How Hackers Hide From Memory Scanners

Поділитися
Вставка
  • Опубліковано 7 лис 2023
  • jh.live/maldevacademy || Learn to write modern 64-bit Windows malware with Maldev Academy! Save 10% even on the LIFETIME plan with code 'HAMMOND10': jh.live/maldevacademy
    PS, I'll be presenting for the CloudSec 360 webinar with Wiz on the MOVEit Transfer exploitation -- tune in on November 8th! jh.live/wiz360
    Free Cybersecurity Education and Ethical Hacking
    🔥UA-cam ALGORITHM ➡ Like, Comment, & Subscribe!
    🙏SUPPORT THE CHANNEL ➡ jh.live/patreon
    🤝 SPONSOR THE CHANNEL ➡ jh.live/sponsor
    🌎FOLLOW ME EVERYWHERE ➡ jh.live/discord ↔ jh.live/twitter ↔ jh.live/linkedin ↔ jh.live/instagram ↔ jh.live/tiktok
    💥 SEND ME MALWARE ➡ jh.live/malware

КОМЕНТАРІ • 61

  • @reconmaster907
    @reconmaster907 7 місяців тому +36

    He has upped his thumbnail game. Cool.

    • @F599
      @F599 6 місяців тому

      I got Watch_Dogs vibes, absolutely awesome art style.

  • @maalikserebryakov
    @maalikserebryakov 6 місяців тому +5

    TECHNIQUES OF HIDING IN MEMORY
    1 - Encrypting the Payload until Action

  • @felixkiprop48
    @felixkiprop48 7 місяців тому +8

    John, the best in advert, love that voice change.

  • @xeaudg
    @xeaudg 7 місяців тому +4

    John Hammond: Answering the question "What would it look like if Seth Rogan were to suddenly become a CyberSecurity professional...?"
    LOL. Mr. Hammond: you are a security superstar! Keep up the good work!

  • @DragonFistLeeMontage
    @DragonFistLeeMontage 6 місяців тому +19

    I’ve been in IT for 10 years, and every time I watch one of your videos, I realize I need another 10 years of practice at least.. 😂 Keep up the good work

    • @user-fc1ep2xy7k
      @user-fc1ep2xy7k 6 місяців тому +3

      Same here man... Been software engineer for 8-9 years and I just realize how many things I don't know

  • @Jhern4nd3z516
    @Jhern4nd3z516 6 місяців тому +6

    Bring back the malware reverse engineering videos 🥺

  • @Frozlie1
    @Frozlie1 7 місяців тому

    really enjoy your content, thanks!

  • @stanislavsmetanin1307
    @stanislavsmetanin1307 10 днів тому

    As always - great material. Thx.

  • @0oNoiseo0
    @0oNoiseo0 7 місяців тому

    Interesting to dive more into. Thank u!

  • @shadrachwilson1211
    @shadrachwilson1211 7 місяців тому +1

    Great content. This got me scratching my head

  • @m3sm4r2010
    @m3sm4r2010 7 місяців тому +2

    great video sir,well done

  • @K03KK03K
    @K03KK03K 7 місяців тому

    Nice one! Thanks!

  • @Darkregen9545
    @Darkregen9545 7 місяців тому +7

    The amount of things hackers can do is crazy.

    • @cygmoid
      @cygmoid 7 місяців тому +4

      Yeah , like they know multiple ways to inject shellcode even if you close down one trick. Pretty crazy

    • @DanniDuck
      @DanniDuck 7 місяців тому

      @@cygmoid It's not too hard to prevent if you really think about it. You should first implement a memory hasher that can detect when memory gets changed after you make any hooks you have. You can hook functions such as LoadLibrary too. After that, you should scan for any RX allocations, which would indicate manual map. You can make manual mapping even harder by hooking thread creation functions eg. BaseThreadInitThunk, but a common workaround for this is to create a suspended thread with a valid address, then change it and resume it, so make sure you check that as well.
      The most important protection is a hard to figure out memory hashing system that checks itself and must be running.

    • @seansingh4421
      @seansingh4421 7 місяців тому

      Actually it can become very easy to spot if you have Eventlog forwarding and parsing, coupled that with suricata network logging and its becomes very difficult for a hacker to hide.

    • @DanniDuck
      @DanniDuck 7 місяців тому

      @@seansingh4421 What? This video isn't about network security, it's about application security.

    • @seansingh4421
      @seansingh4421 7 місяців тому

      @@DanniDuck which go hand in hand my friend. Syslog or Eventlogs tell you everything not just network stuff

  • @senseiSinclair
    @senseiSinclair 7 місяців тому

    Maldev academy looks similar to HackThe Box academy to me. Cool video.

    • @senseiSinclair
      @senseiSinclair 7 місяців тому

      @@lumikarhu Yeah, visually looks like a similar format.

  • @JeffNoel
    @JeffNoel 7 місяців тому +11

    I've been seeing many similar websites offering courses and certifications for exploit development, but I have no idea which one is really worth it... Maldev's syllabus seems impressive, but I'm curious how they stack up against better known certs like OSED.
    Super cool to be able to see part of a module with you in this video :)

    • @Yahelj6
      @Yahelj6 7 місяців тому +3

      Its not Exploit Development, its Malware Development

  • @h4ckh3lp
    @h4ckh3lp 7 місяців тому

    Bravo, sir.

