TARGETED Phishing - Fake Outlook Password Harvester

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello everyone and welcome back to another malware analysis video my name is john hammond and i am super excited to bring this one to you because honestly i think this is kind of neat pretty novel uh something different that we're uh have not normally done before i want to showcase a very cool phishing email that uh community viewer uh someone had submitted and sent along to me so i'm pretty excited to showcase this one too let's hop over to my computer screen and let's get into it i'm working in remnux the reverse engineering malware linux distribution and i'll fire up a terminal here i'm working in z shell at the moment using a terminator to be able to split my screen and do neat terminal things uh but i am using a clean pure prompt so you should be able to see everything like my full command now and i have the color like syntax highlighting on for the command so hopefully it's a good presentation at this point but i have this directory called fish if i could type right away and i'll show you what we're working with i have a couple files here uh some things that were included in this email and i want to show you the email to begin with i also have the analysis photo from when i went through this previously just to get a taste for what this thing was but it's really really cool so i'm excited to get into it let me show you the screenshots of this email that was sent to me i have a lot of this redacted of course for confidentiality but i got this email malware sample is the title here got this just a little bit ago it says hey john i watch your youtube channel all the time and i love your videos thanks so much super appreciate that i love you as well you're always asking people to email you malware samples well here you go attach is a very interesting email i received in the eml format saved in a password protected zip file i've done the same for the attached from the message itself and below is a screenshot of the original email the message itself i ran the attachment through virustotal and got the message no security vendors flagged this file as malicious which is kind of cool kind of crazy you know in a weird horrific way attached in the pdf file is the uh virustotal results page so we can check that out and we'll validate it just as well see if anything has changed in the past couple hours it says if you do make a video about this blur out any personality yeah i got you of course so here is that screenshot of the phishing email this is uh sent with the subject message from caller blah blah blah this individual i believe forward it to forward it to their i.t staff or the security staff which is a good move absolutely everyone should do that if you receive a suspicious email and send it to me just kidding uh this from address is ringcentral at the organization name which is kind of crazy ideally at least supposedly from info billingstream.net um i'm not sure if that's a legitimate domain or something that might be used i don't know here's the attachment right again this had the organization name this right here was originally a logo for that organization for that business for that company and it said hello individual's name what was really really interesting though is this had the individual's name with their first letter and then their last name which is all the information that you would be able to get out of their original email address not knowing that actual person so i have to think this is a bit targeted in a crazy way right it knew the organization's name and we'll see it all throughout the rest of this file and i'll have to blur it when we get into the sample itself because it literally knew the email target uh it says hello this person you have a new voicemail and this email has the attachment that you'd be able to take a look at new voicemail details from the specific date and time uh this duration 103 seconds which i guess is 60 one minute and 40 to get to 100 uh and then 30 another three yeah so really not two minutes and 32 seconds according to this file name but the file name is really interesting it has this little like emoji note musical note symbol and it says the vm transcript the voicemail transcript is unavailable so kind of a peculiar interesting message um of course he attached these files here for me to look at uh and the virus total there so if anyone again if you would like to send me some samples or stuff to make some cool content with please uh hit me up link uh to my email in the description below all right if we were to look at that virus total like lookup that this individual had performed 0 out of 59 no security vendors flagged this file as malicious so that goes to show maybe some preventive security might just kind of be uh snoozing on the job here but let's actually take a look at this let's uh go validate this and check it out with uh our own virus total analysis i have this file here that's the musical note and i'll display that out on its own there we go um it literally had the organization name including the file name and it's not an audio file it's not an mp3 it's not a dot web not a dot og any of that crap it's literally a dot htm file and we'll dig into it in just a second but first let's uh let's hop over to virustotal and see for ourselves what this might find or pull up let's go ahead and choose a file i'll bring this from fish yeah that's the director i was in this guy right here no security vendors flagged and saw this malaysia didn't have to do a much of a like scanning engine because this was already provided previously it has that shot hash and hey if you're if you got money on your horse in the race your anti-virus edr magic silver bullet product of choice oh it just it stings a little doesn't it uh microsoft whatever whatever vendor product etc i know this is tough to do prevention is hard uh let's get back to it though let's see what we're up against with this weird file here and this is an html document of course you could tell by the the file extension although you can't always trust.htm ascii text