Developing Trojans With Shellcode
Вставка
- Опубліковано 17 січ 2023
- Hey Hackers!
MalwareDNA: github.com/CosmodiumCS/Malwar...
SysInternals: learn.microsoft.com/en-us/sys...
PUSHAD: pdos.csail.mit.edu/6.828/2008...
PUSHFD: pdos.csail.mit.edu/6.828/2008...
POPAD: pdos.csail.mit.edu/6.828/2008...
POPFD: pdos.csail.mit.edu/6.828/2008...
I hope you enjoyed the video. If you have any questions make sure to leave them in a comment down below. You can also contact me through my website on the "Contact and Information" page or on my discord server.
Want to support CCS?:
Happy Hacker: cosmodiumcs.com/support
GoFundMe: www.gofundme.com/f/CosmodiumCS
Socials:
Website: cosmodiumcs.com
Instagram: / cosmodium.cs
GitHub: github.com/CosmodiumCS
Discord: / discord
Make sure to like and subscribe!
Happy Hacking! - Наука та технологія
I've started watching your malware playlist and I must say that you're great at explaining these concepts. I understood this video very well, and it's a great resource. Keep it up
Glad it was helpful! Hope the malware journey goes well! You can always reach out on discord if you have any questions🤙🏽
I've been doing sektor7 courses on malware development and your videos have really helped, thank you!!!
Ayy! Always happy to this stuff helps out🙏🏽🕺🏽
nice work teacher Cosmo, i´m learning too much, i'm new to malware and seeing thus type of content motivates me to continue learning; greetings to México
Greetings!!👋😄
Best Course, Appreciate your Efforts, Attended the Sector 7 Training, Your Explaination is best. Keep it Up Bro...
Thanks a ton!!
GOATT!! appreciate for the video i love it
Really appreciate your malware development courses. If you could make more free videos please do! Aspiring malware developers like me would strongly appreciate. You earned a sub bro, keep up the great work!
Super interesting, thanks for the video!
Glad you liked it!
hey thanks for creating this series! there's not a lot especially here on youtube, as a beginner its nice to see things like this, if you got any other resources you used while you were trying to branch into malware development I would love you forever
Hey thanks! Not much that i have used personally, but the discord community is pretty helpful and could be a good resource for people to learn from
amazing content man, thanks so much. Greetings from Argentina
Argentinwhaaa!?!? That’s awesome ha!! Thanks so much:)
Thanksss for the perfect malware development videos
Thanks for watching them :D
only one word to say: COOOOOOOOOOOOOOOL!!! :D Thanks bro.😁😁😁
No problem 😊
Cool. Liked, commented and subbed 👍🏼
Thanks!!
Just found your channel! Subscribed really good content! Thanks for sharing. I am not gonna lie I BBQ m very noob in this subject. I would appreciate beginners content 😊
Ay thanks for the sub! Glad u enjoy the vid. I’ll be sure to start introducing some more beginner friendly content in this subject 👍
Really dope
Dude you are really awesome!
Haha thank ya!
great video
I wish i could watch this right now but i am busy for the rest of the day so i hope that i will get to it when i have time tommorow.
No worries at all dude, appreciate the support!🤙
Well Done!
Ayy thank ya bro!!
Wow! I’m learning how to develop malware as a project for school currently, it was originally supposed to be on rootkits/boot kits but I couldn’t make it that far I basically just made a bad shellcode injector, I’m wondering if you have made or have any plans on rootkit/boot kits? Great video tho! I’m gonna play around with it asap!
Awesome video and channel! I've been messing with the zoomit part for days, and I can't get it to run. I go step by step, do the same thing as you in the video, and the mf gives me a last chance exception and terminates (in the debugger). What am I doing wrong?
Great videos thank you! a question, I used vs insider and MinGW-w64 toolchain , and I don't see the eros/NOP at the end, which compiler I need to use? what am I missing? thank you!
