Some incredible folks in the Discord (shout out to you, @db!) helped fill me in that this is actually the "sLoad" malware family. Good links for further reading and exploration: svmvzypnse2tk4cg4e4l32t6oy-adwhj77lcyoafdy-cert-agid-gov-it.translate.goog/news/malware-sload-sfrutta-pec-[…]alevolo-annidato-in-doppio-zip/ twitter.com/luc4m/status/1331550804990373890 www.microsoft.com/security/blog/2019/12/12/multi-stage-downloader-trojan-sload-abuses-bits-almost-exclusively-for-malicious-activities/
ya unless you cant talk in any channel and you point that fact out and the admin aka you kicks you why bother to invite ppl to discord if they cant assign there own roles and speak? and if they do point that out via pm you just boot them cuz it breaks the rules i mean how else u gonna get something fixed kinda dooshy move guy.
@@TwinTailTerror Dude. Did you just forget how to read when you joined the server? I joined purely out of curiosity to see just how daft you were. And oh boy, you're daft af. If you read two sentences, you would have been able to join in discussions no problem. You had to type one command in the welcome channel, and react to one message in the roles channel. It's literally that simple.
I think there's a happy medium that you can find between this and your normal long form videos. I think the way this was done would be fine occasionally, but I do enjoy going on the adventure of the long form videos.
the "Try Harder" sticker above you while slamming your head into the door fits perfectly. love these shorter style videos, don't always have the time to watch your full 1h+ long videos. The editing style was refreshing too
I didn't expect you to make such a funny video, I always thought you'd just make very professional videos, no big jokes, just get the malware into pieces. Very nice to lighten that up with some jokes!
I very much enjoyed this style of video. This is much nicer to actively watch while I let the other long videos mostly run on a side screen when doing chores or workouts.
I like getting to see your creativity come through some more with the editing, but also still personally prefer the long-form (less edited) videos just as personal preference. I'm watching either way.
Just wanted to help the algorithms a bit, also wanted to let you know you've been a big inspiration for me. I went from watching your videos and not understanding anything, to now running my own kali machine and having lots of fun!! Thanks for the content, keep it up!
This video really made me laugh! I'm normally more a fan of the videos where you go in blind to understand your thoughtprocesses but that editing was great. A good mix would be awesome!
Watching your videos on inspecting code helped me a great amount in my first hacking competition held by the National Cyber League. Thanks John! I found out its important to stay up to date on zero days, and other exploits being found and your videos are helping me keep up with things......ps your video on the sudo vulnerability was gold!!!
While we are on the topic of Rick and Morty Malware: Apparently there is a video file with an episode (or what claims to be) of rick and morty, which is actually a coin miner. That might be interesting to look at. Also, I really enjoyed the edited style
For the algorithm: I just found this channel. It's fascinating even though I didn't understand any of it. I read a couple of "Visual Basic for Beginners" books and wrote a little app for myself. I know what declaring a variable is and what a function is. So, I understood about 4 sentences herein (without understanding the specific significance or context). Still a cool channel. Subbed. As for long-form vs short form, I'm too new and too inexperienced to offer any meaningful feedback. That said, *generally,* I like long-form on technical, exploratory/problem-solving subjects (i.e. not meant to be a tutorial or introduction to a subject). It seems to help to pick-up contextual clues as a thought process is being developed in real-time.
It was a great vid but honestly I really enjoy the raw videos and walking through the thought process with ya. so if it cuts hours off your day, Raw all the way man
For very long episodes I really really love the summary! Though for sure most will want to have very interesting stuff full 'verbose' of these interesting sections (especially those that you haven't covered already with your other videos)!
Someone on r/cissp mentioned your name the other week. Started watching your vids to see what's up, now you are a part of my morning routine. Love your stuff, helps me be a better admin
Love both this edited video and your usual style! But your usual style in which you go through the code 'with us' is more educational and informative, I think. But, man, love me some memes!
Hi! I am thankful for your videos and this one as well. However like other commenters already said, I'm personally more a fan of the longer videos where you find stuff with your initial reaction and then following your thought process. They are already very entertaining for me (I work in IT but more as the Windows Administrator) and honestly I'm pretty shocked what is possible. But it's very interesting! Also I wanted to praise your Hafnium Exchange Server analysis, very good!
