Hi, For the dynamic analysis VM, doesn't it also need at least a simulated Internet connection (like to a Remnux VM with inetsim) to learn more about what the malware is actually trying to do in terms of networking? Sorry if this seems like a noob question, I'm still learning.
That can definitely be helpful, generally not necessary though. If you need a quick test and don't want to setup another VM you can also use github.com/mandiant/flare-fakenet-ng
Should i tell openly that last night my 010 hex editor subscription ended so i actually kinda reversed the whole thing, removed the activation part and it's free now !
@@OALABS okay. Teacher can you do more on cpp reversing. I have read several blogs. But can you do an extended session. I want to absorb like how would you approach a stripped file. I want to see you doing it ! I want to be more better.
Interesting tutorial, thank you. I have been surprised that you don't use Procmon as a dynamic analysis tool. To me it's a fantastic tool. Any reason for that?
This is just the baseline for malware analysis, if I was doing something specific I might use procmon. Great tool, just not the first thing I reach for.
Well thats strange. I've always heard Ghidra pronounced as "Gee-Druh" with a hard G sound, never "G-Hydra". Anyways, this is great timing for me as I need to make some progress with reversing soon. Thank you very much.
@@OALABS Ah yes, now you've jogged my memory. They actually released an underground collab remix of In Da Club called IDA Club. Also they remixed Hate It Or Love It with the lyrics: "I'ma-debug-it til I can find your ROPs, and I'm-gonn'-shine until my breakpoint stop"
Thank you for the great video.. I have one question, how do we install tools in dynamic analysis vm if we cut off access to internet and host.. should we connect the internet, install the apps and then disconnect it again?
I have Wireshark for analyzing pcaps from external services, but generally I don't use it for dynamic analysis. Nothing wrong with it, just usually it's a lot faster/simpler to hook the actual binary under analysis. Sub on Patreon and you'll see why 😉
Same exact static analysis setup and no local dynamic analysis. If you need local dynamic analysis the target OS of the binaries matters a lot, ie. are you reversing android native code, or linux native, etc. Each one needs a different sort of VM setup (obviously). For linux stuff I just use basic Ubuntu, and in the past I have used genymotion for android but not sure what the current hotness is?
Amateur reverser here - great channel, thanks for all your efforts! Came here to see how my setup compared to that of a professional; was pleasantly surprised to see that I wasn't far off. I must say though, I'm surprised that WinDbg (the modern version, not the 'clunky classic',) didn't make an appearance in your list of tools for dynamic analysis; are there particular use cases for which x64dbg is better suited or is it just a personal preference? Don't get me wrong, I love x64dbg; it's far more intuitive to use than WinDbg, I'm just not sure that I could live without the latter's scripting capabilities and Time Travel Debugging. (Although I'm not sure if TTD strictly counts as dynamic analysis... 🤔)
no kernel malware in 2024, no need for kernel debugger ... windbag is symbol based debugger and sucks for adversarial debugging, the comparison isn't even close (personal opinion of course)
@@OALABS Very amazing, well do I have to have prior knowledge before starting or is this course for beginners who have no experience... Actually I am a penetration tester so I know.. But regarding analysis and reverse engineering I don't have
Join our discord, there is a big pinned list of free! resources to get started (in the #re-faq channel). I would recommend starting with some of those before anything on our Patreon
Maybe this is so stupid to ask that I should uninstall my internet and sell my pc, BUT how does a man access and put files onto a vm with no network access? For instance, I have a proxmox machine running several different flavors of the linux. Can I add a window there, or does it need to be a physically accessible box with keyboard monitor and mouse. Then files get put on via USB drive.
Sergei The man. Just want to let you know VMware is actually free now. Even the pro version. Also, for the dirty VM, should use a Dirty background. Like dirty chicks. LOL
i am not too much into RE( i just do whatever i need at given time, mostly with one of coolest hexeditors for linux), but given that youtube somehow recommended me this video, i am feeling eligible to share my opinion. More content, less memes. Dude talks rather calmly, not too loud, i am focusing and out of the sudden BRRRRRT MEME TIME with 160% of volume. for fucks sakes, i understand the concept of not being too strict but at least have some respect for those of us who just so happen not run their audiostreams via compressor on a daily basis.