with very long lines and no line terminators so totally minified totally compressed let's take a look i'm going to open this up in my text editor of choice you could be using whatever you'd like right you could be using nano you could start the holy wars with vim and emacs uh you could use vs code if you're uh that kind of person but this is it in sublime text now let me turn on word wrap just so you can really uh just so you can really get this get the right impression for what we're looking at here um so syntax highlighting if honestly this line is so long that it would not be able to add in the colors for this html syntax without me adding the lines naturally on my own uh you could see we have a html document super simple html boilerplate head boilerplate script tag so we're going to be doing some javascript stuff and obviously this variable is a huge string of base64 encoded data so they're trying to be sneaky they're trying to hide you know maybe uh maybe that anti-virus product might just uh skip hop and jump right past it but look at all this guys how long is this scroll for i don't know how youtube's bitrate is going to handle that one but uh there we go after we've defined that humongous variable what do you think we do we write this out to that page to that document and we unescape so we have all the little characters from atob or the javascript function to base64 decode the contents of this variable then we end our script tag then we end our head tag then we end our body oh no we start our body with a break and literally nothing else fantastic so we know our immediate marching orders let's figure out what this base64 data really is uh let me go ahead and save a copy of this um let's make another folder no no no can i can i make a new folder yeah y-e-t for youtube um let's call it stage1 cleaned.html there we go i was trying to search for that rather than save it as the file name gnome is weird this is the this is the crutch of me being on remnucks where i'm using a different desktop environment and i'm so used to unity so we have the stage one cleaned but let's carve out all of this base64 i'm gonna call that i guess stage one chunk dot b64 because if i were to try and paste this into my terminal which i normally would do as you all know the syntax highlighting might just make a z shell choke so let's base64 attack d to decode that stage one chunk.b64 and now all of this that's going to be displayed will uh you know be the next stage in payload here let's t that out to i guess a stage two dot html because we are seeing html tags in here and it's literally going to be considered a string so now we can open up that stage two dot html and and this is what we're looking at ladies and gentlemen you can see it starts with a single quote right up here because it is originally going to be a string but would be unescaped so i'll have to remove the trailing and beginning single quotes that were up in the the start in the end here and i'll try and zoom out uh let me make sure word wrap is still on yep it is so you're seeing some stuff that's happening here and it's all of this html but it's kind of gross you can see the head tag is still in the same line as html line the title etc uh so before i start to make sense of this and comment on it let's try and clean it up i'm going to copy and paste all this and we'll hop back over to firefox so we could do like an html beautifier i guess uh you could do this with of course a plugin in your visual studio code or in sublime text literally whatever you want i'm just going to end up honestly doing it with an online tool because it's a i don't even know if i have like an html format plugin installed right now in sublime text but so this beautified i i sorry i kind of steamrolled right over that just googled an html beautifier or formatter or pritifier slapped all of the code in with a copy paste and then got to see adding tabs and new lines and spaces and good stuff however the javascript code that's kind of up here still isn't completely beautiful yet you can see the document ready function and stuff that might be jquery syntax one library in javascript that isn't isn't completely clean yet so uh let me go you know nitpick and clean up this javascript so let's go find a let's just google javascript beautifier beautifier.io should work totally fine once again slap it all in i don't care you shouldn't either you can whine and complain john use a beautifier but i won't listen to you because it's internet i'm kidding um all of this realistically i would like to have indented just a bit more yeah that's somewhat readable now so let's take a look at what we have here uh the title of this page is sign in to your account which makes me immediately think oh this is a credential harvesting attack this is some phishing email that's trying to fake a watering hole site uh to get you to enter your password or your username your login credentials so it could harvest it and collect passwords and do more damage later down the line right that that password could potentially be all the bad guys the threat actors and the hackers need unless you turn on multi-factor authentication you gotta you gotta have 2fa everywhere guys take it from me or don't you're lost i'm kidding i'm kidding that sounds so pretentious uh so what we have for this html here is that we have a lot of metadata type crappy annoying stupid information shortcut icon looks like microsoft auth.net and their cdn i don't know if that's a legitimate uh icon or not um it could very well be this this also looks like a msft auth.net with a random name css file also msft auth random name css et cetera et cetera and we get legitimate jquery we get real actual the jquery library in javascript now uh this actual script is the interesting part here because we can see we are using jquery with the syntax document ready function and we're grabbing the email that's going to be present inside of this class dot identity in the html uh and then grabbing out the contents we show some lightbox form focus on some elements set the brand disable stuff etc we don't have to take a whole lot of