PikaBot Malware Analysis: Debugging in Visual Studio

Loved every minute of this video.

It's always fun to see what, how others work to de-obfuscate / reverse certain payloads. Hope to see similar videos in the future!

golgothus

Man i really liked this guy's personality. Adding cartoon sounds to each sentence is not a thing lot of people can do while keeping it enjoyable

vaibhav

Can't agree more with Ryan for using Perl for one-liners!

trevlix

It's awesome explanation, keep up guys.🎉

gvsai

This was really great. Ryan (and John too) is awesome.

KenPryor

Script exploits are exactly why I disable the Windows Script Host.

sammorreel

With most scripts i found the easiest way is to clean up the code a little bit and then replace evals with prints. Let the code decode itself for you!

CuriousPiti

This dudes the real deal! A real friendly and approachable person makes learning easy

dannnnnno

Why wouldnt you do something like:

1+1
> 2
a= "1+1"
> '1+1'
eval(a)
> 2
function eval(st) { console.log(st) }
> undefined
eval(a)
> 1+1

It will stop your code from working but you can get the scripts it actually tries to run and replace the obfuscated stuff

alex

Hello John, love your content and especially this kind of things.Keep it up❤❤❤❤

NavyEagle

one point one million and rising
well deserved

xCheddarBbx

Lazy analyst approach to javascript malware -> replace eval with document.write and just run it.

ukaszgeras

This pals from palword got malicious real quick with that AI.

BrutusMaximusAurelius

Ryan is the pimp, love his trainings.

Badams

Does anyone have a link for Box PowerShell?

dyarizadeh

Edit 3.js and replace eval with console.log then run. No need for
A debugger to Comcast strings!!!

gonehaywire

Remind me to add "cornucopia" to my vocabulary when describing cyber distros

dyarizadeh

Qui is latin for what, Pikachu what? Meme. Also did the dude seriously put the divine comedy in latin as obfuscation?

anarchoraven

Like there's js-beautify there is uglify-js. Hehe

nicksonpinto