Home
Search results “Cryptolocker command and control servers dedicated”
DEF CON 24 - Brad Woodberg - Malware Command and Control Channels: A journey into darkness
 
48:34
Much of the time and attention dedicated to modern network security focuses on detecting the contemporary vulnerabilities and exploits which power the breaches that make the headlines. With almost all of the emphasis is placed around the endless cycle of new entry points, we are often overlooking what is perhaps one of the most profoundly interesting aspects of modern network breaches; the post-exploit communication of a compromised system to the attacker—known as command and control. Once malware has compromised an end system, the tables are turned against the attackers; we go from being on defense, to being on offense. Attackers are constantly evolving their techniques and have become incredibly creative in attempting to hide their tracks, maintain control of compromised systems, and exfiltrate sensitive data. This presentation will explore how command and control channels have evolved against traditional defenses, where they are today, future predictions on their evolution, and most importantly, how you can go on the offense to protect your organization by identifying and disrupting command and control channels in your network. Bio: Brad Woodberg is a Group Product Manager at Proofpoint Inc, leading the Emerging Threats product line. Prior to his current role at Proofpoint, he spent six years at Juniper Networks as a layer 7 security product manager and product line engineer. Prior to Juniper he worked for a security consulting company in Ann Arbor Michigan for four years delivering a variety of network security technologies and services. He is a four-time published author of network security books through O’Reilly and Syngress. He has spoken at several security conferences including DEF CON 19, CanSecWest 2011, SEMAPHOR and other regional talks. Brad is also an active mentor to up and coming security engineers who share a similar interest and passion in all things network security.
Views: 4642 DEFCONConference
MIPS Compiling, Analysis, and Debugging on x86/x64 Architecture
 
00:51
Ring Ø Labs -------------------- ARTICLE: http://www.ringzerolabs.com/2018/03/the-wonderful-world-of-mips.html MALWARE ANALYSIS LAB SETUP: https://www.youtube.com/playlist?list=PLrJFR89Z-9SBDMiCtDT2_4SJxkFpc-k7P REDDIT: https://www.reddit.com/r/RingZero/ TWITTER: https://twitter.com/RingZeroLabs FACEBOOK: https://www.facebook.com/Ring-Zero-Labs-110227123029488 GOOGLE+: https://plus.google.com/b/117437081620745642342/117437081620745642342 Ring Ø Labs is a Reverse Engineering site dedicated to analyzing malware, researching emergent security topics, and hacking the planet :) Here are some approaches in reverse engineering a malware sample: Reverse engineer: The most obvious approach is to completely reverse engineer a piece of malware. This obviously takes a great amount of time, so other approaches are more practical. Exploitation techniques: Another approach you can take is to focus on the exploitation techniques of a piece of malware. Occasionally you will see a piece of malware that is using a new exploitation technique, or is exploiting a zero-day vulnerability. In this case you may be interested only in the specific exploitation technique so you can timebox your analysis and only look at the exploitation mechanisms. Obfuscation: Malware will often obfuscate itself and make itself difficult to analyze. You might come across malware that you have seen before without obfuscation. In that case you may only want to focus on reverse engineering the new parts. Encryption methods: A common type of malware these days is ransomware. Ransomware essentially encrypts the victim's files and locks them up so that they can't be accessed or read. Oftentimes the authors of ransomware will make mistakes when they implement the encryption mechanisms. So if you focus your research on the encryption mechanisms you might be able to find weaknesses in their implementation and/or you might be able to find hard-coded keys or weak algorithms. C&C communication: This is something that is pretty commonly done when looking at malware. Analysts often want to figure out what the communication protocol is between a piece of malware on the client's side and the server on the command and control side. The communication protocol can actually give you a lot of hints about the malware’s capabilities. Attribution: Murky area - kind of like a dark art. It usually involves a lot of guesswork, knowledge of malicious hacking teams and looking at more than one piece of malware. Categorization and clustering: You can reverse engineer malware from a broader point of view. This involves looking at malware in bulk and doing a broad-stroke analysis on lots of different malware, rather than doing a deep dive. Techniques Now, let’s look at techniques that can be utilized while analyzing malware. First of all, we use static analysis. This is the process of analyzing malware or binaries without actually running them. It can be as simple as looking at metadata from a file. It can range from doing disassembly or decompilation of malware code to symbolic execution, which is something like virtual execution of a binary without actually executing it in a real environment. Conversely, dynamic analysis is the process of analyzing a piece of malware when you are running it in a live environment. In this case, you are often looking at the behavior of the malware and looking at the side effects of what it is doing. You are running tools like process monitor and sysmon to see what kinds of artifacts a piece of malware produces after it is run. We also use automated analysis. Oftentimes if you are looking at malware you want to automate things just to speed up the process to save time. However, use caution, as with automated analysis sometimes things get missed because you are trying to do things generically. If a piece of malware contains things like anti-debugging routines or anti-analysis mechanisms, you may want to perform a manual analysis. You need to pick the right tools for the job. DISCLAIMER: Our videos are strictly for documentary, educational, and entertainment purposes only. Imitation or the use of any acts depicted in these videos is solely AT YOUR OWN RISK. We (including YouTube) will not be held liable for any injury to yourself or damage to others resulting from attempting anything shown in any our videos. We do not endorse any specific product and this video is not an attempt to sell you a good or service. These videos are free to watch and if anyone attempts to charge for this video notify us immediately. By viewing or flagging this video you are acknowledging the above.
Views: 144 H4rM0n1cH4cK
MS17 010 EternalBlue SMB Exploit
 
02:53
Ring Ø Labs is a Reverse Engineering site dedicated to analyzing malware, researching emergent security topics, and hacking the planet. www.RingZeroLabs.com Here are some approaches in reverse engineering a malware sample: Reverse engineer: The most obvious approach is to completely reverse engineer a piece of malware. This obviously takes a great amount of time, so other approaches are more practical. Exploitation techniques: Another approach you can take is to focus on the exploitation techniques of a piece of malware. Occasionally you will see a piece of malware that is using a new exploitation technique, or is exploiting a zero-day vulnerability. In this case you may be interested only in the specific exploitation technique so you can timebox your analysis and only look at the exploitation mechanisms. Obfuscation: Malware will often obfuscate itself and make itself difficult to analyze. You might come across malware that you have seen before without obfuscation. In that case you may only want to focus on reverse engineering the new parts. Encryption methods: A common type of malware these days is ransomware. Ransomware essentially encrypts the victim's files and locks them up so that they can't be accessed or read. Oftentimes the authors of ransomware will make mistakes when they implement the encryption mechanisms. So if you focus your research on the encryption mechanisms you might be able to find weaknesses in their implementation and/or you might be able to find hard-coded keys or weak algorithms. C&C communication: This is something that is pretty commonly done when looking at malware. Analysts often want to figure out what the communication protocol is between a piece of malware on the client's side and the server on the command and control side. The communication protocol can actually give you a lot of hints about the malware’s capabilities. Attribution: Murky area - kind of like a dark art. It usually involves a lot of guesswork, knowledge of malicious hacking teams and looking at more than one piece of malware. Categorization and clustering: You can reverse engineer malware from a broader point of view. This involves looking at malware in bulk and doing a broad-stroke analysis on lots of different malware, rather than doing a deep dive. Techniques Now, let’s look at techniques that can be utilized while analyzing malware. First of all, we use static analysis. This is the process of analyzing malware or binaries without actually running them. It can be as simple as looking at metadata from a file. It can range from doing disassembly or decompilation of malware code to symbolic execution, which is something like virtual execution of a binary without actually executing it in a real environment. Conversely, dynamic analysis is the process of analyzing a piece of malware when you are running it in a live environment. In this case, you are often looking at the behavior of the malware and looking at the side effects of what it is doing. You are running tools like process monitor and sysmon to see what kinds of artifacts a piece of malware produces after it is run. We also use automated analysis. Oftentimes if you are looking at malware you want to automate things just to speed up the process to save time. However, use caution, as with automated analysis sometimes things get missed because you are trying to do things generically. If a piece of malware contains things like anti-debugging routines or anti-analysis mechanisms, you may want to perform a manual analysis. You need to pick the right tools for the job. DISCLAIMER: Our videos are strictly for documentary, educational, and entertainment purposes only. Imitation or the use of any acts depicted in these videos is solely AT YOUR OWN RISK. We (including YouTube) will not be held liable for any injury to yourself or damage to others resulting from attempting anything shown in any our videos. We do not endorse any specific product and this video is not an attempt to sell you a good or service. These videos are free to watch and if anyone attempts to charge for this video notify us immediately. By viewing or flagging this video you are acknowledging the above.
Views: 2027 H4rM0n1cH4cK
Debugging and Monitoring Malware Network Activities with Haka
 
27:03
This paper by Benoît Ancel and Mehdi Talbi (Stormshield) was presented at VB2016 in Denver. Malware analysts have an arsenal of tools to reverse engineer malware but lack the means to monitor, debug and control the malicious network traffic. In this paper, we propose to use Haka — an open source security-oriented language — to address this problem. The rationale for this is fourfold: first, Haka features a grammar that allows one to naturally express malware protocol dissectors. Second, Haka provides a dedicated and customizable tool (Hakabana) to provide a real-time visualization of malware network activities through Kibana dashboards. Third, Haka has an interactive mode that enables it to break into particular packets/streams and inspect their content. Haka also features a stream-disassembler module that leverages the Capstone engine which enables disassembling the packet content into ASM instructions at the network level. Finally, Haka provides the most advanced API for packet and stream manipulation. One can drop, create and inject packets. Haka also supports on-the-fly packet modification. This is one of the main features of Haka since all complex tasks such as resizing packets, setting correct sequence numbers are done transparently to the user. For example, this enables us to hijack some botnet commands to automatically disinfect a set of compromised computers if the malware supports such C&C commands (e.g. uninstall). In this presentation we will showcase the monitoring of the C&C activities of a well-known malware family starting from the detection of the initial infection to the removal of the malware. All these steps are managed through advanced Haka security rules. Additionally, we will provide a set of protocols dissectors of well-known malware families and show some statistics and interesting results from our tracking of real-word C&C traffic. https://www.virusbulletin.com/conference/vb2016/abstracts/debugging-and-monitoring-malware-network-activities-haka
Views: 585 Virus Bulletin
Debugging and Attaching to MIPS With GDB-MULTIARCH
 
04:17
Ring Ø Labs -------------------- ARTICLE: http://www.ringzerolabs.com/2018/03/the-wonderful-world-of-mips.html MALWARE ANALYSIS LAB SETUP: https://www.youtube.com/playlist?list=PLrJFR89Z-9SBDMiCtDT2_4SJxkFpc-k7P REDDIT: https://www.reddit.com/r/RingZero/ TWITTER: https://twitter.com/RingZeroLabs FACEBOOK: https://www.facebook.com/Ring-Zero-Labs-110227123029488 GOOGLE+: https://plus.google.com/b/117437081620745642342/117437081620745642342 Ring Ø Labs is a Reverse Engineering site dedicated to analyzing malware, researching emergent security topics, and hacking the planet :) Here are some approaches in reverse engineering a malware sample: Reverse engineer: The most obvious approach is to completely reverse engineer a piece of malware. This obviously takes a great amount of time, so other approaches are more practical. Exploitation techniques: Another approach you can take is to focus on the exploitation techniques of a piece of malware. Occasionally you will see a piece of malware that is using a new exploitation technique, or is exploiting a zero-day vulnerability. In this case you may be interested only in the specific exploitation technique so you can timebox your analysis and only look at the exploitation mechanisms. Obfuscation: Malware will often obfuscate itself and make itself difficult to analyze. You might come across malware that you have seen before without obfuscation. In that case you may only want to focus on reverse engineering the new parts. Encryption methods: A common type of malware these days is ransomware. Ransomware essentially encrypts the victim's files and locks them up so that they can't be accessed or read. Oftentimes the authors of ransomware will make mistakes when they implement the encryption mechanisms. So if you focus your research on the encryption mechanisms you might be able to find weaknesses in their implementation and/or you might be able to find hard-coded keys or weak algorithms. C&C communication: This is something that is pretty commonly done when looking at malware. Analysts often want to figure out what the communication protocol is between a piece of malware on the client's side and the server on the command and control side. The communication protocol can actually give you a lot of hints about the malware’s capabilities. Attribution: Murky area - kind of like a dark art. It usually involves a lot of guesswork, knowledge of malicious hacking teams and looking at more than one piece of malware. Categorization and clustering: You can reverse engineer malware from a broader point of view. This involves looking at malware in bulk and doing a broad-stroke analysis on lots of different malware, rather than doing a deep dive. Techniques Now, let’s look at techniques that can be utilized while analyzing malware. First of all, we use static analysis. This is the process of analyzing malware or binaries without actually running them. It can be as simple as looking at metadata from a file. It can range from doing disassembly or decompilation of malware code to symbolic execution, which is something like virtual execution of a binary without actually executing it in a real environment. Conversely, dynamic analysis is the process of analyzing a piece of malware when you are running it in a live environment. In this case, you are often looking at the behavior of the malware and looking at the side effects of what it is doing. You are running tools like process monitor and sysmon to see what kinds of artifacts a piece of malware produces after it is run. We also use automated analysis. Oftentimes if you are looking at malware you want to automate things just to speed up the process to save time. However, use caution, as with automated analysis sometimes things get missed because you are trying to do things generically. If a piece of malware contains things like anti-debugging routines or anti-analysis mechanisms, you may want to perform a manual analysis. You need to pick the right tools for the job. DISCLAIMER: Our videos are strictly for documentary, educational, and entertainment purposes only. Imitation or the use of any acts depicted in these videos is solely AT YOUR OWN RISK. We (including YouTube) will not be held liable for any injury to yourself or damage to others resulting from attempting anything shown in any our videos. We do not endorse any specific product and this video is not an attempt to sell you a good or service. These videos are free to watch and if anyone attempts to charge for this video notify us immediately. By viewing or flagging this video you are acknowledging the above.
Views: 719 H4rM0n1cH4cK
Malware Analysis   Fidelis Ransomware Demonstration
 
05:47
Ring Ø Labs full article and sample download here: http://www.ringzerolabs.com/2017/07/fidrwexe-ransomware.html Ring Ø Labs Analysis Environment Setup: https://www.youtube.com/edit?o=U&video_id=Onqql1Zz3OE Ring Ø Labs is a Reverse Engineering site dedicated to analyzing malware, researching emergent security topics, and hacking the planet. www.RingZeroLabs.com Here are some approaches in reverse engineering a malware sample: Reverse engineer: The most obvious approach is to completely reverse engineer a piece of malware. This obviously takes a great amount of time, so other approaches are more practical. Exploitation techniques: Another approach you can take is to focus on the exploitation techniques of a piece of malware. Occasionally you will see a piece of malware that is using a new exploitation technique, or is exploiting a zero-day vulnerability. In this case you may be interested only in the specific exploitation technique so you can timebox your analysis and only look at the exploitation mechanisms. Obfuscation: Malware will often obfuscate itself and make itself difficult to analyze. You might come across malware that you have seen before without obfuscation. In that case you may only want to focus on reverse engineering the new parts. Encryption methods: A common type of malware these days is ransomware. Ransomware essentially encrypts the victim's files and locks them up so that they can't be accessed or read. Oftentimes the authors of ransomware will make mistakes when they implement the encryption mechanisms. So if you focus your research on the encryption mechanisms you might be able to find weaknesses in their implementation and/or you might be able to find hard-coded keys or weak algorithms. C&C communication: This is something that is pretty commonly done when looking at malware. Analysts often want to figure out what the communication protocol is between a piece of malware on the client's side and the server on the command and control side. The communication protocol can actually give you a lot of hints about the malware’s capabilities. Attribution: Murky area - kind of like a dark art. It usually involves a lot of guesswork, knowledge of malicious hacking teams and looking at more than one piece of malware. Categorization and clustering: You can reverse engineer malware from a broader point of view. This involves looking at malware in bulk and doing a broad-stroke analysis on lots of different malware, rather than doing a deep dive. Techniques Now, let’s look at techniques that can be utilized while analyzing malware. First of all, we use static analysis. This is the process of analyzing malware or binaries without actually running them. It can be as simple as looking at metadata from a file. It can range from doing disassembly or decompilation of malware code to symbolic execution, which is something like virtual execution of a binary without actually executing it in a real environment. Conversely, dynamic analysis is the process of analyzing a piece of malware when you are running it in a live environment. In this case, you are often looking at the behavior of the malware and looking at the side effects of what it is doing. You are running tools like process monitor and sysmon to see what kinds of artifacts a piece of malware produces after it is run. We also use automated analysis. Oftentimes if you are looking at malware you want to automate things just to speed up the process to save time. However, use caution, as with automated analysis sometimes things get missed because you are trying to do things generically. If a piece of malware contains things like anti-debugging routines or anti-analysis mechanisms, you may want to perform a manual analysis. You need to pick the right tools for the job. DISCLAIMER: Our videos are strictly for documentary, educational, and entertainment purposes only. Imitation or the use of any acts depicted in these videos is solely AT YOUR OWN RISK. We (including YouTube) will not be held liable for any injury to yourself or damage to others resulting from attempting anything shown in any our videos. We do not endorse any specific product and this video is not an attempt to sell you a good or service. These videos are free to watch and if anyone attempts to charge for this video notify us immediately. By viewing or flagging this video you are acknowledging the above.
Views: 110 H4rM0n1cH4cK
Fastest Malware Analysis Lab Setup With FREE VM and Tools
 
