Thanks for the video. Is the anyrun segment part of a sponsored deal? If not, I would have preferred you continued to demonstrate how to deconstruct the malware locally. There's a lot of educational value and wisdom potential being lost by moving things to an online platform that requires a subscription vs local
I love your videos, as a foreigner and because I don't speak native English, I feel very comfortable and can understand everything because of the calm and concise way you speak. In addition to practicing my English, I learn a lot about cyber security
I learned English by watching lot of UA-cam videos like this. If you are curious enough and/or determined, you'll be able to write some English poetry pretty soon. ;D
@@Alfred-Neuman I don't understand foreigners' fascination with English poetry. Why is poetry something that so many non-English speakers flock to when they learn English? Why not debate, or music, or popular speeches, or literature- why _specifically_ poetry? What is so special about poetry?
I kind of like the sublime approach to clean the sample up but I also would be interested into automating stuff like this (guess R.E.M has tools for this). For example, deleting variables that are assigned but never used should be a pretty easy task.
Seems to be fluff to obfuscate the code itself. Seems like Danish-inspired gobbledegook, words stacked without meaning, though a scanner would not know (at least not before AI). 😮
The point is that anyone who finds the malware but doesn't know how to handle this (including antiviruses) will likely not try to, which hopefully buys some more time before it gets logged into a malware registry. Inflated file sizes also stop VirusTotal and some antiviruses from analysing the file
? Everyone in the AD world uses UAC. You don't want your end users in a lower privilege group policy to just download and run anything without UAC. You're opening yourself up to so many threat vector by doing that.
@@nezu_cc other than stealing files via emails and accessing network, everything else should require UAC via group policy (cmd, pwsh, windows native file encryption tools, vbs, portable exe etc..). Even then, group policy should dictate which user have access to which network drive. Outlook is the only email client used. Attachment is disallowed unless sending to internal email.
dude you move through this file like butter
he did it before, this is a planned demo. Normal stuff you should be able to do at work
@@nickadams2361😊😊😊😊😊😊😊😊😊
It is rehearsed
Thanks for the video. Is the anyrun segment part of a sponsored deal? If not, I would have preferred you continued to demonstrate how to deconstruct the malware locally. There's a lot of educational value and wisdom potential being lost by moving things to an online platform that requires a subscription vs local
VSCode has a powershell formatter
I feel like such a casual that I know none of the tools John is using, while VSCode is too casual for John to know it has a Powershell formatter 😭
The point is teaching us to not need to rely on such things, and to know what it is we are seeing with our own eyes. ;)
I love your videos, as a foreigner and because I don't speak native English, I feel very comfortable and can understand everything because of the calm and concise way you speak. In addition to practicing my English, I learn a lot about cyber security
I learned English by watching lot of UA-cam videos like this.
If you are curious enough and/or determined, you'll be able to write some English poetry pretty soon. ;D
@@Alfred-Neuman I don't understand foreigners' fascination with English poetry. Why is poetry something that so many non-English speakers flock to when they learn English? Why not debate, or music, or popular speeches, or literature- why _specifically_ poetry? What is so special about poetry?
@@severinghams
How many languages do you speak outside of English?
i know nothing about computers, but i watch your videos to feel something
You're take on the Apex stuff was AWESOME, thanks John!
Nice start, but next time if you want to promote a tool, just go to the point and state it in the Title. Tx.
Treat at the end~ love John's laugh😅❤
I'd really like to see your homelab setup and see how you run things and do your investigations and with what tools and stuff.
I didn't know about that UAC bypass
I kind of like the sublime approach to clean the sample up but I also would be interested into automating stuff like this (guess R.E.M has tools for this). For example, deleting variables that are assigned but never used should be a pretty easy task.
Love the threat analysis using the dynamic analysis. Again, thanks john for another fun schooling video
Pro tip- change the speed to slower if you cant keep up with the commands fully, yet, like me.
Very insightful. Thank you for doing this video.
hey fan from Morocco, all the love !!
a lot of danish words in that code
Seems to be fluff to obfuscate the code itself. Seems like Danish-inspired gobbledegook, words stacked without meaning, though a scanner would not know (at least not before AI). 😮
Thanks
First one ooooo now i have millions in my account
Never thought Id see Bonzi Buddy again.. XD
Hello Mr Hammond it is possible to defend against these type of attacks? Sorry for my english
If your end users don't use/run vbs/batch/PS1 scripts. You can make a group policy to require UAC to run them or disable them completely.
I hope you discuss Qlin Ransomware, and how to overcome it (recovery)
I really like this one!!
Love from Bangladesh ❤
Why did you bang ladesh tho, poor fella
What was the intended use of this .ini file and the class named by the guid?
why vbs is required to deploy remcos and not deploying remcos directly?
Vbs was just a stager to build the powershell to run. Basically the hacker was trying to hide what they were doing behind a bunch of dead end code.
The point is that anyone who finds the malware but doesn't know how to handle this (including antiviruses) will likely not try to, which hopefully buys some more time before it gets logged into a malware registry.
Inflated file sizes also stop VirusTotal and some antiviruses from analysing the file
NICE this is really menace :)
Awesome video
Hi
hi man
fan from india
You guys use uac?
? Everyone in the AD world uses UAC. You don't want your end users in a lower privilege group policy to just download and run anything without UAC. You're opening yourself up to so many threat vector by doing that.
@@UnfiItered vector these nuts
@@liljeep3631 okay, obviously you're a troll.
@@UnfiItered don’t need uac
@@nezu_cc other than stealing files via emails and accessing network, everything else should require UAC via group policy (cmd, pwsh, windows native file encryption tools, vbs, portable exe etc..). Even then, group policy should dictate which user have access to which network drive. Outlook is the only email client used. Attachment is disallowed unless sending to internal email.
voice
NICE!😃
I love y john
Whole lot of Danish word in that sample..
Where can we obtain this sample for free
malware bazaar
mom
sure love assimilationist one hundred thirty nine
I... i got so fucking lost. To be fair idk shit but i still find coding nonsense interesting
❤❤❤❤❤❤
Chapters please?
@#
mobile no.
It's in Danish.
Fucking intel
bhabhi
ur audio sounds weird
What's weird about it?