Obfuscating payloads is so fun. You can do all sorts of things like sleep before execution, pack the malware, inject into another process, etc. Would love to see you cover something like Freeze in the future!
sleep before execution usually doesn't do shit let's be real here.. I've also come across malware that first checks whether or not any debugging tools are actively on it, and other methods like executing code and checking if it took a little longer than normal, or checking certain things on the machine to try and identify whether or not the code is running inside a VM or sandbox..
@@Krullfath for sure. It's still a commonly observed practice though. I'd also love to see those methods of obfuscation too. I'm still kind of a newb in this space so I'm trying to learn what I can lol.
You are the person who moans and bitches if you where to get a virus then complain about how much it is going to cost you to recover and repair. But if you stopped getting wasted on benzos and liquor you might learn something
one of the weirdest things happened to a friend of mine which left me puzzled for ages... long story short my friend actively trades gaming accounts for multiple online games and he's well aware of the tricks scammers they pull on you...BUT this one time a hacker sent him what was supposed to be a picture of account details when he clicked the picture the device froze his accounts on social media got hacked and he's device got wiped clean...i'm aware of images that cause system crash on different mobile devices... but a picture that could pull off all that wizardry in limited time is insane to think about
Maybe the picture was just the "Trojan horse" used to hide a program that steal browser's infos (info stealer that copy the browser's login tokens) and with that they can access the logged in accounts without the needs of any password🤷
sometimes I feel the best antivirus is really just the human brain, and I don't just mean avoiding sus links and that kind of stuff I mean using tools that allows you to see every single thing happening on your computer rather than blindly relying on an antivirus to do that for you.
You're not wrong, but unfortunately not every user has a brain. Or perhaps it would be better to say that they lack the knowledge required and must blindly rely on antivirus. The average user is simply that, average, and likely not skilled enough to comprehend and utilise the tools that go beyond automatically performing a scan or similar action and outputting an answer that must be trusted. If you should happen to know of such a tool that even my Grandma could use and understand, I would be glad to hear of it.
@@tablettablete186 those are very rare thankfully, I don't think human nor antivirus is going to easily find malicious code in something like an image file.
A great example of how while signature scanning is still an important measure, the real protection of any competent security suite lies in live behavioral analysis. For all the AV-deniers out there.
bro u r a legend can u please create a series on malware analysis for IR and SOC analysts like bigger to intermediate level of malware analysis i would watch every second
And for that case I have backups and then backups of the backups, using Windoze and Linux alike. If they get my data I cannot do much about it, but for encrypting my disk, I have clones of my OSs too, so restoration will be rather quick.
Making malware undetected against static checks is quite easy. Load all your suspicious dlls at runtime and obfuscate strings (xor or some modified base64 type)
@@novianindy887 Correct or in case of Malware, that you load certain dlls and get certain addresses at runtime. Lets say you want to open a socket for a remote shell. You can just use the WSA funcrions directly inside your code. In this case your program says "Hey I need this dll" on startup and for that contains all needed function in its import table, which then gets filled out by windows. Its like ordering a menu, the program basically says what it wants and windows provides it. Some AVs check imports of files and flag suspicious one (like a lot of network activity, or certain functions). When you load the Libarys, you use LoadLibary and then receive the pointer to the function via GetProcAddress. This also allows you to "encrypt" strings. This means the functions you use wont show up in the imports of the program, which helps to prevent detections from AVs, because the AV cant see what functions you. The other case is dll injection, where you injct a dll into another process and in this case you try, that the dll never hits the disc, so a Researcher has more fun searching.
Yes, every time I make my own small python program and want to pack into a single executable, that executable gets flagged by most AV software simply because it's packed...
It just so happens we were discussion this very thing today, we were asked approve a proggy that was UPX packed and 3 of the scanners flagged it. And of course we asked ourselves the same question you did as it was 3-4 years old- is it legit packed or dumb hacker.
Most of the malware prevents running on virtual machines, so try to change your os to act like a virtualmachine. Most of the time a Sandbox Usernames is enough. 🤫 Happy surfing
Many laptop i see full 100% processors activity, even not opening anything, with windows 10 especially, and mostly only use windows defender for antivirus Is this malware from laptop producers to kill the machine, so customer have to buy again.?...
Obfuscating payloads is so fun. You can do all sorts of things like sleep before execution, pack the malware, inject into another process, etc. Would love to see you cover something like Freeze in the future!
sleep before execution usually doesn't do shit let's be real here.. I've also come across malware that first checks whether or not any debugging tools are actively on it, and other methods like executing code and checking if it took a little longer than normal, or checking certain things on the machine to try and identify whether or not the code is running inside a VM or sandbox..
and injection almost always gets detected even if its not malware and just an injector
@@Krullfath for sure. It's still a commonly observed practice though. I'd also love to see those methods of obfuscation too. I'm still kind of a newb in this space so I'm trying to learn what I can lol.
Very useful (I will forget that in 2 days)
Learn to use stuff like Obsidian :>
You are the person who moans and bitches if you where to get a virus then complain about how much it is going to cost you to recover and repair. But if you stopped getting wasted on benzos and liquor you might learn something
2 hrs
@@petewatson9866 projection much ?
😂😂
one of the weirdest things happened to a friend of mine which left me puzzled for ages... long story short my friend actively trades gaming accounts for multiple online games and he's well aware of the tricks scammers they pull on you...BUT this one time a hacker sent him what was supposed to be a picture of account details when he clicked the picture the device froze his accounts on social media got hacked and he's device got wiped clean...i'm aware of images that cause system crash on different mobile devices... but a picture that could pull off all that wizardry in limited time is insane to think about
i would love to see the pc channel opinion on this. UP
Maybe the picture was just the "Trojan horse" used to hide a program that steal browser's infos (info stealer that copy the browser's login tokens) and with that they can access the logged in accounts without the needs of any password🤷
did your friend had file extension on ?
sounds ike this image was just .exe
@@s-x5373 he was on android... And he knows not to install picture. Apk
@@s-x5373 that's why it was driving me crazy... I wanted a smaple but they wiped his device clean and hijacked his social media
sometimes I feel the best antivirus is really just the human brain, and I don't just mean avoiding sus links and that kind of stuff I mean using tools that allows you to see every single thing happening on your computer rather than blindly relying on an antivirus to do that for you.
