If there's anything that you want further clarification on, just let me know! Also, if you have any specific cybersecurity topics you'd like to see covered, drop a comment.
I was recommended this video based on my YT algorithm and I really enjoy your delivery and explanations about these certain fileless malware types. It was a good medium between getting too in-depth and general overview of this subject,. As a long-time Mac user who is pretty new to having my own custom PC, I look forward to more content from you! Definitely got a like a sub from me. 👍👍
Ken, so many things to say about this. 1)This was fascinating! I've never heard of domain fronting or process hollowing. 2)In the powershell command you noted, did it request "virus.txt" from the malicious server and save it locally as "virus.exe" in system32? That part confused me. 3)If you have the time, I would love to learn more about process hollowing, domain fronting, atom bombing, and pretty much everything you covered in the video. Seeing any of those attack techniques in action would be really interesting. Awesome awesome awesome video ! Take my sub!
Thanks for the support, Avery! I appreciate it! I didn't notice the error with the command until I started editing the video. I meant to put .exe for both files. I've been wanting to make more technical videos for the channel, but haven't yet been able to get around to it. All of those examples you listed would be perfect for one hour deep dive videos. I've also got plans at some point to build a test lab, so I can show everyone real examples of malware and how it works.
Excellent content; We live in a cyber war and our data is a mine and the types of attacks are varied and its content provides a good basis for understanding and minimizing damage and protecting ourselves in a certain way. I'm not waiting for the configuration of the opnsense firewall for domestic protection if possible. Thanks.
The firewall config video is definitely overdue. I'll be working on it within another month or so. I've been putting that one off since it's going to be a pretty big undertaking. It's pretty straightforward to setup though and there's plenty of documentation on whatever you might need here: docs.opnsense.org/manual/install.html The challenging part for me is going to be figuring out how to condense all that down into the important stuff to know for a home user that's looking for a configuration that's not overly complicated. I would like to be able to have a playbook for people to use to follow along and want to keep it under 20 pages. Also, I wouldn't worry much about the cyber threats. Enterprise and govs have to constantly deal with attacks that a home user wouldn't deal with. Just having an up to date system with an internet security suite(if applicable) and a browser with ad block and you would be perfectly fine. The issue with cybersecurity content is that it gives the impression that the sky is falling and hackers are around every corner, but this really only applies to enterprise and government. Just the fact that you watch content like this means you are miles ahead of an average user in keeping yourself secure. It's insane how many people still do things like use passwords like "1234."
At 18:05, consider that the advertisements can be incredibly irritating, but they're essential for CZcamsrs like yourself to earn through the CZcams Partner Program. Without these ads, your revenue stream would dry up.
It's not something that bothers me personally, but I don't rely on YT for income. I don't think most would bother using one though if the ads weren't so pervasive now.
Yes, using IA certain "formal" email is so good write, detailed etc... to me... who know how many people open and just reading the text of the email they immediately thought of something interesting and useful... instead... in the end and always good to check the files you least expect that could be infected.
Also might be good to do a video on potential for exploits of the recently released TLDs by Google for .zip and .mov - these, especially .zip can be pretty easily combined with some unicode characters (which are compliant with the addressing schema) to fool even otherwise relatively tech savvy individuals into downloading something malicious...even worse if they're expecting it to be a legitimate zip file of something like a github repo and the attacker took the time to carefully cloak the contents to appear legitimate.
Those are good ideas, thanks for the suggestions! I forgot Google decided to start allowing those domains. Pretty much everyone in the IT sector was dumbfounded with that decision because of the abuse that'll happen because of it. I'll also cover browser extensions as well. Those things are an absolute minefield. I'm convinced about 95% of extensions are just crap that the devs use to mine data from people.
I managed to configure OPNSENSE with the article you suggested. I installed zenarmor to monitor the LAN port. In your opinion, do you think it is worth placing the suricata IPS monitoring the WAN port? Do you have any additional suggestions and tips in this regard? Thanks!
I would definitely suggest adding it to the WAN port as well since you've already got everything else running. Zenarmor is a really good addon for OPNsense as well. Your network now, even if you don't do anything else with it, is miles ahead of other home users. Here are some other things to consider: If you have any open ports, you could set up a honeypot on a separate network, but it's not something I would really suggest. Unless you have a niche case, I definitely don't suggest having any open ports. There's quite a bit of risk to use a honeypot as well. An IPS will take care of intrusions. DNS filtering is something you could add from the router. I prefer to do this at the PC/other device level, but the preference is entirely with the home user. There may be times you want to switch DNS providers on the fly or need to turn it off for a moment for compatibility, which is easier to do if you set it per computer. If you have any sort of security system, IOT devices, cameras, etc, it would be a good idea to have them on separate networks. I.e. smart devices get their own network. If you aren't already familiar with network logs, I would suggest spending a couple hours going over logs related to system function, firewall actions, and IPS. I don't recommend checking these a lot. A couple times a week would be sufficient unless you think something might be going on. IPS will automatically take care of intruders. One last thing, if you have remote access for your router, I strongly recommend using 2FA and turn on rate limiting.