13:37
Windows 90 Day VM Preview: https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/ FLAREs Automatic Malware Analysis Lab Setup: https://github.com/fireeye/flare-vm Ring Ø Labs -------------------- WEBSITE: http://RingZeroLabs.com ANALYSIS LAB SETUP: https://youtu.be/qW-LzlVQyCg ANALYSIS TOOLS: https://youtu.be/Onqql1Zz3OE Ring Ø Labs is a Reverse Engineering site dedicated to analyzing malware, researching emergent security topics, and hacking the planet :) Here are some approaches in reverse engineering a malware sample: Reverse engineer: The most obvious approach is to completely reverse engineer a piece of malware. This obviously takes a great amount of time, so other approaches are more practical. Exploitation techniques: Another approach you can take is to focus on the exploitation techniques of a piece of malware. Occasionally you will see a piece of malware that is using a new exploitation technique, or is exploiting a zero-day vulnerability. In this case you may be interested only in the specific exploitation technique so you can timebox your analysis and only look at the exploitation mechanisms. Obfuscation: Malware will often obfuscate itself and make itself difficult to analyze. You might come across malware that you have seen before without obfuscation. In that case you may only want to focus on reverse engineering the new parts. Encryption methods: A common type of malware these days is ransomware. Ransomware essentially encrypts the victim's files and locks them up so that they can't be accessed or read. Oftentimes the authors of ransomware will make mistakes when they implement the encryption mechanisms. So if you focus your research on the encryption mechanisms you might be able to find weaknesses in their implementation and/or you might be able to find hard-coded keys or weak algorithms. C&C communication: This is something that is pretty commonly done when looking at malware. Analysts often want to figure out what the communication protocol is between a piece of malware on the client's side and the server on the command and control side. The communication protocol can actually give you a lot of hints about the malware’s capabilities. Attribution: Murky area - kind of like a dark art. It usually involves a lot of guesswork, knowledge of malicious hacking teams and looking at more than one piece of malware. Categorization and clustering: You can reverse engineer malware from a broader point of view. This involves looking at malware in bulk and doing a broad-stroke analysis on lots of different malware, rather than doing a deep dive. Techniques Now, let’s look at techniques that can be utilized while analyzing malware. First of all, we use static analysis. This is the process of analyzing malware or binaries without actually running them. It can be as simple as looking at metadata from a file. It can range from doing disassembly or decompilation of malware code to symbolic execution, which is something like virtual execution of a binary without actually executing it in a real environment. Conversely, dynamic analysis is the process of analyzing a piece of malware when you are running it in a live environment. In this case, you are often looking at the behavior of the malware and looking at the side effects of what it is doing. You are running tools like process monitor and sysmon to see what kinds of artifacts a piece of malware produces after it is run. We also use automated analysis. Oftentimes if you are looking at malware you want to automate things just to speed up the process to save time. However, use caution, as with automated analysis sometimes things get missed because you are trying to do things generically. If a piece of malware contains things like anti-debugging routines or anti-analysis mechanisms, you may want to perform a manual analysis. You need to pick the right tools for the job. DISCLAIMER: Our videos are strictly for documentary, educational, and entertainment purposes only. Imitation or the use of any acts depicted in these videos is solely AT YOUR OWN RISK. We (including YouTube) will not be held liable for any injury to yourself or damage to others resulting from attempting anything shown in any our videos. We do not endorse any specific product and this video is not an attempt to sell you a good or service. These videos are free to watch and if anyone attempts to charge for this video notify us immediately. By viewing or flagging this video you are acknowledging the above.
Views: 6141 H4rM0n1cH4cK
Malware Analysis - Obfuscated Locky Ransomware Downloader
 
10:25
Ring Ø Labs -------------------- REPORT+SAMPLE: http://www.ringzerolabs.com/2017/08/analyzing-several-layers-of-obfuscation.html ANALYSIS LAB SETUP: https://youtu.be/qW-LzlVQyCg ANALYSIS TOOLS: https://youtu.be/Onqql1Zz3OE Ring Ø Labs is a Reverse Engineering site dedicated to analyzing malware, researching emergent security topics, and hacking the planet :) Here are some approaches in reverse engineering a malware sample: Reverse engineer: The most obvious approach is to completely reverse engineer a piece of malware. This obviously takes a great amount of time, so other approaches are more practical. Exploitation techniques: Another approach you can take is to focus on the exploitation techniques of a piece of malware. Occasionally you will see a piece of malware that is using a new exploitation technique, or is exploiting a zero-day vulnerability. In this case you may be interested only in the specific exploitation technique so you can timebox your analysis and only look at the exploitation mechanisms. Obfuscation: Malware will often obfuscate itself and make itself difficult to analyze. You might come across malware that you have seen before without obfuscation. In that case you may only want to focus on reverse engineering the new parts. Encryption methods: A common type of malware these days is ransomware. Ransomware essentially encrypts the victim's files and locks them up so that they can't be accessed or read. Oftentimes the authors of ransomware will make mistakes when they implement the encryption mechanisms. So if you focus your research on the encryption mechanisms you might be able to find weaknesses in their implementation and/or you might be able to find hard-coded keys or weak algorithms. C&C communication: This is something that is pretty commonly done when looking at malware. Analysts often want to figure out what the communication protocol is between a piece of malware on the client's side and the server on the command and control side. The communication protocol can actually give you a lot of hints about the malware’s capabilities. Attribution: Murky area - kind of like a dark art. It usually involves a lot of guesswork, knowledge of malicious hacking teams and looking at more than one piece of malware. Categorization and clustering: You can reverse engineer malware from a broader point of view. This involves looking at malware in bulk and doing a broad-stroke analysis on lots of different malware, rather than doing a deep dive. Techniques Now, let’s look at techniques that can be utilized while analyzing malware. First of all, we use static analysis. This is the process of analyzing malware or binaries without actually running them. It can be as simple as looking at metadata from a file. It can range from doing disassembly or decompilation of malware code to symbolic execution, which is something like virtual execution of a binary without actually executing it in a real environment. Conversely, dynamic analysis is the process of analyzing a piece of malware when you are running it in a live environment. In this case, you are often looking at the behavior of the malware and looking at the side effects of what it is doing. You are running tools like process monitor and sysmon to see what kinds of artifacts a piece of malware produces after it is run. We also use automated analysis. Oftentimes if you are looking at malware you want to automate things just to speed up the process to save time. However, use caution, as with automated analysis sometimes things get missed because you are trying to do things generically. If a piece of malware contains things like anti-debugging routines or anti-analysis mechanisms, you may want to perform a manual analysis. You need to pick the right tools for the job. DISCLAIMER: Our videos are strictly for documentary, educational, and entertainment purposes only. Imitation or the use of any acts depicted in these videos is solely AT YOUR OWN RISK. We (including YouTube) will not be held liable for any injury to yourself or damage to others resulting from attempting anything shown in any our videos. We do not endorse any specific product and this video is not an attempt to sell you a good or service. These videos are free to watch and if anyone attempts to charge for this video notify us immediately. By viewing or flagging this video you are acknowledging the above.
Views: 894 H4rM0n1cH4cK
Malware Analysis   FBI Ransomware
 
06:03
You can find a full write-up and sample download here: http://www.ringzerolabs.com/2017/08/fbi-ransomware.html Ring Ø Labs Analysis Environment Setup: https://www.youtube.com/edit?o=U&video_id=Onqql1Zz3OE Ring Ø Labs is a Reverse Engineering site dedicated to analyzing malware, researching emergent security topics, and hacking the planet. www.RingZeroLabs.com Here are some approaches in reverse engineering a malware sample: Reverse engineer: The most obvious approach is to completely reverse engineer a piece of malware. This obviously takes a great amount of time, so other approaches are more practical. Exploitation techniques: Another approach you can take is to focus on the exploitation techniques of a piece of malware. Occasionally you will see a piece of malware that is using a new exploitation technique, or is exploiting a zero-day vulnerability. In this case you may be interested only in the specific exploitation technique so you can timebox your analysis and only look at the exploitation mechanisms. Obfuscation: Malware will often obfuscate itself and make itself difficult to analyze. You might come across malware that you have seen before without obfuscation. In that case you may only want to focus on reverse engineering the new parts. Encryption methods: A common type of malware these days is ransomware. Ransomware essentially encrypts the victim's files and locks them up so that they can't be accessed or read. Oftentimes the authors of ransomware will make mistakes when they implement the encryption mechanisms. So if you focus your research on the encryption mechanisms you might be able to find weaknesses in their implementation and/or you might be able to find hard-coded keys or weak algorithms. C&C communication: This is something that is pretty commonly done when looking at malware. Analysts often want to figure out what the communication protocol is between a piece of malware on the client's side and the server on the command and control side. The communication protocol can actually give you a lot of hints about the malware’s capabilities. Attribution: Murky area - kind of like a dark art. It usually involves a lot of guesswork, knowledge of malicious hacking teams and looking at more than one piece of malware. Categorization and clustering: You can reverse engineer malware from a broader point of view. This involves looking at malware in bulk and doing a broad-stroke analysis on lots of different malware, rather than doing a deep dive. Techniques Now, let’s look at techniques that can be utilized while analyzing malware. First of all, we use static analysis. This is the process of analyzing malware or binaries without actually running them. It can be as simple as looking at metadata from a file. It can range from doing disassembly or decompilation of malware code to symbolic execution, which is something like virtual execution of a binary without actually executing it in a real environment. Conversely, dynamic analysis is the process of analyzing a piece of malware when you are running it in a live environment. In this case, you are often looking at the behavior of the malware and looking at the side effects of what it is doing. You are running tools like process monitor and sysmon to see what kinds of artifacts a piece of malware produces after it is run. We also use automated analysis. Oftentimes if you are looking at malware you want to automate things just to speed up the process to save time. However, use caution, as with automated analysis sometimes things get missed because you are trying to do things generically. If a piece of malware contains things like anti-debugging routines or anti-analysis mechanisms, you may want to perform a manual analysis. You need to pick the right tools for the job. DISCLAIMER: Our videos are strictly for documentary, educational, and entertainment purposes only. Imitation or the use of any acts depicted in these videos is solely AT YOUR OWN RISK. We (including YouTube) will not be held liable for any injury to yourself or damage to others resulting from attempting anything shown in any our videos. We do not endorse any specific product and this video is not an attempt to sell you a good or service. These videos are free to watch and if anyone attempts to charge for this video notify us immediately. By viewing or flagging this video you are acknowledging the above.
Views: 679 H4rM0n1cH4cK
How to make a C&C server using gmail (This is for educational purposes only!)
 
05:50
This is a quick and easy to follow visual guide on how to create a C&C server using gmail. Make sure to be using an updated version of Kali. Also go to github and get the clone pages for gcat and Veil-Evasion gcat- https://github.com/byt3bl33d3r/gcat Veil-Evasion https://github.com/Veil-Framework/Veil-Evasion Words of advice!: BE CAREFUL WITH THIS!, Just having this implant.py file on your computer can lead to arrest depending on your intentions. Also do not use gmail to send the payload. Use another email service. Only use gmail as the C&C server. We will make more videos soon. Thank you for subscribing!
Views: 1439 Ethical Haks
How To Remove A Virus Caught On A User Account
 
07:32
If your virus was caught on an account that was not the administrator this is a quick way to get rid of it. Part of my Virus Removal Series and one of many ways to get your computer back! Use the links below to access the playlist which I will add all new virus removal videos to as I make them. Full Virus Removal Playlist link: https://www.youtube.com/playlist?list=PL1aAdDvux_sl1mEnQiLoTVvk3o3oJzH_o&feature=plcp This is an ever growing series. Please contact me if you have a link to a virus I haven't profiled yet. I will be adding to these as I get a dedicated computer and catch every virus I can one at a time! I will be placing these on my computer and showing step by step how to remove each one. PLEASE READ THIS. **************** If this video helped you, Please consider helping me make more helpful virus removal videos. I need a dedicated computer to catch viruses and wipe them out on camera also links to the viruses you catch. If you are interested in helping out click here http://len.farneth.net/index2.php?pid=68 **************** THANK YOU
Views: 8106 Len Farneth
Malware Analysis   ElmersGlue Ransomware
 
09:55
Ring Ø Labs -------------------- WEBSITE: www.RingZeroLabs.com REPORT+SAMPLE: http://www.ringzerolabs.com/2017/07/elmersglue3exe.html ANALYSIS SETUP: https://www.youtube.com/edit?o=U&video_id=Onqql1Zz3OE Ring Ø Labs is a Reverse Engineering site dedicated to analyzing malware, researching emergent security topics, and hacking the planet. Ring Ø Labs Analysis Environment Setup: https://www.youtube.com/edit?o=U&video_id=Onqql1Zz3OE Here are some approaches in reverse engineering a malware sample: Reverse engineer: The most obvious approach is to completely reverse engineer a piece of malware. This obviously takes a great amount of time, so other approaches are more practical. Exploitation techniques: Another approach you can take is to focus on the exploitation techniques of a piece of malware. Occasionally you will see a piece of malware that is using a new exploitation technique, or is exploiting a zero-day vulnerability. In this case you may be interested only in the specific exploitation technique so you can timebox your analysis and only look at the exploitation mechanisms. Obfuscation: Malware will often obfuscate itself and make itself difficult to analyze. You might come across malware that you have seen before without obfuscation. In that case you may only want to focus on reverse engineering the new parts. Encryption methods: A common type of malware these days is ransomware. Ransomware essentially encrypts the victim's files and locks them up so that they can't be accessed or read. Oftentimes the authors of ransomware will make mistakes when they implement the encryption mechanisms. So if you focus your research on the encryption mechanisms you might be able to find weaknesses in their implementation and/or you might be able to find hard-coded keys or weak algorithms. C&C communication: This is something that is pretty commonly done when looking at malware. Analysts often want to figure out what the communication protocol is between a piece of malware on the client's side and the server on the command and control side. The communication protocol can actually give you a lot of hints about the malware’s capabilities. Attribution: Murky area - kind of like a dark art. It usually involves a lot of guesswork, knowledge of malicious hacking teams and looking at more than one piece of malware. Categorization and clustering: You can reverse engineer malware from a broader point of view. This involves looking at malware in bulk and doing a broad-stroke analysis on lots of different malware, rather than doing a deep dive. Techniques Now, let’s look at techniques that can be utilized while analyzing malware. First of all, we use static analysis. This is the process of analyzing malware or binaries without actually running them. It can be as simple as looking at metadata from a file. It can range from doing disassembly or decompilation of malware code to symbolic execution, which is something like virtual execution of a binary without actually executing it in a real environment. Conversely, dynamic analysis is the process of analyzing a piece of malware when you are running it in a live environment. In this case, you are often looking at the behavior of the malware and looking at the side effects of what it is doing. You are running tools like process monitor and sysmon to see what kinds of artifacts a piece of malware produces after it is run. We also use automated analysis. Oftentimes if you are looking at malware you want to automate things just to speed up the process to save time. However, use caution, as with automated analysis sometimes things get missed because you are trying to do things generically. If a piece of malware contains things like anti-debugging routines or anti-analysis mechanisms, you may want to perform a manual analysis. You need to pick the right tools for the job. DISCLAIMER: Our videos are strictly for documentary, educational, and entertainment purposes only. Imitation or the use of any acts depicted in these videos is solely AT YOUR OWN RISK. We (including YouTube) will not be held liable for any injury to yourself or damage to others resulting from attempting anything shown in any our videos. We do not endorse any specific product and this video is not an attempt to sell you a good or service. These videos are free to watch and if anyone attempts to charge for this video notify us immediately. By viewing or flagging this video you are acknowledging the above.
Views: 1038 H4rM0n1cH4cK
Reverse Engineering and Debugging 3rd Party Android APKs
 
36:58
Ring Ø Labs -------------------- WEBSITE: https://RingZeroLabs.com REPORT: https://ringzerolabs.com/2018/01/reverse-engineering-apks.html MALWARE ANALYSIS LAB SETUP: https://www.youtube.com/playlist?list=PLrJFR89Z-9SBDMiCtDT2_4SJxkFpc-k7P REDDIT: https://www.reddit.com/r/RingZero/ TWITTER: https://twitter.com/RingZeroLabs FACEBOOK: https://www.facebook.com/Ring-Zero-Labs-110227123029488/?pnref=lhc Ring Ø Labs is a Reverse Engineering site dedicated to analyzing malware, researching emergent security topics, and hacking the planet :) Here are some approaches in reverse engineering a malware sample: Reverse engineer: The most obvious approach is to completely reverse engineer a piece of malware. This obviously takes a great amount of time, so other approaches are more practical. Exploitation techniques: Another approach you can take is to focus on the exploitation techniques of a piece of malware. Occasionally you will see a piece of malware that is using a new exploitation technique, or is exploiting a zero-day vulnerability. In this case you may be interested only in the specific exploitation technique so you can timebox your analysis and only look at the exploitation mechanisms. Obfuscation: Malware will often obfuscate itself and make itself difficult to analyze. You might come across malware that you have seen before without obfuscation. In that case you may only want to focus on reverse engineering the new parts. Encryption methods: A common type of malware these days is ransomware. Ransomware essentially encrypts the victim's files and locks them up so that they can't be accessed or read. Oftentimes the authors of ransomware will make mistakes when they implement the encryption mechanisms. So if you focus your research on the encryption mechanisms you might be able to find weaknesses in their implementation and/or you might be able to find hard-coded keys or weak algorithms. C&C communication: This is something that is pretty commonly done when looking at malware. Analysts often want to figure out what the communication protocol is between a piece of malware on the client's side and the server on the command and control side. The communication protocol can actually give you a lot of hints about the malware’s capabilities. Attribution: Murky area - kind of like a dark art. It usually involves a lot of guesswork, knowledge of malicious hacking teams and looking at more than one piece of malware. Categorization and clustering: You can reverse engineer malware from a broader point of view. This involves looking at malware in bulk and doing a broad-stroke analysis on lots of different malware, rather than doing a deep dive. Techniques Now, let’s look at techniques that can be utilized while analyzing malware. First of all, we use static analysis. This is the process of analyzing malware or binaries without actually running them. It can be as simple as looking at metadata from a file. It can range from doing disassembly or decompilation of malware code to symbolic execution, which is something like virtual execution of a binary without actually executing it in a real environment. Conversely, dynamic analysis is the process of analyzing a piece of malware when you are running it in a live environment. In this case, you are often looking at the behavior of the malware and looking at the side effects of what it is doing. You are running tools like process monitor and sysmon to see what kinds of artifacts a piece of malware produces after it is run. We also use automated analysis. Oftentimes if you are looking at malware you want to automate things just to speed up the process to save time. However, use caution, as with automated analysis sometimes things get missed because you are trying to do things generically. If a piece of malware contains things like anti-debugging routines or anti-analysis mechanisms, you may want to perform a manual analysis. You need to pick the right tools for the job. DISCLAIMER: Our videos are strictly for documentary, educational, and entertainment purposes only. Imitation or the use of any acts depicted in these videos is solely AT YOUR OWN RISK. We (including YouTube) will not be held liable for any injury to yourself or damage to others resulting from attempting anything shown in any our videos. We do not endorse any specific product and this video is not an attempt to sell you a good or service. These videos are free to watch and if anyone attempts to charge for this video notify us immediately. By viewing or flagging this video you are acknowledging the above.
Views: 4551 H4rM0n1cH4cK
Windows Exploit   NTFS Master File Table Denial of Service
 