  • @georgehammond867
    @georgehammond867 7 місяців тому +1

    how to learn the basics programs in C/CPP, before exploit devs courses ??

  • @nittani.
    @nittani. 7 місяців тому +2

    I love this guy hes good looking too

  • @marveII0us
    @marveII0us 7 місяців тому +3

    Binders/Crypters?

  • @abdullahkhan_9876
    @abdullahkhan_9876 7 місяців тому

    HI!, I'd love to see a video on how hackers bypass av/anti-virus

  • @Bair994
    @Bair994 3 місяці тому

    Tried to access the sign you linked and was blocked from Maldev, probably because of a vpn? idk not turning it off to access a Cyber Sec site thats asking for trouble.

  • @stickman2003
    @stickman2003 6 місяців тому

    Evil ChatGPT update !!

  • @stanislavsmetanin1307
    @stanislavsmetanin1307 7 місяців тому

    Fantastic ))

  • @kenzyflash
    @kenzyflash 7 місяців тому +2

    first to comment and a nice video

  • @zach115th
    @zach115th 7 місяців тому

    Does the lifetime purchase cover all the modules or just one?

  • @mudi2000a
    @mudi2000a 6 місяців тому

    How can I learn about those topics without shelling out a lot of bucks?

  • @user-td4pf6rr2t
    @user-td4pf6rr2t 4 місяці тому

    Videos and combining wordlist/brute-force/enumeration with nlp. Like if someone wanted to dynamically enumerate language but when grounded.
    10:38 Is this how ChatGPT and other LLM are stateless but still able to leverage things like a text embedding maybe?
    11:23 This is terrible

  • @sanathkumar1006
    @sanathkumar1006 7 місяців тому +1

    I doubt EDR would have pick it up when mimikatz was extracting NTLM even though it was fraction of a sec

    • @nordgaren2358
      @nordgaren2358 7 місяців тому

      Defender won't even let you put mimikatz on your PC.

    • @nordgaren2358
      @nordgaren2358 7 місяців тому +1

      You MAY be able to get it, but as soon you run it, it's gone. If you leave it, defender will find and zap it in a scan, eventually.

    • @sanathkumar1006
      @sanathkumar1006 5 місяців тому

      @@nordgaren2358 Yeah true

  • @hypedz1495
    @hypedz1495 5 місяців тому

    Maldec academy looks super expensive.

  • @oratilemoagi9764
    @oratilemoagi9764 7 місяців тому +2

    Hey can i ask;
    If you Videos get removed or banned where else can i watch them

  • @gunnerysergeant8889
    @gunnerysergeant8889 7 місяців тому

    i signed up for the course. It's not for beginners. It has a very steep learning curve of "C". I do think it is great knowledge but def not for beginners. You do make it sound AWESOME though...in fact, sorry, I watched your video and just instantly enrolled. THEN i saw you had a code. I just wished the course had the videos like the ones you are actually doing. it really helps me fill in the blanks for the things i am not understanding. sadly the course has over a 100 modules between course&updates (do i follow the course or do I follow the updates)...videos would be nice...at least to get our of the beginner section.

    • @nordgaren2358
      @nordgaren2358 6 місяців тому

      Follow the courses, first. Start from the beginning. Then do the updates.

    • @daljeetbhati8353
      @daljeetbhati8353 6 місяців тому

      can you share the course

  • @activelearner9924
    @activelearner9924 2 місяці тому

    can i use on my personal pc to detect sir??

  • @bilalaniq7770
    @bilalaniq7770 7 місяців тому +1

    plz tell me how to bypass win defender

  • @popeyehacks
    @popeyehacks 6 місяців тому

    I want that exe

  • @SwineTech
    @SwineTech 7 місяців тому

    A real hacker wont use already developed programs.. lol 😮

  • @DFPercush
    @DFPercush 7 місяців тому

    Very clever, tricksy hobbitses... now someone needs to make a real time scanner that will scan any new executable page being loaded. Invalidate and page out when protection flags change. Might impact the performance of JIT apps though.

  • @iamwitchergeraltofrivia9670
    @iamwitchergeraltofrivia9670 6 місяців тому

    Hahahh visual studio you hack easy to hack hahahhaahav

  • @haroldsmith768
    @haroldsmith768 6 місяців тому

    Wy do people type so much just to be nosey

  • @creativeyes3292
    @creativeyes3292 6 місяців тому

    That thumbnail is hella cringe

  • @nicolae1392
    @nicolae1392 7 місяців тому +1

    you people have a life?

    • @Oregoncoast30
      @Oregoncoast30 6 місяців тому

      Yes. A fun cybersecurity / infosec life. Its cool stuff and fun to delve into.

    • @maalikserebryakov
      @maalikserebryakov 6 місяців тому

      no life below 3 PSL :(

    • @maalikserebryakov
      @maalikserebryakov 6 місяців тому

      @@Oregoncoast30
      Reddit moment