attention to put in in this space but what's really curious is if we end up scrolling down we see one ajax call and this ajax call is going to end up posting to a url here with the user email address that's applied as a variable and the pass the password email address now how is that retrieved it it is from the value and html of these like elements within the page and we'll we'll see that in action in just a moment but if we were to actually end up clicking a button this is setting up an event handler jquery syntax for this specific button object and that id on a click event what we do is we go ahead and show password errors which are kind of interesting it'll tell you oh oh oh if your password is empty here have that error if it's not it'll still tell you oh maybe here's a progress bar but it'll hide those other password error messages that could be present on the page and then it sends this request capturing that username and that password the successful post right once it's done it will just redirect you to legitimateoutlook.office.com are you guys putting the puzzle pieces together here what do you think that we're looking at if i were to end up scrolling down you can see okay we've got some set brand function here but the rest of this page is defining the light box as defining the images this is actually literally the background images all included in base 64. you can see the background image url for that css is just this blob of base64 encoded that way it doesn't have to externally reach out to some other website uh if it's trying to just literally encapsulate all of the file content media stuff that this page should need it's slapped into the code as embedded base64 so i know that looks like a lot of nonsense but that's kind of the purpose behind it there more html that we don't exactly need to dig into it's defining the structure of the lightbox it's displaying it in css etc uh we found at this point the most interesting piece here uh and again more images that it might be embedding in i'll scroll down very very far uh sorry this is kind of very much right aligned i don't know if that's that's weird to read but look at all the references here to end up being oh microsoft uh obviously we saw the reference to outlook and office.com uh this literally had the individual's email address in here again makes me think it very targeted spear phishing attack um i've redacted that again for the confidentiality here but this is that element here you can see that dot identity that was referenced in the jquery code it's using this element that dot identity refers to that specific class and this contents here is that redacted email or what was the real legitimate email for this individual for this victim at the target organization uh kind of crazy same thing we got the enter password display can i move to the right at all on this no it's just okay and of course the prompt hey please enter your password your account or password is incorrect if you can't remember you could try and reset it now because you're accessing sensitive info you need to verify your password blah blah blah now i know it's one thing to show you all this code it's probably another thing to get this idea in your head if i just were to literally show you the web page so because i have this all saved locally right because i've because we've kind of carved this out and found it on our own and redacted it as needed i can literally open up this stage2.html in firefox uh i guess i i should rename this to a stage two cleaned uh and then control z my way out of this okay uh i i just paused the recording so i could control z and make sure that i still ended up replacing oh i saved this is the wrong file let me uh let me rename this to uh stage two original okay i think i got it set that was me fumbling around on the keyboard so let's literally open up this file original file stage 2.html and let's see what we got what do you think ladies and gentlemen does that look like a pretty uh a pretty convincing phishing email to you uh literally jumping over to what looks like the prompt for office outlook online microsoft thing official legitimate thing uh and it would include your email address here like it knew that oh maybe you had already signed in partially or knew your account but you have to verify or re-enter your password and we could type in whatever we wanted here and if we were to hit enter or sign in click that button remember that ajax post request sends it over to that domain hurley auctions.us so with that in mind we now know that hurley auctions way back here um oh i i lost a little bit of the the formatting whatever uh hurley auctions.us that is the bad guy in this situation so they try to send this to let me let me uh add a new line here so that's more visible hurley auctions.usgsjquery.php that is allegedly the page that this all gets sent to now because it is a dot php that makes me think there's some server-side code that will end up collecting or harvesting or keeping track of these credentials that were ended up sent and passed along we know that the user was previously going to be pulled from that identity element that was pre-populated with this specific target in the spear phishing attack so with that said it may naturally just already know what users they've collected the passwords for as the threat actor and bad guy here so that's kind of crazy but let's go see what's up with this website shall we if i were to try and uh curl that specific web page hurley auctions.usgsjquery.php oh it gets angry because it's https right it probably needs something to handle uh this ssl certificate i'm not positive if that is because this is a self-signed certificate maybe we could literally open this up in our web browser uh i'm feeling pretty bold i feel like we could do that um let me show you real quick that page i'll add in tac k to not verify the ssl certificate in curl it doesn't return anything if you were to make a get request right let me uh let me go back here let's let's try and change this to a post request i'll add a tacx post to specify oh we're making a post request we just aren't supplying