It usually doesn't need to have files downloaded to the disk. It could be something as simple as a PS script executing (but not saving anywhere) and the malware getting ran on the RAM, then being launched into the RAM each time you start your computer.
My computer just got virus in windows 11 and use my RAM and it's remove my boot file when i run offline defender virus scan, but i didn't know where i got this virus, maybe from my new SSD?
It's possible that it came from the new SSD. What is the brand and model of it and where did you get it? I'll have a look to see if that might have been the issue. Also, did your antivirus say what the name of the virus is?
im going through this right now bad my s22 ultra and 4 month old 2500 pc rig i j ust bought no one even believes me that im infected but ive reset so many times it just doesnt work. antivirus is just shut off im supposed to have windows 11 its some kind over older windows 10 shell made to look like 11 with all the antivirus disabled or things allowed, im not the admin, tons of admin users tons of svc.host.exe found out my monitor had my 2 hdmi my dvi port or whatever its called but then it had 2x virtual serial ports when i siwtched from one virtual one to the other it brough up another feed of my pc and when i tried to start typing every key i press a narrator app shouted hidden menu hidden menu hidden menu! it scared the shit out of me. i really need help
i try to use bootable flash drives but it disables the drive and boots the corrupted one from its memory still i dont know what to do it almost seems like i have 2 different sets of bios running, pretty sure it has a hidden hotspot constanly going same with my phone, if i can fix my pc im smashing my phone with a hammer, someone made a microsoft azure account with my email. i feel bad for non tech savy plp because they would never know, even my techy friends think im on meth
and most of all why me, ima nobody this has been going on for 2 years now and im finally just figuring out what it is, i want to find these people and sue them it also got in my cars infocenter on a 2016 honda civic, basicly just a anroid tablet, i want to justice but most of all any info you have on actually stopping it other than buying new motherboard and harddrive all my shit is brand new, prime asus 790-v wifi motherboard i9 32gb ddr5 2tb nvme that has hidden volumes and just wont wipe, too much to type, the virtual ports for the display is what really fucked my head up to seek someone like you out today
If there's anything that you want further clarification on, just let me know! Also, if you have any specific cybersecurity topics you'd like to see covered, drop a comment.
It'd be great if you could go into more detail of how ads could load fileless malware. Also, great video btw!
@@neocephalon Thanks! That'll be a great topic to cover for a video.
@@KenHarrisio i love u man u the best. U helped me understand a lot of things
I was recommended this video based on my YT algorithm and I really enjoy your delivery and explanations about these certain fileless malware types. It was a good medium between getting too in-depth and general overview of this subject,. As a long-time Mac user who is pretty new to having my own custom PC, I look forward to more content from you! Definitely got a like a sub from me. 👍👍
Awesome, thanks for the support! 🍻
Ken, so many things to say about this.
1)This was fascinating! I've never heard of domain fronting or process hollowing.
2)In the powershell command you noted, did it request "virus.txt" from the malicious server and save it locally as "virus.exe" in system32? That part confused me.
3)If you have the time, I would love to learn more about process hollowing, domain fronting, atom bombing, and pretty much everything you covered in the video. Seeing any of those attack techniques in action would be really interesting.
Awesome awesome awesome video ! Take my sub!
Thanks for the support, Avery! I appreciate it!
I didn't notice the error with the command until I started editing the video. I meant to put .exe for both files.
I've been wanting to make more technical videos for the channel, but haven't yet been able to get around to it. All of those examples you listed would be perfect for one hour deep dive videos. I've also got plans at some point to build a test lab, so I can show everyone real examples of malware and how it works.
Excellent content; We live in a cyber war and our data is a mine and the types of attacks are varied and its content provides a good basis for understanding and minimizing damage and protecting ourselves in a certain way. I'm not waiting for the configuration of the opnsense firewall for domestic protection if possible. Thanks.
The firewall config video is definitely overdue. I'll be working on it within another month or so. I've been putting that one off since it's going to be a pretty big undertaking. It's pretty straightforward to setup though and there's plenty of documentation on whatever you might need here: docs.opnsense.org/manual/install.html
The challenging part for me is going to be figuring out how to condense all that down into the important stuff to know for a home user that's looking for a configuration that's not overly complicated. I would like to be able to have a playbook for people to use to follow along and want to keep it under 20 pages.
Also, I wouldn't worry much about the cyber threats. Enterprise and govs have to constantly deal with attacks that a home user wouldn't deal with. Just having an up to date system with an internet security suite(if applicable) and a browser with ad block and you would be perfectly fine. The issue with cybersecurity content is that it gives the impression that the sky is falling and hackers are around every corner, but this really only applies to enterprise and government. Just the fact that you watch content like this means you are miles ahead of an average user in keeping yourself secure. It's insane how many people still do things like use passwords like "1234."
You should do a video on how to detect and remove different types of malware that use certain tricks to be harder to detect by anti malware software
Good idea, thanks for the suggestion! I'll add it to the video roster.
At 18:05, consider that the advertisements can be incredibly irritating, but they're essential for CZcamsrs like yourself to earn through the CZcams Partner Program. Without these ads, your revenue stream would dry up.