I came cause it was a suggested link for Rick and Morty. I subbed cause it was a great breakdown. Love the format. If it's a large time consumer, maybe cut down the frequency of the fun stuff, but was enjoyable.
Honestly... I'd really suggest setting up a 'network cache/proxy' for a entirely shielded VM, and running the methods & seeing what the calls end up being & what ends up being sent & received. -- it's kinda how I captured several PS3 game installations to be stored ( that I legitimately owned ) I know it's kinda reckless.. but perhaps a dedicated machine of windows 10.... behind a proxy cache server w/ a very strict in/out through said proxy only might be a good way to capture the raw files & data flying back & forth... and to see if any... which tricks are used.
I’m sure someone has suggested this already but It’s possible there is a key used in the code somewhere that passes to the GET request in the headers. Might use a Basic auth method.
You could check if they implemented an UserAgent check. If i want to limit access from spiders/robots or normal browsers i would implement a check for the UserAgent
Personally, I like it when you figure it out on camera, but whatever helps you keep putting out content works for me. I'd be interested to know: for people who want to start examining Malware the way you do, what steps should be taken to stay safe-ish? I realize doing it in a VM is a must, but any other major points?
About the video style and format.., I think We'll still watch ur videos either it's a 30 min video or more than an hour xD just do whatever makes u feel comfortable xP
Well you video is awesome. I love your content. I do hope that you do not keep spending more and more time editing and then get burnt out.... Please dont burn out :)
That was nice, a little bit easier on the time and overall digestibility, but I think it makes it feel more real when we experience it as you go and see the thought process behind. Maybe you could do twice the content, one livestream of the long style and one edited like this one? What do you think?
Really wish this video was done live. That being said, I still love your vids. But you scrambling around, trying to figure out the try-catch issues, would actually have been very interesting.
As you saw a Certificate: Maybe its using Client-Certificate authentication with an nginx config like ssl_verify_client optional; if ($ssl_client_verify != "SUCCESS") { return 403; }
Some incredible folks in the Discord (shout out to you, @db!) helped fill me in that this is actually the "sLoad" malware family.
Good links for further reading and exploration:
svmvzypnse2tk4cg4e4l32t6oy-adwhj77lcyoafdy-cert-agid-gov-it.translate.goog/news/malware-sload-sfrutta-pec-[…]alevolo-annidato-in-doppio-zip/
twitter.com/luc4m/status/1331550804990373890
www.microsoft.com/security/blog/2019/12/12/multi-stage-downloader-trojan-sload-abuses-bits-almost-exclusively-for-malicious-activities/
ya unless you cant talk in any channel and you point that fact out and the admin aka you kicks you why bother to invite ppl to discord if they cant assign there own roles and speak? and if they do point that out via pm you just boot them cuz it breaks the rules i mean how else u gonna get something fixed kinda dooshy move guy.
Love the ilSpy and Malware decoding but equally miss your CTF (tryhackme/HTB etc) :) please keep both coming John
@@TwinTailTerror Dude. Did you just forget how to read when you joined the server?
I joined purely out of curiosity to see just how daft you were. And oh boy, you're daft af.
If you read two sentences, you would have been able to join in discussions no problem.
You had to type one command in the welcome channel, and react to one message in the roles channel.
It's literally that simple.
Would be nice to see qn update with a follow up video part 2 :)
Does vbscript still used in today modern windows computer like 11 . Vbscript default compiler by default installed in windows 11
I think there's a happy medium that you can find between this and your normal long form videos. I think the way this was done would be fine occasionally, but I do enjoy going on the adventure of the long form videos.
I agree with this comment.
I agree with this comment.
I agree with this comment.
Same here. The "live" version makes me feel as if we are solving it "together" in a way.
agreed
I really like the educational style of the normal videos. Doing it on the fly and taking a look into your thought process is really entertaining
This malware had a disturbing lack of tangent functions
the "Try Harder" sticker above you while slamming your head into the door fits perfectly.
love these shorter style videos, don't always have the time to watch your full 1h+ long videos. The editing style was refreshing too
We do like older style as well :), going through slowly, trying different things to get over
I didn't expect you to make such a funny video, I always thought you'd just make very professional videos, no big jokes, just get the malware into pieces. Very nice to lighten that up with some jokes!
