How Hackers make Undetectable Malware

Поділитися
Вставка
  • Опубліковано 24 гру 2024

КОМЕНТАРІ • 121

  • @speedymemes8127
    @speedymemes8127 2 місяці тому +87

    Obfuscating payloads is so fun. You can do all sorts of things like sleep before execution, pack the malware, inject into another process, etc. Would love to see you cover something like Freeze in the future!

    • @Krullfath
      @Krullfath 2 місяці тому +7

      sleep before execution usually doesn't do shit let's be real here.. I've also come across malware that first checks whether or not any debugging tools are actively on it, and other methods like executing code and checking if it took a little longer than normal, or checking certain things on the machine to try and identify whether or not the code is running inside a VM or sandbox..

    • @keksnino3151
      @keksnino3151 2 місяці тому

      and injection almost always gets detected even if its not malware and just an injector

    • @speedymemes8127
      @speedymemes8127 2 місяці тому +3

      @@Krullfath for sure. It's still a commonly observed practice though. I'd also love to see those methods of obfuscation too. I'm still kind of a newb in this space so I'm trying to learn what I can lol.

  • @TomParker-gu9ez
    @TomParker-gu9ez 2 місяці тому +423

    Very useful (I will forget that in 2 days)

    • @HamedEmine
      @HamedEmine 2 місяці тому +13

      Learn to use stuff like Obsidian :>

    • @petewatson9866
      @petewatson9866 2 місяці тому

      You are the person who moans and bitches if you where to get a virus then complain about how much it is going to cost you to recover and repair. But if you stopped getting wasted on benzos and liquor you might learn something

    • @UNcommonSenseAUS
      @UNcommonSenseAUS 2 місяці тому +8

      2 hrs

    • @UNcommonSenseAUS
      @UNcommonSenseAUS 2 місяці тому +1

      ​@@petewatson9866 projection much ?

    • @Aarush.A.S
      @Aarush.A.S 2 місяці тому +4

      😂😂

  • @truelies5431
    @truelies5431 2 місяці тому +38

    one of the weirdest things happened to a friend of mine which left me puzzled for ages... long story short my friend actively trades gaming accounts for multiple online games and he's well aware of the tricks scammers they pull on you...BUT this one time a hacker sent him what was supposed to be a picture of account details when he clicked the picture the device froze his accounts on social media got hacked and he's device got wiped clean...i'm aware of images that cause system crash on different mobile devices... but a picture that could pull off all that wizardry in limited time is insane to think about

    • @joaomarcos7199
      @joaomarcos7199 2 місяці тому +7

      i would love to see the pc channel opinion on this. UP

    • @mgjfile
      @mgjfile 2 місяці тому

      Maybe the picture was just the "Trojan horse" used to hide a program that steal browser's infos (info stealer that copy the browser's login tokens) and with that they can access the logged in accounts without the needs of any password🤷

    • @s-x5373
      @s-x5373 2 місяці тому +38

      did your friend had file extension on ?
      sounds ike this image was just .exe

    • @truelies5431
      @truelies5431 2 місяці тому

      @@s-x5373 he was on android... And he knows not to install picture. Apk

    • @truelies5431
      @truelies5431 2 місяці тому

      @@s-x5373 that's why it was driving me crazy... I wanted a smaple but they wiped his device clean and hijacked his social media

  • @mirroredchaos
    @mirroredchaos 2 місяці тому +32

    sometimes I feel the best antivirus is really just the human brain, and I don't just mean avoiding sus links and that kind of stuff I mean using tools that allows you to see every single thing happening on your computer rather than blindly relying on an antivirus to do that for you.

    • @Bellicosy
      @Bellicosy 2 місяці тому +5

      You're not wrong, but unfortunately not every user has a brain. Or perhaps it would be better to say that they lack the knowledge required and must blindly rely on antivirus. The average user is simply that, average, and likely not skilled enough to comprehend and utilise the tools that go beyond automatically performing a scan or similar action and outputting an answer that must be trusted. If you should happen to know of such a tool that even my Grandma could use and understand, I would be glad to hear of it.

    • @tablettablete186
      @tablettablete186 2 місяці тому +4

      Well, there are zero click vulns

    • @mirroredchaos
      @mirroredchaos 2 місяці тому

      @@tablettablete186 those are very rare thankfully, I don't think human nor antivirus is going to easily find malicious code in something like an image file.