any username or email or anything else that that would expect no response are we getting a 200 at the very minimum let's let's try an f12 here uh i'll go back to my web browser and i'll open up the network tab if i were to reload the page 404 for jquery and favicon but um okay are we displaying the actual page will will curl show me the headers if i use uh techv or like the response code i'm dumb oh that's a 404 not found that page is no longer present supposedly but let's experiment with that a little bit we here okay we see an ip address here we can keep that in mind we could do that with showdown or anything else uh but the weird thing here let's try and go to another page because jquery.php allegedly does not return anything but let's change this to a jquery without a y at the end that returns a real 404 i have to think that the 404 that we're seeing as a response here might just be letting us know oh sure here we'll send you a 404 but will that always be telling oh that was an invalid password or something i'm not going to be able to put those puzzle pieces together right now on the fly doing some tiptoe tap dancing but literally any other page let's try to go to a dot php that returns legitimate 404. let's try and go to just gs on its own no file name can we get anywhere not found how about if i were to remove the post request and just simply try and get that we get it forbidden so we know that that does exist as an endpoint like folder or directory right what if i were to try and go to ga and again change that not found 403 forbidden versus the 404 not found makes me really feel like that gs is still present and alive and accessible going again just to get request to the root of the page 403 forbidden looking a little bit spicy there now the the greater questions that we have is because uh we we had just found the ip address here and we know from this error oh this is an apache win64 open ssl php blah blah this looks like a lamp or server and i might be wrong excuse me excuse me wamp windows apache php maybe there's a mysql in there or some or xampp or whatever still weird still pretty wacky uh do we still have that ip address oh we do let's go check it out on showdown i'm not worried i'm not i'm not concerned um an azure cloud provider hackers know where they can get some free servers right right in west u.s azure cloud over in the us oh so there is port 80 and there's what rdp allegedly open is that right what 3389 rdp when was this last updated that that is new information to me i had not seen that before okay august 13th um um um can you can you show me the rdp viewed like do you make a connection to it is this a link that i can click on oh please log in raw data uh i don't have a lastpass kind of confused and set up on here let me pause the video and do that just to poke around a little bit more okay so i've logged in to showdan now um and that raw data actually doesn't give us a whole lot oh but i did see that this sure cloud and self-signed certificate raw data will just give us kind of the json uh notion here of all of these uh interesting though that it is still seeing rdp from the 13th of august just a few days ago ip address microsoft corporation etc etc uh if i go into history noting that we previously saw port 22 open like ssh and that thought it was ubuntu okay that's back in 2019. so potentially that was something that um maybe a reused ip address in this cloud azure provider with that said i have to feel like that 3389 port is is just used for maintenance right that's how they would have interacted with this cloud machine in the first place so as attractive as that is and kind of how is enticing and it might be interesting oh ooh can we go can we go look at it can we go connect to it and play with it uh this is not our box this is not something that we could just go ahead and connect to and try to bump around uh because that is frowned upon um there's the idea where you defend forward right or you be a little bit more proactive and slightly offensive when you do some defensive work but i don't know if that's that is clearly not something that we should do nor would i want to do that on uh youtube so with that said though i will kind of wonder if we were to end up making a legitimate post request of this and including data that it really would expect like the user or email information or a password etc let me go triple check what that really needs oh yeah detail as another argument there so email user pass this is our one and only opportunity to do something fun because you could sure if you really wanted to be a little bit more of a jerk wad and spam this thing and oh just flood the thing with a bunch of info um and totally try and make a mess of this to hack back how to hack the hacker no we're not gonna do that especially not on a live video on youtube but we will act as if we were fooled let's go ahead and grab a legitimate user agent let's say what is my user agent real quick let's send this request with curl let's grab that guy let's add attack a in curl to be able to paste in that user agent and let's send some data let's say the uh it needed here the email to be set to a user email so let's say let's make this in single quotes let's say email can equal a at a.com and it needed password so password equals f you that's the most family friendly i can get here ladies and gentlemen in detail we have to set equal to zero let me uh make sure i'm not missing anything or making any mistakes i probably am but you guys will scream at me and let me know in the comments but here's our single and only packet that we'll uh send with it with a legitimate potential uh request to give data and info to these to these bad guys hello hello computer i genuinely don't know what is happening right now let me pause the video and see if this ever comes back and returns i really should have added verbose headers on that crap oh ooh came back okay so that took 20 seconds for whatever reason but literally no response and uh return value from that so yet again nothing comes from this maybe the bad guys have an a at a.com fu credential now though um but again