JNLP Dangers - Java Malware Detection & Analysis
JNLP files can be super-dangerous. These benign looking XML files really can lead to disaster; they have the capability to load JAR files from remote locations and run them cross-platform (anywhere Java is installed). Here we see an example which leads to a malicious Windows Executable which has a VERY interesting technique to evade security controls.
I show you the tools, tactics and methods you need to analyse this malware quickly and effectively.
👇 ⭐ VIDEO SPONSOR ⭐ 👇
=======================
This video is sponsored by Malwarebytes Privacy; a super-quick, super-secure VPN which will protect your privacy and prevent unauthorised tracking. If you care about your privacy you should absolutely be using a VPN.
Malwarebytes Privacy is highly secure, super-fast and extremely cost effective. Also, check out the bundle you can get with Malwarebytes Device Security - where you can protect up to 5 of your devices from phishing, ransomware and malware.
Check out this link to learn more about how you can protect your Privacy online:
https://www.malwarebytes.com/for-home/
LINKS
=====
https://isc.sans.edu/forums/diary/Another+File+Extension+to+Block+in+your+MTA+jnlp/27018/
https://docs.microsoft.com/en-us/windows/win32/api/memoryapi/nf-memoryapi-mapviewoffile
https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-createfilemappinga
TOOLS
======
pestudio - https://www.winitor.com/
Process Monitor - https://docs.microsoft.com/en-us/sysinternals/
x64dbg - https://x64dbg.com/#start
unpacme - https://www.unpac.me/
SAMPLE
=======
delivery.jar - https://hybrid-analysis.com/sample/a4d95b7d196a4aca87cec384c5d21a756ab75cfaee7f4a20163d02109956a6dd
videodrv.exe https://hybrid-analysis.com/sample/ceaf771da5e2678ed0d5844282bf0d464207c23842a8e36be3e7ab1df022ef89
unpacked.exe - https://www.unpac.me/results/b1185bb2-d7cf-4dd9-a97a-93a0b52e2ba4#/
FOLLOW
=======
You can join in the conversation by following me at https://twitter.com/cybercdh
THANKS
=======
If you LIKED this video, please hit the THUMBS UP.
If you LOVED it, please SUBSCRIBE!
Many thanks for watching, it means a lot.
Peace out.
✌️
@cybercdh
Видео JNLP Dangers - Java Malware Detection & Analysis канала cybercdh
I show you the tools, tactics and methods you need to analyse this malware quickly and effectively.
👇 ⭐ VIDEO SPONSOR ⭐ 👇
=======================
This video is sponsored by Malwarebytes Privacy; a super-quick, super-secure VPN which will protect your privacy and prevent unauthorised tracking. If you care about your privacy you should absolutely be using a VPN.
Malwarebytes Privacy is highly secure, super-fast and extremely cost effective. Also, check out the bundle you can get with Malwarebytes Device Security - where you can protect up to 5 of your devices from phishing, ransomware and malware.
Check out this link to learn more about how you can protect your Privacy online:
https://www.malwarebytes.com/for-home/
LINKS
=====
https://isc.sans.edu/forums/diary/Another+File+Extension+to+Block+in+your+MTA+jnlp/27018/
https://docs.microsoft.com/en-us/windows/win32/api/memoryapi/nf-memoryapi-mapviewoffile
https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-createfilemappinga
TOOLS
======
pestudio - https://www.winitor.com/
Process Monitor - https://docs.microsoft.com/en-us/sysinternals/
x64dbg - https://x64dbg.com/#start
unpacme - https://www.unpac.me/
SAMPLE
=======
delivery.jar - https://hybrid-analysis.com/sample/a4d95b7d196a4aca87cec384c5d21a756ab75cfaee7f4a20163d02109956a6dd
videodrv.exe https://hybrid-analysis.com/sample/ceaf771da5e2678ed0d5844282bf0d464207c23842a8e36be3e7ab1df022ef89
unpacked.exe - https://www.unpac.me/results/b1185bb2-d7cf-4dd9-a97a-93a0b52e2ba4#/
FOLLOW
=======
You can join in the conversation by following me at https://twitter.com/cybercdh
THANKS
=======
If you LIKED this video, please hit the THUMBS UP.
If you LOVED it, please SUBSCRIBE!
Many thanks for watching, it means a lot.
Peace out.
✌️
@cybercdh
Видео JNLP Dangers - Java Malware Detection & Analysis канала cybercdh
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
If Amber Heard did InfoSec
Detect, Hunt & Analyze Threats with INTEZER
Y2K22 - Why 2022 Broke Email
LOG4SHELL - A Zero Day you need to protect against TODAY
Was it Really North Korea? Tools and Techniques to Attribute Malware Campaigns to Nation States
NSO Pegasus Malware - How Governments spy on any phone
Kaseya Ransomware Attack - 5 Key Insights into this Malware campaign
JavaScript Malware - How bad can it be?
Clubhouse Malware - Analysis of an Agent Tesla Infection Campaign
How to STEAL $1bn - A look at the Bangladesh Bank Heist
I bought a PHISHING website from the DARKWEB. Here's what I found...
25000 SUBSCRIBERS! A look back and forwards across the channel and my THANKS to YOU!!!!!
Cyber Defender REACTS to THEFT of Microsoft Exchange Server ZERO DAYS used by HAFNIUM
Remcos Config - Using RC4 to Get Command & Control from CyberChef
Building a Malware Lab - Software, Hardware, Tools and Tips for Effective Malware Analysis
Emotet is Dead
The Truth About Phishing - Tools, Tactics and Techniques to Analyse Phishing & Protect Your Privacy
Zyxel Backdoor & A Known Plaintext Attack
SUPERNOVA - Everything you need to know to Reverse Engineer an APT WebShell
SUNBURST SolarWinds RECON - Malware Reverse Engineering, OSINT and Identifying Victims