  • @MikaelKKarlsson
    @MikaelKKarlsson 2 місяці тому +24

    A great example of how while signature scanning is still an important measure, the real protection of any competent security suite lies in live behavioral analysis.
    For all the AV-deniers out there.

  • @imZeZoO
    @imZeZoO 2 місяці тому +2

    bro u r a legend can u please create a series on malware analysis for IR and SOC analysts like bigger to intermediate level of malware analysis i would watch every second

  • @SafetyTechOficial
    @SafetyTechOficial 2 місяці тому +28

    PC security channel make a test to see if Avast really detects a ransomware packed that is not In ther datebase basically test the Behavior shield

  • @D.von.N
    @D.von.N 2 місяці тому +7

    And for that case I have backups and then backups of the backups, using Windoze and Linux alike. If they get my data I cannot do much about it, but for encrypting my disk, I have clones of my OSs too, so restoration will be rather quick.

  • @danielbertram
    @danielbertram 2 місяці тому +6

    Very good video Leo… quick comment if possible try to make the screen bigger it facilitates who is using a mobile to watch

  • @jagathrajah
    @jagathrajah 2 місяці тому +1

    Love from Tamil Nadu, India. Keep posting good contents like this.

  • @ardwetha
    @ardwetha 2 місяці тому +8

    Making malware undetected against static checks is quite easy. Load all your suspicious dlls at runtime and obfuscate strings (xor or some modified base64 type)

    • @novianindy887
      @novianindy887 2 місяці тому

      at runtime mean the dll doesnt touch the disk?

    • @ardwetha
      @ardwetha 2 місяці тому

      @@novianindy887 Correct or in case of Malware, that you load certain dlls and get certain addresses at runtime. Lets say you want to open a socket for a remote shell. You can just use the WSA funcrions directly inside your code. In this case your program says "Hey I need this dll" on startup and for that contains all needed function in its import table, which then gets filled out by windows. Its like ordering a menu, the program basically says what it wants and windows provides it. Some AVs check imports of files and flag suspicious one (like a lot of network activity, or certain functions). When you load the Libarys, you use LoadLibary and then receive the pointer to the function via GetProcAddress. This also allows you to "encrypt" strings. This means the functions you use wont show up in the imports of the program, which helps to prevent detections from AVs, because the AV cant see what functions you. The other case is dll injection, where you injct a dll into another process and in this case you try, that the dll never hits the disc, so a Researcher has more fun searching.

  • @eliotcougar
    @eliotcougar 2 місяці тому +6

    Yes, every time I make my own small python program and want to pack into a single executable, that executable gets flagged by most AV software simply because it's packed...

  • @Erik_Arnqvist
    @Erik_Arnqvist 2 місяці тому +35

    Decent advertisement for Malwarebytes right there

  • @cpuuk
    @cpuuk 2 місяці тому +2

    It just so happens we were discussion this very thing today, we were asked approve a proggy that was UPX packed and 3 of the scanners flagged it. And of course we asked ourselves the same question you did as it was 3-4 years old- is it legit packed or dumb hacker.

  • @igioz
    @igioz 2 місяці тому

    you have to share malware samples, and give us a quick guide to simulate some PT test
    maybe a good way to improve security

  • @siliconvalley9347
    @siliconvalley9347 8 днів тому

    So the standard mrt tool on windows is potentially useless ?

  • @anasouardini
    @anasouardini 3 дні тому

    The best method I know is making your own Virtual Machine with custom CPU instructions.

  • @logiciananimal
    @logiciananimal 2 місяці тому

    There is the opposite - some of the engines now detect *discussions* or *inert* shell code. This makes us who do pentesting a bit annoyed.

  • @n-i-n-o
    @n-i-n-o Місяць тому +2

    Most of the malware prevents running on virtual machines, so try to change your os to act like a virtualmachine. Most of the time a Sandbox Usernames is enough. 🤫 Happy surfing

  • @Opiumgallery
    @Opiumgallery 2 місяці тому

    Can you do a video on how to remove stealer log malware that stays during full disk format and bios reboot

  • @dzabakwesi2213
    @dzabakwesi2213 2 місяці тому

    Please do you have online course? Thanks

  • @ardianhotii
    @ardianhotii 2 місяці тому

    Did anyone see that commit 24 years ago or yall missed it , like dude did even git existed back then ?

