Hello Colin, just wanted to take a moment to appreciate your content, very informative. Could you please create a detailed video for students who want to get into Malware analysis, how should they study, what courses can they take? So on.
Colin I am writing you here in what I am sure will be a future video regarding Kaseya. What overwhelms me is that Kaseya's VSA agent code which provided a unified remote-monitoring tool for managing networks and endpoints software which is aimed at enterprises and managed service providers (MSPs) allowed full ROOT access. Kaseya requires that its software agents running in their client's systems be given anti-malware exclusions for it's application and it's agent's working folders. Therefore ANYTHING executed by the Kaseya agent monitor in it's clients machines is allowed to run with full privileges and is ignored by any anti-malware protections.
I visited a normal site and I guess someone highjacked it, because i was redirected me to a page that said Edge was out of date and automatically downloaded a zip file which contained a JavaScript file. Much simpler than this one in your video though. The JavaScript makes a request to some website and will download some payload and tries to execute it. If you want to take a look at it I could send it to you or something.
Love Win7 32bit ! ♥ I'm currently working on a technique to embed js in jpg binary without LSB/MSB methods, but rather Base64 obfuscation... decoded back to ascii. Definitely one the hardest projects I've tackled to date...but it's been a great learning process. Thanks for your interesting vids.
That could actually be a useful short video in the future, but for a quick reply - use monitoring tools to monitor the process, disk, network and registry activity (such as ProcMon) whilst behaviourally analysing the code; and also looking for the same artefacts when statically analysing code also. And keep lots of notes along the way :)
how can we decide which recipe to select for the code you want to decode , do you have any tricks for that . Please let me know , i feel confused while using cyberchef
this JS would execute by the victim double clicking the file in Windows. That's one of the points I was trying to convey in the video is that JS doesn't only just run in the browser.
@@cybercdhactually, JavaScript and Microsoft JScript aren't the same.Unlike JScript, Javascript runs on the browser. JScript is something like VBScript, it is a normal script language
you dont understand. Since most malwares target windows, how can you learn to secure windows / analyze the malware if you dont use windows? And for hackers, if you want to create sophisticated malware, you have to learn the ins and outs of windows, because 70% of world pc users are windows. So, as security guys, if you dont use windows, you dont really know anything about security.
Windows 7 is the most aesthetically pleasing and not slow as hell like windows 10 if you’re on a potato pc windows 7 is better lol it’s my fav but you don’t have to use it if you don’t want to it doesn’t really matter
Hello Colin, just wanted to take a moment to appreciate your content, very informative.
Could you please create a detailed video for students who want to get into Malware analysis, how should they study, what courses can they take? So on.
Hey thanks for the feedback, and that's a great suggestion. I'll give it some thought and look to pull something together :)
Damn that is some patience Colin well done!
ha thanks!
Colin I am writing you here in what I am sure will be a future video regarding Kaseya. What overwhelms me is that Kaseya's VSA agent code which provided a unified remote-monitoring tool for managing networks and endpoints software which is aimed at enterprises and managed service providers (MSPs) allowed full ROOT access. Kaseya requires that its software agents running in their client's systems be given anti-malware exclusions for it's application and it's agent's working folders. Therefore ANYTHING executed by the Kaseya agent monitor in it's clients machines is allowed to run with full privileges and is ignored by any anti-malware protections.
Yeh nice point. I’m actually currently editing some content on this Kaseya incident with some interesting stuff about the attack 👍👍
@@cybercdh remember me when your all famous! :) I can't wait to see the new video!
@@mytechnotalent 😂😂
@@cybercdh LOL
I visited a normal site and I guess someone highjacked it, because i was redirected me to a page that said Edge was out of date and automatically downloaded a zip file which contained a JavaScript file. Much simpler than this one in your video though. The JavaScript makes a request to some website and will download some payload and tries to execute it. If you want to take a look at it I could send it to you or something.