Did you just blow up in subscribers? Well done man, deserved!
I very much enjoyed this style of video. This is much nicer to actively watch while I let the other long videos mostly run on a side screen when doing chores or workouts.
I like getting to see your creativity come through some more with the editing, but also still personally prefer the long-form (less edited) videos just as personal preference.
I'm watching either way.
Just wanted to help the algorithms a bit, also wanted to let you know you've been a big inspiration for me. I went from watching your videos and not understanding anything, to now running my own kali machine and having lots of fun!! Thanks for the content, keep it up!
This video really made me laugh! I'm normally more a fan of the videos where you go in blind to understand your thoughtprocesses but that editing was great. A good mix would be awesome!
Watching your videos on inspecting code helped me a great amount in my first hacking competition held by the National Cyber League. Thanks John! I found out its important to stay up to date on zero days, and other exploits being found and your videos are helping me keep up with things......ps your video on the sudo vulnerability was gold!!!
While we are on the topic of Rick and Morty Malware: Apparently there is a video file with an episode (or what claims to be) of rick and morty, which is actually a coin miner. That might be interesting to look at.
Also, I really enjoyed the edited style
I liked this style. Still had the educational parts which are cool yet was more condensed for easier viewing. Good job on the editing :D
For the algorithm:
I just found this channel. It's fascinating even though I didn't understand any of it. I read a couple of "Visual Basic for Beginners" books and wrote a little app for myself. I know what declaring a variable is and what a function is. So, I understood about 4 sentences herein (without understanding the specific significance or context). Still a cool channel. Subbed.
As for long-form vs short form, I'm too new and too inexperienced to offer any meaningful feedback. That said, *generally,* I like long-form on technical, exploratory/problem-solving subjects (i.e. not meant to be a tutorial or introduction to a subject). It seems to help to pick-up contextual clues as a thought process is being developed in real-time.
Super informative and funny, cant ask for much more in regards to keeping viewers engaged!
I enjoyed this format. Made it a lot easier to find time to watch this
the editing on this one is IMMACULATE
Wish I could wake up early enough to watch the premier
3 whole days in a row of malware analysis. This is amazing.
Love your work man! You inspire me to try harder! Can't wait!
It was a great vid but honestly I really enjoy the raw videos and walking through the thought process with ya. so if it cuts hours off your day, Raw all the way man
I LOVE this new approach and style, i hope you do more of these
For very long episodes I really really love the summary!
Though for sure most will want to have very interesting stuff full 'verbose' of these interesting sections (especially those that you haven't covered already with your other videos)!
I really love this method. It's funny and informative. I hope you continue. :)
Someone on r/cissp mentioned your name the other week. Started watching your vids to see what's up, now you are a part of my morning routine. Love your stuff, helps me be a better admin
Third in a row nicee, getting an evening routine
Love this segment and the style of made it fun as well as informative
Love both this edited video and your usual style! But your usual style in which you go through the code 'with us' is more educational and informative, I think. But, man, love me some memes!
Now this is my kind of malware 😎
Hi!
I am thankful for your videos and this one as well. However like other commenters already said, I'm personally more a fan of the longer videos where you find stuff with your initial reaction and then following your thought process. They are already very entertaining for me (I work in IT but more as the Windows Administrator) and honestly I'm pretty shocked what is possible. But it's very interesting! Also I wanted to praise your Hafnium Exchange Server analysis, very good!
it was a fun video! I liked the style.
I like the shorter video format, but I don't mind a 2 hour long video from time to time in the weekends.
2:17 that INSTANTLY jumps out at me as c:\windows\
I came cause it was a suggested link for Rick and Morty. I subbed cause it was a great breakdown. Love the format. If it's a large time consumer, maybe cut down the frequency of the fun stuff, but was enjoyable.
I like the new style of video, but I love the normal ones you always do more ! This was very fun though :-) Thank you!
that video was well cutted, good one john
This was oddly fun and satisfying. I'm really bad at powershell and vbs, but this gives me an itch to learn it :)
I like how your youtube skillz are growing!! thanks for all the great content (even for a noob like me!)