03:09
Ring Ø Labs is a Reverse Engineering site dedicated to analyzing malware, researching emergent security topics, and hacking the planet. www.RingZeroLabs.com Here are some approaches in reverse engineering a malware sample: Reverse engineer: The most obvious approach is to completely reverse engineer a piece of malware. This obviously takes a great amount of time, so other approaches are more practical. Exploitation techniques: Another approach you can take is to focus on the exploitation techniques of a piece of malware. Occasionally you will see a piece of malware that is using a new exploitation technique, or is exploiting a zero-day vulnerability. In this case you may be interested only in the specific exploitation technique so you can timebox your analysis and only look at the exploitation mechanisms. Obfuscation: Malware will often obfuscate itself and make itself difficult to analyze. You might come across malware that you have seen before without obfuscation. In that case you may only want to focus on reverse engineering the new parts. Encryption methods: A common type of malware these days is ransomware. Ransomware essentially encrypts the victim's files and locks them up so that they can't be accessed or read. Oftentimes the authors of ransomware will make mistakes when they implement the encryption mechanisms. So if you focus your research on the encryption mechanisms you might be able to find weaknesses in their implementation and/or you might be able to find hard-coded keys or weak algorithms. C&C communication: This is something that is pretty commonly done when looking at malware. Analysts often want to figure out what the communication protocol is between a piece of malware on the client's side and the server on the command and control side. The communication protocol can actually give you a lot of hints about the malware’s capabilities. Attribution: Murky area - kind of like a dark art. It usually involves a lot of guesswork, knowledge of malicious hacking teams and looking at more than one piece of malware. Categorization and clustering: You can reverse engineer malware from a broader point of view. This involves looking at malware in bulk and doing a broad-stroke analysis on lots of different malware, rather than doing a deep dive. Techniques Now, let’s look at techniques that can be utilized while analyzing malware. First of all, we use static analysis. This is the process of analyzing malware or binaries without actually running them. It can be as simple as looking at metadata from a file. It can range from doing disassembly or decompilation of malware code to symbolic execution, which is something like virtual execution of a binary without actually executing it in a real environment. Conversely, dynamic analysis is the process of analyzing a piece of malware when you are running it in a live environment. In this case, you are often looking at the behavior of the malware and looking at the side effects of what it is doing. You are running tools like process monitor and sysmon to see what kinds of artifacts a piece of malware produces after it is run. We also use automated analysis. Oftentimes if you are looking at malware you want to automate things just to speed up the process to save time. However, use caution, as with automated analysis sometimes things get missed because you are trying to do things generically. If a piece of malware contains things like anti-debugging routines or anti-analysis mechanisms, you may want to perform a manual analysis. You need to pick the right tools for the job. DISCLAIMER: Our videos are strictly for documentary, educational, and entertainment purposes only. Imitation or the use of any acts depicted in these videos is solely AT YOUR OWN RISK. We (including YouTube) will not be held liable for any injury to yourself or damage to others resulting from attempting anything shown in any our videos. We do not endorse any specific product and this video is not an attempt to sell you a good or service. These videos are free to watch and if anyone attempts to charge for this video notify us immediately. By viewing or flagging this video you are acknowledging the above.
Views: 183 H4rM0n1cH4cK
Malware Analysis - Emotet Phishing Campaign
 
10:22
Ring Ø Labs -------------------- WEBSITE: http://RingZeroLabs.com REPORT+SAMPLE: http://www.ringzerolabs.com/2017/08/large-victim-credential-server.html MALWARE ANALYSIS LAB SETUP: https://www.youtube.com/playlist?list=PLrJFR89Z-9SBDMiCtDT2_4SJxkFpc-k7P Ring Ø Labs is a Reverse Engineering site dedicated to analyzing malware, researching emergent security topics, and hacking the planet :) Here are some approaches in reverse engineering a malware sample: Reverse engineer: The most obvious approach is to completely reverse engineer a piece of malware. This obviously takes a great amount of time, so other approaches are more practical. Exploitation techniques: Another approach you can take is to focus on the exploitation techniques of a piece of malware. Occasionally you will see a piece of malware that is using a new exploitation technique, or is exploiting a zero-day vulnerability. In this case you may be interested only in the specific exploitation technique so you can timebox your analysis and only look at the exploitation mechanisms. Obfuscation: Malware will often obfuscate itself and make itself difficult to analyze. You might come across malware that you have seen before without obfuscation. In that case you may only want to focus on reverse engineering the new parts. Encryption methods: A common type of malware these days is ransomware. Ransomware essentially encrypts the victim's files and locks them up so that they can't be accessed or read. Oftentimes the authors of ransomware will make mistakes when they implement the encryption mechanisms. So if you focus your research on the encryption mechanisms you might be able to find weaknesses in their implementation and/or you might be able to find hard-coded keys or weak algorithms. C&C communication: This is something that is pretty commonly done when looking at malware. Analysts often want to figure out what the communication protocol is between a piece of malware on the client's side and the server on the command and control side. The communication protocol can actually give you a lot of hints about the malware’s capabilities. Attribution: Murky area - kind of like a dark art. It usually involves a lot of guesswork, knowledge of malicious hacking teams and looking at more than one piece of malware. Categorization and clustering: You can reverse engineer malware from a broader point of view. This involves looking at malware in bulk and doing a broad-stroke analysis on lots of different malware, rather than doing a deep dive. Techniques Now, let’s look at techniques that can be utilized while analyzing malware. First of all, we use static analysis. This is the process of analyzing malware or binaries without actually running them. It can be as simple as looking at metadata from a file. It can range from doing disassembly or decompilation of malware code to symbolic execution, which is something like virtual execution of a binary without actually executing it in a real environment. Conversely, dynamic analysis is the process of analyzing a piece of malware when you are running it in a live environment. In this case, you are often looking at the behavior of the malware and looking at the side effects of what it is doing. You are running tools like process monitor and sysmon to see what kinds of artifacts a piece of malware produces after it is run. We also use automated analysis. Oftentimes if you are looking at malware you want to automate things just to speed up the process to save time. However, use caution, as with automated analysis sometimes things get missed because you are trying to do things generically. If a piece of malware contains things like anti-debugging routines or anti-analysis mechanisms, you may want to perform a manual analysis. You need to pick the right tools for the job. DISCLAIMER: Our videos are strictly for documentary, educational, and entertainment purposes only. Imitation or the use of any acts depicted in these videos is solely AT YOUR OWN RISK. We (including YouTube) will not be held liable for any injury to yourself or damage to others resulting from attempting anything shown in any our videos. We do not endorse any specific product and this video is not an attempt to sell you a good or service. These videos are free to watch and if anyone attempts to charge for this video notify us immediately. By viewing or flagging this video you are acknowledging the above.
Views: 3477 H4rM0n1cH4cK
Malware Analysis   Quick PDF Analysis
 
02:27
Ring Ø Labs report and sample download here: http://www.ringzerolabs.com/2017/08/we-show-how-to-quickly-analyze.html Ring Ø Labs Analysis Environment Setup: https://www.youtube.com/edit?o=U&video_id=Onqql1Zz3OE Ring Ø Labs is a Reverse Engineering site dedicated to analyzing malware, researching emergent security topics, and hacking the planet. www.RingZeroLabs.com Here are some approaches in reverse engineering a malware sample: Reverse engineer: The most obvious approach is to completely reverse engineer a piece of malware. This obviously takes a great amount of time, so other approaches are more practical. Exploitation techniques: Another approach you can take is to focus on the exploitation techniques of a piece of malware. Occasionally you will see a piece of malware that is using a new exploitation technique, or is exploiting a zero-day vulnerability. In this case you may be interested only in the specific exploitation technique so you can timebox your analysis and only look at the exploitation mechanisms. Obfuscation: Malware will often obfuscate itself and make itself difficult to analyze. You might come across malware that you have seen before without obfuscation. In that case you may only want to focus on reverse engineering the new parts. Encryption methods: A common type of malware these days is ransomware. Ransomware essentially encrypts the victim's files and locks them up so that they can't be accessed or read. Oftentimes the authors of ransomware will make mistakes when they implement the encryption mechanisms. So if you focus your research on the encryption mechanisms you might be able to find weaknesses in their implementation and/or you might be able to find hard-coded keys or weak algorithms. C&C communication: This is something that is pretty commonly done when looking at malware. Analysts often want to figure out what the communication protocol is between a piece of malware on the client's side and the server on the command and control side. The communication protocol can actually give you a lot of hints about the malware’s capabilities. Attribution: Murky area - kind of like a dark art. It usually involves a lot of guesswork, knowledge of malicious hacking teams and looking at more than one piece of malware. Categorization and clustering: You can reverse engineer malware from a broader point of view. This involves looking at malware in bulk and doing a broad-stroke analysis on lots of different malware, rather than doing a deep dive. Techniques Now, let’s look at techniques that can be utilized while analyzing malware. First of all, we use static analysis. This is the process of analyzing malware or binaries without actually running them. It can be as simple as looking at metadata from a file. It can range from doing disassembly or decompilation of malware code to symbolic execution, which is something like virtual execution of a binary without actually executing it in a real environment. Conversely, dynamic analysis is the process of analyzing a piece of malware when you are running it in a live environment. In this case, you are often looking at the behavior of the malware and looking at the side effects of what it is doing. You are running tools like process monitor and sysmon to see what kinds of artifacts a piece of malware produces after it is run. We also use automated analysis. Oftentimes if you are looking at malware you want to automate things just to speed up the process to save time. However, use caution, as with automated analysis sometimes things get missed because you are trying to do things generically. If a piece of malware contains things like anti-debugging routines or anti-analysis mechanisms, you may want to perform a manual analysis. You need to pick the right tools for the job. DISCLAIMER: Our videos are strictly for documentary, educational, and entertainment purposes only. Imitation or the use of any acts depicted in these videos is solely AT YOUR OWN RISK. We (including YouTube) will not be held liable for any injury to yourself or damage to others resulting from attempting anything shown in any our videos. We do not endorse any specific product and this video is not an attempt to sell you a good or service. These videos are free to watch and if anyone attempts to charge for this video notify us immediately. By viewing or flagging this video you are acknowledging the above.
Views: 953 H4rM0n1cH4cK
Metasploit - Some "Assembly" Required
 
14:03
Ring Ø Labs -------------------- REPORT: http://www.ringzerolabs.com/2018/03/metasploit-some-assembly-required.html MALWARE ANALYSIS LAB SETUP: https://www.youtube.com/playlist?list=PLrJFR89Z-9SBDMiCtDT2_4SJxkFpc-k7P REDDIT: https://www.reddit.com/r/RingZero/ TWITTER: https://twitter.com/RingZeroLabs FACEBOOK: https://www.facebook.com/Ring-Zero-Labs-110227123029488 GOOGLE+: https://plus.google.com/b/117437081620745642342/117437081620745642342 Ring Ø Labs is a Reverse Engineering site dedicated to analyzing malware, researching emergent security topics, and hacking the planet :) Here are some approaches in reverse engineering a malware sample: Reverse engineer: The most obvious approach is to completely reverse engineer a piece of malware. This obviously takes a great amount of time, so other approaches are more practical. Exploitation techniques: Another approach you can take is to focus on the exploitation techniques of a piece of malware. Occasionally you will see a piece of malware that is using a new exploitation technique, or is exploiting a zero-day vulnerability. In this case you may be interested only in the specific exploitation technique so you can timebox your analysis and only look at the exploitation mechanisms. Obfuscation: Malware will often obfuscate itself and make itself difficult to analyze. You might come across malware that you have seen before without obfuscation. In that case you may only want to focus on reverse engineering the new parts. Encryption methods: A common type of malware these days is ransomware. Ransomware essentially encrypts the victim's files and locks them up so that they can't be accessed or read. Oftentimes the authors of ransomware will make mistakes when they implement the encryption mechanisms. So if you focus your research on the encryption mechanisms you might be able to find weaknesses in their implementation and/or you might be able to find hard-coded keys or weak algorithms. C&C communication: This is something that is pretty commonly done when looking at malware. Analysts often want to figure out what the communication protocol is between a piece of malware on the client's side and the server on the command and control side. The communication protocol can actually give you a lot of hints about the malware’s capabilities. Attribution: Murky area - kind of like a dark art. It usually involves a lot of guesswork, knowledge of malicious hacking teams and looking at more than one piece of malware. Categorization and clustering: You can reverse engineer malware from a broader point of view. This involves looking at malware in bulk and doing a broad-stroke analysis on lots of different malware, rather than doing a deep dive. Techniques Now, let’s look at techniques that can be utilized while analyzing malware. First of all, we use static analysis. This is the process of analyzing malware or binaries without actually running them. It can be as simple as looking at metadata from a file. It can range from doing disassembly or decompilation of malware code to symbolic execution, which is something like virtual execution of a binary without actually executing it in a real environment. Conversely, dynamic analysis is the process of analyzing a piece of malware when you are running it in a live environment. In this case, you are often looking at the behavior of the malware and looking at the side effects of what it is doing. You are running tools like process monitor and sysmon to see what kinds of artifacts a piece of malware produces after it is run. We also use automated analysis. Oftentimes if you are looking at malware you want to automate things just to speed up the process to save time. However, use caution, as with automated analysis sometimes things get missed because you are trying to do things generically. If a piece of malware contains things like anti-debugging routines or anti-analysis mechanisms, you may want to perform a manual analysis. You need to pick the right tools for the job. DISCLAIMER: Our videos are strictly for documentary, educational, and entertainment purposes only. Imitation or the use of any acts depicted in these videos is solely AT YOUR OWN RISK. We (including YouTube) will not be held liable for any injury to yourself or damage to others resulting from attempting anything shown in any our videos. We do not endorse any specific product and this video is not an attempt to sell you a good or service. These videos are free to watch and if anyone attempts to charge for this video notify us immediately. By viewing or flagging this video you are acknowledging the above.
Views: 232 H4rM0n1cH4cK
Crypton - exposing malware's deepest secrets
 
28:40
This presentation by Julia Karpin and Anna Dorfman (F5 Networks) was delivered at VB2017 in Madrid, Spain. A significant part of the malware research process is dedicated to reversing cryptographic algorithms in order to extract the decrypted content. Revealing this content provides access to the heart of the malware: all the strings, Windows API calls, DGA algorithms, communication protocols, and when focusing on financial malware, the list of targeted institutions and webinjects. Malware authors know that we're after this data, which is why they put considerable effort into constantly changing their encryption routines and designing customized implementation algorithms. Even the smallest change requires significant work on the part of the malware researcher: reversing has to be applied to reconstruct the encryption scheme. Over the years, numerous plug-ins and tools have been developed to solve this problem. Some have been highly academic endeavours that relied on complicated algorithms to identify cryptography, but which were not adapted for real-world usage; others relied on signature checks to locate specific algorithms. We wanted to find a lightweight and practical implementation that would effectively speed up the research process. That’s why we developed an automated approach, based on a heuristic way of detecting such cryptographic algorithms regardless of the type of algorithm used, that extracts their plain text output. The implementation of this approach saves a lot of valuable research time. Our implementation, "Crypton", works by unpacking the malware, then following injected code and memory allocations in order to identify blocks of cryptographic code, and inspecting the allocations for decrypted data. Our tool will follow all the processes created and injected by the malware as the decryption may happen in any one of them - therefore we must follow any execution flow. We plan to give some insights into our work with the latest financial malware, their internals and their usage of cryptographic algorithms, compression routines and pseudo random generators. We will describe the idea and the architecture of the Crypton tool and present a demo with live malware and our complementary IDA-python script that identifies all crypto blocks inside a memory dump. https://www.virusbulletin.com/conference/vb2017/abstracts/crypton-exposing-malwares-deepest-secrets
Views: 734 Virus Bulletin
Malware Analysis   What Is A Packer and Why Are They Used? UPX Example
 
05:45
Ring Ø Labs write-up here: http://www.ringzerolabs.com/2017/08/whats-packer-and-why-are-they-used.html Ring Ø Labs Analysis Environment Setup: https://www.youtube.com/edit?o=U&video_id=Onqql1Zz3OE is a Reverse Engineering site dedicated to analyzing malware, researching emergent security topics, and hacking the planet. www.RingZeroLabs.com Here are some approaches in reverse engineering a malware sample: Reverse engineer: The most obvious approach is to completely reverse engineer a piece of malware. This obviously takes a great amount of time, so other approaches are more practical. Exploitation techniques: Another approach you can take is to focus on the exploitation techniques of a piece of malware. Occasionally you will see a piece of malware that is using a new exploitation technique, or is exploiting a zero-day vulnerability. In this case you may be interested only in the specific exploitation technique so you can timebox your analysis and only look at the exploitation mechanisms. Obfuscation: Malware will often obfuscate itself and make itself difficult to analyze. You might come across malware that you have seen before without obfuscation. In that case you may only want to focus on reverse engineering the new parts. Encryption methods: A common type of malware these days is ransomware. Ransomware essentially encrypts the victim's files and locks them up so that they can't be accessed or read. Oftentimes the authors of ransomware will make mistakes when they implement the encryption mechanisms. So if you focus your research on the encryption mechanisms you might be able to find weaknesses in their implementation and/or you might be able to find hard-coded keys or weak algorithms. C&C communication: This is something that is pretty commonly done when looking at malware. Analysts often want to figure out what the communication protocol is between a piece of malware on the client's side and the server on the command and control side. The communication protocol can actually give you a lot of hints about the malware’s capabilities. Attribution: Murky area - kind of like a dark art. It usually involves a lot of guesswork, knowledge of malicious hacking teams and looking at more than one piece of malware. Categorization and clustering: You can reverse engineer malware from a broader point of view. This involves looking at malware in bulk and doing a broad-stroke analysis on lots of different malware, rather than doing a deep dive. Techniques Now, let’s look at techniques that can be utilized while analyzing malware. First of all, we use static analysis. This is the process of analyzing malware or binaries without actually running them. It can be as simple as looking at metadata from a file. It can range from doing disassembly or decompilation of malware code to symbolic execution, which is something like virtual execution of a binary without actually executing it in a real environment. Conversely, dynamic analysis is the process of analyzing a piece of malware when you are running it in a live environment. In this case, you are often looking at the behavior of the malware and looking at the side effects of what it is doing. You are running tools like process monitor and sysmon to see what kinds of artifacts a piece of malware produces after it is run. We also use automated analysis. Oftentimes if you are looking at malware you want to automate things just to speed up the process to save time. However, use caution, as with automated analysis sometimes things get missed because you are trying to do things generically. If a piece of malware contains things like anti-debugging routines or anti-analysis mechanisms, you may want to perform a manual analysis. You need to pick the right tools for the job. DISCLAIMER: Our videos are strictly for documentary, educational, and entertainment purposes only. Imitation or the use of any acts depicted in these videos is solely AT YOUR OWN RISK. We (including YouTube) will not be held liable for any injury to yourself or damage to others resulting from attempting anything shown in any our videos. We do not endorse any specific product and this video is not an attempt to sell you a good or service. These videos are free to watch and if anyone attempts to charge for this video notify us immediately. By viewing or flagging this video you are acknowledging the above.
Views: 831 H4rM0n1cH4cK
Malware Analysis - Malicious Office Document Metadata
 
