- 92
- 206 061
Gemini Cyber Security
Singapore
Registrace 28. 01. 2017
Learn offensive security | penetration testing | ethical hacking | cyber security on the channel for free.
Hello, welcome to the channel.
I have created this channel with the goal of sharing my knowledge that i've obtained over the past years as a cyber security professional.
I hope you will enjoy the content and learn something new from it!
Looking to donate?
BTC: 19HiqQ2Qw83mxK9dcdoWb8VfAcsNgmp52k
www.buymeacoffee.com/gemini.cyber
DISCLAIMER:
All content posted on this CZcams channel is SOLELY FOR Educational and Awareness purposes ONLY. Any actions and/or activities related to the material presented in this CZcams channel is entirely YOUR responsibility.
We DO NOT promote, support, encourage any illegal activities such as hacking, and we WILL NOT BE HELD responsible in the event of any misuse and abuse of the content resulting in any criminal charges.
Hello, welcome to the channel.
I have created this channel with the goal of sharing my knowledge that i've obtained over the past years as a cyber security professional.
I hope you will enjoy the content and learn something new from it!
Looking to donate?
BTC: 19HiqQ2Qw83mxK9dcdoWb8VfAcsNgmp52k
www.buymeacoffee.com/gemini.cyber
DISCLAIMER:
All content posted on this CZcams channel is SOLELY FOR Educational and Awareness purposes ONLY. Any actions and/or activities related to the material presented in this CZcams channel is entirely YOUR responsibility.
We DO NOT promote, support, encourage any illegal activities such as hacking, and we WILL NOT BE HELD responsible in the event of any misuse and abuse of the content resulting in any criminal charges.
Bypass Windows Defender 2024 - Windows Cyber Security
Be better than yesterday
In this video, we will be demonstrating how we can bypass the latest Windows Defender on a fully updated Windows 11 machine.
The video provides a step-by-step demonstration on modifying the source code of the FilelessPELoader project, resulting in the loader being undetected by Windows Defender.
Using the modified undetected FilelessPELoader, it was possible to remotely load Mimikatz and a Meterpreter reverse shell binary directly into memory and execute it.
Previous video on FilelessPELoader:
czcams.com/video/zOcl3o5lYYo/video.html
FilelessPELoader Github:
github.com/SaadAhla/FilelessPELoader
Stay connected:
Twitter: gemini_security
Udemy: www.udemy.com/user/gemini-88/
Github: github.com/gemini-security
Discord: discord.gg/u9Qxxbamke
In this video, we will be demonstrating how we can bypass the latest Windows Defender on a fully updated Windows 11 machine.
The video provides a step-by-step demonstration on modifying the source code of the FilelessPELoader project, resulting in the loader being undetected by Windows Defender.
Using the modified undetected FilelessPELoader, it was possible to remotely load Mimikatz and a Meterpreter reverse shell binary directly into memory and execute it.
Previous video on FilelessPELoader:
czcams.com/video/zOcl3o5lYYo/video.html
FilelessPELoader Github:
github.com/SaadAhla/FilelessPELoader
Stay connected:
Twitter: gemini_security
Udemy: www.udemy.com/user/gemini-88/
Github: github.com/gemini-security
Discord: discord.gg/u9Qxxbamke
zhlédnutí: 5 285
Video
Shellcode Loader/Execute Shellcode - Automate with Python Programming! [Part 2]
zhlédnutí 2,4KPřed 8 měsíci
Be better than yesterday In this video, we continue where we stopped on the shellcode launcher program, showcasing how we can easily implement additional features into the Python script - such as Base64 encoding and XOR encryption. As a bonus, we will investigate how our XOR encrypted payload is being detected by Windows Defender and subsequently, bypass Windows Defender and successfully establ...
Shellcode Loader/Execute Shellcode - Automate with Python Programming!
zhlédnutí 2,2KPřed 8 měsíci
Be better than yesterday In this video, we will look into the typical techniques and methods on how to execute shellcode. The video will provide 2 examples on how shellcode can be executed in C and also share several references on techniques and methods of shellcode execution. As a bonus, the video will also provide a step-by-step guide on how you can use Python programming to automate the buil...
