Embed Malware in Alternative Data Streams
Вставка
- Опубліковано 1 жов 2024
- Hey Hackers!
MalwareDNA: github.com/Cos...
I hope you enjoyed the video. If you have any questions make sure to leave them in a comment down below. You can also contact me through my website on the "Contact and Information" page or on my discord server.
Want to support CCS?:
Happy Hacker: cosmodiumcs.co...
GoFundMe: www.gofundme.c...
Socials:
Website: cosmodiumcs.com
Instagram: / cosmodium.cs
GitHub: github.com/Cos...
Discord: / discord
Make sure to like and subscribe!
Happy Hacking!
Awesome 👏 thank you for this walkthrough I definitely trying it out.
hi mate i'm just starting in this world and i don't know wich pc buy, what are your pc components?, and which pc would you recommend me to buy?. thanks for sharing this interesting videos
Yeah ofc! I honestly just have a laptop and a mic lol. I don’t even have an external keyboard atm XD. But honestly get something with decent storage 256GB -1Tb), a modern CPU, and RAM (8gb minimum). If ur gonna do a weirdly large amount of password cracking (or gaming) then get a good graphics card but most will suffice.
My components:
32gb ram
1tb storage
11th gen intel i7
Intel Iris Xe graphics card
@@CosmodiumCS thank you bro!!! greetings from México
I'm a little late to the party, but this and your video on shortcutting malware on USBs work very well together. Especially since this wont show even if people have their pc set to show hidden files/folders.
i don't know why this never crossed my mind hhahaa! epic 🔥
This techique stop working. Syntax is incorrect
Why?
This only worked for me when using cmd instead of Powershell
This is so cool. Qustion would an AV be able to detect this say if it was in a folder with another .exe that run the alternate stream .exe?
Yeah that’ll likely work, AV will be more concerned about the main exe then it would be for the ads exe.
@@CosmodiumCS wow this is so cool
Cosmos taking this game on a different level. Got a lot out of this video. Been playing around with some Rust recently, what do you make of Rust for mal dev or offsec in general?
I genuinely think it’s a great language with a lot of needed capabilities. New languages for malware are great because AV has not yet recognized its compilation signatures. However, there’s a “new” language every year. Rust, Go, carbon, nim, most recently “zig”. These languages have not yet hardened and likely have numerous vulnerabilities that will need to be patched down the road. We saw this with java and log4shell. C/C++ have been out for decades and have had years of tweaks and fixes. I will probably learn rust later this year but i do have concerns about new languages in the wild. Hopefully them being out in the wild gives them the opportunity to harden :)
@@CosmodiumCS Mate trust me Rust is alot safer than C and C++ when it comes to security or vulnerabilites. Rusts number 1 priorty has always been safety otherwise it wont let you even build an executable. Its got numerous amount of security mechanisms and things like buffer-overflow attacks are out of the question in RUST. Its also got the cargo feature which is much more convieniant to download external libraries comparitively to C and C++. I think you should defo give it a go.
@@menatic4577 oh bet! I didn’t know too much about it. I’ll def give it a shot🔥. May be time to learn another language 😭
@@CosmodiumCS thats true, rust is the most secure of all programming languages.
hey
Yoo!!
Cosmodium Bro!!! Love your work man. Your explanations are easy to grasp and experiment. New Sub activated. Quick suggestion Cosmodium bro, could you do AV and *DR evasions?
Great suggestion! I will def pull some of that content together. Appreciate the kind words :D
i have a question. if you remotely host this malware through tcp and a victim downloads the ads.png file, does it automatically get all the alternate data streams, or are those completely seperated from the actual file?
I think I mentioned this in the video but u usually need to zip it in order to pull down the ads. Unless if u host it on an ntfs and not ext4, u may not have to zip it. (But i would try and see)
@@CosmodiumCS thanks
Is there a way to execute hidden payload in ads? It seems like the whole purpose of this techique is kinda usles, since you would need an separate file that will execute payload in ads. Great tutorial tho! 😊
Hey! I would definitely not say it’s “useless”. It’s a fairly common side channeling technique, especially for hiding and spreading malware on a system. Yes..u do need a separate payload to execute, but like most malware, having this stager is a lot less inconspicuous than directly running the malware
Great tutorial!
Is is basically steganography?
Thank ya! But no it is not steg. Steg is to embed the malware in the file or its metadata. ADS is connected to the file, but not in it. ADS could be considered to be in the same category but the embedded payload can only exist on the ntfs file system. if you were to load the ads.png with all the embedded files on to a linux machine, the data streams would be wiped (unless u zipped it)
@@CosmodiumCS ohh I see, I was asking because I'm working on malwares detection in WAV file and steganography, just asked on the discord server about that because there's a lack of info about malwares in audio files
@@Echownz OHH WASSUP DEFALT! I never know the connections between the discords and the YT’s. You been watching for a while lmfaoo. But yeah there isn’t too much about WAV file ransomware. I’ll be making a video on polyglot files soon. Could probably help with your project 🔥💯
@@CosmodiumCS yeah LMAO the usernames doesn't match but finally you got it ;)
What happened to your python C2 project? Did you discontinue it?
Yes, because i made it better👀. Vid on it soon!
Excelent tutorials 💯💥 Plese continue with this metods 👍👍
Will do!