This is by far the most comprehensive channel about windows malware injection I have never seen yt channels with such depth,you kindled my interests in c/c++ development once again. Thanks for all the videos! I really appreciate it!
Thank you so much for this series of videos! The explanations are crystal clear and you go straight to the point! I'm looking forward to get in-depth onto more privilege escalation techniques! Keep up with the good work!
Thank you for the video! Liked and subscribed. I would love to see the repo for the PoC as the link you included in the video description returns a 404.
Hey mate! Thank you for your kind words! I was fixing some issues with the repository so I made it private for sometime. Now, It is available here github.com/Vedant-Bhalgama/Access-Token-Manipulation-POC
I am planning to release a bigger and better course on Udemy which covers everything from basics. And talking about this series on UA-cam, I mostly will be uploading one more video which will be the last.
@@ActiveXSploit thanks because I need that learning very important for me you can also make vedios in Hindi and English both it'll be approachable by others as well
What exactly did you exploit? hacker was already the admin account on the system who could enable the SeDebugPrivilege on himself, so there was nothing unofficial going on. What exactly did you steal?
Mate, i escalated from a local admin to SYSTEM user, If you gain SYSTEM level privileges you can do almost anything. Also, if you are a standard user you won't have the SeDebugPrivilege. But a local admin has it, which can be used to gain SYSTEM privileges via this technique
@@ActiveXSploit This is what I'm asking. A process running as admin can enable SeDebugPrivilege on itself, and therefore escalate itself to a SYSTEM user using official WinAPIs right? So does that mean in Windows there is no security boundary between an admin user and a SYSTEM user? I'm really having a hard time understanding this.
Yes, we escalate using official windows api function calls. And there is a security boundary between the local administrator and the system user. The NT Authority System is an account which is used by the operating system and by the services ran under windows, and this account has the highest privileges so you can imagine the possibilities if you can escalate to NT Authority System. Also, A local administrator also has maximum rights on the system but not as the NT Authority system.
@@EvilSapphireR not all admins have sedebug privilege. we can strip off the privileges from the token. so attacker cannot enable sedebug privilege. see restricted tokens in msdn documentation
I understand you mate, But the thing with Python is that, The payloads easily get detected in it. Also, C is a lot better if you wanna do stuff with Windows API and not Python.
With all respect to Python, that's not a language suitable for this kind of task. All payloads must be (at least) compiled and with a reasonable low size. If you try to compile a Python payload it'll include all the stdlib in the executable and, as said, is infinitely more detectable for IDS/Antimalware solutions.
@@0x370c2de Exactly, size is a big issue too, also, If you compile your python file to an executable via pyinstaller, It will automatically get flagged as malicious file for no reason, Even if your file is clean, It will still get flagged by a lot of AVs for no reason
This is by far the most comprehensive channel about windows malware injection
I have never seen yt channels with such depth,you kindled my interests in c/c++ development once again.
Thanks for all the videos! I really appreciate it!
I appreciate your kind words! Do share my videos to other people who need such content too!
Thank you so much for your videos, I was looking forward to the next one! Don't stop sharing knowledge friend.
Thank you so much for this series of videos! The explanations are crystal clear and you go straight to the point!
I'm looking forward to get in-depth onto more privilege escalation techniques!
Keep up with the good work!
Thank you so much mate!
I concur, excellent teaching. Please release more. Maybe write a book, Udemy channel??
Will make udemy courses in future for sure
Thank you for the video! Liked and subscribed. I would love to see the repo for the PoC as the link you included in the video description returns a 404.
Hey mate! Thank you for your kind words! I was fixing some issues with the repository so I made it private for sometime. Now, It is available here github.com/Vedant-Bhalgama/Access-Token-Manipulation-POC
@@ActiveXSploit Thank you very much! Keep up the good work!
KEEP GOING !!!
Bro the cource is finished or their are other vedios to come ?
I am planning to release a bigger and better course on Udemy which covers everything from basics. And talking about this series on UA-cam, I mostly will be uploading one more video which will be the last.
@@ActiveXSploit thanks because I need that learning very important for me you can also make vedios in Hindi and English both it'll be approachable by others as well
What exactly did you exploit? hacker was already the admin account on the system who could enable the SeDebugPrivilege on himself, so there was nothing unofficial going on. What exactly did you steal?
Mate, i escalated from a local admin to SYSTEM user, If you gain SYSTEM level privileges you can do almost anything. Also, if you are a standard user you won't have the SeDebugPrivilege. But a local admin has it, which can be used to gain SYSTEM privileges via this technique
Read this if you wanna understand it clearly attack.mitre.org/techniques/T1134/
@@ActiveXSploit This is what I'm asking. A process running as admin can enable SeDebugPrivilege on itself, and therefore escalate itself to a SYSTEM user using official WinAPIs right? So does that mean in Windows there is no security boundary between an admin user and a SYSTEM user? I'm really having a hard time understanding this.
Yes, we escalate using official windows api function calls. And there is a security boundary between the local administrator and the system user. The NT Authority System is an account which is used by the operating system and by the services ran under windows, and this account has the highest privileges so you can imagine the possibilities if you can escalate to NT Authority System. Also, A local administrator also has maximum rights on the system but not as the NT Authority system.
@@EvilSapphireR not all admins have sedebug privilege. we can strip off the privileges from the token. so attacker cannot enable sedebug privilege. see restricted tokens in msdn documentation
Can you do all your malware dev videos with Python please
we're requesting this very much
I understand you mate, But the thing with Python is that, The payloads easily get detected in it. Also, C is a lot better if you wanna do stuff with Windows API and not Python.
With all respect to Python, that's not a language suitable for this kind of task. All payloads must be (at least) compiled and with a reasonable low size. If you try to compile a Python payload it'll include all the stdlib in the executable and, as said, is infinitely more detectable for IDS/Antimalware solutions.
@@0x370c2de Exactly, size is a big issue too, also, If you compile your python file to an executable via pyinstaller, It will automatically get flagged as malicious file for no reason, Even if your file is clean, It will still get flagged by a lot of AVs for no reason
And we never heard from him again
Due to my studies, I don't get much time :(, But I'll upload once I am free again