08:06
Ring Ø Labs -------------------- WEBSITE: https://RingZeroLabs.com MALWARE ANALYSIS LAB SETUP: https://www.youtube.com/playlist?list=PLrJFR89Z-9SBDMiCtDT2_4SJxkFpc-k7P REDDIT: https://www.reddit.com/r/RingZero/ TWITTER: https://twitter.com/RingZeroLabs FACEBOOK: https://www.facebook.com/Ring-Zero-Labs-110227123029488 GOOGLE+: https://plus.google.com/b/117437081620745642342/117437081620745642342 Ring Ø Labs is a Reverse Engineering site dedicated to analyzing malware, researching emergent security topics, and hacking the planet :) Here are some approaches in reverse engineering a malware sample: Reverse engineer: The most obvious approach is to completely reverse engineer a piece of malware. This obviously takes a great amount of time, so other approaches are more practical. Exploitation techniques: Another approach you can take is to focus on the exploitation techniques of a piece of malware. Occasionally you will see a piece of malware that is using a new exploitation technique, or is exploiting a zero-day vulnerability. In this case you may be interested only in the specific exploitation technique so you can timebox your analysis and only look at the exploitation mechanisms. Obfuscation: Malware will often obfuscate itself and make itself difficult to analyze. You might come across malware that you have seen before without obfuscation. In that case you may only want to focus on reverse engineering the new parts. Encryption methods: A common type of malware these days is ransomware. Ransomware essentially encrypts the victim's files and locks them up so that they can't be accessed or read. Oftentimes the authors of ransomware will make mistakes when they implement the encryption mechanisms. So if you focus your research on the encryption mechanisms you might be able to find weaknesses in their implementation and/or you might be able to find hard-coded keys or weak algorithms. C&C communication: This is something that is pretty commonly done when looking at malware. Analysts often want to figure out what the communication protocol is between a piece of malware on the client's side and the server on the command and control side. The communication protocol can actually give you a lot of hints about the malware’s capabilities. Attribution: Murky area - kind of like a dark art. It usually involves a lot of guesswork, knowledge of malicious hacking teams and looking at more than one piece of malware. Categorization and clustering: You can reverse engineer malware from a broader point of view. This involves looking at malware in bulk and doing a broad-stroke analysis on lots of different malware, rather than doing a deep dive. Techniques Now, let’s look at techniques that can be utilized while analyzing malware. First of all, we use static analysis. This is the process of analyzing malware or binaries without actually running them. It can be as simple as looking at metadata from a file. It can range from doing disassembly or decompilation of malware code to symbolic execution, which is something like virtual execution of a binary without actually executing it in a real environment. Conversely, dynamic analysis is the process of analyzing a piece of malware when you are running it in a live environment. In this case, you are often looking at the behavior of the malware and looking at the side effects of what it is doing. You are running tools like process monitor and sysmon to see what kinds of artifacts a piece of malware produces after it is run. We also use automated analysis. Oftentimes if you are looking at malware you want to automate things just to speed up the process to save time. However, use caution, as with automated analysis sometimes things get missed because you are trying to do things generically. If a piece of malware contains things like anti-debugging routines or anti-analysis mechanisms, you may want to perform a manual analysis. You need to pick the right tools for the job. DISCLAIMER: Our videos are strictly for documentary, educational, and entertainment purposes only. Imitation or the use of any acts depicted in these videos is solely AT YOUR OWN RISK. We (including YouTube) will not be held liable for any injury to yourself or damage to others resulting from attempting anything shown in any our videos. We do not endorse any specific product and this video is not an attempt to sell you a good or service. These videos are free to watch and if anyone attempts to charge for this video notify us immediately. By viewing or flagging this video you are acknowledging the above.
Views: 778 H4rM0n1cH4cK
Malware Analysis - Bypassing Malicious Word Document VBA Password Protection
 
19:23
Ring Ø Labs -------------------- REPORT+SAMPLE: http://www.ringzerolabs.com/2017/08/bypassing-anti-analysis-technique-in.html ANALYSIS SETUP: https://youtu.be/Onqql1Zz3OE WEBSITE: http://RingZeroLabs.com Ring Ø Labs is a Reverse Engineering site dedicated to analyzing malware, researching emergent security topics, and hacking the planet :) Here are some approaches in reverse engineering a malware sample: Reverse engineer: The most obvious approach is to completely reverse engineer a piece of malware. This obviously takes a great amount of time, so other approaches are more practical. Exploitation techniques: Another approach you can take is to focus on the exploitation techniques of a piece of malware. Occasionally you will see a piece of malware that is using a new exploitation technique, or is exploiting a zero-day vulnerability. In this case you may be interested only in the specific exploitation technique so you can timebox your analysis and only look at the exploitation mechanisms. Obfuscation: Malware will often obfuscate itself and make itself difficult to analyze. You might come across malware that you have seen before without obfuscation. In that case you may only want to focus on reverse engineering the new parts. Encryption methods: A common type of malware these days is ransomware. Ransomware essentially encrypts the victim's files and locks them up so that they can't be accessed or read. Oftentimes the authors of ransomware will make mistakes when they implement the encryption mechanisms. So if you focus your research on the encryption mechanisms you might be able to find weaknesses in their implementation and/or you might be able to find hard-coded keys or weak algorithms. C&C communication: This is something that is pretty commonly done when looking at malware. Analysts often want to figure out what the communication protocol is between a piece of malware on the client's side and the server on the command and control side. The communication protocol can actually give you a lot of hints about the malware’s capabilities. Attribution: Murky area - kind of like a dark art. It usually involves a lot of guesswork, knowledge of malicious hacking teams and looking at more than one piece of malware. Categorization and clustering: You can reverse engineer malware from a broader point of view. This involves looking at malware in bulk and doing a broad-stroke analysis on lots of different malware, rather than doing a deep dive. Techniques Now, let’s look at techniques that can be utilized while analyzing malware. First of all, we use static analysis. This is the process of analyzing malware or binaries without actually running them. It can be as simple as looking at metadata from a file. It can range from doing disassembly or decompilation of malware code to symbolic execution, which is something like virtual execution of a binary without actually executing it in a real environment. Conversely, dynamic analysis is the process of analyzing a piece of malware when you are running it in a live environment. In this case, you are often looking at the behavior of the malware and looking at the side effects of what it is doing. You are running tools like process monitor and sysmon to see what kinds of artifacts a piece of malware produces after it is run. We also use automated analysis. Oftentimes if you are looking at malware you want to automate things just to speed up the process to save time. However, use caution, as with automated analysis sometimes things get missed because you are trying to do things generically. If a piece of malware contains things like anti-debugging routines or anti-analysis mechanisms, you may want to perform a manual analysis. You need to pick the right tools for the job. DISCLAIMER: Our videos are strictly for documentary, educational, and entertainment purposes only. Imitation or the use of any acts depicted in these videos is solely AT YOUR OWN RISK. We (including YouTube) will not be held liable for any injury to yourself or damage to others resulting from attempting anything shown in any our videos. We do not endorse any specific product and this video is not an attempt to sell you a good or service. These videos are free to watch and if anyone attempts to charge for this video notify us immediately. By viewing or flagging this video you are acknowledging the above.
Views: 1097 H4rM0n1cH4cK
Malware Analysis - Choda Ransomware - The Lazy Malware
 
07:04
You can find a full write-up along with the analyzed sample here: http://www.ringzerolabs.com/2017/08/choda-ransomware-lazy-malware.html Ring Ø Labs Analysis Environment Setup: https://www.youtube.com/edit?o=U&video_id=Onqql1Zz3OE Ring Ø Labs is a Reverse Engineering site dedicated to analyzing malware and researching emergent threats. www.RingZeroLabs.com Here are some approaches in reverse engineering a malware sample: Reverse engineer: The most obvious approach is to completely reverse engineer a piece of malware. This obviously takes a great amount of time, so other approaches are more practical. Exploitation techniques: Another approach you can take is to focus on the exploitation techniques of a piece of malware. Occasionally you will see a piece of malware that is using a new exploitation technique, or is exploiting a zero-day vulnerability. In this case you may be interested only in the specific exploitation technique so you can timebox your analysis and only look at the exploitation mechanisms. Obfuscation: Malware will often obfuscate itself and make itself difficult to analyze. You might come across malware that you have seen before without obfuscation. In that case you may only want to focus on reverse engineering the new parts. Encryption methods: A common type of malware these days is ransomware. Ransomware essentially encrypts the victim's files and locks them up so that they can't be accessed or read. Oftentimes the authors of ransomware will make mistakes when they implement the encryption mechanisms. So if you focus your research on the encryption mechanisms you might be able to find weaknesses in their implementation and/or you might be able to find hard-coded keys or weak algorithms. C&C communication: This is something that is pretty commonly done when looking at malware. Analysts often want to figure out what the communication protocol is between a piece of malware on the client's side and the server on the command and control side. The communication protocol can actually give you a lot of hints about the malware’s capabilities. Attribution: Murky area - kind of like a dark art. It usually involves a lot of guesswork, knowledge of malicious hacking teams and looking at more than one piece of malware. Categorization and clustering: You can reverse engineer malware from a broader point of view. This involves looking at malware in bulk and doing a broad-stroke analysis on lots of different malware, rather than doing a deep dive. Techniques Now, let’s look at techniques that can be utilized while analyzing malware. First of all, we use static analysis. This is the process of analyzing malware or binaries without actually running them. It can be as simple as looking at metadata from a file. It can range from doing disassembly or decompilation of malware code to symbolic execution, which is something like virtual execution of a binary without actually executing it in a real environment. Conversely, dynamic analysis is the process of analyzing a piece of malware when you are running it in a live environment. In this case, you are often looking at the behavior of the malware and looking at the side effects of what it is doing. You are running tools like process monitor and sysmon to see what kinds of artifacts a piece of malware produces after it is run. We also use automated analysis. Oftentimes if you are looking at malware you want to automate things just to speed up the process to save time. However, use caution, as with automated analysis sometimes things get missed because you are trying to do things generically. If a piece of malware contains things like anti-debugging routines or anti-analysis mechanisms, you may want to perform a manual analysis. You need to pick the right tools for the job. DISCLAIMER: Our videos are strictly for documentary, educational, and entertainment purposes only. Imitation or the use of any acts depicted in these videos is solely AT YOUR OWN RISK. We (including YouTube) will not be held liable for any injury to yourself or damage to others resulting from attempting anything shown in any our videos. We do not endorse any specific product and this video is not an attempt to sell you a good or service. These videos are free to watch and if anyone attempts to charge for this video notify us immediately. By viewing or flagging this video you are acknowledging the above.
Views: 648 H4rM0n1cH4cK
Malware Analysis - Word Document VBS Downloader
 
14:04
Ring Ø Labs -------------------- REPORT+SAMPLE: http://www.ringzerolabs.com/2017/09/triaging-malicious-word-document.html MALWARE ANALYSIS LAB SETUP: https://www.youtube.com/playlist?list=PLrJFR89Z-9SBDMiCtDT2_4SJxkFpc-k7P Ring Ø Labs is a Reverse Engineering site dedicated to analyzing malware, researching emergent security topics, and hacking the planet :) Here are some approaches in reverse engineering a malware sample: Reverse engineer: The most obvious approach is to completely reverse engineer a piece of malware. This obviously takes a great amount of time, so other approaches are more practical. Exploitation techniques: Another approach you can take is to focus on the exploitation techniques of a piece of malware. Occasionally you will see a piece of malware that is using a new exploitation technique, or is exploiting a zero-day vulnerability. In this case you may be interested only in the specific exploitation technique so you can timebox your analysis and only look at the exploitation mechanisms. Obfuscation: Malware will often obfuscate itself and make itself difficult to analyze. You might come across malware that you have seen before without obfuscation. In that case you may only want to focus on reverse engineering the new parts. Encryption methods: A common type of malware these days is ransomware. Ransomware essentially encrypts the victim's files and locks them up so that they can't be accessed or read. Oftentimes the authors of ransomware will make mistakes when they implement the encryption mechanisms. So if you focus your research on the encryption mechanisms you might be able to find weaknesses in their implementation and/or you might be able to find hard-coded keys or weak algorithms. C&C communication: This is something that is pretty commonly done when looking at malware. Analysts often want to figure out what the communication protocol is between a piece of malware on the client's side and the server on the command and control side. The communication protocol can actually give you a lot of hints about the malware’s capabilities. Attribution: Murky area - kind of like a dark art. It usually involves a lot of guesswork, knowledge of malicious hacking teams and looking at more than one piece of malware. Categorization and clustering: You can reverse engineer malware from a broader point of view. This involves looking at malware in bulk and doing a broad-stroke analysis on lots of different malware, rather than doing a deep dive. Techniques Now, let’s look at techniques that can be utilized while analyzing malware. First of all, we use static analysis. This is the process of analyzing malware or binaries without actually running them. It can be as simple as looking at metadata from a file. It can range from doing disassembly or decompilation of malware code to symbolic execution, which is something like virtual execution of a binary without actually executing it in a real environment. Conversely, dynamic analysis is the process of analyzing a piece of malware when you are running it in a live environment. In this case, you are often looking at the behavior of the malware and looking at the side effects of what it is doing. You are running tools like process monitor and sysmon to see what kinds of artifacts a piece of malware produces after it is run. We also use automated analysis. Oftentimes if you are looking at malware you want to automate things just to speed up the process to save time. However, use caution, as with automated analysis sometimes things get missed because you are trying to do things generically. If a piece of malware contains things like anti-debugging routines or anti-analysis mechanisms, you may want to perform a manual analysis. You need to pick the right tools for the job. DISCLAIMER: Our videos are strictly for documentary, educational, and entertainment purposes only. Imitation or the use of any acts depicted in these videos is solely AT YOUR OWN RISK. We (including YouTube) will not be held liable for any injury to yourself or damage to others resulting from attempting anything shown in any our videos. We do not endorse any specific product and this video is not an attempt to sell you a good or service. These videos are free to watch and if anyone attempts to charge for this video notify us immediately. By viewing or flagging this video you are acknowledging the above.
Views: 1431 H4rM0n1cH4cK
Where To Download Malware For Analysis
 
03:46
Ring Ø Labs -------------------- WEBSITE: http://RingZeroLabs.com ANALYSIS LAB SETUP: https://youtu.be/qW-LzlVQyCg ANALYSIS TOOLS: https://youtu.be/Onqql1Zz3OE Ring Ø Labs is a Reverse Engineering site dedicated to analyzing malware, researching emergent security topics, and hacking the planet :) Here are some approaches in reverse engineering a malware sample: Reverse engineer: The most obvious approach is to completely reverse engineer a piece of malware. This obviously takes a great amount of time, so other approaches are more practical. Exploitation techniques: Another approach you can take is to focus on the exploitation techniques of a piece of malware. Occasionally you will see a piece of malware that is using a new exploitation technique, or is exploiting a zero-day vulnerability. In this case you may be interested only in the specific exploitation technique so you can timebox your analysis and only look at the exploitation mechanisms. Obfuscation: Malware will often obfuscate itself and make itself difficult to analyze. You might come across malware that you have seen before without obfuscation. In that case you may only want to focus on reverse engineering the new parts. Encryption methods: A common type of malware these days is ransomware. Ransomware essentially encrypts the victim's files and locks them up so that they can't be accessed or read. Oftentimes the authors of ransomware will make mistakes when they implement the encryption mechanisms. So if you focus your research on the encryption mechanisms you might be able to find weaknesses in their implementation and/or you might be able to find hard-coded keys or weak algorithms. C&C communication: This is something that is pretty commonly done when looking at malware. Analysts often want to figure out what the communication protocol is between a piece of malware on the client's side and the server on the command and control side. The communication protocol can actually give you a lot of hints about the malware’s capabilities. Attribution: Murky area - kind of like a dark art. It usually involves a lot of guesswork, knowledge of malicious hacking teams and looking at more than one piece of malware. Categorization and clustering: You can reverse engineer malware from a broader point of view. This involves looking at malware in bulk and doing a broad-stroke analysis on lots of different malware, rather than doing a deep dive. Techniques Now, let’s look at techniques that can be utilized while analyzing malware. First of all, we use static analysis. This is the process of analyzing malware or binaries without actually running them. It can be as simple as looking at metadata from a file. It can range from doing disassembly or decompilation of malware code to symbolic execution, which is something like virtual execution of a binary without actually executing it in a real environment. Conversely, dynamic analysis is the process of analyzing a piece of malware when you are running it in a live environment. In this case, you are often looking at the behavior of the malware and looking at the side effects of what it is doing. You are running tools like process monitor and sysmon to see what kinds of artifacts a piece of malware produces after it is run. We also use automated analysis. Oftentimes if you are looking at malware you want to automate things just to speed up the process to save time. However, use caution, as with automated analysis sometimes things get missed because you are trying to do things generically. If a piece of malware contains things like anti-debugging routines or anti-analysis mechanisms, you may want to perform a manual analysis. You need to pick the right tools for the job. DISCLAIMER: Our videos are strictly for documentary, educational, and entertainment purposes only. Imitation or the use of any acts depicted in these videos is solely AT YOUR OWN RISK. We (including YouTube) will not be held liable for any injury to yourself or damage to others resulting from attempting anything shown in any our videos. We do not endorse any specific product and this video is not an attempt to sell you a good or service. These videos are free to watch and if anyone attempts to charge for this video notify us immediately. By viewing or flagging this video you are acknowledging the above.
Views: 1054 H4rM0n1cH4cK
Malware Analysis   HTML Phishing site   Messing with spam
 