if you wanted to do some stupid while loop and you just oh crank uh as much data annoying crap in there as you really wanted to you could do that connect to vpn connectors from tor that you would be defending forward although that is uh not uh something that i would advocate for with that said we aren't done with uh with our good friend hurley auctions.us this is where we could have a little bit more fun because we want to know i want to know where is this domain registered and how is it registered it is being hosted on an azure cloud instance but who is the domain what is the domain being registered so i'm running a whois command and let's see what we got this is fun and this is where it gets a little juicy here's our domain name and i'm not going to redact any of this because this is could very well be the potentially bad things um i'm not worried about the other individual that had sent this along to me and their confidentiality here this is a registered domain through namecheap one domain registrar that exists out there alongside godaddy and many others if there were something that were found nefarious or malicious with a registrar or registered domain through namecheap you have an abuse contact email and abuse contact phone number you could send an email over here and send that along but interestingly enough it doesn't hide or try to mask any of the details that would have been coming along with the individual that may have registered this domain now looking at this i don't know and can't say with any certainty that these are real or legitimate or if they're fake or if they're just dummy data or if a sock puppet account crap like that but there's that there's that and that and that and that and that so take it with a grain of salt take that for what you will maybe we can email this individual i might do that because i don't think there's any shame in that uh maybe that would make for a fun follow-up video let's blast an email to this fella and see what they might be up against uh is there any email reputation service i don't know if that's a thing let's let's go on another uh jolly joy ride to figure out email reputation sender five sender score i don't know check your domain registration domain reputation maybe we could see if um can i get a score or is this all fake do i need to yeah i have to enter oh enter your ip address no no no no no nope nope nope my way right out of here let's go see if um can virustotal track down a domain right let's go to virustotal url oh let's get the full url here the https jquery crap maybe virustotal can do a quick peruse okay okay thanks thanks everybody not a lot on that one huh what about the ip address how about that can you give me any juicy detail on the ip address no i mean it's i mean it's an azure cloud it's a it's an ip address from a cloud hosting provider so it's like uh that's totally variable with all of that said we've got all this so do without what you will but that you can do that you can look that up with with whois so now that we're 30 minutes into this video we are not yet done we know that we have some bad malicious malware phishing scam something that fakes and masks and masquerades as an office outlook login page as a legitimate credential harvester a real watering hole attack so let's report this thing and i think that's something i need to really do in a lot more of my videos is make sure that oh if we do see badness let's make sure that gets reported and taken down so uh name cheap name cheap hosting abuse yeah yeah yeah where can i file abuse complaints oh this uh i want to showcase this because it's good information for others to know when we see more crap like this how and where can i file abuse complaints we could send an email along to that email address that we saw in the whois output but if you need to report a domain name email address or ip address involved in any illegal or abusive activity i would consider that certainly at least one of those here are some tips to follow to make this process easier you can submit a support ticket choose abuse reports that must be it please substantiate your allegation with concrete evidence and or any relevant information to verify the abuse and help us take appropriate action can i attach screenshots because i will absolutely absolutely load you up with some real investigation stuff child abuse why did i say that out loud copyright dmca email abuse spam fraud fishing fishing fishing that's it nice if you clicked on a link or open an attachment from a suspicion suspected phishing email then you should run a virus check on your computer just to be safe malware hacking activity okay so all of this is something that can be legitimately put on how can i check if a domain image registered or hosted with neem cheap we just did that with who is i tried to zoom in there and it probably died a little bit why does everything keep right aligning processing tickets whatever let's go ahead and try and submit a ticket to report this so this is link submit ticket here uh submit a ticket do i need to create an account for this abuse reports fishing oh yeah i did it okay next your ticket details okay uh if i could learn to type here abusive domain we believe is our good friend hurley auctions abusive urls um let's grab this full jquery link targeted website the target of the phishing attack um yes please identify the abuse material and provide information reasonably submissive and pretty much located your message targeted a website please provide it to the target of the phishing attack well i'm not going to just give um uh target there your subject um known fishing scam hi name cheap in a recent investigation we had i we we we're a family here everybody we had performed on on a malicious on a suspicious email and give an attachment we had uncovered uh a what's the best way to write these things this is the fun here in a recent investigation performance suspicious email and given attachment we uncovered a html file that would fake the look and feel of the legitimate microsoft office outlook login page with a targeted username and email address waiting to receive a