Hijack*
@@hashcat253 jackass*
Glad I discovered your channel its exactly what I've been looking for awesome content!
great to hear it, welcome!
Awesome, thanks Colin!
My pleasure!
Very practical approach Colin. Thanks!
Cheers
Love Win7 32bit ! ♥ I'm currently working on a technique to embed js in jpg binary without LSB/MSB methods, but rather Base64 obfuscation... decoded back to ascii. Definitely one the hardest projects I've tackled to date...but it's been a great learning process. Thanks for your interesting vids.
My BOIIII. let’s go. Love ur videos man
Thanks! I appreciate it
Idk how people have time to implement stuff like this, is crazy, and here I’m struggling trying to center a div 😅
Lmao
true
Lol
Me tooo😴😴😴
Good stuff Colin 👍
Thanks 👍
your channel is definitely all i was looking for long time! thank you so much for the work!
I appreciate it thanks man
Subscribed! Great video! Thanks for your time! JS for life!!!
Really informative video
Glad you liked it
first time ever hearing of cscript and wscirpt.
Hi Mathew, how is the malware breaking out of the sandbox in this case in order to drop and execute a file?
This video really proves how powerful JavaScript can be, also, if JavaScript can make powerful malware, could it make a powerful antivirus?
Malware is software it can be scripted so yes it definitely can
can these malware still run on updated browsers? would whatever windows security or antivirus/antimalware stop these type of js from being clicked?
very nice video, thank you Colin
How do you document IOCs when completing malware analysis ?
That could actually be a useful short video in the future, but for a quick reply - use monitoring tools to monitor the process, disk, network and registry activity (such as ProcMon) whilst behaviourally analysing the code; and also looking for the same artefacts when statically analysing code also. And keep lots of notes along the way :)
love it. good video!
how can we decide which recipe to select for the code you want to decode , do you have any tricks for that . Please let me know , i feel confused while using cyberchef
Where did you get the malware from, coz i would like to tinker with please...
Links are in the description
sir i wanna learning about cyber security or ethnical hacking but i don"t know how i"m learning
than learn how to Learn how to be Learning
At what point would JavaScript like that execute? After visiting a web page with that malicious code?
this JS would execute by the victim double clicking the file in Windows. That's one of the points I was trying to convey in the video is that JS doesn't only just run in the browser.
@@cybercdh thanks for the reply! Makes sense, cheers
@@cybercdhactually, JavaScript and Microsoft JScript aren't the same.Unlike JScript, Javascript runs on the browser. JScript is something like VBScript, it is a normal script language
You're dope man keep up your great content 👏👏👏👏👏👏👏❤
0:32 asian parents would be upset
-document.querySelector('video').playbackRate = 4; console.log('❤');
Good bro
Thanks
why do you still use windows 7?
Why not?
@@cybercdh what windows is the best for coding?
you dont understand.
Since most malwares target windows, how can you learn to secure windows / analyze the malware if you dont use windows?
And for hackers, if you want to create sophisticated malware, you have to learn the ins and outs of windows, because 70% of world pc users are windows.
So, as security guys, if you dont use windows, you dont really know anything about security.
@@novianindy887 windows 7 is an old version of windows
Windows 7 is the most aesthetically pleasing and not slow as hell like windows 10 if you’re on a potato pc windows 7 is better lol it’s my fav but you don’t have to use it if you don’t want to it doesn’t really matter
my website also has the same ugly set of codes as the PayPal example you showed. Can I fix it anyhow?
Stop revealing all our secrets as pentesters. 😂
How will I then learn. 🥺
Jesus Loves you REPENT OF YOUR SINS!
@@vishalr7959 than Learn how to Learn whatever u wanna learn.
💞💞💞💞💞💞💞💞💓💓💓💓💕💕 thanks for this clear explanation 💕😁😉
javascript? malware??
yes, why surprised lol
JS ftw
@@kurdm1482basmtball 😢
bro can you help me to descompile some EX4 file ?