It's not something that bothers me personally, but I don't rely on YT for income. I don't think most would bother using one though if the ads weren't so pervasive now.
This is excellent content! A fellow IT professional 👋
Thanks for the support! I like the profile pic btw. I haven't seen that movie in a long time.
Yes, using IA certain "formal" email is so good write, detailed etc... to me... who know how many people open and just reading the text of the email they immediately thought of something interesting and useful... instead... in the end and always good to check the files you least expect that could be infected.
Also might be good to do a video on potential for exploits of the recently released TLDs by Google for .zip and .mov - these, especially .zip can be pretty easily combined with some unicode characters (which are compliant with the addressing schema) to fool even otherwise relatively tech savvy individuals into downloading something malicious...even worse if they're expecting it to be a legitimate zip file of something like a github repo and the attacker took the time to carefully cloak the contents to appear legitimate.
Those are good ideas, thanks for the suggestions! I forgot Google decided to start allowing those domains. Pretty much everyone in the IT sector was dumbfounded with that decision because of the abuse that'll happen because of it.
I'll also cover browser extensions as well. Those things are an absolute minefield. I'm convinced about 95% of extensions are just crap that the devs use to mine data from people.
I managed to configure OPNSENSE with the article you suggested. I installed zenarmor to monitor the LAN port. In your opinion, do you think it is worth placing the suricata IPS monitoring the WAN port? Do you have any additional suggestions and tips in this regard? Thanks!
I would definitely suggest adding it to the WAN port as well since you've already got everything else running. Zenarmor is a really good addon for OPNsense as well. Your network now, even if you don't do anything else with it, is miles ahead of other home users.
Here are some other things to consider:
If you have any open ports, you could set up a honeypot on a separate network, but it's not something I would really suggest. Unless you have a niche case, I definitely don't suggest having any open ports. There's quite a bit of risk to use a honeypot as well. An IPS will take care of intrusions.
DNS filtering is something you could add from the router. I prefer to do this at the PC/other device level, but the preference is entirely with the home user. There may be times you want to switch DNS providers on the fly or need to turn it off for a moment for compatibility, which is easier to do if you set it per computer.
If you have any sort of security system, IOT devices, cameras, etc, it would be a good idea to have them on separate networks. I.e. smart devices get their own network.
If you aren't already familiar with network logs, I would suggest spending a couple hours going over logs related to system function, firewall actions, and IPS. I don't recommend checking these a lot. A couple times a week would be sufficient unless you think something might be going on. IPS will automatically take care of intruders.
One last thing, if you have remote access for your router, I strongly recommend using 2FA and turn on rate limiting.
Think it was Linus tech tips lol got sent a giant PDF and his virus scanner didn't pick it up
They say it's fileless malware, but are the payload loader and injector downloaded to the disk?
It usually doesn't need to have files downloaded to the disk. It could be something as simple as a PS script executing (but not saving anywhere) and the malware getting ran on the RAM, then being launched into the RAM each time you start your computer.
Hey man. This is good content! Subscribed.
Awesome, thank you! 🍻
My computer just got virus in windows 11 and use my RAM and it's remove my boot file when i run offline defender virus scan, but i didn't know where i got this virus, maybe from my new SSD?
It's possible that it came from the new SSD. What is the brand and model of it and where did you get it? I'll have a look to see if that might have been the issue. Also, did your antivirus say what the name of the virus is?
@@KenHarrisio My boot sector is 0 Install after i scan with Microsoft offline defender and didn't boot normal
im going through this right now bad my s22 ultra and 4 month old 2500 pc rig i j ust bought no one even believes me that im infected but ive reset so many times it just doesnt work. antivirus is just shut off im supposed to have windows 11 its some kind over older windows 10 shell made to look like 11 with all the antivirus disabled or things allowed, im not the admin, tons of admin users tons of svc.host.exe
found out my monitor had my 2 hdmi my dvi port or whatever its called but then it had 2x virtual serial ports when i siwtched from one virtual one to the other it brough up another feed of my pc and when i tried to start typing every key i press a narrator app shouted hidden menu hidden menu hidden menu! it scared the shit out of me. i really need help
i try to use bootable flash drives but it disables the drive and boots the corrupted one from its memory still i dont know what to do it almost seems like i have 2 different sets of bios running, pretty sure it has a hidden hotspot constanly going same with my phone, if i can fix my pc im smashing my phone with a hammer, someone made a microsoft azure account with my email. i feel bad for non tech savy plp because they would never know, even my techy friends think im on meth
and most of all why me, ima nobody this has been going on for 2 years now and im finally just figuring out what it is, i want to find these people and sue them it also got in my cars infocenter on a 2016 honda civic, basicly just a anroid tablet, i want to justice but most of all any info you have on actually stopping it other than buying new motherboard and harddrive all my shit is brand new, prime asus 790-v wifi motherboard i9 32gb ddr5 2tb nvme that has hidden volumes and just wont wipe, too much to type, the virtual ports for the display is what really fucked my head up to seek someone like you out today
They say it's fileless malware, but are the payload loader and injector downloaded to the disk?