Sup!! U should ue clangd, it should be preinstalled with visual studio and accessible via the native tools cmd prompt (also installed with visual studio). My video covering tools for maldev can help you with this as well 🤙🏽
I have a question (it might be a dumb question ) but since the modified program wait for the shellcode to act before executing the program, will it still work for another kind of malware like a reverse shell that use for loops or something (without blocking the original executable)?
Also i love your videos it teaches so many things. Thank you.
I actually have no idea. You should try it and see how it goes!! If it ends up looping and not letting the main executable run, then have the shellcode execute a new *hidden* process for the revshell👍🏽
@@CosmodiumCSThankf for responding, i'll try and post a comment if it worked
Subbed
hi, when i attempt to patch the code, I get 147/202 patches applied. I believe it might be the shell code but i was wondering if you had any pointers
did u found any fix? i get 90/202
my x32dbg apply only 80/203 patches...
a question though, in my xdbg i can't find the entry point - weird - am using x64dbg
And i dont have jmp address like you do in the video - is it because am using a 64 bit windows machine and not a 32 bit? thanks
go into options > set entry break point :)
@@CosmodiumCS hey man, thanks for the reply ✌🏻
I was reading Microsoft documentation and they recommended not to use ANSI encoding functions only Unicode UTF-16, in this video, are the functions still relevant to use?
As their explanation was for global language compilation if am not mistaken
Thanks for the video but i have a question. Since downloading that metasploit program is pretty impossible and annoying on windows, how can i generate the binary file from the shell command manually?
Hey! Yes you cannot install msf on windows. Look into WSL or setting up a vm
@@CosmodiumCS is there an alternative method for windows?
Yes..LOOK INTO WSL OR A VM GAHHHHH!!!
Is this method preferred over creating a batch file that loads both programs, and then converting it to exe?
I would say yes. Utilizing the code cave makes it so that the trojan looks as close to the original file as possible. While the batch converted exe would load both, it could still be detected as malware as it doesn’t have any functionality past the loading of those executables👍
@@CosmodiumCS Thank you!
but NX is disabled?
Does these stuff work against EDRs and defender? Or will it be flagged?
yo! the pushad/fd popad/fd with MSF generated shellcode is likely flagged. so you will have to throw some arbitrary assembly instrucions betweent he pushes and pops as well as writing better shellcode
Awesome, i really want to learn from you, can you let me know how to connect to you personally?please
Yep! Discord link in description 🫡
Ihave a question did u set MS defender out?
Yes, I have AV disabled in my development environment. However it usually goes undetected, especially if you don’t utilize metasploit generated shellcode. You may also want to add some additional instructions as there could be detections for the pushad/fd and popad/fd instructions being used as they are
Could you explain about how to obfuscate shellcode and how after embeding into program decrypt it? I have created few programs on C# for crypt encrypt shellcode so It works without problems, but in your guide, I can't understand if you embed clean shellcode without obfuscation etc. that will be detecteble in AV so that's why I'm asking.
Yeah, i can totally do a video on that. It’s relatively simple to do. As you can pull down the decrypted shellcode from memory
@@CosmodiumCS this would be cool )
Pushad and pushfd are NOT recognized in x64 architecture. I tried as you do but it doesn't work. After the shellcode I inserted a jmp instruction to the head of the disassemble, where the call to display the messagge is. Moreover the entry point in my case is not identified with a jmp instruction but with a call.
Hey!… did u watch the video😭? I had to have said “32bit” at least eight times…we pulled out a 32bit architecture manual to showcase pushfd/ad and popfd/ad..and we put that jmp instruction there..🙈
@@CosmodiumCS the executable I found in your GitHub is x64
If I compile my own x86, the entry point is call instruction and not a jmp. I adopted another approach to do so. Thank you the same.
can trojans be used with documents too?
Yes! But ur usually better of with macros or some sort of polyglot
it says 91/201 patches applied, can u help?
were you able to fix it ?
I don't want to seem like I am nagging but can you please put the wallpaper you use on the cyber store or give it to me in discord?
My bad, totally forgot. Just added it!
Surely that shellcode will be detected
Yeah, for the sake of simplicity i used metasploit to demonstrate the concept. Using something like donut or writing ur own shellcode is far more ideal