04:00
Ring Ø Labs is a Reverse Engineering site dedicated to analyzing malware, researching emergent security topics, and hacking the planet. www.RingZeroLabs.com Here are some approaches in reverse engineering a malware sample: Reverse engineer: The most obvious approach is to completely reverse engineer a piece of malware. This obviously takes a great amount of time, so other approaches are more practical. Exploitation techniques: Another approach you can take is to focus on the exploitation techniques of a piece of malware. Occasionally you will see a piece of malware that is using a new exploitation technique, or is exploiting a zero-day vulnerability. In this case you may be interested only in the specific exploitation technique so you can timebox your analysis and only look at the exploitation mechanisms. Obfuscation: Malware will often obfuscate itself and make itself difficult to analyze. You might come across malware that you have seen before without obfuscation. In that case you may only want to focus on reverse engineering the new parts. Encryption methods: A common type of malware these days is ransomware. Ransomware essentially encrypts the victim's files and locks them up so that they can't be accessed or read. Oftentimes the authors of ransomware will make mistakes when they implement the encryption mechanisms. So if you focus your research on the encryption mechanisms you might be able to find weaknesses in their implementation and/or you might be able to find hard-coded keys or weak algorithms. C&C communication: This is something that is pretty commonly done when looking at malware. Analysts often want to figure out what the communication protocol is between a piece of malware on the client's side and the server on the command and control side. The communication protocol can actually give you a lot of hints about the malware’s capabilities. Attribution: Murky area - kind of like a dark art. It usually involves a lot of guesswork, knowledge of malicious hacking teams and looking at more than one piece of malware. Categorization and clustering: You can reverse engineer malware from a broader point of view. This involves looking at malware in bulk and doing a broad-stroke analysis on lots of different malware, rather than doing a deep dive. Techniques Now, let’s look at techniques that can be utilized while analyzing malware. First of all, we use static analysis. This is the process of analyzing malware or binaries without actually running them. It can be as simple as looking at metadata from a file. It can range from doing disassembly or decompilation of malware code to symbolic execution, which is something like virtual execution of a binary without actually executing it in a real environment. Conversely, dynamic analysis is the process of analyzing a piece of malware when you are running it in a live environment. In this case, you are often looking at the behavior of the malware and looking at the side effects of what it is doing. You are running tools like process monitor and sysmon to see what kinds of artifacts a piece of malware produces after it is run. We also use automated analysis. Oftentimes if you are looking at malware you want to automate things just to speed up the process to save time. However, use caution, as with automated analysis sometimes things get missed because you are trying to do things generically. If a piece of malware contains things like anti-debugging routines or anti-analysis mechanisms, you may want to perform a manual analysis. You need to pick the right tools for the job. DISCLAIMER: Our videos are strictly for documentary, educational, and entertainment purposes only. Imitation or the use of any acts depicted in these videos is solely AT YOUR OWN RISK. We (including YouTube) will not be held liable for any injury to yourself or damage to others resulting from attempting anything shown in any our videos. We do not endorse any specific product and this video is not an attempt to sell you a good or service. These videos are free to watch and if anyone attempts to charge for this video notify us immediately. By viewing or flagging this video you are acknowledging the above.
Views: 284 H4rM0n1cH4cK
Malware Analysis - CVE-2017-11882 Microsoft Office Equation Editor Buffer Overflow
 
17:30
Ring Ø Labs -------------------- COLIN HARDY VIDEO: https://youtu.be/iqwvECQD_io REPORT: https://www.ringzerolabs.com/2018/05/analysis-cve-2017-11882-microsoft.html MALWARE ANALYSIS LAB SETUP: https://www.youtube.com/playlist?list=PLrJFR89Z-9SBDMiCtDT2_4SJxkFpc-k7P REDDIT: https://www.reddit.com/r/RingZero/ TWITTER: https://twitter.com/RingZeroLabs FACEBOOK: https://www.facebook.com/Ring-Zero-Labs-110227123029488 GOOGLE+: https://plus.google.com/b/117437081620745642342/117437081620745642342 Ring Ø Labs is a Reverse Engineering site dedicated to analyzing malware, researching emergent security topics, and hacking the planet :) Here are some approaches in reverse engineering a malware sample: Reverse engineer: The most obvious approach is to completely reverse engineer a piece of malware. This obviously takes a great amount of time, so other approaches are more practical. Exploitation techniques: Another approach you can take is to focus on the exploitation techniques of a piece of malware. Occasionally you will see a piece of malware that is using a new exploitation technique, or is exploiting a zero-day vulnerability. In this case you may be interested only in the specific exploitation technique so you can timebox your analysis and only look at the exploitation mechanisms. Obfuscation: Malware will often obfuscate itself and make itself difficult to analyze. You might come across malware that you have seen before without obfuscation. In that case you may only want to focus on reverse engineering the new parts. Encryption methods: A common type of malware these days is ransomware. Ransomware essentially encrypts the victim's files and locks them up so that they can't be accessed or read. Oftentimes the authors of ransomware will make mistakes when they implement the encryption mechanisms. So if you focus your research on the encryption mechanisms you might be able to find weaknesses in their implementation and/or you might be able to find hard-coded keys or weak algorithms. C&C communication: This is something that is pretty commonly done when looking at malware. Analysts often want to figure out what the communication protocol is between a piece of malware on the client's side and the server on the command and control side. The communication protocol can actually give you a lot of hints about the malware’s capabilities. Attribution: Murky area - kind of like a dark art. It usually involves a lot of guesswork, knowledge of malicious hacking teams and looking at more than one piece of malware. Categorization and clustering: You can reverse engineer malware from a broader point of view. This involves looking at malware in bulk and doing a broad-stroke analysis on lots of different malware, rather than doing a deep dive. Techniques Now, let’s look at techniques that can be utilized while analyzing malware. First of all, we use static analysis. This is the process of analyzing malware or binaries without actually running them. It can be as simple as looking at metadata from a file. It can range from doing disassembly or decompilation of malware code to symbolic execution, which is something like virtual execution of a binary without actually executing it in a real environment. Conversely, dynamic analysis is the process of analyzing a piece of malware when you are running it in a live environment. In this case, you are often looking at the behavior of the malware and looking at the side effects of what it is doing. You are running tools like process monitor and sysmon to see what kinds of artifacts a piece of malware produces after it is run. We also use automated analysis. Oftentimes if you are looking at malware you want to automate things just to speed up the process to save time. However, use caution, as with automated analysis sometimes things get missed because you are trying to do things generically. If a piece of malware contains things like anti-debugging routines or anti-analysis mechanisms, you may want to perform a manual analysis. You need to pick the right tools for the job.
Views: 1842 H4rM0n1cH4cK
Fsociety Crypto Miner Quick Dynamic Analysis
 
11:07
Ring Ø Labs malware report and sample download link here: http://www.ringzerolabs.com/2017/07/fsociety-crypto-miner.html Ring Ø Labs Analysis Environment Setup: https://www.youtube.com/edit?o=U&video_id=Onqql1Zz3OE Ring Ø Labs is a Reverse Engineering site dedicated to analyzing malware, researching emergent security topics, and hacking the planet. www.RingZeroLabs.com Here are some approaches in reverse engineering a malware sample: Reverse engineer: The most obvious approach is to completely reverse engineer a piece of malware. This obviously takes a great amount of time, so other approaches are more practical. Exploitation techniques: Another approach you can take is to focus on the exploitation techniques of a piece of malware. Occasionally you will see a piece of malware that is using a new exploitation technique, or is exploiting a zero-day vulnerability. In this case you may be interested only in the specific exploitation technique so you can timebox your analysis and only look at the exploitation mechanisms. Obfuscation: Malware will often obfuscate itself and make itself difficult to analyze. You might come across malware that you have seen before without obfuscation. In that case you may only want to focus on reverse engineering the new parts. Encryption methods: A common type of malware these days is ransomware. Ransomware essentially encrypts the victim's files and locks them up so that they can't be accessed or read. Oftentimes the authors of ransomware will make mistakes when they implement the encryption mechanisms. So if you focus your research on the encryption mechanisms you might be able to find weaknesses in their implementation and/or you might be able to find hard-coded keys or weak algorithms. C&C communication: This is something that is pretty commonly done when looking at malware. Analysts often want to figure out what the communication protocol is between a piece of malware on the client's side and the server on the command and control side. The communication protocol can actually give you a lot of hints about the malware’s capabilities. Attribution: Murky area - kind of like a dark art. It usually involves a lot of guesswork, knowledge of malicious hacking teams and looking at more than one piece of malware. Categorization and clustering: You can reverse engineer malware from a broader point of view. This involves looking at malware in bulk and doing a broad-stroke analysis on lots of different malware, rather than doing a deep dive. Techniques Now, let’s look at techniques that can be utilized while analyzing malware. First of all, we use static analysis. This is the process of analyzing malware or binaries without actually running them. It can be as simple as looking at metadata from a file. It can range from doing disassembly or decompilation of malware code to symbolic execution, which is something like virtual execution of a binary without actually executing it in a real environment. Conversely, dynamic analysis is the process of analyzing a piece of malware when you are running it in a live environment. In this case, you are often looking at the behavior of the malware and looking at the side effects of what it is doing. You are running tools like process monitor and sysmon to see what kinds of artifacts a piece of malware produces after it is run. We also use automated analysis. Oftentimes if you are looking at malware you want to automate things just to speed up the process to save time. However, use caution, as with automated analysis sometimes things get missed because you are trying to do things generically. If a piece of malware contains things like anti-debugging routines or anti-analysis mechanisms, you may want to perform a manual analysis. You need to pick the right tools for the job. DISCLAIMER: Our videos are strictly for documentary, educational, and entertainment purposes only. Imitation or the use of any acts depicted in these videos is solely AT YOUR OWN RISK. We (including YouTube) will not be held liable for any injury to yourself or damage to others resulting from attempting anything shown in any our videos. We do not endorse any specific product and this video is not an attempt to sell you a good or service. These videos are free to watch and if anyone attempts to charge for this video notify us immediately. By viewing or flagging this video you are acknowledging the above.
Views: 230 H4rM0n1cH4cK
ElmersGlue Ransomware Removal Instructions
 
02:26
Ring Ø Labs full article and sample download here: http://www.ringzerolabs.com/2017/07/elmersglue3exe.html Ring Ø Labs is a Reverse Engineering site dedicated to analyzing malware, researching emergent security topics, and hacking the planet. www.RingZeroLabs.com Here are some approaches in reverse engineering a malware sample: Reverse engineer: The most obvious approach is to completely reverse engineer a piece of malware. This obviously takes a great amount of time, so other approaches are more practical. Exploitation techniques: Another approach you can take is to focus on the exploitation techniques of a piece of malware. Occasionally you will see a piece of malware that is using a new exploitation technique, or is exploiting a zero-day vulnerability. In this case you may be interested only in the specific exploitation technique so you can timebox your analysis and only look at the exploitation mechanisms. Obfuscation: Malware will often obfuscate itself and make itself difficult to analyze. You might come across malware that you have seen before without obfuscation. In that case you may only want to focus on reverse engineering the new parts. Encryption methods: A common type of malware these days is ransomware. Ransomware essentially encrypts the victim's files and locks them up so that they can't be accessed or read. Oftentimes the authors of ransomware will make mistakes when they implement the encryption mechanisms. So if you focus your research on the encryption mechanisms you might be able to find weaknesses in their implementation and/or you might be able to find hard-coded keys or weak algorithms. C&C communication: This is something that is pretty commonly done when looking at malware. Analysts often want to figure out what the communication protocol is between a piece of malware on the client's side and the server on the command and control side. The communication protocol can actually give you a lot of hints about the malware’s capabilities. Attribution: Murky area - kind of like a dark art. It usually involves a lot of guesswork, knowledge of malicious hacking teams and looking at more than one piece of malware. Categorization and clustering: You can reverse engineer malware from a broader point of view. This involves looking at malware in bulk and doing a broad-stroke analysis on lots of different malware, rather than doing a deep dive. Techniques Now, let’s look at techniques that can be utilized while analyzing malware. First of all, we use static analysis. This is the process of analyzing malware or binaries without actually running them. It can be as simple as looking at metadata from a file. It can range from doing disassembly or decompilation of malware code to symbolic execution, which is something like virtual execution of a binary without actually executing it in a real environment. Conversely, dynamic analysis is the process of analyzing a piece of malware when you are running it in a live environment. In this case, you are often looking at the behavior of the malware and looking at the side effects of what it is doing. You are running tools like process monitor and sysmon to see what kinds of artifacts a piece of malware produces after it is run. We also use automated analysis. Oftentimes if you are looking at malware you want to automate things just to speed up the process to save time. However, use caution, as with automated analysis sometimes things get missed because you are trying to do things generically. If a piece of malware contains things like anti-debugging routines or anti-analysis mechanisms, you may want to perform a manual analysis. You need to pick the right tools for the job. DISCLAIMER: Our videos are strictly for documentary, educational, and entertainment purposes only. Imitation or the use of any acts depicted in these videos is solely AT YOUR OWN RISK. We (including YouTube) will not be held liable for any injury to yourself or damage to others resulting from attempting anything shown in any our videos. We do not endorse any specific product and this video is not an attempt to sell you a good or service. These videos are free to watch and if anyone attempts to charge for this video notify us immediately. By viewing or flagging this video you are acknowledging the above.
Views: 87 H4rM0n1cH4cK
Malware Analysis CVE2017 0199 RTF Document
 
17:32
Ring Ø Labs Analysis Environment Setup: https://www.youtube.com/edit?o=U&video_id=Onqql1Zz3OE Ring Ø Labs is a Reverse Engineering site dedicated to analyzing malware, researching emergent security topics, and hacking the planet. www.RingZeroLabs.com Here are some approaches in reverse engineering a malware sample: Reverse engineer: The most obvious approach is to completely reverse engineer a piece of malware. This obviously takes a great amount of time, so other approaches are more practical. Exploitation techniques: Another approach you can take is to focus on the exploitation techniques of a piece of malware. Occasionally you will see a piece of malware that is using a new exploitation technique, or is exploiting a zero-day vulnerability. In this case you may be interested only in the specific exploitation technique so you can timebox your analysis and only look at the exploitation mechanisms. Obfuscation: Malware will often obfuscate itself and make itself difficult to analyze. You might come across malware that you have seen before without obfuscation. In that case you may only want to focus on reverse engineering the new parts. Encryption methods: A common type of malware these days is ransomware. Ransomware essentially encrypts the victim's files and locks them up so that they can't be accessed or read. Oftentimes the authors of ransomware will make mistakes when they implement the encryption mechanisms. So if you focus your research on the encryption mechanisms you might be able to find weaknesses in their implementation and/or you might be able to find hard-coded keys or weak algorithms. C&C communication: This is something that is pretty commonly done when looking at malware. Analysts often want to figure out what the communication protocol is between a piece of malware on the client's side and the server on the command and control side. The communication protocol can actually give you a lot of hints about the malware’s capabilities. Attribution: Murky area - kind of like a dark art. It usually involves a lot of guesswork, knowledge of malicious hacking teams and looking at more than one piece of malware. Categorization and clustering: You can reverse engineer malware from a broader point of view. This involves looking at malware in bulk and doing a broad-stroke analysis on lots of different malware, rather than doing a deep dive. Techniques Now, let’s look at techniques that can be utilized while analyzing malware. First of all, we use static analysis. This is the process of analyzing malware or binaries without actually running them. It can be as simple as looking at metadata from a file. It can range from doing disassembly or decompilation of malware code to symbolic execution, which is something like virtual execution of a binary without actually executing it in a real environment. Conversely, dynamic analysis is the process of analyzing a piece of malware when you are running it in a live environment. In this case, you are often looking at the behavior of the malware and looking at the side effects of what it is doing. You are running tools like process monitor and sysmon to see what kinds of artifacts a piece of malware produces after it is run. We also use automated analysis. Oftentimes if you are looking at malware you want to automate things just to speed up the process to save time. However, use caution, as with automated analysis sometimes things get missed because you are trying to do things generically. If a piece of malware contains things like anti-debugging routines or anti-analysis mechanisms, you may want to perform a manual analysis. You need to pick the right tools for the job. DISCLAIMER: Our videos are strictly for documentary, educational, and entertainment purposes only. Imitation or the use of any acts depicted in these videos is solely AT YOUR OWN RISK. We (including YouTube) will not be held liable for any injury to yourself or damage to others resulting from attempting anything shown in any our videos. We do not endorse any specific product and this video is not an attempt to sell you a good or service. These videos are free to watch and if anyone attempts to charge for this video notify us immediately. By viewing or flagging this video you are acknowledging the above.
Views: 685 H4rM0n1cH4cK
Malware Analysis   Very Cool AES Encrypted Phishing Site
 
08:56
Ring Ø Labs malware report and sample download here: http://www.ringzerolabs.com/2017/08/aes-encrypted-phishing-site.html Ring Ø Labs Analysis Environment Setup: https://www.youtube.com/edit?o=U&video_id=Onqql1Zz3OE Ring Ø Labs is a Reverse Engineering site dedicated to analyzing malware, researching emergent security topics, and hacking the planet. www.RingZeroLabs.com Here are some approaches in reverse engineering a malware sample: Reverse engineer: The most obvious approach is to completely reverse engineer a piece of malware. This obviously takes a great amount of time, so other approaches are more practical. Exploitation techniques: Another approach you can take is to focus on the exploitation techniques of a piece of malware. Occasionally you will see a piece of malware that is using a new exploitation technique, or is exploiting a zero-day vulnerability. In this case you may be interested only in the specific exploitation technique so you can timebox your analysis and only look at the exploitation mechanisms. Obfuscation: Malware will often obfuscate itself and make itself difficult to analyze. You might come across malware that you have seen before without obfuscation. In that case you may only want to focus on reverse engineering the new parts. Encryption methods: A common type of malware these days is ransomware. Ransomware essentially encrypts the victim's files and locks them up so that they can't be accessed or read. Oftentimes the authors of ransomware will make mistakes when they implement the encryption mechanisms. So if you focus your research on the encryption mechanisms you might be able to find weaknesses in their implementation and/or you might be able to find hard-coded keys or weak algorithms. C&C communication: This is something that is pretty commonly done when looking at malware. Analysts often want to figure out what the communication protocol is between a piece of malware on the client's side and the server on the command and control side. The communication protocol can actually give you a lot of hints about the malware’s capabilities. Attribution: Murky area - kind of like a dark art. It usually involves a lot of guesswork, knowledge of malicious hacking teams and looking at more than one piece of malware. Categorization and clustering: You can reverse engineer malware from a broader point of view. This involves looking at malware in bulk and doing a broad-stroke analysis on lots of different malware, rather than doing a deep dive. Techniques Now, let’s look at techniques that can be utilized while analyzing malware. First of all, we use static analysis. This is the process of analyzing malware or binaries without actually running them. It can be as simple as looking at metadata from a file. It can range from doing disassembly or decompilation of malware code to symbolic execution, which is something like virtual execution of a binary without actually executing it in a real environment. Conversely, dynamic analysis is the process of analyzing a piece of malware when you are running it in a live environment. In this case, you are often looking at the behavior of the malware and looking at the side effects of what it is doing. You are running tools like process monitor and sysmon to see what kinds of artifacts a piece of malware produces after it is run. We also use automated analysis. Oftentimes if you are looking at malware you want to automate things just to speed up the process to save time. However, use caution, as with automated analysis sometimes things get missed because you are trying to do things generically. If a piece of malware contains things like anti-debugging routines or anti-analysis mechanisms, you may want to perform a manual analysis. You need to pick the right tools for the job. DISCLAIMER: Our videos are strictly for documentary, educational, and entertainment purposes only. Imitation or the use of any acts depicted in these videos is solely AT YOUR OWN RISK. We (including YouTube) will not be held liable for any injury to yourself or damage to others resulting from attempting anything shown in any our videos. We do not endorse any specific product and this video is not an attempt to sell you a good or service. These videos are free to watch and if anyone attempts to charge for this video notify us immediately. By viewing or flagging this video you are acknowledging the above.
Views: 301 H4rM0n1cH4cK
Data Protection and Malware Mitigation with ActiveTrust Cloud
 