Windows Malware using Github as C2 (Command and Control)
zhlédnutí 1,7KPřed 8 měsíci
Be better than yesterday - This video showcases how trivial it can be to build a Windows program that uses public infrastructure and services, such as Github repository, as a Command and Control C2 channel. The video provides a step-by-step guide to build a Windows program using C# with the Octokit.net library which provides ease of access to Github APIs services. The simple proof of concept pr...
Introduction to Persistence on Windows
zhlédnutí 962Před 8 měsíci
Be better than yesterday - In this video, we will be sharing several techniques and tactics used for obtaining Persistence on Windows machine. Persistence is a post-compromise procedure whereby the malicious threat actors aim to maintain their access across system restarts or any other operations that could potentially terminate their current access. DISCLAIMER: All content posted on this CZcam...
HOW TO: Windows Privilege Escalation via Insecure MSI Packages
zhlédnutí 957Před 9 měsíci
Be better than yesterday - In this video, we will be going through two articles on discovering privilege escalation vulnerabilities on Windows computer via MSI packages, specifically through the MSI repair operations. The first article shared was published in Mandiant back in July 2023 whereby they were able to identify zero days vulnerabilities on the Atera software, resulting in a privilege e...
HOW TO: Transfer/Smuggle Payload via Browser Cache!
zhlédnutí 1,1KPřed 9 měsíci
Be better than yesterday - In this video, we will be going through an article published by SensePost Orange Cyberdefense, demonstrating a cool way to transfer and smuggle payload files, such as a .DLL file, over to your victim's Windows computer via browser's caching mechanisms WITHOUT your victim's consent and knowledge! Sneaky sneaky. Practical demonstration and step by step walkthrough to re...
UAC Bypass on Windows - Infinite UAC Prompt Loop (with ChatGPT Help)
zhlédnutí 2,4KPřed 9 měsíci
Be better than yesterday - In this video, we will demonstrate an interesting and amusing way of bypassing UAC - by creating an infinite UAC prompt loop until your end user victim clicks on 'Yes'. The tool ForceAdmin found on a Github repository is showcased. Although out of the box the compiled binary was detected by Windows Defender, it was possible to quickly bypass the detection by manually ...
Havoc C2 Framework - Setup Demonstration with Windows Defender Bypass
zhlédnutí 7KPřed 9 měsíci
Be better than yesterday - This video provides a step-by-step guide on how to install the infamous Havoc C2 framework tool on a fresh Kali Virtual Machine with VMWare Workstation Player from scratch. The video further provides a practical hands-on demonstration on the basic usage of the Havoc C2 Framework, such as setting up a listener and generating a payload for it. As a bonus, Windows Defend...
How to - Convert Quasar RAT into Shellcode with Donut.exe
zhlédnutí 7KPřed 10 měsíci
Be better than yesterday In this video, we will explore how we can convert .EXE payload files into shellcode with Donut.exe. The infamous Quasar RAT client .EXE file is used as an example. This video provides step-by-step instructions and showcases how we can compile Donut.exe on a Windows x64 system, and use Donut.exe to turn the Quasar RAT client .EXE file (Client-built.exe) into a shellcode ...
How to bypass Windows Defender with Embedded Resources (.rsrc)
zhlédnutí 4,6KPřed 10 měsíci
Be better than yesterday - In this video, we will explore the usage of the popular cross compilation tool, MinGW, in order to compile and produce a Windows EXE binary file on a Linux machine (Kali) with custom resources, such as the assembly information and icon images. This is particularly useful if you want to stick to a Linux environment for payload development. As a bonus, the video also sh...
Exploiting WinRAR Zero Day Vulnerability (CVE 2023 38831)
zhlédnutí 3,3KPřed 10 měsíci
Be better than yesterday In this video, we will explore CVE-2023-38831, a zero-day that was exploited in the wild by malicious threat actors in order to gain unauthorised initial access onto victim's computer. Quoting from NVD, the following describes the vulnerability: RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP ...
