Hey John, I've been following you for a while now and watched almost every video of you because you really have a high quality content and I learned a lot from it. Way back 2019, I didn't really have the money to get a laptop and what I did was just watch your videos and I learned a lot even though I was just watching. Today, a hiring manager called me and told me that I am now officially hired and a part of an international bank's cybersecurity team. You played a big part of my success. You just don't know it. Thank you so much man. Don't stop leading us to the right path
Great video, John. Something to also note is that this challenge could be solved with the "oleobj" script from the oletools package (same package that olevba comes from). Running it on the PowerPoint will instantly spit out the malicious payload and then it's just a matter of doing the URL decoding and Base64 decoding as you showed. Thanks again for all the great content!
@@TheMadHaxor The new office formats are just standard ZIP files with special structure. The content is XML based. Older Office files are based on OLE structured storage. So yeah, its just a container.
Hi John, I'm new to your channel and I'm loving it so far. I work as a C# .Net Developer, but don't know much about networking and would really like to start learning more about cyber security and how to use my programming knowledge for it. Any advice on where to start? Maybe any book or website to get me started?
You taught me that Office suite files are binary blobs that could be extracted/unzipped. In return, I offer that usually the newer Office suite extensions either have x or m; m stands for macro-enabled. (i.e: pptx (powerpoint) / pptm (macro-enabled powerpoint); xlsx / xlsm)
Just commenting because I find it funny. Not criticism or anything :P 2023 requires disclaimers 1) worried about security, download subl extensions without checking if they are safe at least on high level 2) unregistered subl version. Totally agree with that after they started forcing users into undesired upgrades and charging full price again
John, could you please do a video on the Obsidian note taking app? I usually write my CTF notes on paper but it would be so much better doing it on the computer.
Bro how do you do this so easily. I've been using Kali for a while now and barely no the basis. I saw you used some sort of "app store" when searching for a XML decoder. Does Kali have that option built-in or is it something I can GIT.
I can not seem to find a video of john hammond where her reverse engineer a malware, then he analyses the shell that the malware opens, and after that john hijacked that shell to hack back the C2 server, and he got a reverse shell with the C2 server if anyone knows the video's name, plz write it down
Hey , I am solving machines by reading and wathcing many walkthroughs still having problems solving machines by researching on my own , would you please provide some seris of boxes wher i can go and work on .
Hi john If some one challenged you to create a script virus and he should clean That virus without reading the script he can use what ever tools to clean that virus he can scan that virus with some restrictions , would you take that challenge ?
How this attack works in real world. Is there any blog for reference using powerpoint without macros for phishing? Or how to add these xmls in powerpoint?
Hey John, I've been following you for a while now and watched almost every video of you because you really have a high quality content and I learned a lot from it. Way back 2019, I didn't really have the money to get a laptop and what I did was just watch your videos and I learned a lot even though I was just watching. Today, a hiring manager called me and told me that I am now officially hired and a part of an international bank's cybersecurity team. You played a big part of my success. You just don't know it. Thank you so much man. Don't stop leading us to the right path
I put my Nahamcon certificate on my resume and it did help a lot.
Where there is will there is a way..
@@viv_2489 yes that indeed is true. I'm currently on work right now!
Great video, John. Something to also note is that this challenge could be solved with the "oleobj" script from the oletools package (same package that olevba comes from). Running it on the PowerPoint will instantly spit out the malicious payload and then it's just a matter of doing the URL decoding and Base64 decoding as you showed. Thanks again for all the great content!
That was so quick and masterful I didn`t even notice when it was over! Awesome!
CMD: What is my job?
Invoke powershell
the more I learn, the more I get the impression that a Rick was involved somewhere down the line.
Or wsl bash
I never got to chance to thank you, so thank you John Hammond for your time, your devotion, for teaching us ! You deserve respect !
NO DOUBTS ! one of the best youtube channel ever !
The man, the legend, The Hammond! You're the man bro! This inspired me.
Great Video! I have gained so much knowledge by just watching your videos and then trying them myself.