42:58
Your First line of Defense—DNS Security Your data are your crown jewels. They are also the jewels that bad actors want to steal. And they will use the least protected pathway to get to that data. Today, that least protected pathway is DNS. And it doesn’t help that your workforce is increasingly mobile (according to Gartner, by 2019, 57% of workers will not be deskbound in the office)* and the number of connected devices is exponentially increasing. Your security needs have changed and need to go where your employees and devices are– everywhere. Meet your data’s own security detail – the DNS. DNS is the perfect choke point to stop not just data exfiltration through it, but also detect and stop malware like ransomware from spreading and executing. Infoblox has a solution to protect your devices everywhere - on or off the premises, prevent DNS-based data exfiltration, and automatically stops device communications with command-and-control servers (C&Cs) and botnets. Delivered as a service, it provides rapid time to value, unlimited scale, and is easy to use without the need for dedicated IT resources. Register for the webinar to learn how ActiveTrust Cloud can become your core defense by: -Preventing DNS based data exfiltration, DGA, Fast Flux and other zero day threats using aggregated threat intelligence, patented analytics and machine learning -Provide deep visibility and rich network context by integrating with on-premises DDI and DNS security -Facilitates data sharing with security ecosystem tools through open APIs -Allow you to investigate threats faster using context and inputs from multiple sources
Views: 239 Infoblox
Malware Analysis   TrickBot Banking Trojan Initial Infection Vector
 
06:57
You can find a full write-up along with the download link for the sample here: http://www.ringzerolabs.com/2017/07/trickbot-banking-trojan-doc00039217doc.html Ring Ø Labs Analysis Environment Setup: https://www.youtube.com/edit?o=U&video_id=Onqql1Zz3OE Ring Ø Labs is a Reverse Engineering site dedicated to analyzing malware, researching emergent security topics, and hacking the planet. www.RingZeroLabs.com Here are some approaches in reverse engineering a malware sample: Reverse engineer: The most obvious approach is to completely reverse engineer a piece of malware. This obviously takes a great amount of time, so other approaches are more practical. Exploitation techniques: Another approach you can take is to focus on the exploitation techniques of a piece of malware. Occasionally you will see a piece of malware that is using a new exploitation technique, or is exploiting a zero-day vulnerability. In this case you may be interested only in the specific exploitation technique so you can timebox your analysis and only look at the exploitation mechanisms. Obfuscation: Malware will often obfuscate itself and make itself difficult to analyze. You might come across malware that you have seen before without obfuscation. In that case you may only want to focus on reverse engineering the new parts. Encryption methods: A common type of malware these days is ransomware. Ransomware essentially encrypts the victim's files and locks them up so that they can't be accessed or read. Oftentimes the authors of ransomware will make mistakes when they implement the encryption mechanisms. So if you focus your research on the encryption mechanisms you might be able to find weaknesses in their implementation and/or you might be able to find hard-coded keys or weak algorithms. C&C communication: This is something that is pretty commonly done when looking at malware. Analysts often want to figure out what the communication protocol is between a piece of malware on the client's side and the server on the command and control side. The communication protocol can actually give you a lot of hints about the malware’s capabilities. Attribution: Murky area - kind of like a dark art. It usually involves a lot of guesswork, knowledge of malicious hacking teams and looking at more than one piece of malware. Categorization and clustering: You can reverse engineer malware from a broader point of view. This involves looking at malware in bulk and doing a broad-stroke analysis on lots of different malware, rather than doing a deep dive. Techniques Now, let’s look at techniques that can be utilized while analyzing malware. First of all, we use static analysis. This is the process of analyzing malware or binaries without actually running them. It can be as simple as looking at metadata from a file. It can range from doing disassembly or decompilation of malware code to symbolic execution, which is something like virtual execution of a binary without actually executing it in a real environment. Conversely, dynamic analysis is the process of analyzing a piece of malware when you are running it in a live environment. In this case, you are often looking at the behavior of the malware and looking at the side effects of what it is doing. You are running tools like process monitor and sysmon to see what kinds of artifacts a piece of malware produces after it is run. We also use automated analysis. Oftentimes if you are looking at malware you want to automate things just to speed up the process to save time. However, use caution, as with automated analysis sometimes things get missed because you are trying to do things generically. If a piece of malware contains things like anti-debugging routines or anti-analysis mechanisms, you may want to perform a manual analysis. You need to pick the right tools for the job. DISCLAIMER: Our videos are strictly for documentary, educational, and entertainment purposes only. Imitation or the use of any acts depicted in these videos is solely AT YOUR OWN RISK. We (including YouTube) will not be held liable for any injury to yourself or damage to others resulting from attempting anything shown in any our videos. We do not endorse any specific product and this video is not an attempt to sell you a good or service. These videos are free to watch and if anyone attempts to charge for this video notify us immediately. By viewing or flagging this video you are acknowledging the above.
Views: 1562 H4rM0n1cH4cK
Malware Analysis - Malicious Link Files
 
14:59
Ring Ø Labs -------------------- WEBSITE: https://RingZeroLabs.com : REPORT: http://www.ringzerolabs.com/2017/12/malicious-link-files.html MALWARE ANALYSIS LAB SETUP: https://www.youtube.com/playlist?list=PLrJFR89Z-9SBDMiCtDT2_4SJxkFpc-k7P Ring Ø Labs is a Reverse Engineering site dedicated to analyzing malware, researching emergent security topics, and hacking the planet :) Here are some approaches in reverse engineering a malware sample: Reverse engineer: The most obvious approach is to completely reverse engineer a piece of malware. This obviously takes a great amount of time, so other approaches are more practical. Exploitation techniques: Another approach you can take is to focus on the exploitation techniques of a piece of malware. Occasionally you will see a piece of malware that is using a new exploitation technique, or is exploiting a zero-day vulnerability. In this case you may be interested only in the specific exploitation technique so you can timebox your analysis and only look at the exploitation mechanisms. Obfuscation: Malware will often obfuscate itself and make itself difficult to analyze. You might come across malware that you have seen before without obfuscation. In that case, you may only want to focus on reverse engineering the new parts. Encryption methods: A common type of malware these days is ransomware. Ransomware essentially encrypts the victim's files and locks them up so that they can't be accessed or read. Oftentimes the authors of ransomware will make mistakes when they implement the encryption mechanisms. So if you focus your research on the encryption mechanisms you might be able to find weaknesses in their implementation and/or you might be able to find hard-coded keys or weak algorithms. C&C communication: This is something that is pretty commonly done when looking at malware. Analysts often want to figure out what the communication protocol is a piece of malware on the client's side and the server on the command and control side. The communication protocol can actually give you a lot of hints about the malware’s capabilities. Attribution: Murky area - kind of like a dark art. It usually involves a lot of guesswork, knowledge of malicious hacking teams and looking at more than one piece of malware. Categorization and clustering: You can reverse engineer malware from a broader point of view. This involves looking at malware in bulk and doing a broad-stroke analysis on lots of different malware, rather than doing a deep dive. Techniques Now, let’s look at techniques that can be utilized while analyzing malware. First of all, we use static analysis. This is the process of analyzing malware or binaries without actually running them. It can be as simple as looking at metadata from a file. It can range from doing disassembly or decompilation of malware code to symbolic execution, which is something like virtual execution of a binary without actually executing it in a real environment. Conversely, dynamic analysis is the process of analyzing a piece of malware when you are running it in a live environment. In this case, you are often looking at the behavior of the malware and looking at the side effects of what it is doing. You are running tools like process monitor and sysmon to see what kinds of artifacts a piece of malware produces after it is run. We also use automated analysis. Oftentimes if you are looking at malware you want to automate things just to speed up the process to save time. However, use caution, as with automated analysis sometimes things get missed because you are trying to do things generically. If a piece of malware contains things like anti-debugging routines or anti-analysis mechanisms, you may want to perform a manual analysis. You need to pick the right tools for the job. DISCLAIMER: Our videos are strictly for documentary, educational, and entertainment purposes only. Imitation or the use of any acts depicted in these videos is solely AT YOUR OWN RISK. We (including YouTube) will not be held liable for any injury to yourself or damage to others resulting from attempting anything shown in any our videos. We do not endorse any specific product and this video is not an attempt to sell you a good or service. These videos are free to watch and if anyone attempts to charge for this video notify us immediately. By viewing or flagging this video you are acknowledging the above.
Views: 675 H4rM0n1cH4cK
Netwrix Auditor for EMC – Overview
 
02:14
Netwrix Auditor for EMC maximizes visibility into what's going on across EMC storage devices by classifying sensitive data and providing actionable audit data about all changes made to files, folders, shares and permissions; and reporting on both successful and failed access attempts. Learn More: http://www.netwrix.com/emc_storage_monitoring.html Today, more and more enterprises rely on Dell EMC storage solutions to store large volumes of data — including valuable and sensitive data. This makes Dell EMC storage devices a key target for all sorts of attackers, including both anonymous hackers and disgruntled employees. So how do you know, say, what kinds of sensitive data are stored on your file shares? Are there any hidden IT risks in your infrastructure? Who tried to access shared folders that they don’t have access to? Or, who deleted a file containing cardholder data, medical records or financial statements? And how do you deal with the countless report requests from internal and external auditors? Introducing Netwrix Auditor for EMC, a change, configuration and access auditing software solution that maximizes visibility into what’s going on across your Dell EMC storage. • Verify that sensitive data is not overexposed and resides only in dedicated safe locations with proper access controls. • Spot security gaps on your file servers, such as potentially harmful files or shared folders accessible by Everyone to minimize your attack surface. • Control permissions and protect sensitive data by making sure access rights to your servers and specific shares are configured properly. • Secure sensitive data on your file shares by spotting malicious insider activity or a ransomware attack in progress with alerts on threat patterns. • Gain complete visibility into all user changes and monitor failed and successful data access attempts to protect sensitive data across your file servers. • Facilitate cleanup and lower your storage costs by identifying the largest files, unused data and redundant folders. • Provide answers to auditors’ questions faster with out-of-the-box compliance reports, and address any specific question or report request with the Interactive Search. Visit netwrix.com for a free trial or a one-to-one demo and maximize visibility into sensitive data, user permissions and data access on your Dell EMC storage today.
Views: 119 Netwrix
DLL Injection with VEH Reverse Shell
 
03:23
Ring Ø Labs is a Reverse Engineering site dedicated to analyzing malware, researching emergent security topics, and hacking the planet. www.RingZeroLabs.com Here are some approaches in reverse engineering a malware sample: Reverse engineer: The most obvious approach is to completely reverse engineer a piece of malware. This obviously takes a great amount of time, so other approaches are more practical. Exploitation techniques: Another approach you can take is to focus on the exploitation techniques of a piece of malware. Occasionally you will see a piece of malware that is using a new exploitation technique, or is exploiting a zero-day vulnerability. In this case you may be interested only in the specific exploitation technique so you can timebox your analysis and only look at the exploitation mechanisms. Obfuscation: Malware will often obfuscate itself and make itself difficult to analyze. You might come across malware that you have seen before without obfuscation. In that case you may only want to focus on reverse engineering the new parts. Encryption methods: A common type of malware these days is ransomware. Ransomware essentially encrypts the victim's files and locks them up so that they can't be accessed or read. Oftentimes the authors of ransomware will make mistakes when they implement the encryption mechanisms. So if you focus your research on the encryption mechanisms you might be able to find weaknesses in their implementation and/or you might be able to find hard-coded keys or weak algorithms. C&C communication: This is something that is pretty commonly done when looking at malware. Analysts often want to figure out what the communication protocol is between a piece of malware on the client's side and the server on the command and control side. The communication protocol can actually give you a lot of hints about the malware’s capabilities. Attribution: Murky area - kind of like a dark art. It usually involves a lot of guesswork, knowledge of malicious hacking teams and looking at more than one piece of malware. Categorization and clustering: You can reverse engineer malware from a broader point of view. This involves looking at malware in bulk and doing a broad-stroke analysis on lots of different malware, rather than doing a deep dive. Techniques Now, let’s look at techniques that can be utilized while analyzing malware. First of all, we use static analysis. This is the process of analyzing malware or binaries without actually running them. It can be as simple as looking at metadata from a file. It can range from doing disassembly or decompilation of malware code to symbolic execution, which is something like virtual execution of a binary without actually executing it in a real environment. Conversely, dynamic analysis is the process of analyzing a piece of malware when you are running it in a live environment. In this case, you are often looking at the behavior of the malware and looking at the side effects of what it is doing. You are running tools like process monitor and sysmon to see what kinds of artifacts a piece of malware produces after it is run. We also use automated analysis. Oftentimes if you are looking at malware you want to automate things just to speed up the process to save time. However, use caution, as with automated analysis sometimes things get missed because you are trying to do things generically. If a piece of malware contains things like anti-debugging routines or anti-analysis mechanisms, you may want to perform a manual analysis. You need to pick the right tools for the job. DISCLAIMER: Our videos are strictly for documentary, educational, and entertainment purposes only. Imitation or the use of any acts depicted in these videos is solely AT YOUR OWN RISK. We (including YouTube) will not be held liable for any injury to yourself or damage to others resulting from attempting anything shown in any our videos. We do not endorse any specific product and this video is not an attempt to sell you a good or service. These videos are free to watch and if anyone attempts to charge for this video notify us immediately. By viewing or flagging this video you are acknowledging the above.
Views: 257 H4rM0n1cH4cK
Malware Analysis - Brambul Worm
 
18:17
Ring Ø Labs -------------------- REPORT+SAMPLE: http://www.ringzerolabs.com/2017/08/worms-caught-in-brambuls.html MALWARE ANALYSIS LAB SETUP: https://www.youtube.com/playlist?list=PLrJFR89Z-9SBDMiCtDT2_4SJxkFpc-k7P WEBSITE: http://RingZeroLabs.com Ring Ø Labs is a Reverse Engineering site dedicated to analyzing malware, researching emergent security topics, and hacking the planet :) Here are some approaches in reverse engineering a malware sample: Reverse engineer: The most obvious approach is to completely reverse engineer a piece of malware. This obviously takes a great amount of time, so other approaches are more practical. Exploitation techniques: Another approach you can take is to focus on the exploitation techniques of a piece of malware. Occasionally you will see a piece of malware that is using a new exploitation technique, or is exploiting a zero-day vulnerability. In this case you may be interested only in the specific exploitation technique so you can timebox your analysis and only look at the exploitation mechanisms. Obfuscation: Malware will often obfuscate itself and make itself difficult to analyze. You might come across malware that you have seen before without obfuscation. In that case you may only want to focus on reverse engineering the new parts. Encryption methods: A common type of malware these days is ransomware. Ransomware essentially encrypts the victim's files and locks them up so that they can't be accessed or read. Oftentimes the authors of ransomware will make mistakes when they implement the encryption mechanisms. So if you focus your research on the encryption mechanisms you might be able to find weaknesses in their implementation and/or you might be able to find hard-coded keys or weak algorithms. C&C communication: This is something that is pretty commonly done when looking at malware. Analysts often want to figure out what the communication protocol is between a piece of malware on the client's side and the server on the command and control side. The communication protocol can actually give you a lot of hints about the malware’s capabilities. Attribution: Murky area - kind of like a dark art. It usually involves a lot of guesswork, knowledge of malicious hacking teams and looking at more than one piece of malware. Categorization and clustering: You can reverse engineer malware from a broader point of view. This involves looking at malware in bulk and doing a broad-stroke analysis on lots of different malware, rather than doing a deep dive. Techniques Now, let’s look at techniques that can be utilized while analyzing malware. First of all, we use static analysis. This is the process of analyzing malware or binaries without actually running them. It can be as simple as looking at metadata from a file. It can range from doing disassembly or decompilation of malware code to symbolic execution, which is something like virtual execution of a binary without actually executing it in a real environment. Conversely, dynamic analysis is the process of analyzing a piece of malware when you are running it in a live environment. In this case, you are often looking at the behavior of the malware and looking at the side effects of what it is doing. You are running tools like process monitor and sysmon to see what kinds of artifacts a piece of malware produces after it is run. We also use automated analysis. Oftentimes if you are looking at malware you want to automate things just to speed up the process to save time. However, use caution, as with automated analysis sometimes things get missed because you are trying to do things generically. If a piece of malware contains things like anti-debugging routines or anti-analysis mechanisms, you may want to perform a manual analysis. You need to pick the right tools for the job. DISCLAIMER: Our videos are strictly for documentary, educational, and entertainment purposes only. Imitation or the use of any acts depicted in these videos is solely AT YOUR OWN RISK. We (including YouTube) will not be held liable for any injury to yourself or damage to others resulting from attempting anything shown in any our videos. We do not endorse any specific product and this video is not an attempt to sell you a good or service. These videos are free to watch and if anyone attempts to charge for this video notify us immediately. By viewing or flagging this video you are acknowledging the above.
Views: 647 H4rM0n1cH4cK
Malware Analysis - Easy File Transfer
 