password in this file we uncovered that the uh entered credentials would be redirected would be posted actually to do let's grab that jquery location can i oh i can attach files yeah all right let's send out all those email addresses there waiting to receive uh we'll send it all those screenshot attachments that we had previously we performed a who is look up and deter oh my has my face been in the way the entire freaking time sorry and determined that the that this earlyactions.us domain return either a 403 or 404 on any page aside from this gs.jquery endpoint we believe that this domain is being hosted uh that the server registered with this domain azure cloud instance and harvesting credentials you know targeted and sophisticated is that is that fair to say target sophisticated phishing attack yeah yeah yeah all right let's attach files um we should prepare some though so we we have um [Music] let me share this ah let's print screen that please okay um do i have or like anything on this or where does that put screenshots ls all.png did it save those no did it just paste them anywhere paint do i seriously need to install on my remnux installation sorry guys we have taken this video off the rails apparently um and you don't really need to see this whole portion i can probably stop the video now but i wanted to uh at least showcase the process of going ahead and starting this report and then reporting it so let me get set up and i'll prepare the screenshots to attach those files so we have a legitimate case here and then i will probably get back to showcasing the video here just to wrap things up so uh if you haven't done this before now you know the process it's literally a matter of googling why did that not uh add what i wanted that's fine can i draw a box in can i literally draw a box or do i just use a paintbrush maybe a line yeah let's use a red line this is the content that you guys subscribe for i know it that right there there she is hurley actions right there um let's export this in home remnucks fish screenshots uncovered code.png that's fine um we should also very very likely get the screen i said i was gonna stop the video but no i'm apparently not so let's uh let's open up firefox on stage two again unless it's already open yeah no there it is [Music] oh i think i took a legitimate screenshot there not one remnucks i am in a vm so it might be getting wonky i think let's include the entire thing because i'm sure they'll look at all that uh and let's get back into why did it not save it or something whatever um i wanted to have the whole rest of it but that's totally fine so fishing page and how many files can i attach is there anything else that we should include in this like i don't think they really need to see the copy of stage one you know like just the just the html loader and the javascript a64 they don't need that um but what else are the who is information what might be well i mean they can look that up on their own um the emails are included in the screenshots oh sorry screen shots is a lowercase word so we've got the malware sample we could edit this though i think i think realistically they just need this so emailed02 and that's it yeah yep yup yup yup yup yup let's go send that along attach files um so let's get to remnux fish where'd it go screenshots can i take that one and that one oh can i how many of these can i attach please oh there we go i just have to specify each one apparently fantastic uncovered code yep and let's add the virustotal scan just as well you provide explicit consent to collect yes yes i don't think there's anything that's wrong in this from what we've uncovered and understood so that's that let's go ahead and uh submit this bad boy if i can solve a capture thank goodness it's not going to test me i am i really am not a robot page is loading yes your request has been received we receive your request and our team will get back to you shortly there's our ticket and there is the domain in a recent investigation we've performed a specific email and given attachment uncovered html file that would fake the look and feel of legit microsoft outlook login page with the target username and email address waiting to receive a password in this file we uncovered that the entry credentials will be posted to this domain at this end point we perform the who is look up and determine this hurricane action would you return either a 403 or 404 on any page aside from this endpoint we believe that the server register with domain is being hosted with azure cloud instances and harvesting credentials and targeting sophisticated phishing and watering whole attack reported we're doing we're do an internet police stuff i'm just kidding uh but wow golly gee everybody i hope that you thought that one was kind of fun i hope that you thought that one was kind of neat different from what we're usually like understanding a rat or some c2 callback and stuff like that but this was a phishing email that was sent along to me again by a viewer or a community member so if you'd like me to dig into some others or if we can just do any effort to hey help take down some of this bad stuff out there on the internet i'm happy to please don't hesitate to reach out email in the description and thank you so much for watching everybody hope you enjoyed this video hope you got something good out of it learn some new stuff and uh go report all the bad stuff that you find and you see it takes a village right everyone planning concert here to do better defense and cyber security so uh thanks so much everybody hope you enjoyed this video please do those youtube algorithm things like the video comment subscribe etc hit the bell uh that actually really legitimately helps the algorithm stuff so if you haven't please do hit that bell um yeah patreon and paypal if you want to support you know the drill i love you guys i'll see you in the next video take care with [Music] [Music] [Music] you

Info

Channel: John Hammond

Views: 219,717

Rating: undefined out of 5

Keywords:

Id: YWarpd4G5YM

Channel Id: undefined

Length: 47min 8sec (2828 seconds)

Published: Tue Aug 24 2021