Thanks for these videos John. I have learned a ton from you that I can apply to my day job.
"You can unzip PowerPoint file"
The more you know~
For real though didn't know that haha
Only the newer ones. If I'm not mistaken, the old ones should be binary formats.
@Simon Hansen you are correct. Docx is a ole zip file while anything earlier than 2007 (doc for example) is binary
@@sikkavilla3996 just the container or everything? I'm 3/4 weeks into self study
@@TheMadHaxor The new office formats are just standard ZIP files with special structure. The content is XML based. Older Office files are based on OLE structured storage. So yeah, its just a container.
Hi John, I'm new to your channel and I'm loving it so far. I work as a C# .Net Developer, but don't know much about networking and would really like to start learning more about cyber security and how to use my programming knowledge for it. Any advice on where to start? Maybe any book or website to get me started?
You taught me that Office suite files are binary blobs that could be extracted/unzipped. In return, I offer that usually the newer Office suite extensions either have x or m; m stands for macro-enabled. (i.e: pptx (powerpoint) / pptm (macro-enabled powerpoint); xlsx / xlsm)
appreciate ur knowledge..
You are magic. Thanks for teachings
Thanks fella. This was one that I managed to follow and understand quite easily for once.
Thank you
Oh My phuking god , So much to learn!!
Thank you!
Well Done
I never knew about URL safe base 64 encoding... nice
😂 well now you know. Keep learning! people who keeps learning stays young, people who stops learning is old.
Thanks for that base64 tricks at the end
wow amazing
good stuff, nice vid!
Very cool
I notice the fake "download URL" doesn't seem to be well formed - there's only 1 / instead of 2 ...
Awesome!
Just commenting because I find it funny. Not criticism or anything :P 2023 requires disclaimers
1) worried about security, download subl extensions without checking if they are safe at least on high level
2) unregistered subl version. Totally agree with that after they started forcing users into undesired upgrades and charging full price again
Very interesting content
I learned so much thanky ou.
John, could you please do a video on the Obsidian note taking app? I usually write my CTF notes on paper but it would be so much better doing it on the computer.
the newer office docs. are like zip archives. use didier stevens tool, zipdump
Nice content ...
Very nice
cool man.
Cool!
Please tell which linux distro 2021 is best for ( Raspberry pi 4 model B 8 GB ram) for ethical hacking pentesting or cyber security
Good music though at the outro
Bro how do you do this so easily. I've been using Kali for a while now and barely no the basis. I saw you used some sort of "app store" when searching for a XML decoder. Does Kali have that option built-in or is it something I can GIT.
John is using Ubuntu in this (and most) videos. The "app store" he used is part of Sublime Text.
@@HAGSLAB can you still install the same tools as Kali? Using Ubuntu
@@liamtwine2267 Yes, it's just very handy with Kali, because it comes with a lot of pentest tools installed by default.
I can not seem to find a video of john hammond where her reverse engineer a malware, then he analyses the shell that the malware opens, and after that john hijacked that shell to hack back the C2 server, and he got a reverse shell with the C2 server
if anyone knows the video's name, plz write it down
OP
nice
Hey ,
I am solving machines by reading and wathcing many walkthroughs still having problems solving machines by researching on my own , would you please provide some seris of boxes wher i can go and work on .
I can't imagine how this Guy master this hacks
Hi john If some one challenged you to create a script virus and he should clean That virus without reading the script he can use what ever tools to clean that virus he can scan that virus with some restrictions , would you take that challenge ?
"Nice and easy" yea right easy 😂😂 omg man this is crazy haha
Anyone know which os he is using?
It doesn't matter the OS what matters is what you do with it
Ubuntu
How this attack works in real world. Is there any blog for reference using powerpoint without macros for phishing? Or how to add these xmls in powerpoint?
There is a Base64 that’s URL safe?? Holy shit
Noice
🤴🤴🤴🤴🤴🖤🖤🖤🖤🖤
Who the is this 4 guy 😡
I can unzip Office files 🤯
Plz improve your montage skills
Thank you