07:14
Ring Ø Labs -------------------- WEBSITE: https://RingZeroLabs.com MALWARE ANALYSIS LAB SETUP: https://www.youtube.com/playlist?list=PLrJFR89Z-9SBDMiCtDT2_4SJxkFpc-k7P REDDIT: https://www.reddit.com/r/RingZero/ TWITTER: https://twitter.com/RingZeroLabs FACEBOOK: https://www.facebook.com/Ring-Zero-Labs-110227123029488 GOOGLE+: https://plus.google.com/b/117437081620745642342/117437081620745642342 Ring Ø Labs is a Reverse Engineering site dedicated to analyzing malware, researching emergent security topics, and hacking the planet :) Here are some approaches in reverse engineering a malware sample: Reverse engineer: The most obvious approach is to completely reverse engineer a piece of malware. This obviously takes a great amount of time, so other approaches are more practical. Exploitation techniques: Another approach you can take is to focus on the exploitation techniques of a piece of malware. Occasionally you will see a piece of malware that is using a new exploitation technique, or is exploiting a zero-day vulnerability. In this case you may be interested only in the specific exploitation technique so you can timebox your analysis and only look at the exploitation mechanisms. Obfuscation: Malware will often obfuscate itself and make itself difficult to analyze. You might come across malware that you have seen before without obfuscation. In that case you may only want to focus on reverse engineering the new parts. Encryption methods: A common type of malware these days is ransomware. Ransomware essentially encrypts the victim's files and locks them up so that they can't be accessed or read. Oftentimes the authors of ransomware will make mistakes when they implement the encryption mechanisms. So if you focus your research on the encryption mechanisms you might be able to find weaknesses in their implementation and/or you might be able to find hard-coded keys or weak algorithms. C&C communication: This is something that is pretty commonly done when looking at malware. Analysts often want to figure out what the communication protocol is between a piece of malware on the client's side and the server on the command and control side. The communication protocol can actually give you a lot of hints about the malware’s capabilities. Attribution: Murky area - kind of like a dark art. It usually involves a lot of guesswork, knowledge of malicious hacking teams and looking at more than one piece of malware. Categorization and clustering: You can reverse engineer malware from a broader point of view. This involves looking at malware in bulk and doing a broad-stroke analysis on lots of different malware, rather than doing a deep dive. Techniques Now, let’s look at techniques that can be utilized while analyzing malware. First of all, we use static analysis. This is the process of analyzing malware or binaries without actually running them. It can be as simple as looking at metadata from a file. It can range from doing disassembly or decompilation of malware code to symbolic execution, which is something like virtual execution of a binary without actually executing it in a real environment. Conversely, dynamic analysis is the process of analyzing a piece of malware when you are running it in a live environment. In this case, you are often looking at the behavior of the malware and looking at the side effects of what it is doing. You are running tools like process monitor and sysmon to see what kinds of artifacts a piece of malware produces after it is run. We also use automated analysis. Oftentimes if you are looking at malware you want to automate things just to speed up the process to save time. However, use caution, as with automated analysis sometimes things get missed because you are trying to do things generically. If a piece of malware contains things like anti-debugging routines or anti-analysis mechanisms, you may want to perform a manual analysis. You need to pick the right tools for the job. DISCLAIMER: Our videos are strictly for documentary, educational, and entertainment purposes only. Imitation or the use of any acts depicted in these videos is solely AT YOUR OWN RISK. We (including YouTube) will not be held liable for any injury to yourself or damage to others resulting from attempting anything shown in any our videos. We do not endorse any specific product and this video is not an attempt to sell you a good or service. These videos are free to watch and if anyone attempts to charge for this video notify us immediately. By viewing or flagging this video you are acknowledging the above.
Views: 334 H4rM0n1cH4cK
Malware Analysis - Triaging Java JAR Files
 
06:14
Ring Ø Labs -------------------- REPORT+SAMPLE: http://www.ringzerolabs.com/2017/09/triaging-java-jar-files.html MALWARE ANALYSIS LAB SETUP: https://www.youtube.com/playlist?list=PLrJFR89Z-9SBDMiCtDT2_4SJxkFpc-k7P WEBSITE: http://RingZeroLabs.com Ring Ø Labs is a Reverse Engineering site dedicated to analyzing malware, researching emergent security topics, and hacking the planet :) Here are some approaches in reverse engineering a malware sample: Reverse engineer: The most obvious approach is to completely reverse engineer a piece of malware. This obviously takes a great amount of time, so other approaches are more practical. Exploitation techniques: Another approach you can take is to focus on the exploitation techniques of a piece of malware. Occasionally you will see a piece of malware that is using a new exploitation technique, or is exploiting a zero-day vulnerability. In this case you may be interested only in the specific exploitation technique so you can timebox your analysis and only look at the exploitation mechanisms. Obfuscation: Malware will often obfuscate itself and make itself difficult to analyze. You might come across malware that you have seen before without obfuscation. In that case you may only want to focus on reverse engineering the new parts. Encryption methods: A common type of malware these days is ransomware. Ransomware essentially encrypts the victim's files and locks them up so that they can't be accessed or read. Oftentimes the authors of ransomware will make mistakes when they implement the encryption mechanisms. So if you focus your research on the encryption mechanisms you might be able to find weaknesses in their implementation and/or you might be able to find hard-coded keys or weak algorithms. C&C communication: This is something that is pretty commonly done when looking at malware. Analysts often want to figure out what the communication protocol is between a piece of malware on the client's side and the server on the command and control side. The communication protocol can actually give you a lot of hints about the malware’s capabilities. Attribution: Murky area - kind of like a dark art. It usually involves a lot of guesswork, knowledge of malicious hacking teams and looking at more than one piece of malware. Categorization and clustering: You can reverse engineer malware from a broader point of view. This involves looking at malware in bulk and doing a broad-stroke analysis on lots of different malware, rather than doing a deep dive. Techniques Now, let’s look at techniques that can be utilized while analyzing malware. First of all, we use static analysis. This is the process of analyzing malware or binaries without actually running them. It can be as simple as looking at metadata from a file. It can range from doing disassembly or decompilation of malware code to symbolic execution, which is something like virtual execution of a binary without actually executing it in a real environment. Conversely, dynamic analysis is the process of analyzing a piece of malware when you are running it in a live environment. In this case, you are often looking at the behavior of the malware and looking at the side effects of what it is doing. You are running tools like process monitor and sysmon to see what kinds of artifacts a piece of malware produces after it is run. We also use automated analysis. Oftentimes if you are looking at malware you want to automate things just to speed up the process to save time. However, use caution, as with automated analysis sometimes things get missed because you are trying to do things generically. If a piece of malware contains things like anti-debugging routines or anti-analysis mechanisms, you may want to perform a manual analysis. You need to pick the right tools for the job. DISCLAIMER: Our videos are strictly for documentary, educational, and entertainment purposes only. Imitation or the use of any acts depicted in these videos is solely AT YOUR OWN RISK. We (including YouTube) will not be held liable for any injury to yourself or damage to others resulting from attempting anything shown in any our videos. We do not endorse any specific product and this video is not an attempt to sell you a good or service. These videos are free to watch and if anyone attempts to charge for this video notify us immediately. By viewing or flagging this video you are acknowledging the above.
Views: 1152 H4rM0n1cH4cK
SetWindowsHookEx Windows Injection
 
01:43
Ring Ø Labs is a Reverse Engineering site dedicated to analyzing malware, researching emergent security topics, and hacking the planet. www.RingZeroLabs.com Here are some approaches in reverse engineering a malware sample: Reverse engineer: The most obvious approach is to completely reverse engineer a piece of malware. This obviously takes a great amount of time, so other approaches are more practical. Exploitation techniques: Another approach you can take is to focus on the exploitation techniques of a piece of malware. Occasionally you will see a piece of malware that is using a new exploitation technique, or is exploiting a zero-day vulnerability. In this case you may be interested only in the specific exploitation technique so you can timebox your analysis and only look at the exploitation mechanisms. Obfuscation: Malware will often obfuscate itself and make itself difficult to analyze. You might come across malware that you have seen before without obfuscation. In that case you may only want to focus on reverse engineering the new parts. Encryption methods: A common type of malware these days is ransomware. Ransomware essentially encrypts the victim's files and locks them up so that they can't be accessed or read. Oftentimes the authors of ransomware will make mistakes when they implement the encryption mechanisms. So if you focus your research on the encryption mechanisms you might be able to find weaknesses in their implementation and/or you might be able to find hard-coded keys or weak algorithms. C&C communication: This is something that is pretty commonly done when looking at malware. Analysts often want to figure out what the communication protocol is between a piece of malware on the client's side and the server on the command and control side. The communication protocol can actually give you a lot of hints about the malware’s capabilities. Attribution: Murky area - kind of like a dark art. It usually involves a lot of guesswork, knowledge of malicious hacking teams and looking at more than one piece of malware. Categorization and clustering: You can reverse engineer malware from a broader point of view. This involves looking at malware in bulk and doing a broad-stroke analysis on lots of different malware, rather than doing a deep dive. Techniques Now, let’s look at techniques that can be utilized while analyzing malware. First of all, we use static analysis. This is the process of analyzing malware or binaries without actually running them. It can be as simple as looking at metadata from a file. It can range from doing disassembly or decompilation of malware code to symbolic execution, which is something like virtual execution of a binary without actually executing it in a real environment. Conversely, dynamic analysis is the process of analyzing a piece of malware when you are running it in a live environment. In this case, you are often looking at the behavior of the malware and looking at the side effects of what it is doing. You are running tools like process monitor and sysmon to see what kinds of artifacts a piece of malware produces after it is run. We also use automated analysis. Oftentimes if you are looking at malware you want to automate things just to speed up the process to save time. However, use caution, as with automated analysis sometimes things get missed because you are trying to do things generically. If a piece of malware contains things like anti-debugging routines or anti-analysis mechanisms, you may want to perform a manual analysis. You need to pick the right tools for the job. DISCLAIMER: Our videos are strictly for documentary, educational, and entertainment purposes only. Imitation or the use of any acts depicted in these videos is solely AT YOUR OWN RISK. We (including YouTube) will not be held liable for any injury to yourself or damage to others resulting from attempting anything shown in any our videos. We do not endorse any specific product and this video is not an attempt to sell you a good or service. These videos are free to watch and if anyone attempts to charge for this video notify us immediately. By viewing or flagging this video you are acknowledging the above.
Views: 875 H4rM0n1cH4cK
Tracking desktop ransomware payments end to end - Blackhat USA'17
 
22:14
Recording of our Blackhat'17 on how to trace ransomware payment end-to-end: https://www.elie.net/talk/tracking-desktop-ransomware-payments-end-to-end Blog posts with mode details: - Methodology: https://elie.net/blog/security/how-to-trace-ransomware-payments-end-to-end - Ransomspehere economy inner-working: https://elie.net/blog/security/exposing-the-inner-workings-of-the-ransomware-economy - Key players analysis: https://elie.net/blog/security/unmasking-the-ransomware-kingpins niche term just two years ago, ransomware has rapidly risen to fame in the last year, infecting hundreds of thousands of users, locking their documents, and demanding hefty ransoms to get them back. In doing so, it has become one of the largest cybercrime revenue sources, with heavy reliance on Bitcoins and Tor to confound the money trail. In this talk, we demonstrate a method to track the ransomware ecosystem at scale, from distribution sites to the cash-out points. By processing 100k+ samples, we shed light on the economics and infrastructure of the largest families, and we provide insight on their revenue and conversion rates. With a deep dive in the two largest groups, we show the details of their operation. Finally, we uncover the cash-out points, tracking how the money exits the bitcoin network, enabling the authorities to pick up the money trail using conventional financial tracing means.
Views: 3135 Elie Bursztein
Malware Analysis   Ursnif Dreambot Trojan Campaign
 
14:27
Ring Ø Labs full article and sample download here: http://www.ringzerolabs.com/2017/07/the-multi-faceted-ursnif-trojan.html Ring Ø Labs Analysis Environment Setup: https://www.youtube.com/edit?o=U&video_id=Onqql1Zz3OE Ring Ø Labs is a Reverse Engineering site dedicated to analyzing malware, researching emergent security topics, and hacking the planet. www.RingZeroLabs.com Here are some approaches in reverse engineering a malware sample: Reverse engineer: The most obvious approach is to completely reverse engineer a piece of malware. This obviously takes a great amount of time, so other approaches are more practical. Exploitation techniques: Another approach you can take is to focus on the exploitation techniques of a piece of malware. Occasionally you will see a piece of malware that is using a new exploitation technique, or is exploiting a zero-day vulnerability. In this case you may be interested only in the specific exploitation technique so you can timebox your analysis and only look at the exploitation mechanisms. Obfuscation: Malware will often obfuscate itself and make itself difficult to analyze. You might come across malware that you have seen before without obfuscation. In that case you may only want to focus on reverse engineering the new parts. Encryption methods: A common type of malware these days is ransomware. Ransomware essentially encrypts the victim's files and locks them up so that they can't be accessed or read. Oftentimes the authors of ransomware will make mistakes when they implement the encryption mechanisms. So if you focus your research on the encryption mechanisms you might be able to find weaknesses in their implementation and/or you might be able to find hard-coded keys or weak algorithms. C&C communication: This is something that is pretty commonly done when looking at malware. Analysts often want to figure out what the communication protocol is between a piece of malware on the client's side and the server on the command and control side. The communication protocol can actually give you a lot of hints about the malware’s capabilities. Attribution: Murky area - kind of like a dark art. It usually involves a lot of guesswork, knowledge of malicious hacking teams and looking at more than one piece of malware. Categorization and clustering: You can reverse engineer malware from a broader point of view. This involves looking at malware in bulk and doing a broad-stroke analysis on lots of different malware, rather than doing a deep dive. Techniques Now, let’s look at techniques that can be utilized while analyzing malware. First of all, we use static analysis. This is the process of analyzing malware or binaries without actually running them. It can be as simple as looking at metadata from a file. It can range from doing disassembly or decompilation of malware code to symbolic execution, which is something like virtual execution of a binary without actually executing it in a real environment. Conversely, dynamic analysis is the process of analyzing a piece of malware when you are running it in a live environment. In this case, you are often looking at the behavior of the malware and looking at the side effects of what it is doing. You are running tools like process monitor and sysmon to see what kinds of artifacts a piece of malware produces after it is run. We also use automated analysis. Oftentimes if you are looking at malware you want to automate things just to speed up the process to save time. However, use caution, as with automated analysis sometimes things get missed because you are trying to do things generically. If a piece of malware contains things like anti-debugging routines or anti-analysis mechanisms, you may want to perform a manual analysis. You need to pick the right tools for the job. DISCLAIMER: Our videos are strictly for documentary, educational, and entertainment purposes only. Imitation or the use of any acts depicted in these videos is solely AT YOUR OWN RISK. We (including YouTube) will not be held liable for any injury to yourself or damage to others resulting from attempting anything shown in any our videos. We do not endorse any specific product and this video is not an attempt to sell you a good or service. These videos are free to watch and if anyone attempts to charge for this video notify us immediately. By viewing or flagging this video you are acknowledging the above.
Views: 796 H4rM0n1cH4cK
DLL Injection and VEH Api Hooking
 
00:52
Ring Ø Labs is a Reverse Engineering site dedicated to analyzing malware, researching emergent security topics, and hacking the planet. www.RingZeroLabs.com Here are some approaches in reverse engineering a malware sample: Reverse engineer: The most obvious approach is to completely reverse engineer a piece of malware. This obviously takes a great amount of time, so other approaches are more practical. Exploitation techniques: Another approach you can take is to focus on the exploitation techniques of a piece of malware. Occasionally you will see a piece of malware that is using a new exploitation technique, or is exploiting a zero-day vulnerability. In this case you may be interested only in the specific exploitation technique so you can timebox your analysis and only look at the exploitation mechanisms. Obfuscation: Malware will often obfuscate itself and make itself difficult to analyze. You might come across malware that you have seen before without obfuscation. In that case you may only want to focus on reverse engineering the new parts. Encryption methods: A common type of malware these days is ransomware. Ransomware essentially encrypts the victim's files and locks them up so that they can't be accessed or read. Oftentimes the authors of ransomware will make mistakes when they implement the encryption mechanisms. So if you focus your research on the encryption mechanisms you might be able to find weaknesses in their implementation and/or you might be able to find hard-coded keys or weak algorithms. C&C communication: This is something that is pretty commonly done when looking at malware. Analysts often want to figure out what the communication protocol is between a piece of malware on the client's side and the server on the command and control side. The communication protocol can actually give you a lot of hints about the malware’s capabilities. Attribution: Murky area - kind of like a dark art. It usually involves a lot of guesswork, knowledge of malicious hacking teams and looking at more than one piece of malware. Categorization and clustering: You can reverse engineer malware from a broader point of view. This involves looking at malware in bulk and doing a broad-stroke analysis on lots of different malware, rather than doing a deep dive. Techniques Now, let’s look at techniques that can be utilized while analyzing malware. First of all, we use static analysis. This is the process of analyzing malware or binaries without actually running them. It can be as simple as looking at metadata from a file. It can range from doing disassembly or decompilation of malware code to symbolic execution, which is something like virtual execution of a binary without actually executing it in a real environment. Conversely, dynamic analysis is the process of analyzing a piece of malware when you are running it in a live environment. In this case, you are often looking at the behavior of the malware and looking at the side effects of what it is doing. You are running tools like process monitor and sysmon to see what kinds of artifacts a piece of malware produces after it is run. We also use automated analysis. Oftentimes if you are looking at malware you want to automate things just to speed up the process to save time. However, use caution, as with automated analysis sometimes things get missed because you are trying to do things generically. If a piece of malware contains things like anti-debugging routines or anti-analysis mechanisms, you may want to perform a manual analysis. You need to pick the right tools for the job. DISCLAIMER: Our videos are strictly for documentary, educational, and entertainment purposes only. Imitation or the use of any acts depicted in these videos is solely AT YOUR OWN RISK. We (including YouTube) will not be held liable for any injury to yourself or damage to others resulting from attempting anything shown in any our videos. We do not endorse any specific product and this video is not an attempt to sell you a good or service. These videos are free to watch and if anyone attempts to charge for this video notify us immediately. By viewing or flagging this video you are acknowledging the above.
Views: 576 H4rM0n1cH4cK
Ring Ø Labs - Story Time With DEP (Data Execution Prevention)
 
