I was litterally lloking for syscall viedo on yt, but never found something i clearly understood, yt random recomended this viedo, and this is exactly what i need, excelent explanation really loved it, This chanel is worth subscribing
Wow, excellent presentation! This topic/attack vector is not nearly covered enough. The space needs more people who understand this and you explained it extremely well
I just wanna provide some additional info that I missed to give in the talk, but I feel that should be addressed: 1) The Nt* and Zw* functions, which I call syscalls here, are technically just stdcall wrappers around the actual syscall instruction. The terminology is confusing and many people refer to them as syscalls, but technically they are just wrappers that enable the syscalls to easily be called from C/C++. 2) When I refer to the usage of GetModuleHandle and GetProcAddress with Nt*/Zw* functions as being suspicious, that is also only partly true. Many legitimate programs, including standard windows binaries, use these calls with Nt*/Zw* functions. What might be suspicious here is the type of APIs you are importing, e.g. if those are known to be used for code injection, not the usage of GetProcAddress/GetModuleHandle itself.
Thank you for explaination. It was useful for me :) I'm coding on c# maybe 2-3 years and I decide to learn something new about malware etc. but only in this guide I found useful techniques.
great slide explaination out there. could you please focus more on the practical side? it's gonna be interesting if you dive deep into red team simulation tactics and malware development using C++ and C# for dealing with system calls if possible.
the fact that any of this is possible says volumes about how bad design of modern OSes is. Both linux and windows are historical mistakes, evolving responsively to environment, without any intellectual guidance. There has to be a complete overhaul, a completely new OS: well documented, hackless, maintained by actually smart people.
very bad take. if the os can do it, a user can do it. thats not changeable if you want a usable os. the only difference between "malware" and "goodware" is the intent.
Damn, that's by far the best explanation i've seen on the subject
I was litterally lloking for syscall viedo on yt, but never found something i clearly understood, yt random recomended this viedo, and this is exactly what i need, excelent explanation really loved it, This chanel is worth subscribing
Wow, excellent presentation! This topic/attack vector is not nearly covered enough. The space needs more people who understand this and you explained it extremely well
niceee
I just wanna provide some additional info that I missed to give in the talk, but I feel that should be addressed:
1) The Nt* and Zw* functions, which I call syscalls here, are technically just stdcall wrappers around the actual syscall instruction. The terminology is confusing and many people refer to them as syscalls, but technically they are just wrappers that enable the syscalls to easily be called from C/C++.
2) When I refer to the usage of GetModuleHandle and GetProcAddress with Nt*/Zw* functions as being suspicious, that is also only partly true. Many legitimate programs, including standard windows binaries, use these calls with Nt*/Zw* functions. What might be suspicious here is the type of APIs you are importing, e.g. if those are known to be used for code injection, not the usage of GetProcAddress/GetModuleHandle itself.
🖤
Wow! I could not have asked for a better topic. Exactly what I was wanting to learn!
Glad to hear this. Huge thanks to eversinc33
Thank you for explaination. It was useful for me :) I'm coding on c# maybe 2-3 years and I decide to learn something new about malware etc. but only in this guide I found useful techniques.
This is a fantastic intro, thanks a lot
Glad you enjoyed - all the credit to eversinc33!
thanks, this is very clear to understand.
Very good explanations, thanks for sharing this
great slide explaination out there. could you please focus more on the practical side? it's gonna be interesting if you dive deep into red team simulation tactics and malware development using C++ and C# for dealing with system calls if possible.
Thanks for the encouraging words. We'll keep this in mind!
👏👏👏
Please make more vd for advanced techniques red team and pivoting and dev malware bypass EDR
We'll keep this in mind for future content! Thanks for watching.
the fact that any of this is possible says volumes about how bad design of modern OSes is. Both linux and windows are historical mistakes, evolving responsively to environment, without any intellectual guidance. There has to be a complete overhaul, a completely new OS: well documented, hackless, maintained by actually smart people.
very bad take. if the os can do it, a user can do it. thats not changeable if you want a usable os. the only difference between "malware" and "goodware" is the intent.
hey prelude, can you make video about making your own malware in c++ and testing it in virus total to get 0 detections😮😊
Hey fake acount1 - we'll consider the request 😏
@@Preludeorg ok.