For the first time youtube suggested me a totally worthy channel. Please keep going and try to post more frequently. Going to watch all your videos. ♥️
If I were to continue building maldev.exe, I could add in functionality to iterate over folders and exfil that data. But maldev.exe was created just for Educational Purposes for this video, so I never implemented that... and have no plans on doing so.
Very true! And if you RE the payload, you'll find msfvenom signatures both in the executable and also in network traffic. So a skilled RE can easily see if the hacker used msfvenom or not.
@@stryker2k2 I tried to view whether I can see on ghidra's defined strings but I only see strings such as PAYLOAD before disassembling; only on strings analysis. is it easy to make a new RE be able to identify the basic msfvenom windows/meterpreter/reverse_tcp payload during the initial analysis?
@@busyhacker63 I'm sure someone has made a plugin by now to do a quick analysis to find msfvenom characteristics. I don't RE them enough to provide any useful hints. But, if you make a handful of msfvenom payloads and practice with those, you'll start to see similarities. As for me, I make my own payloads and compile with gcc/g++ so I can now easily tell if a payload is compiled with gcc/g++ because of how the main function is called and because of some of the strings included.
@@stryker2k2 I was literally watching the video you referenced and saw you showed it....I then went back to this video to respond that "I found it"...aaaaand you already replied. Lmao! Thanks again for you r videos, I will be watching them all and follow ya! :)
This is the second comment about ELF. It's not my preferred executable but I'm not against it. The base logic is the same so I should be able to learn how to reverse it easily. Once I get a good grasp of it, I'll spin up a Linux machine and make an ELF RE video 😁
For the first time youtube suggested me a totally worthy channel. Please keep going and try to post more frequently. Going to watch all your videos. ♥️
Thank you, Anurag! You rock!
Hi Jack! Thank you for the videos. I really like how you vocally express your analysis. Keep it up!
Thanks, Umar!
For me only Gidrad with reverse engeniering suppot me correctely .
great video! cant wait to see ur next video about reverse engineering!!!!
is it going to extract the characters, stages, data folders? Thank you
If I were to continue building maldev.exe, I could add in functionality to iterate over folders and exfil that data. But maldev.exe was created just for Educational Purposes for this video, so I never implemented that... and have no plans on doing so.
I love your videos bro. Please make more.
very cool crash course, It is like you can analyse the metasploit payload.exe file made with msfvenom
Very true! And if you RE the payload, you'll find msfvenom signatures both in the executable and also in network traffic. So a skilled RE can easily see if the hacker used msfvenom or not.
@@stryker2k2 I tried to view whether I can see on ghidra's defined strings but I only see strings such as PAYLOAD before disassembling; only on strings analysis. is it easy to make a new RE be able to identify the basic msfvenom windows/meterpreter/reverse_tcp payload during the initial analysis?
@@busyhacker63 I'm sure someone has made a plugin by now to do a quick analysis to find msfvenom characteristics. I don't RE them enough to provide any useful hints. But, if you make a handful of msfvenom payloads and practice with those, you'll start to see similarities.
As for me, I make my own payloads and compile with gcc/g++ so I can now easily tell if a payload is compiled with gcc/g++ because of how the main function is called and because of some of the strings included.
Thank you! How did you go about making your Ghidra client a nice, calm dark theme?
I love Ghidra's dark theme! Check out this video where I show you how to set up dark theme:
ua-cam.com/video/Cgukr7v9eg0/v-deo.html
@@stryker2k2 I was literally watching the video you referenced and saw you showed it....I then went back to this video to respond that "I found it"...aaaaand you already replied. Lmao! Thanks again for you r videos, I will be watching them all and follow ya! :)
Awesome! I'm glad you found it! 😁
@@stryker2k2 Will you be doing any ELF reverse engineering videos in the future?
This is the second comment about ELF. It's not my preferred executable but I'm not against it.
The base logic is the same so I should be able to learn how to reverse it easily. Once I get a good grasp of it, I'll spin up a Linux machine and make an ELF RE video 😁
ILSpy saved my life. F*ck Ghidra ://
ILSpy? Hmmm... I'll have to look into that.
sir can you crack any online login panel
Can I? Probably.
Will I? Absolutely not.
@@stryker2k2 like vmprocted files