24:23
Ring Ø Labs -------------------- WEBSITE: http://RingZeroLabs.com ANALYSIS LAB SETUP: https://youtu.be/qW-LzlVQyCg ANALYSIS TOOLS: https://youtu.be/Onqql1Zz3OE Ring Ø Labs is a Reverse Engineering site dedicated to analyzing malware, researching emergent security topics, and hacking the planet :) Here are some approaches in reverse engineering a malware sample: Reverse engineer: The most obvious approach is to completely reverse engineer a piece of malware. This obviously takes a great amount of time, so other approaches are more practical. Exploitation techniques: Another approach you can take is to focus on the exploitation techniques of a piece of malware. Occasionally you will see a piece of malware that is using a new exploitation technique, or is exploiting a zero-day vulnerability. In this case you may be interested only in the specific exploitation technique so you can timebox your analysis and only look at the exploitation mechanisms. Obfuscation: Malware will often obfuscate itself and make itself difficult to analyze. You might come across malware that you have seen before without obfuscation. In that case you may only want to focus on reverse engineering the new parts. Encryption methods: A common type of malware these days is ransomware. Ransomware essentially encrypts the victim's files and locks them up so that they can't be accessed or read. Oftentimes the authors of ransomware will make mistakes when they implement the encryption mechanisms. So if you focus your research on the encryption mechanisms you might be able to find weaknesses in their implementation and/or you might be able to find hard-coded keys or weak algorithms. C&C communication: This is something that is pretty commonly done when looking at malware. Analysts often want to figure out what the communication protocol is between a piece of malware on the client's side and the server on the command and control side. The communication protocol can actually give you a lot of hints about the malware’s capabilities. Attribution: Murky area - kind of like a dark art. It usually involves a lot of guesswork, knowledge of malicious hacking teams and looking at more than one piece of malware. Categorization and clustering: You can reverse engineer malware from a broader point of view. This involves looking at malware in bulk and doing a broad-stroke analysis on lots of different malware, rather than doing a deep dive. Techniques Now, let’s look at techniques that can be utilized while analyzing malware. First of all, we use static analysis. This is the process of analyzing malware or binaries without actually running them. It can be as simple as looking at metadata from a file. It can range from doing disassembly or decompilation of malware code to symbolic execution, which is something like virtual execution of a binary without actually executing it in a real environment. Conversely, dynamic analysis is the process of analyzing a piece of malware when you are running it in a live environment. In this case, you are often looking at the behavior of the malware and looking at the side effects of what it is doing. You are running tools like process monitor and sysmon to see what kinds of artifacts a piece of malware produces after it is run. We also use automated analysis. Oftentimes if you are looking at malware you want to automate things just to speed up the process to save time. However, use caution, as with automated analysis sometimes things get missed because you are trying to do things generically. If a piece of malware contains things like anti-debugging routines or anti-analysis mechanisms, you may want to perform a manual analysis. You need to pick the right tools for the job. DISCLAIMER: Our videos are strictly for documentary, educational, and entertainment purposes only. Imitation or the use of any acts depicted in these videos is solely AT YOUR OWN RISK. We (including YouTube) will not be held liable for any injury to yourself or damage to others resulting from attempting anything shown in any our videos. We do not endorse any specific product and this video is not an attempt to sell you a good or service. These videos are free to watch and if anyone attempts to charge for this video notify us immediately. By viewing or flagging this video you are acknowledging the above.
Views: 213 H4rM0n1cH4cK
Assembly Language   CreateThread
 
02:00
Ring Ø Labs is a Reverse Engineering site dedicated to analyzing malware, researching emergent security topics, and hacking the planet. www.RingZeroLabs.com Here are some approaches in reverse engineering a malware sample: Reverse engineer: The most obvious approach is to completely reverse engineer a piece of malware. This obviously takes a great amount of time, so other approaches are more practical. Exploitation techniques: Another approach you can take is to focus on the exploitation techniques of a piece of malware. Occasionally you will see a piece of malware that is using a new exploitation technique, or is exploiting a zero-day vulnerability. In this case you may be interested only in the specific exploitation technique so you can timebox your analysis and only look at the exploitation mechanisms. Obfuscation: Malware will often obfuscate itself and make itself difficult to analyze. You might come across malware that you have seen before without obfuscation. In that case you may only want to focus on reverse engineering the new parts. Encryption methods: A common type of malware these days is ransomware. Ransomware essentially encrypts the victim's files and locks them up so that they can't be accessed or read. Oftentimes the authors of ransomware will make mistakes when they implement the encryption mechanisms. So if you focus your research on the encryption mechanisms you might be able to find weaknesses in their implementation and/or you might be able to find hard-coded keys or weak algorithms. C&C communication: This is something that is pretty commonly done when looking at malware. Analysts often want to figure out what the communication protocol is between a piece of malware on the client's side and the server on the command and control side. The communication protocol can actually give you a lot of hints about the malware’s capabilities. Attribution: Murky area - kind of like a dark art. It usually involves a lot of guesswork, knowledge of malicious hacking teams and looking at more than one piece of malware. Categorization and clustering: You can reverse engineer malware from a broader point of view. This involves looking at malware in bulk and doing a broad-stroke analysis on lots of different malware, rather than doing a deep dive. Techniques Now, let’s look at techniques that can be utilized while analyzing malware. First of all, we use static analysis. This is the process of analyzing malware or binaries without actually running them. It can be as simple as looking at metadata from a file. It can range from doing disassembly or decompilation of malware code to symbolic execution, which is something like virtual execution of a binary without actually executing it in a real environment. Conversely, dynamic analysis is the process of analyzing a piece of malware when you are running it in a live environment. In this case, you are often looking at the behavior of the malware and looking at the side effects of what it is doing. You are running tools like process monitor and sysmon to see what kinds of artifacts a piece of malware produces after it is run. We also use automated analysis. Oftentimes if you are looking at malware you want to automate things just to speed up the process to save time. However, use caution, as with automated analysis sometimes things get missed because you are trying to do things generically. If a piece of malware contains things like anti-debugging routines or anti-analysis mechanisms, you may want to perform a manual analysis. You need to pick the right tools for the job. DISCLAIMER: Our videos are strictly for documentary, educational, and entertainment purposes only. Imitation or the use of any acts depicted in these videos is solely AT YOUR OWN RISK. We (including YouTube) will not be held liable for any injury to yourself or damage to others resulting from attempting anything shown in any our videos. We do not endorse any specific product and this video is not an attempt to sell you a good or service. These videos are free to watch and if anyone attempts to charge for this video notify us immediately. By viewing or flagging this video you are acknowledging the above.
Views: 70 H4rM0n1cH4cK
Install Transmission BitTorrent Client on RHEL / CentOS 6
 
11:10
Install Transmission BitTorrent Client on RHEL / CentOS 6 For full guide Links & Commands visit: https://techlifeinc.com/install-transmissionbittorrent-client-on-rhel-centos-6.html
Views: 1340 TweakFix
Malware Analysis Technique - Copy Non-Selectable Window Text
 
02:39
You can find a full write-up here: http://www.ringzerolabs.com/2017/08/copying-non-selectable-window-text.html Ring Ø Labs Analysis Environment Setup: https://www.youtube.com/edit?o=U&video_id=Onqql1Zz3OE Ring Ø Labs is a Reverse Engineering site dedicated to analyzing malware, researching emergent security topics, and hacking the planet. www.RingZeroLabs.com Here are some approaches in reverse engineering a malware sample: Reverse engineer: The most obvious approach is to completely reverse engineer a piece of malware. This obviously takes a great amount of time, so other approaches are more practical. Exploitation techniques: Another approach you can take is to focus on the exploitation techniques of a piece of malware. Occasionally you will see a piece of malware that is using a new exploitation technique, or is exploiting a zero-day vulnerability. In this case you may be interested only in the specific exploitation technique so you can timebox your analysis and only look at the exploitation mechanisms. Obfuscation: Malware will often obfuscate itself and make itself difficult to analyze. You might come across malware that you have seen before without obfuscation. In that case you may only want to focus on reverse engineering the new parts. Encryption methods: A common type of malware these days is ransomware. Ransomware essentially encrypts the victim's files and locks them up so that they can't be accessed or read. Oftentimes the authors of ransomware will make mistakes when they implement the encryption mechanisms. So if you focus your research on the encryption mechanisms you might be able to find weaknesses in their implementation and/or you might be able to find hard-coded keys or weak algorithms. C&C communication: This is something that is pretty commonly done when looking at malware. Analysts often want to figure out what the communication protocol is between a piece of malware on the client's side and the server on the command and control side. The communication protocol can actually give you a lot of hints about the malware’s capabilities. Attribution: Murky area - kind of like a dark art. It usually involves a lot of guesswork, knowledge of malicious hacking teams and looking at more than one piece of malware. Categorization and clustering: You can reverse engineer malware from a broader point of view. This involves looking at malware in bulk and doing a broad-stroke analysis on lots of different malware, rather than doing a deep dive. Techniques Now, let’s look at techniques that can be utilized while analyzing malware. First of all, we use static analysis. This is the process of analyzing malware or binaries without actually running them. It can be as simple as looking at metadata from a file. It can range from doing disassembly or decompilation of malware code to symbolic execution, which is something like virtual execution of a binary without actually executing it in a real environment. Conversely, dynamic analysis is the process of analyzing a piece of malware when you are running it in a live environment. In this case, you are often looking at the behavior of the malware and looking at the side effects of what it is doing. You are running tools like process monitor and sysmon to see what kinds of artifacts a piece of malware produces after it is run. We also use automated analysis. Oftentimes if you are looking at malware you want to automate things just to speed up the process to save time. However, use caution, as with automated analysis sometimes things get missed because you are trying to do things generically. If a piece of malware contains things like anti-debugging routines or anti-analysis mechanisms, you may want to perform a manual analysis. You need to pick the right tools for the job. DISCLAIMER: Our videos are strictly for documentary, educational, and entertainment purposes only. Imitation or the use of any acts depicted in these videos is solely AT YOUR OWN RISK. We (including YouTube) will not be held liable for any injury to yourself or damage to others resulting from attempting anything shown in any our videos. We do not endorse any specific product and this video is not an attempt to sell you a good or service. These videos are free to watch and if anyone attempts to charge for this video notify us immediately. By viewing or flagging this video you are acknowledging the above.
Views: 160 H4rM0n1cH4cK
SETTING UP A WEB SERVER ON AWS - CS50 on Twitch, EP. 18
 
02:18:35
Join CS50's Nick Wong for a look at setting up a simple server on AWS, showcasing the potential use case of WordPress using PHP, Apache, and other technologies; we even get hacked along the way! Co-hosted by Colton Ogden. Join us live on twitch.tv/cs50tv and be a part of the live chat every week. This is CS50 on Twitch.
Views: 3842 CS50
Operating System Security - CompTIA Security+ SY0-501 - 3.3
 
12:16
Security+ Training Course Index: http://professormesser.link/sy0501 Professor Messer’s Course Notes: http://professormesser.link/501cn Frequently Asked Questions: http://professormesser.link/faq - - - - - Maintaining the security of our operating systems is an ongoing necessity. In this video, you’ll learn about patch management, least functionality, application management, and other OS security requirements. - - - - - Subscribe to get the latest videos: http://professormesser.link/yt Calendar of live events: http://www.professormesser.com/calendar/ FOLLOW PROFESSOR MESSER: Professor Messer official website: http://www.professormesser.com/ Twitter: http://www.professormesser.com/twitter Facebook: http://www.professormesser.com/facebook Instagram: http://www.professormesser.com/instagram Google +: http://www.professormesser.com/googleplus
Views: 29575 Professor Messer
300 сек с Логином -16.6.2017
 
04:16
http://www.bbc.com/news/education-40288548 University College London, one of the world's leading universities, has been hit by a major cyber-attack. The central London university, ranked last week in the world's top 10, says that a "widespread ransomware attack" began on Wednesday. http://securityaffairs.co/wordpress/60141/hacking/smb-endpoint-exposed.html The researchers scanned the Internet for improperly configured services, such as the recently exploited Server Message Block (SMB) and Telnet that were respectively targeted in the WannaCry attack and attacks based on IoT botnets (i.e. Mirai, Persirai). The experts counted 5.5 million machines with SMB port exposed, the data is alarming considering that prior May 2017, when WannaCry spread, the number of exposed devices was 4.7 million. According to Rapid7, 800,000 of endpoints exposing Microsoft file-sharing services (SMB, TCP port 445) are Windows systems. http://securityaffairs.co/wordpress/60153/malware/sorebrect-fileless-ransomware.html The number of fileless malware continues to increase, recently security researchers spotted a new Fileless Ransomware dubbed Sorebrect. Sorebrect is able to inject malicious code into a legitimate system process (svchost.exe) on a targeted system and it terminates its binary to evade detection. It also make hard forensics analysis by deleting the affected system’s event logs using wevtutil.exe and shadow copies with vssadmin,and other artifacts such as files executed on the system. SOREBRECT leveraged on Tor network to anonymize communications to command-and-control (C&C) server. Unlike other ransomware, Sorebrect has been designed to specifically target enterprise’s systems in various industries (manufacturing, technology, and telecommunications), the malicious code it injects is tasked of file encryption on the local machine and connected network shares. The Sorebrect ransomware scans the local network for other connected systems with open shares and encrypts files stored on them. https://www.theregister.co.uk/2017/06/15/wikileaks_dumps_cia_wifi_pwnage_tool_docs_online/ Hundreds of commercial Wi-Fi routers are, or were, easily hackable by the CIA, according to classified files published today by WikiLeaks. The confidential US government documents describe the Cherry Blossom project, which is the framework by which CIA operatives can subvert wireless routers; install software that harvests email addresses, chat usernames, MAC addresses and VoIP numbers; and allow man-in-the-middle attacks and browser redirection. We're told Cherry Blossom, or at least version 5 of it, allows agents to infect both wireless and wired access points by installing a firmware upgrade dubbed FlyTrap that can be put on the device without needing physical access to it. Flytrap can monitor internet traffic through the router, redirect web browser connections to websites that the CIA wants a target to see, proxy a target's network connections, and harvest and copy data traffic. It then sends it all back to a command and control system called Cherry Tree. "The key component is the Flytrap, which is typically a wireless (802.11/WiFi) device (router/access point) that has been implanted with CB firmware," the documents state. https://motherboard.vice.com/en_us/article/british-hacker-pleads-guilty-to-hacking-us-military-satellite-phone-and-messaging-system A 25-year-old broke into a DoD satellite communication system and doxed around 800 Department of Defense employees. A British man has pleaded guilty to hacking into a US Department of Defense system stealing data from around 30,000 satellite phones, UK authorities announced on Thursday. Sean Caffrey, a 25-year-old from the outskirts of Birmingham, admitted to breaking into a US military communications system on June 15, 2014, stealing "hundreds of user accounts." The hacker stole "ranks, usernames and email addresses of more than 800 users of a satellite communications system, as well as of about 30,000 satellite phones," according to a press release by the National Crime Agency, or NCA. https://www.theregister.co.uk/2017/06/15/dvr_vuln_botnet_threat/ UK-based security consultancy Pen Test Partners said that the issue stems from a zero-day (unpatched) flaw in networking software from Chinese manufacturer XiongMai. Pen Test Partners has been researching DVR security since February 2016, long before Mirai took out DNS provider Dyn in October 2016. The firm found a buffer overflow in the web interface that leaves more than one million devices vulnerable. "This [flaw] leads to remote code execution and a wormable exploit," researchers warned. "Shodan [a search engine for internet-connected devices] shows ~1M devices available as of today, which would make for a nice botnet."
Views: 64 Securit13 Podcast
MailSploit on IOS — Email Spoofing Flaw Affects Over 30 Popular Email Clients
 
01:07
▶️MailSploit on IOS — Email Spoofing Flaw Affects Over 30 Popular Email Clients ------------------------------------------ Record Your Every Keystroke: https://youtu.be/i-VXFqQb3yg ------------------------------------------ If you receive an email that looks like it's from one of your friends, just beware! It's possible that the email has been sent by someone else in an attempt to compromise your system. A security researcher has discovered a collection of vulnerabilities in more than 30 popular email client applications that could allow anyone to send spoofed emails bypassing anti-spoofing mechanisms. Discovered by security researcher Sabri Haddouche, the set of vulnerabilities, dubbed MailSploit, affects Apple Mail (macOS, iOS, and watchOS), Mozilla Thunderbird, several Microsoft email clients, Yahoo Mail, ProtonMail, and others. Although most of these affected email client applications have implemented anti-spoofing mechanisms, such as DKIM and DMARC, MailSploit takes advantage of the way email clients and web interfaces parse "From" header. Email spoofing is an old-school technique, but it works well, allowing someone to modify email headers and send an email with the forged sender address to trick recipients into believing they are receiving that email from a specific person. In a dedicated website went up today, Haddouche explained how the lack of input sanitization implemented by vulnerable email clients could lead to email spoofing attack—without actually exploiting any flaw in DMARC. To demonstrate this attack, Haddouche created a payload by encoding non-ASCII characters inside the email headers, successfully sending a spoofed email from an official address belonging to President of the United States. "Using a combination of control characters such as new lines or null-byte, it can result in hiding or removing the domain part of the original email," Haddouche says in his blog post. "We've seen a lot of malware spreading via emails, relying on social engineering techniques to convince users to open unsafe attachments, or click on phishing links. The rise of ransomware distributed over email clearly demonstrates the effectivity of those mechanisms." Besides spoofing, the researcher found some of the email clients, including Hushmail, Open Mailbox, Spark, and Airmail, are also vulnerable to cross-site scripting (XSS) vulnerabilities, which stems from the email spoofing issue. Haddouche reported this spoofing bug to 33 different client applications, 8 of which have already patched this issue in their products before the public disclosure and 12 are on their way to fix it. Here you can find the list of all email and web clients (both patched and unpatched) that are vulnerable to MailSploit attack. ------------------------------------------ 🎞️Like if you liked it ,Dislike if you disliked it leave a comment below Share and 🎞️Subscribe for more videos. ------------------------------------------ More info: https://freedom-to-tinker.com/2017/11/15/no-boundaries-exfiltration-of-personal-data-by-session-replay-scripts/ Video via Princeton University ------------------------- 📌Facebook: https://www.facebook.com/Linux0Cambodia/ 📌Twitter: https://twitter.com/Linux0Cambodia
Views: 313 Linux0