Это видео недоступно.
Сожалеем об этом.
Can this BYPASS Windows Defender???
- Добавить в
- Мой плейлист
- Посмотреть позже
- Поделиться
Поделиться
HTML-код
Размер видео:
- Опубликовано: 4 авг 2024
Комментарии • 48
Следующие
Автовоспроизведение
Hacking Windows TrustedInstaller (GOD MODE)John Hammond
Просмотров 445 тыс.
The C2 Matrix Lead Me To THIS PENTESTING DISTRO!Daniel Lowrie
Просмотров 1,6 тыс.
Getting maximum Stresses From ABAQUS ODBCivilAcademia
Просмотров 4
NBA 2K25 | Official Gameplay TrailerNBA 2K
Просмотров 527 тыс.
Will this BIG BLOCK Chrysler RUN & DRIVE After 35 YEARS??Junkyard Digs
Просмотров 256 тыс.
Deadpool & Wolverine Pitch MeetingPitch Meeting
Просмотров 858 тыс.
What REALLY Happened To Shelly-Ann Fraser-PryceTotal Running Productions
Просмотров 1,1 млн
Notepad.exe Will Snitch On You (full coding project)John Hammond
Просмотров 202 тыс.
Malware beats Windows Defender: How you get hackedThe PC Security Channel
Просмотров 186 тыс.
How to Bypass FULLY Patched Windows 11 + Defender Again 2024Rojahs Montari
Просмотров 1,1 тыс.
Downloading and running the 100 Malware linksThe PC Security Channel
Просмотров 174 тыс.
APT Malware (advanced persistent threat)John Hammond
Просмотров 44 тыс.
Decrypting SSL to Chinese Cloud Servers - Hacking the VStarcam CB73 Security CameraMatt Brown
Просмотров 87 тыс.
Detect Hackers & Malware on your Computer (literally for free)John Hammond
Просмотров 297 тыс.
Kaspersky vs Windows DefenderThe PC Security Channel
Просмотров 614 тыс.
catch EVERY reverse shell while hacking! (VILLAIN)John Hammond
Просмотров 219 тыс.
БАТЯ И СОСЕД😂#shortsBATEK_OFFICIAL
Просмотров 1,9 млн
Es un genio 👏👏👏 (via @agswin) | #shorts | ESPN DeportesESPN Deportes
Просмотров 2 млн
Дж. Роулинг и Джина Карано разносят Олимпиаду 2024 после того как мужчина уничтожил женщину в ринге!MovieMaker
Просмотров 1,3 млн
🔴Ютуб закрывают... Пока?Бискас
Просмотров 1,8 млн
Алексей Щербаков разнес ВДВшниковBody Mania
Просмотров 2,2 млн
РЕАЛИТИ - 5 СЕРИЯ. ШЕЙХ VS ТОРНИКЕ. СТЫЧКА: ЗОРАН - АНИМЕШНИК. БОИ 1/8. НАКАЗАНИЕ СИНИХ. ФУТБОЛHardcore Fighting Reality Show
Просмотров 340 тыс.
Делаю первые шаги сама! #машмилашМАШ МИЛАШ
Просмотров 308 тыс.
Помогла бедному деду на Ламборгини и была моментально вознагражденаABRACADABRA TV
Просмотров 186 тыс.
Daniel , keep up the good work
Thanks! And thanks for watching 😀👍
Very neat ! Impressive skills you have
Thank you very much! 😀
Great stuff, thank you for sharing, and great insight as always.
Thanks, Wayne!
Pretty neat. Can you speak to what specifically gets this around Pret(Def)ender? Is it just that it doesn't understand golang so well? So all of its triggers that tell it "hey buddy, this is likely a rev shell" are likely based on vb/python/powershell/cmd?
Great question! So some of it is golang, although a lot of malware is written using go so sometimes even a simple "hello, world!" app will get flagged as malicious. The other things that helps this work are the obfuscations and the fact that most of the "malicious" stuff is executed in memory. I didn't go crazy with the obfuscations, or with using techniques that would help it avoid behavioral detections, but I plan on continuing to refine this so that it can take on the modern EDR/XDR systems. 👍
interesting, good video 👍
Thanks! I'm glad you enjoyed it 😃
Great video
I'm so glad you enjoyed it! Thanks for watching.
Can you elaborate more on how the tool managed to bypass the defender? does it work also against kaspersky or avast AV maybe?
Sure thing! It bypasses Defender by utilizing a few techniques.
1) updater.exe doesn't necessarily do anything malicious. It just downloads a file from a web server.
2) since it is custom built Defender doesn't have a signature for it
3) the "malicious" payloads are never written to disk
4) one of the payloads bypasses AMSI
5) the payloads are utilizes obfuscations like string encoding and concatenation
Not sure if it will bypass other AV systems, but I'd love to hear the results from you if you end up testing them 👍💯
Watching you from ghana...much love boss
Thanks for watching and commenting 💯👍
Hey i just saw u are doing an Av evasion course with red seige is that behind a paywall i was interested but dont knw if its free cause i saw a sign up for free option in ACI Learning platform ??