Free Phishing course, Discord Channel up, HackInTheBox Conference
zhlédnutí 339Před 10 měsíci
Free 30 minutes Introductory course to Phishing: www.udemy.com/course/intro-to-phishing/ HackInTheBox (HITB) Security Conference - Phuket: conference.hitb.org/hitbsecconf2023hkt/ Remember guys, taking a break to unwind and recharge is equally important! Stay connected: Twitter: gemini_security Udemy: www.udemy.com/user/gemini-88/ Github: github.com/gemini-security Discord: discord.g...
How to Dump LSASS.exe Process Memory with Nanodump BOF - Windows Defender Bypass
zhlédnutí 3,9KPřed 11 měsíci
Be better than yesterday - In this video, we explore the importance of dumping the LSASS.exe process memory for credentials harvesting. The video provides an introduction to LSASS.exe process memory dumping in order to understand why this technique is critical and essential for an adversary when it comes to the cyber kill chain - lateral movement life cycle. The video then provides some example...
Windows Malware RAT - JSCat (Windows Defender Bypass)
zhlédnutí 3,1KPřed 11 měsíci
Be better than yesterday - In this video, we demonstrate the usage of a publicly available Windows RAT Malware known as JSCat. It was possible to bypass the Windows Defender detection triggered and successfully establish a callback to the JSCat remote server. The session established was also functional and OS command execution was possible without triggering any detection. In addition, a manual...
Windows Keylogger Input Capture for Remote Desktop Protocol RDP
zhlédnutí 1,6KPřed 11 měsíci
Windows Keylogger Input Capture for Remote Desktop Protocol RDP
Experimenting with Alcatraz - x64 Binary Obfuscator
zhlédnutí 1KPřed 11 měsíci
Experimenting with Alcatraz - x64 Binary Obfuscator
How to bypass Windows Defender - with .DLL FilelessPELoader (Meterpreter Reverse Shell)
zhlédnutí 2,8KPřed rokem
How to bypass Windows Defender - with .DLL FilelessPELoader (Meterpreter Reverse Shell)
Post Exploitation - Getting Clear Text Passwords with SharpLoginPrompt
zhlédnutí 512Před rokem
Post Exploitation - Getting Clear Text Passwords with SharpLoginPrompt
Initial Access - Phishing Payload Preparation with Windows Defender Bypass
zhlédnutí 3,7KPřed rokem
Initial Access - Phishing Payload Preparation with Windows Defender Bypass
C2 Redirector - How to Redirect C2 Traffic with Apache mod_rewrite
zhlédnutí 1,5KPřed rokem
C2 Redirector - How to Redirect C2 Traffic with Apache mod_rewrite
Understanding HTML Smuggling with Practical Examples
zhlédnutí 3,1KPřed rokem
Understanding HTML Smuggling with Practical Examples
Covenant C2 - Implement HTTPS Encryption and Modify Network Indicators
zhlédnutí 662Před rokem
Covenant C2 - Implement HTTPS Encryption and Modify Network Indicators
Covenant C2 - Bypass Windows Defender with Custom Shellcode Launcher
zhlédnutí 2,9KPřed rokem
Covenant C2 - Bypass Windows Defender with Custom Shellcode Launcher
Covenant C2 - Setup Installation and Basic Usage Demonstration
zhlédnutí 2,4KPřed rokem
Covenant C2 - Setup Installation and Basic Usage Demonstration
Simple Reverse Shell in C# (Execute System Commands Only)
zhlédnutí 1,9KPřed rokem
Simple Reverse Shell in C# (Execute System Commands Only)
Hybrid Encryption C# Ransomware Malware Written by ChatGPT
zhlédnutí 2,1KPřed rokem
Hybrid Encryption C# Ransomware Malware Written by ChatGPT
How to bypass Windows Defender with Custom C++ .EXE Payload Loader (Meterpreter Reverse Shell)
zhlédnutí 17KPřed rokem
How to bypass Windows Defender with Custom C .EXE Payload Loader (Meterpreter Reverse Shell)
Understanding DLL Hijacking for Payload Execution
zhlédnutí 3,3KPřed rokem
Understanding DLL Hijacking for Payload Execution
Bypass Windows Defender with ScareCrow - Meterpreter Reverse Shell Demo [Update]
zhlédnutí 3,7KPřed rokem
Bypass Windows Defender with ScareCrow - Meterpreter Reverse Shell Demo [Update]
the app crash, why?!