I have a beastly machine because I also stream, but for my VMs I usually only give them one or two cores and 2G of ram so you don't really need a beefy host to run everything.
@@OALABSAhh RUclips mobile app bug, my comment is I use CPU Temp as reverse engineering tool to read current cpu usage / power to help understanding program behavior while debugging.
@@OALABS In my opinion, OpenArk is a much more powerful anti-rootkit than System Informer. It can detect various types of hooks and scan Mmap memory with just one click. When kernel mode is enabled, it offers a variety of features that are not visible in user mode, such as checking thread entry point, viewing kernel callbacks, monitoring driver load/unload records, etc.
nice to see that youre still active i just recently discovered your channel and had thought it died lol
Oh! Lol nono we are very active on twitch/patreon just don't update RUclips too often because the platform sucks. Come hang out with us!
VMware now allows you to use pro for personal use for free.
He still needs the paid version though, cuz I'm pretty sure his use of it comes under commercial use
@@Proferk Yeah could be, but yeah just posting for the people that are unaware of the free usage part
It's already in the notes with links for the new download site, but yes I am aware : )
Hi, For the dynamic analysis VM, doesn't it also need at least a simulated Internet connection (like to a Remnux VM with inetsim) to learn more about what the malware is actually trying to do in terms of networking? Sorry if this seems like a noob question, I'm still learning.
That can definitely be helpful, generally not necessary though. If you need a quick test and don't want to setup another VM you can also use github.com/mandiant/flare-fakenet-ng
Binja gang! Binja gang
Love your videos
Should i tell openly that last night my 010 hex editor subscription ended so i actually kinda reversed the whole thing, removed the activation part and it's free now !
You should not openly tell
@@OALABS okay. Teacher can you do more on cpp reversing. I have read several blogs. But can you do an extended session. I want to absorb like how would you approach a stripped file. I want to see you doing it ! I want to be more better.
You WILL better! 💪
Interesting tutorial, thank you. I have been surprised that you don't use Procmon as a dynamic analysis tool. To me it's a fantastic tool. Any reason for that?
This is just the baseline for malware analysis, if I was doing something specific I might use procmon. Great tool, just not the first thing I reach for.
Well thats strange. I've always heard Ghidra pronounced as "Gee-Druh" with a hard G sound, never "G-Hydra".
Anyways, this is great timing for me as I need to make some progress with reversing soon. Thank you very much.
Rumour has it that the original developers were fans of noted rapper and entrepreneur 50 Cent.
@@OALABS Ah yes, now you've jogged my memory. They actually released an underground collab remix of In Da Club called IDA Club. Also they remixed Hate It Or Love It with the lyrics:
"I'ma-debug-it til I can find your ROPs,
and I'm-gonn'-shine until my breakpoint stop"
🤣
@@Cools2009 "Go ahead and RE me, I'm RE's anomaly., and you ain't stoppin' til the code is plain to see."
ghidra being pronounced as gee-hydra has ruined my day
Hail Hidra
Thank you for the great video.. I have one question, how do we install tools in dynamic analysis vm if we cut off access to internet and host.. should we connect the internet, install the apps and then disconnect it again?
Lol you just need to cut off internet when you are analyzing malware 😅
Don't you need network capture tools for the dynamic analysis (wireshark etc ...) ?
I have Wireshark for analyzing pcaps from external services, but generally I don't use it for dynamic analysis. Nothing wrong with it, just usually it's a lot faster/simpler to hook the actual binary under analysis. Sub on Patreon and you'll see why 😉
i have question.
reverse engineering all these static and dynamic analysis tool can be use for MALWARE ANALYSIS. ???
please reply
@@testacctestacc4480 no bro it's not
Great setup for reversing windows binaries. What would you recommend for reversing .elf or ARM binaries?
Same exact static analysis setup and no local dynamic analysis. If you need local dynamic analysis the target OS of the binaries matters a lot, ie. are you reversing android native code, or linux native, etc. Each one needs a different sort of VM setup (obviously). For linux stuff I just use basic Ubuntu, and in the past I have used genymotion for android but not sure what the current hotness is?