You're not wrong, but unfortunately not every user has a brain. Or perhaps it would be better to say that they lack the knowledge required and must blindly rely on antivirus. The average user is simply that, average, and likely not skilled enough to comprehend and utilise the tools that go beyond automatically performing a scan or similar action and outputting an answer that must be trusted. If you should happen to know of such a tool that even my Grandma could use and understand, I would be glad to hear of it.
Well, there are zero click vulns
@@tablettablete186 those are very rare thankfully, I don't think human nor antivirus is going to easily find malicious code in something like an image file.
A great example of how while signature scanning is still an important measure, the real protection of any competent security suite lies in live behavioral analysis.
For all the AV-deniers out there.
Real protection lies in firewalls.
That’s what EDRs are for
@@outlawnation5160
bro u r a legend can u please create a series on malware analysis for IR and SOC analysts like bigger to intermediate level of malware analysis i would watch every second
PC security channel make a test to see if Avast really detects a ransomware packed that is not In ther datebase basically test the Behavior shield
And for that case I have backups and then backups of the backups, using Windoze and Linux alike. If they get my data I cannot do much about it, but for encrypting my disk, I have clones of my OSs too, so restoration will be rather quick.
Very good video Leo… quick comment if possible try to make the screen bigger it facilitates who is using a mobile to watch
Love from Tamil Nadu, India. Keep posting good contents like this.
Making malware undetected against static checks is quite easy. Load all your suspicious dlls at runtime and obfuscate strings (xor or some modified base64 type)
at runtime mean the dll doesnt touch the disk?
@@novianindy887 Correct or in case of Malware, that you load certain dlls and get certain addresses at runtime. Lets say you want to open a socket for a remote shell. You can just use the WSA funcrions directly inside your code. In this case your program says "Hey I need this dll" on startup and for that contains all needed function in its import table, which then gets filled out by windows. Its like ordering a menu, the program basically says what it wants and windows provides it. Some AVs check imports of files and flag suspicious one (like a lot of network activity, or certain functions). When you load the Libarys, you use LoadLibary and then receive the pointer to the function via GetProcAddress. This also allows you to "encrypt" strings. This means the functions you use wont show up in the imports of the program, which helps to prevent detections from AVs, because the AV cant see what functions you. The other case is dll injection, where you injct a dll into another process and in this case you try, that the dll never hits the disc, so a Researcher has more fun searching.
Yes, every time I make my own small python program and want to pack into a single executable, that executable gets flagged by most AV software simply because it's packed...
Decent advertisement for Malwarebytes right there
*VBA32
It just so happens we were discussion this very thing today, we were asked approve a proggy that was UPX packed and 3 of the scanners flagged it. And of course we asked ourselves the same question you did as it was 3-4 years old- is it legit packed or dumb hacker.
you have to share malware samples, and give us a quick guide to simulate some PT test
maybe a good way to improve security
So the standard mrt tool on windows is potentially useless ?
The best method I know is making your own Virtual Machine with custom CPU instructions.
There is the opposite - some of the engines now detect *discussions* or *inert* shell code. This makes us who do pentesting a bit annoyed.
Most of the malware prevents running on virtual machines, so try to change your os to act like a virtualmachine. Most of the time a Sandbox Usernames is enough. 🤫 Happy surfing
Can you do a video on how to remove stealer log malware that stays during full disk format and bios reboot
Please do you have online course? Thanks
Did anyone see that commit 24 years ago or yall missed it , like dude did even git existed back then ?
whats your tought on tftp server they always get flagged
Many laptop i see full 100% processors activity, even not opening anything, with windows 10 especially, and mostly only use windows defender for antivirus
Is this malware from laptop producers to kill the machine, so customer have to buy again.?...
I need a telescope to work out what you are doing.
A 23+" monitor would do the trick
Who remembers the rat when is was still viable?
No cybersecurity channel can compete with the pc security channel. 👌
ty
thanks for the tutorial
Wouldn't modern EDRs do exactly that? I mean look at what a process does at block it based on unusual behavior?
Yes, the difference between EDR and regular AV
@@outlawnation5160 actually EDR is passive status doesn’t find out early issues even can bypass it working
llvm goes brr
Nice
How Microsoft make an undetectable warranty ? By incompetence ;)
👍Nice!
Kaspecrsy vs malwarebytes?
Neither are really that great. But definitely go with the one that doesn't have a backdoor built in for for the russian government
Use the one built in for the usa gov instead.
@@maxsecrestif they aren't great go make an antivirus software yourself
@resmanual I can make a virus (I'm litterly not joking, I might make a vd on it)
@@resmanual what a dumb ass response. there are other options to choose from before one would need to gO mAkE OnE YoUrSeLf.
❤❤❤
5:00
i was 17 old makeing that bullshit ....
👍
First
@@Cats_Are_ScaryGrow up.
{test test}
Só antivírus are just a joke?
@@joroc I most day to day basis it's OK... But when you're targeted by highly skilled hacker or group of hackers... Then yes antivirus can't help much
Still maybe i have 100 malwares on my pc but nothing happen yet 😜 just saying
HHHhajahahahhahhahh very trash windows
erm... windows is epic!!
bitdefender so expensive (Turkey)
ty