Dr Josh Stroschein - The Cyber Yeti | Poke

Dr Josh Stroschein - The Cyber Yeti @UCI8zwug_Lv4_-KPT62oeDUA@youtube.com

24K subscribers - no pronouns :c

You've found the Cyber Yeti! Here I host free cybersecurity

Videos Shorts Live Posts Playlists

Recently Uploaded Popular Oldest

08 - Reverse the Shell and Series Wrap-up

07 - Populating SOCKADDR_IN and Calling Connect to Connect to The Attacker System

06 - Starting to Call Windows API Functions, Getting a Socket Handle

05 - Figuring out Stack Layout for Local Variables and Structures

04 - Loading WS2_32 with LoadLibrary and Wrapping Up Runtime Linking

03 - Runtime Linking for Kernel32 and Preparing to Load WS2_32 for Socket Communication

01 - Building a Reverse Shell Game Plan with a Simple C Program

02 - Exploring the Reverse Shell Source Code and API Breakdown

10 - Cleaning Up our IDA Database using Offsets

09 - Using AddressOfNames, AddressOfOrdinals & AddressOfFunctions arrays to find function pointers!

08 - Understanding the Export Directory Structure

07 - Parsing PE Headers to Locate the Export Directory

03 - C++ Name Mangling - Identifying Operator New in IDA Pro

01 - C++ Name Mangling - Investigating Overloaded Functions

02 - C++ Name Mangling - Creating Multiple Object Files

What Are Relocations? Exploring the Relocation Table

06 - Adjusting Structure Bases for Better Reverse Engineering

05 - Computing Pre-Computed Hashes Instead of Using Strings

04 - Using the LDR_DATA_TABLE_ENTRY Structure to Find Module Names

03 - Capturing a Time-Travel Debug Trace and Identifying Usage of the PEB

02 - Identifying Signs of Runtime-Linking using CAPA and IDA Pro

01 - Basic Analysis of the Sample

04 - Uncovering the Final Stage Payload and Identifying the Malware Family (it's AgentTesla)

03 - Identifying Use of Auto-IT Scripts, More Shellcode and Some Encryption

00 - Following the Trail from an RTF Doc to AgentTesla - Analysis Objectives and the Sample

01 - Initial File Triage and Shellcode Identification

02 - Identifying Shellcode Entry Point and Analyzing Common Shellcode Techniques

13 - Creating an XOR Unpacking Stub

00 - Introduction to Working with Time Travel Debugging in Binary Ninja

03 - Replaying TTD Traces in Binary Ninja

02 - Recording a TTD Trace with Binary Ninja

01 - Installing WinDbg and Configuring Binary Ninja

Analyzing Shellcode - Finding the Entry Point Based Off Position Independence

Stepping Through Signatures in Detect-It-Easy: Leveraging the Signature Debugger

09 - Preventing Debugging by using SystemFunction40 (RtlEncryptMemory) on DbgUIRemoteBreakIn

12 - Creating Simple String Obfuscation with XOR

11 - Using MOV Instructions to Create Stack Strings

10 - Understanding Endianness and Creating Stack Strings

09 - Exiting Our Shellcode Cleanly with ExitProcess

08 - Calling MessageBoxA from our Shellcode!

07 - Using LoadLibraryA to Load USER32.dll

06 - Generating Module and API Hashes to Perform Runtime Linking

05 - Creating Position Independent Code using CALL $+5

04 - Wrapping Shellcode into PE Files and Debugging with IDA Pro

03 - Using SCLauncher and x32dbg to Debug Shellcode

02 - Using SCLauncher and WinDBG to Debug Shellcode

01 - The Build Environment, Required Tools, and Series Resources

00 - Welcome to Creating Shellcode and Prerequisistes

05 - The Basics of Creating Custom Rules

04 - Using Fakenet-NG for Network Emulation and PCAP Generation

03 - Processing PCAPs in Offline Mode

02 - Manually Updating the Ruleset with Emerging Threats Open

01 - Installing Suricata into the FLARE-VM

08 - Using ZwSetInformationThread to Detach Debuggers

07 - Creating Trampolines and Re-Obfuscating Function Pointers

Enabling Rule Profiling in Suricata - Compiling from Source

06 - Finding Functions from the Export Directory and Using Seeds to Compute Checksums

05 - How Lockbit Uses the DLL Name as a Seed for API Hashing

04 - Walking the PEB, Enhancing IDA's Output w/ Structures, and Unlocking the Key to Runtime-Linking

03 - Identifying Signs of Runtime-Linking and Building Context for API Hashes