Hello, I am new to reverse engineering which playlist I should follow & on patreon will Do it live works for beginners?
www.patreon.com/posts/welcome-to-101248798
Top
Gun
Amateur reverser here - great channel, thanks for all your efforts! Came here to see how my setup compared to that of a professional; was pleasantly surprised to see that I wasn't far off. I must say though, I'm surprised that WinDbg (the modern version, not the 'clunky classic',) didn't make an appearance in your list of tools for dynamic analysis; are there particular use cases for which x64dbg is better suited or is it just a personal preference?
Don't get me wrong, I love x64dbg; it's far more intuitive to use than WinDbg, I'm just not sure that I could live without the latter's scripting capabilities and Time Travel Debugging. (Although I'm not sure if TTD strictly counts as dynamic analysis... 🤔)
no kernel malware in 2024, no need for kernel debugger ... windbag is symbol based debugger and sucks for adversarial debugging, the comparison isn't even close (personal opinion of course)
@@OALABS That makes a lot of sense; thank you!
What version of Windows are you running or should I use... Where do I download the tools... And how do I subscribe to the course... Thank you, sir.
Download links etc. can be found here (unlocked) www.patreon.com/posts/reverse-lab-101718688
@@OALABS Very amazing, well do I have to have prior knowledge before starting or is this course for beginners who have no experience... Actually I am a penetration tester so I know.. But regarding analysis and reverse engineering I don't have
Join our discord, there is a big pinned list of free! resources to get started (in the #re-faq channel). I would recommend starting with some of those before anything on our Patreon
Can u pls also teach android reversing like frida,jadx apktool etc?
I think Laurie has that more than covered! www.youtube.com/@lauriewired
Maybe this is so stupid to ask that I should uninstall my internet and sell my pc, BUT how does a man access and put files onto a vm with no network access?
For instance, I have a proxmox machine running several different flavors of the linux. Can I add a window there, or does it need to be a physically accessible box with keyboard monitor and mouse. Then files get put on via USB drive.
🤨 enable network when you are setting up the VM, then disable and snapshot before you start any malware analysis...
Sergei The man. Just want to let you know VMware is actually free now. Even the pro version. Also, for the dirty VM, should use a Dirty background. Like dirty chicks. LOL
Yeh it's in the notes, with the new links on the Broadcom site. You can also still buy it haha, thanks Broadcom 😂
i am not too much into RE( i just do whatever i need at given time, mostly with one of coolest hexeditors for linux), but given that youtube somehow recommended me this video, i am feeling eligible to share my opinion. More content, less memes. Dude talks rather calmly, not too loud, i am focusing and out of the sudden BRRRRRT MEME TIME with 160% of volume. for fucks sakes, i understand the concept of not being too strict but at least have some respect for those of us who just so happen not run their audiostreams via compressor on a daily basis.
Relax, kiddo.
theres like a total of 4 cuts in this video, calm down man
tenor.com/view/swag-cat-mad-watch-this-swag-crash-lol-gif-20326813
What hw do you look for in your work pc? I guess >32gb ram and >8 cores maybe
I have a beastly machine because I also stream, but for my VMs I usually only give them one or two cores and 2G of ram so you don't really need a beefy host to run everything.
Can you please give list of books in your background 😢
it's a green screen
Wake up babe OALabs just posted 4 days ago (can i get unbanned from the server)
LOL! I forgot why you were banned... looked up the reason... **** ... ****** ... ****** .... never getting unbanned 🤣🤣🤣
@@OALABS 🥲
Amnesty 2024 welcome back
@@OALABS i am so back
vmware is totally free for educational purposes.
You can also add the cheat engine to the tool list
no
.
..
@@OALABSAhh RUclips mobile app bug, my comment is I use CPU Temp as reverse engineering tool to read current cpu usage / power to help understanding program behavior while debugging.
Wait wtf 💀 @@SSRSZ
OpenArk is better
?
@@OALABS
In my opinion, OpenArk is a much more powerful anti-rootkit than System Informer. It can detect various types of hooks and scan Mmap memory with just one click. When kernel mode is enabled, it offers a variety of features that are not visible in user mode, such as checking thread entry point, viewing kernel callbacks, monitoring driver load/unload records, etc.