Fantastic info!
in python bro
thanx for the course man
Welcome back bro! Please do another video on ransomware creation or a keylogger in 2024!
I really enjoyed this series. well explained, well put together. Just overall superb. Would definitely like if you would put together a series more similar to this in future explaining how one can utilise bloodhound effectively for Domain enumeration. Well put together! really enjoyed this video.
I am hungover so my head already hurted before this video. But it was a good video so I kept watching. subscribed
bro is underrated asf
its working for u?
will this work for windows 11, windows server 2022? Because I can't seem to get it work.
i didn't understand what u did there with the arguments supplied part could u please explain
waiting for next video
I don’t understand why defender didn’t detect mimikatz?
It worked but when i execute mimikatz or meterpreter through the executable in the cmd, it gets detected
Plz make videos on EDR evasion thanks for this :)
Yo could you make some video on delivery methods? love your content by the way!
♻️♻️♻️♻️
❤❤
Simple and amazing
¡¡Eres mi inspiración!!
How can this be used in a Real World scenario anybody ??
very nice
I want a way to dump lsass without any detection
Bro I have filePEloader successfully bypass the windows defender when the mimikatz load within 2s windows defender blocked it any suggestions how resolve it
Same as me brother. Mimikatz still picked up on execution. Filelesspeloader is OK
@@richardjones9598 did u know any alternative tools like Rubues other than mimikatz
hmmmm. try using other LSASS dumpers. Nanodump perhaps
@@gemini_security ok I will try
Me too, it doesnt work
I love your content! Expecting more vidoes
love your videos bro😍😍
please more of that . Very valuable Content thx 😀
Hello, Your positive comment is greatly appreciated. I am glad that you've enjoyed it. Have a great day,
@@gemini_security youre welcome 🙂
Excellent work!!
Hello, Your positive comment is greatly appreciated. I am glad that you've enjoyed it. Have a great day,
Please disable cloud delivered protection I don't trust windows defender
Hello, Thanks for your suggestion, but turning it off wouldn't make it a complete bypass. Cloud Protection provides a more complete detection bypass which will be more valuable for the audience. Have a great day,
whats the point showing it with the cloud protection disabled? having it enabled makes it more challenging :-)
hehe that is right
great job man))) i love these kinds of videos
Hello, Your positive comment is greatly appreciated. I am glad that you've enjoyed it. Have a great day,
OMG my brother was telling me about you almost every week, so long without posting videos. he will be so happy when i tell him there is a new video.
Hello, Your positive comment is greatly appreciated. I am deeply honoured by your brother's support and it is very encouraging to hear that, thanks! Have a great day,
We love your Videos !!!
Hello, Your positive comment is greatly appreciated. I am glad that you've enjoyed it. Have a great day,
I LOVE tours videos so much dont stop
Hello, Your positive comment is greatly appreciated. I am glad that you've enjoyed it. Have a great day,
this is thug
how to bypass applocker with defender bypass
zip/iso method got patched. however you could try making a LNK that downloads and executes your malw. you could also try making a javascript/vbs that either downloads and executes or writes the file to disk directry and then runs it. i think that will bypass it.
@@SolitaryElite can u explain? How to do that with LNK
@@hiddengo3232 just make shourtcut and enter command to download and execute.
I guess I could make a video on AppLocker. It is pretty much what the other comments mentioned - you have to figure out what is allowed and use the allowed binaries (usually LOLBAS - lolbas-project.github.io/) to execute your malicious program/code.
you are back🎉
Hello, Thanks for the continue support despite a long break, it is very much appreciated! Have a great day,
Do not turn automatic sample submission ON. That is why it was detected as malicious in 24 HR.
where r u bro?
Hello, I am still here and I am doing fine! I hope that you're doing fine as well!
@@gemini_security when is u r next video?
@@gemini_security when is u r next video?
Hey, What is 8443.exe ?
Please turn off sample submission in windows defender settings when testing. A notice for your viewers would be great too, as most new to this field don't know.
man you running so fast