That is interesting, I am also curious about what it attempted to write and what about windows login writes to the HKCU. That if we know that and the agent or process of the system/user that does it, a tighter security measure could be put into control and a better understanding of what is and isn't needed. Though part of me suspects that HKCU is a fully temp tree, that is recreated each and every time on login, but I am not sure... a deeper dive on this would be of value I think.
I know you aren’t sure about the value of showing things like breaking user policy but I have to say, there is a ton of value in seeing that. I actually met you at B Sides in SF last year and mentioned that one of my favorite things about your videos is observing your process. So many of us have gotten where we are by trying and breaking things and once in a while, we feel…dumb lol. Seeing someone else going through a lot of the headaches we have or struggling with some of the same things we have is both valuable and extremely helpful. Please keep making awesome content good sir and thank you!
i knew this would make a good and unusual educational video, glad to see u took my recommendation for a video idea and kinda used it in a more safe way. (if u even used my idea lol).
also a note: my situation actually had it posting a .log file, not downloading it. and as far as restricting, you should set powershell to only be interactive mode, which means it doesnt run scripts, this is what stopped mine from executing and made it a little more safe.
anyrun needs to improve their SEO because I was looking for this one a month ago!!! why don't just include "online virtual machine" in the description? please help others with this! make more easy and simple descriptions. I know it can do some fancy stuff but remember most of us just want to test a site to see if it's a malware etc.
most of modern antimalware softwares nowadays blocks PowerShell execution ( notify user for ask permission ) in HIPS technology so if anyone configure HIPS properly i think it would stop most of malicious codes
golly gee wilikers actually though if you want more security stuff check out jh.live/training and join up at jh.live/newsletter 👀
Nothing better than some John Hammond to start the morning
This guy got coffee too?
coffie will do the same to
That's the content we want to see john , Thank you !
Because of this videos i was able to be quite high in rankings on Huntress ctf so keep em coming friend (also first ctf ever).
id watch the unlisted video, always exciting seeing the journey
he is very good with sublime text editor!
love this kind of content ❤
You're looking for a very big applause to thank you so much john sir.
he may olso work for a government ....infidel FBI.
That is interesting, I am also curious about what it attempted to write and what about windows login writes to the HKCU. That if we know that and the agent or process of the system/user that does it, a tighter security measure could be put into control and a better understanding of what is and isn't needed.
Though part of me suspects that HKCU is a fully temp tree, that is recreated each and every time on login, but I am not sure...
a deeper dive on this would be of value I think.
Haven't seen a lot of deobfuscation lately, nice one
I know you aren’t sure about the value of showing things like breaking user policy but I have to say, there is a ton of value in seeing that. I actually met you at B Sides in SF last year and mentioned that one of my favorite things about your videos is observing your process. So many of us have gotten where we are by trying and breaking things and once in a while, we feel…dumb lol. Seeing someone else going through a lot of the headaches we have or struggling with some of the same things we have is both valuable and extremely helpful. Please keep making awesome content good sir and thank you!
pronunciation of the word "malware" as "meowlware" so cool😊
Hi John I am Heather Hammons, I went to school with a Hammond at Rio Linda High school
i knew this would make a good and unusual educational video, glad to see u took my recommendation for a video idea and kinda used it in a more safe way. (if u even used my idea lol).
also a note: my situation actually had it posting a .log file, not downloading it. and as far as restricting, you should set powershell to only be interactive mode, which means it doesnt run scripts, this is what stopped mine from executing and made it a little more safe.
Now to modify the kernel to make your changes actually functional. :)
John! In order for this to work, threat actors have to input those HKCU keys into the system, how would that be done?
i missed these
Was that website limited to 100 users? It seemed to be still active - very active
Nice video @john
anyrun needs to improve their SEO because I was looking for this one a month ago!!! why don't just include "online virtual machine" in the description? please help others with this! make more easy and simple descriptions. I know it can do some fancy stuff but remember most of us just want to test a site to see if it's a malware etc.
Hi!
is this gonna be 'the epi-center of detonation' and a very big problem for the host?
I find it amusing that someone who was once Coast Guard is talking about *land* mines. Not a criticism of course, but ...
I would just disable autoruns entirely if not necessary for the organization
Fanglette9. You can't help but love these obfuscated function names.
Hello
That's Norwegian or Danish.
Diddy ram
👍👍👍👍👍👍👍👍👍
Become my tutor.
what is html ?
Is it love?
😂 duh!
dang
Why are you selling malware on an anti-malware video
Pwsh
most of modern antimalware softwares nowadays blocks PowerShell execution ( notify user for ask permission ) in HIPS technology so if anyone configure HIPS properly i think it would stop most of malicious codes