂😂
thank youu
Good
i mean how to hack any mobile using pythone command please brother
brother please can you make the video how to connect any mobile phone using python command please brother iam asking any video how to connect any mobile phone using python
First
Guys ZIP password is “infected”
Pin my comment please
Go focus on your last "t" when you speak.