Hey @firosiam7786
That course is indeed behind the ACI Learning paywall, but is well worth the ticket price. Mike Saunders did a masterful job of explaining and demonstrating the AV-bypass techniques he uses as the Principal Security Consultant/Red Team Lead for Red Siege. Great stuff!
Last time I saw you were using parrot os now it is Zorin OS, will you make a video on shifting from parrot to zorin
Good eye! Technically I didn't switch. I still run Parrot, but for this script I had been building it on my Zorin workstation, so I just used remote-desktop to show the screen for the video. I do have plans to make a new video about Pentesting/security-focused distros and have discovered a new-to-me distro that has really impressed me. 😉👍
I was thinking he's up early but then I remembered. I live off a totally opposite pond, anyway Happy Monday.
Happy Monday, bro! Hope you enjoy the video 😃
Nice video Daniel... I tried that script 1 month ago ... I got netcat connection but i tried so many things to priv escalation or vnc connection but i didn't find any way 😢 if you can you make a video on post exploitation will be helpful 😊
Priv esc can be fun LOL! Here's a great github repo with a ton of great Windows Priv Esc techniques, tools, and articles to help you in the mean time. github.com/emilyanncr/Windows-Post-Exploitation#privilege-escalation-guides/wiki
pretty cool
Thanks! Glad you liked it ☺️
before metaploit what environment did u used to create that l host And l port
Hi and thanks for watching! I'm not 100% sure about what you're asking me, but I'll attempt to answer based on what I think you're asking.
So, I'm just using Metasploit to catch the reverse shell, which is just the good old "exploit/multi/handler" module.
I think what you're referring to is the spot in the video right before we jump to Metasploit (6:26 - 6:46). That is a custom app I built using Golang(SecUp.go). It attempts to automate some of the deployment of the "malicious" payloads and runs a web server.
I hope that clears things up for you.
Cheers!
Is there an easy way to develop a bypass technique like this? I want to solve it myself because the update is fast. But it's hard because I'm not a great developer.
I feel your pain. I too am not a great developer and building this bypass was a bit of a struggle for me, but I loved every minute of it (well maybe not EVERY minute LOL) and I learned a lot.
So, the best advice I have is, don't look for the shortcut. Don't rob yourself of the knowledge and experience that comes from struggling through a problem and learning/failing your way out of it.
I'm not saying you shouldn't ask for help, but don't look for the "easy way" while you're learning. Put the time and effort into making sure you understand what it is you're trying to do and eventually you won't have to label yourself as "not a great developer" (even though you probably will any way. DAMN YOU, IMPOSTER SYNDROME!!!)
All that said, feel free to check out my code and just modify it for your bypass. Looking at other's code is a great way to learn at a faster pace. I'd even suggest you lean on AI a bit. Since you're learning it can be much faster to learn how to do something using AI, then it is to scour stackoverflow or sift through a book, or hit the right link on the google results page. Just make sure that you're not just doing a straight up copy/paste job without understanding what's going on and filling in the gaps with books,videos,tutorials,etc.
Well I hope that helps you out. Now go write some crappy code and then keep massaging it until it does the thing :)
Cheers!
hi, i keep getting the "this app cant run on your pc" error anytime i run the updater.exe,
any help?
I would first attempt to execute on a different target to see if the problem is with the app or the OS. I did a quick google search for "this app can't run on your pc" and it looks like this might be a common issue for folks running Windows 11. You could possibly try tweaking the code and/or changing compile options as well. I hope that helps
you are good at talking
Thanks 😀👍
I think it has been patched now, just tried running this today (17th February) and windows caught it as soon as I downloaded the file from the hosted server.
That was quick. All good things come to an end I guess. Thanks for the head's up.
❤
Thanks for the support 😀👍
Can't run this exe file on windows why that..😢
So sorry to hear that! Are you getting an error?
yes sir, "this app can't run on your PC" error comes😢why that..@@daniellowrie
It needs to have a valid cert signature with a CA. You can self sign but windows doesn’t like unsigned exe’s
Ain’t gonna work against big boy defender edr editions huge difference between win 11 defender bs and real defender….
True. That said, this was more of a learning experience for me and a simple proof-of-concept. I do plan on refining it to the point that it can take on those big boy defenders though, so wish me luck 🍀🤞😁
@@daniellowrie xoxoxo definitely worth the watch and you always bring top notch content ….
@@xoxoxo-42 I really appreciate your kind words! And thanks so much for watching 💯👍
does not work anymore
Thanks for letting me know. I guess It just goes to show how quickly these things get signatured and that we need to constantly be updating our kit.