A Malware Analysis On The LinusTechTips Hack - YouTube Sponsor Scams
HTML-код
- Опубликовано: 8 сен 2024
- 🔗 Links Mentioned:
My Channel Was Deleted Last Night: • My Channel Was Deleted...
HxD Download: mh-nexus.de/en...
Procmon Download (www.bleepingcomputer.com): www.bleepingco...
Wireshark Download (www.wireshark.... www.wireshark....
What is RedLine Stealer and What Can You Do About it?: socradar.io/wh...
.SCR File Extension: fileinfo.com/e...
NTVDM.EXE Information (www.bleepingcomputer.com): www.bleepingco...
🐕 Follow Me:
Twitter: / collinsinfosec
Instagram: / collinsinfosec
Cybercademy Discord Server: / discord
🤔 Have questions, concerns, comments?:
Email me: grant@cybercademy.org
🎧 Gear:
Laptop (Lenovo X1 Carbon Ultrabook 6th Gen): amzn.to/2O0UfA...
Monitors (Dell D Series 31.5” D3218HN): amzn.to/2EXlgR...
Keyboard (Velocifire VM01): amzn.to/2TEswf...
Headphones (Audio Technica ATH-M40x): amzn.to/2F4Tvq...
Work Monitors (Dell U4919DW UltraSharp 49 Curved Monitor): amzn.to/3yQmDhM
Desk (FLEXISPOT EW8 Comhar Electric Standing Desk): amzn.to/3S9OxvG
Btw 1 thing i learnt is that sophisticated malware will have anti-analysis features for instance, it has to detect an internet connection or else the kill switch will be activated because the author assumes that malware analysis will be done in a VM with no connection. Analysts can also be misled by code obfuscation and fake strings that actually mean nothing. Thanks for making me dive into this domain man, im lovin it!
Not sure if you can do this in procmon, but in the regular task manager you can right click the headers and add more headers that you’d like to show, most importantly there is an option to show the command that the process is actually running. It can be quite helpful to get an even clearer view of what is going on.
The additional files are included to inflate the size of the ZIP archive so that it doesn't get automatically scanned, besides the password that is used, increasing the size further avoids the file being scanned by automated systems.
Great point Nicole!
Ur close Nicole. Those extra files are just there to make it look legit. Typically threat actors pump their PE files with 0s to increase the size to 650MB to prevent scanning (max file size for virus total).
Solid video as always! Is there a logging tool that will show specifically what changes the malware did instead of having to open different tools & actively monitor? I use bridged connection when downloading the files itself & change to host-only before executing the malware. Is this isolation process good enough? Thanks!
Hi there Grant,
Thank you for taking the time to make this video, it was very informative. I recently fell victim to a scam like this and ended up running a file similar to the ones mentioned unknowingly. At the moment, I’m not sure what steps to take to remove it, as a couple different anti virus softwares I’ve tried haven’t found it. Would getting a brand new SSD to replace the current one fix the problem or do you have any suggestions in particular?
Thank you in advance for any response.
-Alessio
You should reinstall(clean install) your operating system(windows if it is windows) and you don't have to buy a new SSD or harddrive. Only if and only if you are wishing to increase perfomance of your system an SSD is recommended.
An infected drive (either SSD or HDD) is perfectly fine phisically. You just need to properly wipe it and you can use it again
I really love the fact that you are explaining What are you doing love your channel ❤
This breakdown was very interesting, keep it up!
I appreciate the feedback!
Hey Grant, could you please provide a download link for the samples? I would like to get a look of them on my end. Thanks!
I am not sure if I can directly link them in RUclips. If you email me, I can forward you the emails. (grant@cybercademy.org)
Hey Grant, Love the videos. What are your thoughts on the CIS degree at SEMO? Looking into it and just wanted your thoughts as an alum, thanks!!
Hi Konner, I knew a couple of students who pursued the Computer Information Systems (CIS) degree at SEMO. They liked it. It's a well-rounded curriculum with computer science, business, network, and security. If you are not sure of which area in technology you would pursue, the CIS curriculumn could be a good option. It will make you versatile in multiple areas of industry. Hope this helps!
From your experience what certifications can help strengthen the resume as a cybersecurity student? Like the cisco certification...
Good question. I'd suggest a possibly the Security+ or some of the cloud certifications (if you are interested in the cloud). These may help you get past the first round of filtering. I do recommend building a holistic portfolio, which includes certifications, projects, and possibly getting involved in local cyber communities if possible. Feel free to reach out to my email for more information (grant@cybercademy.org).
@@collinsinfosec Thank you!
Amazing Content
👍
Its LinusTechTips btw. Not Linux 😉
Thank you :)
boring video, after 13 minutes you only found out what kind of software Linus was hacked with, the antivirus would say the same thing in 5 seconds.
tbh, watching the process was fun
Yeah fair points.
You're clearly missing the point of the video. It is abt how to analyse malware. So what if the antivirus can tell you what is it? Can it tell you which API it called? Can it tell you the network traffic that it sent? How attempts at lateral movement are being made? Whether it has a kill switch? The antivirus wont tell u these details that can be helpful at devising specific anti-malware defence which generic antivirus can't do.
Hello, I am a follower from Morocco. Thank you for the great information, but I hope to improve the quality of the video, because the words cleanse me of poor quality🤍
Hi Mout, the video for the isolated malware lab was a bit distorted unfortunately. I will make sure to change the video settings moving forward!
@@collinsinfosec 🧡