Love the edited format. Great video as always
Super! Thank you!
Honestly... I'd really suggest setting up a 'network cache/proxy' for a entirely shielded VM, and running the methods & seeing what the calls end up being & what ends up being sent & received.
-- it's kinda how I captured several PS3 game installations to be stored ( that I legitimately owned )
I know it's kinda reckless.. but perhaps a dedicated machine of windows 10.... behind a proxy cache server w/ a very strict in/out through said proxy only might be a good way to capture the raw files & data flying back & forth... and to see if any... which tricks are used.
Have you tried querying the servers with different user agent strings like the one used by BITSAdmin (Microsoft BITS/7.5)?
28:16 ... enhance.. Enhance... ENHANCE *CSI Zoom Enhance*. Great video John keep it up!
Awesome video man, I enjoyed the new approach, entertaining and moved along at a good pace! Also very funny!
The meme editing was hilarious!😆
The montage level of this video is hilarious and fricking awesome. Thanks a ton o/
...
The content is also good :)
I really liked the long format
Ahaha love this new editing! ❤️
New channel logo is great !
I will never be able to view the plumbus the same after this one
Nice editing my man. Made me laugh out loud several times.
this style is fun but i think the old one is more valuable as a learning resource
Pretty neat the new style of video. Loved it.
he did very serious research there
I’m sure someone has suggested this already but It’s possible there is a key used in the code somewhere that passes to the GET request in the headers. Might use a Basic auth method.
Yooo, i love the new editing style, keep it up
i REALLY like those VBScript malware debunking vids great content keep it up
Like the mix of edited and live :D
Let's boooost this channel into everyone's recommend videos!
I stand by my point you are making great vids each time better
Video editing is amazing!!
i LOVE this new style of videos
Keep it up, it's excellent !
this style is so much better :)
Yo this was a neat video, not too fast, not too slow. I like it a lot.
You could check if they implemented an UserAgent check. If i want to limit access from spiders/robots or normal browsers i would implement a check for the UserAgent
I like this new style of video!
6:47 I have no idea why that made me laugh so hard.
love this video
I love this format! gosh!
Personally, I like it when you figure it out on camera, but whatever helps you keep putting out content works for me.
I'd be interested to know: for people who want to start examining Malware the way you do, what steps should be taken to stay safe-ish? I realize doing it in a VM is a must, but any other major points?
feedback: the editing is nice and funny
“Morty, I’m a drunk - not a hack!” ~Rick Sanchez, season 3 episode 4
i'd like to see part2
Dude I will watch all your videos
Hah some fun editing this time, I like it.
Funny how he looks similar to Justin Royland
About the video style and format.., I think We'll still watch ur videos either it's a 30 min video or more than an hour xD just do whatever makes u feel comfortable xP
dude i love your videos
Hey John, love you content man - dont ever change, you insipre me and give me drive, so thank you ❤
Algo push!
It's perfect
Awesome!
John is #1
i like this video
very informative and entertaining at the same time
very nice
Man I love your videos!!!!
These vids keep delivering😍😍
Well you video is awesome. I love your content. I do hope that you do not keep spending more and more time editing and then get burnt out.... Please dont burn out :)
I like this vid but if I had to choose between this style and the one before this. I definitely prefer the other one
We finally know what actually is a plumbus. I didn't get it even with the "How they do it..." episode
This was awesome please keep it up John, thanks!
great video, love the new editing style too
That was nice, a little bit easier on the time and overall digestibility, but I think it makes it feel more real when we experience it as you go and see the thought process behind. Maybe you could do twice the content, one livestream of the long style and one edited like this one? What do you think?
Love your videos sir
Great video!
holy jesus another video, lets go
Nice Video!
Really wish this video was done live.
That being said, I still love your vids.
But you scrambling around, trying to figure out the try-catch issues, would actually have been very interesting.
As you saw a Certificate: Maybe its using Client-Certificate authentication with an nginx config like
ssl_verify_client optional;
if ($ssl_client_verify != "SUCCESS") { return 403; }
30:08 ah yes, I see it too