Hands-on Ransomware: Exploring Cybercrime
Check out what Ryan is up to: / rj_chap
My Lockbit tweet: / 1572562824878239745
00:00 - Ryan Chapman, Malware Analyst
00:30 - Introduction
04:29 - First Demo
07:29 - Configuring RAASNet
15:58 - Building RAASNet
18:17 - Detonating RAASNet
21:41 - Builder Archive
23:37 - Second Demo
26:20 - Building Yashma
27:54 - Third Demo
30:08 - Configuring Lockbit
35:01 - Building Lockbit
37:50 - Final Thoughts
🔥 KZread ALGORITHM ➡ Like, Comment, & Subscribe!
🙏 SUPPORT THE CHANNEL ➡ jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ jh.live/sponsor
🌎 FOLLOW ME EVERYWHERE ➡ jh.live/discord ↔ jh.live/twitter ↔ jh.live/linkedin ↔ jh.live/instagram ↔ jh.live/tiktok
💥 SEND ME MALWARE ➡ jh.live/malware
Пікірлер: 64
I’d love to see more of Ryan, hoping he’ll start his own yt channel
@rj_chap
11 ай бұрын
Much appreciated! I have a channel @ryanchapmanj, but I don't curate content like our man John here. I mostly add my various presentations to my playlists, as they are often hosted elsewhere.
Thank you! The shadowy world relies on secrecy and silence. This effort to teach and explore is so important. The more light you shine, and the more sparks of interest it inspires, the less room there is for the darkness.
@rj_chap
11 ай бұрын
Agreed!
@DDBAA24
11 ай бұрын
Tyler Durden , interesting handle.. 1st rule of fight club ?
@ThisIsJustADrillBit
11 ай бұрын
@@DDBAA24 I've read the ending :)
Extremely informative. I'd love to see Ryan discussing malware analysis as he mentions at the video's end. Much appreciated Ryan and John!
Wild to see an old work buddy on one of my favorite KZread channels.. go Ryan!
@rj_chap
11 ай бұрын
Heya! Good to see you too!
Great content! Good to see that you synced up with John Hammond! Keep up the great work Ryan!!
26:46 The ASCII art actually broke the builder. Probably would have worked if you took it out. Whoever wrote that should sanitize their strings…
@rj_chap
11 ай бұрын
I wouldn't be surprised if many builders had input sanitization issues. In fact, that could be a cool research project/video! "How many builders can be break with silly input?" Fun idea!
@lightningdev1
11 ай бұрын
Yeah. C# probably didn't like the unescaped backslashes .
Really enjoyed this, john!
Great content and advisors.. Thanks for keeping this topic in the front of the line!
Thanks for this Type of Content
Some of the best cysec content on planet earth. Thanks Ryan. Killer vid
Love the video!
It's happened before, it will happen again! I saw something similar in the 90's. VCL, IIRC, by Nowhere man of nuke. It was a DOS TUI for creating viruses and the like. It was basically an x86 ASM code generator. You'd select type: com, exec infectors, droppers, etc... type of payload, custom strings and the like. It was password protected, but, if you were skilled with debug tools, you could extract it.
Waiting for Ryan's Malware analysis things and how he does it in real world cases.
Really amazing👍!
Finally 🔥🔥🔥🔥🔥🔥🔥🔥😘😘😘😘😘😘
This man really like to talk, thx it was interesting.
that was very interesting
There was actually an option to change the extension when building it. You just skipped past that screen.
That login is ridiculously easy to bypass. Just supply a profile dictionary object and execute the code in the last if statement in the login function.
Wow♥️‼️
I may have missed this if it was already answered in the video. But is the VM image he's using with all of those analysis programs on the desktop publicly available?
@jonuldrick
11 ай бұрын
I would bet that you would have to build it out yourself. You might get something similar by taking the SANS course he is teaching.
@ArthursHD
11 ай бұрын
🏴☠It's not legal to re-distribute Windows. I Bet it's not available even if it were I would not trust it cause it is modified.
@Aaron199s
11 ай бұрын
Flare VM from Mandiant has a large collection of useful malware analysis/reverse engineering tools.
i wonder if any ransomware type crypters have ever used something like sdelete to overwrite empty space on disk to mitigate possible file recovery. or just create a file that eats up free space than deletes after disk is full
Hello John, can you review PNPT certification? How the course is, and what are the preps to do for the exam. And suggestions for machines to do in THM and HTB. It'll be helpful for me to uptake the certification 🥺
The nanocore of ransomware
Cool
16:35 Rust doesn't have a runtime!
Can u do video on LOLDrivers
Medal
❤
How did you get the password for the 7z?
@wwdevil8771
11 ай бұрын
Infected
@MaisonKrown
6 ай бұрын
@wwdevil8771 it tells me header incrypted, any idea?
w vid
I'd like to know what coffee Ryan drinks. I'll have some of that please.
I think i found my new VXUG love xoxo
Wow this is old LockBit though. New versions have made the decrytor not available on the system. They are preparing this on thir systesm and dropping to the victim.
how can we stop lockbit ramsomeware from getting into my computer?
@spookyleo2589
11 ай бұрын
i think we can't do much on your computer 😂 (good question tho)
@iam-py-test
11 ай бұрын
I could be wrong, but I don't think LockBit targets home users.
@jugalchaudhary8943
11 ай бұрын
@@iam-py-test I researched a bit, I think it targets vm files, I could also be wrong
@jugalchaudhary8943
11 ай бұрын
@@spookyleo2589 you could use prelude detect to see if your pc can be affected by it or not, it does lot of tests and detects it
im the 12th person to comment 13th*
pliz pass for vx-underground, folders
@AnimeeHints
10 ай бұрын
infected
Ronsomeware
я тоже могу рассказать как использовать билды, ума для этого не нужно. Очень конечно интересно. Но суть Не понял. Зачем рассказывать как работают билдеры этих зловредов.
mga bisaya
Early :3
First
bro no don't show this shit to skiddies
Now the only problem for script kiddies is to encrypt their build.
"Dont download this" 😂 then stop showing us this. If you never showed it in the firstplace a lot of the low hanging fruit wouldnt exist like it does.
Can we look at UFOnet, b0tnet . Its strange the way its structured, but similar in ways to what we're already talking about..