Basic Linux Memory Forensics - Dumping Memory and Files with DD - Analyzing Metttle/Meterpreter

I feel like we've been getting more uploads than usual from you and its great! It's crazy to think I've learned much of what I know about offensive security from your videos. Now I'm OSCP certified and working towards OSWE and OSED. Can't thank you enough for the content!

I was just reading your reply on Liveoverflow's comment about not going technical. By the way Happy April Fool.☺️
Watching the video now..

Awesome explanation like always. I‘d love to see a deep-dive assembly with reversing malware from you.
Keep things up ipp!

This was super informative, with quick and spot on explanations without any unnecessary «fill» content👍🏼👍🏼👍🏼

the way you explain things is truly amazing ! can't get enough of your content

Awesome to see some new content from you my man! Please keep it up, much appreciated!

Thanks for that . Please continue with this type of content !! ❤️❤️

As always, just awesome content.

Thank you ippsec, you are the best. Keep uploads videos that can teach us

This was great, love it!

Amazing!
Thank you!

It's really very interesting, thank you IppSec.

It's reminds me "Mr robot".
You always gem 💎❤️

Ports are 16 bits, and 4433 decimal works out to 1151. As x86 uses little endian, this will show up as 5111. So, the dword that you found was, in fact, the port for sys_socketcall().

great explanation

Awesome video.

Good job we enjoying your vedio

Nice!

Thanks

4:00 ELF is a windows executeable? I thought ELF is for unix based systems and PE is the windows executable format?

Hello, ippsec can you provide me the flag that you used to reduce go file size while compiling ?

That was very nice forensics. From the video I gathered it was a 'malicious actor'? Maybe I am wrong and someone just left it there, didn't watch the stream :(
I am wondering though, what generally happens to people who put malware like this on certain HTB machines? Because I know you can track the IP to the account. I am asking because this might not be only scenario. Like what happens to people who actively try to hack another user. Not an "accident" or a bump during live machines.

Ohhh nicceee ❤️

Hey ipp,
For 21:18 part, the port and AF_INET are both taking 2 bytes:
The port is echo $((0x5111)) => 20753 and AF_INET=2 , you can check it in 14:47.
Awesome content as always, thanks alot for it, we learn everyday from you =)

What gdb config is that? Mine is seemingly boring compared to yours :(

hi sir why when i dumping memory and files always just get dump file with size 1 MB to 1.5 MB, but the original size file is more than 15 MB, do you know how to fix it sir?
here is my command:
dd if=/proc/pid/mem of=/temp/dump bs=1 count=dumpSize skip=StartAddress

Who else likes how he uses legend of zelda related names in some of his VMs?

So it is running even after removing the executable ? what about after rebooting a system, will still be working ?

Brother, please make a video on how to install dvwa on ubuntu

wow