  • @velo1337
    @velo1337 2 місяці тому

    whats your tought on tftp server they always get flagged

  • @justw4lkbesideme
    @justw4lkbesideme 2 місяці тому

    Many laptop i see full 100% processors activity, even not opening anything, with windows 10 especially, and mostly only use windows defender for antivirus
    Is this malware from laptop producers to kill the machine, so customer have to buy again.?...

  • @youchwb6005
    @youchwb6005 2 місяці тому +1

    I need a telescope to work out what you are doing.

    • @igorthelight
      @igorthelight 2 місяці тому

      A 23+" monitor would do the trick

  • @SeilingMart
    @SeilingMart Місяць тому

    Who remembers the rat when is was still viable?

  • @parikshitkumar6485
    @parikshitkumar6485 2 місяці тому

    No cybersecurity channel can compete with the pc security channel. 👌

  • @koljaanisimov
    @koljaanisimov 2 місяці тому

    ty

  • @fynn2014
    @fynn2014 2 місяці тому

    thanks for the tutorial

  • @teefhennessy
    @teefhennessy 2 місяці тому

    Wouldn't modern EDRs do exactly that? I mean look at what a process does at block it based on unusual behavior?

    • @outlawnation5160
      @outlawnation5160 Місяць тому

      Yes, the difference between EDR and regular AV

    • @barrywang2402
      @barrywang2402 Місяць тому

      @@outlawnation5160 actually EDR is passive status doesn’t find out early issues even can bypass it working

  • @cledtzV2
    @cledtzV2 Місяць тому

    llvm goes brr

  • @ImSimplyDavid
    @ImSimplyDavid 2 місяці тому +1

    Nice

  • @jeanpepin5869
    @jeanpepin5869 2 місяці тому

    How Microsoft make an undetectable warranty ? By incompetence ;)

  • @guilherme5094
    @guilherme5094 2 місяці тому

    👍Nice!

  • @LavaKingPG3D
    @LavaKingPG3D 2 місяці тому +5

    Kaspecrsy vs malwarebytes?

    • @maxsecrest
      @maxsecrest 2 місяці тому +6

      Neither are really that great. But definitely go with the one that doesn't have a backdoor built in for for the russian government

    • @Mageroeth
      @Mageroeth 2 місяці тому +14

      Use the one built in for the usa gov instead.

    • @resmanual
      @resmanual 2 місяці тому +3

      ​@@maxsecrestif they aren't great go make an antivirus software yourself

    • @LavaKingPG3D
      @LavaKingPG3D 2 місяці тому

      @resmanual I can make a virus (I'm litterly not joking, I might make a vd on it)

    • @RandomDeforge
      @RandomDeforge 2 місяці тому +8

      @@resmanual what a dumb ass response. there are other options to choose from before one would need to gO mAkE OnE YoUrSeLf.

  • @harounepcgam6982
    @harounepcgam6982 2 місяці тому

    ❤❤❤

  • @hilik3186
    @hilik3186 2 місяці тому

    5:00

  • @youshaaaaaa
    @youshaaaaaa 2 місяці тому

    i was 17 old makeing that bullshit ....

  • @BD4-ManchesterIsRed
    @BD4-ManchesterIsRed 2 місяці тому +2

    👍

  • @BIPHOBIC7
    @BIPHOBIC7 2 місяці тому

    {test test}

  • @joroc
    @joroc 2 місяці тому

    Só antivírus are just a joke?

    • @truelies5431
      @truelies5431 2 місяці тому

      @@joroc I most day to day basis it's OK... But when you're targeted by highly skilled hacker or group of hackers... Then yes antivirus can't help much

  • @armanis1234
    @armanis1234 2 місяці тому +1

    Still maybe i have 100 malwares on my pc but nothing happen yet 😜 just saying

  • @iamwitchergeraltofrivia9670
    @iamwitchergeraltofrivia9670 2 місяці тому +1

    HHHhajahahahhahhahh very trash windows

    • @M8gazine
      @M8gazine 2 місяці тому

      erm... windows is epic!!

  • @Edward-c2c
    @Edward-c2c 2 місяці тому +1

    bitdefender so expensive (Turkey)

  • @2alcpvp
    @2alcpvp Місяць тому

    ty