Malware Hunting with Mark Russinovich and the Sysinternals Tools
ฝัง
- เผยแพร่เมื่อ 21 ก.ค. 2020
- Mark provides an overview of several Sysinternals tools, including Process Monitor, Process Explorer, and Autoruns, focusing on the features useful for malware analysis and removal. These utilities enable deep inspection and control of processes, file system and registry activity, and autostart execution points. He demonstrates their malware-hunting capabilities by presenting several current, real-world malware samples and using the tools to identify and clean malware.
Filmed at TechEd 2014 - วิทยาศาสตร์และเทคโนโลยี
To whom it may concern: this talk is from 2014.
I started learning computer science since 9 years old. Now I'm 17 and I'm graduating from the school and going on to a system administrator education program. Mark Russinovich was inspiring me into that for the whole last year :)
I've been using a Windows PC since windows 95. I have no desire to deal with the fails of windows from it's own software failures to viruses but unfortunately a necessity. This video is so over the top for me but informative. This guy is a SAVANT.
As one smart guy once said, computers don't fail from doing wrong what you ask them to do. They fail from doing what you ask too literally.
Great talk! I am always learning new things about the Sysinternals tools with these videos. I wish there was an updated talk. Keep it up!
This guy is a genius. I really don't know how to appreciate his work..
I totally agree!
Thanks for sharing this video Mark. I am using your tools almost every day! They are amazing and Must
his tools make you a windows internal guru in about 1h30 min. Thanks Mark!!!
I loved this. Im motivated to get Into Malware hunting on Windows and this vid fired me up even more. I will Check your Channel and Hope Theres more Like this
You inspire so many of us. :)
Amazing how powerful this tool is and the whole suite. Amazing also is that since the original winternals, it's freeware. Respect to the developers on this.
I was amazed at the amount of tools you get and the little space it takes up. Mind blown lol 😆
Good stuff mark, just add the year of the video to the title, I thought you'd actually done one for this year's ignite
great video
Super, so many useful tools
끝 없는 개선 박수 짝짝짝 = I applaud the endless improvement
Magnific Work!
I have to thank you for this amazing tools. Our analyst life is much easier
great video, i just wish it weren't so blurry... Anyone have a fixed version? Maybe one that's been run through a Deblurring AI model?
Is there a more succinct way of describing it? like my videos for example
The sigcheck doesn't seem to work for windows 10 after download.
Any update?
In the command line, you need to navigate to the directory where you saved sigcheck.
@@cts3029 Correct or you can add it to the path variable so you can access it from anywhere.
What's the buddy system?
It’s when the malware has multiple files that help one another when you try to kill it on process explorer I believe, he mentioned it in another way. For example, you have an unverified win.exe image and then you choose to kill it, when you do that his buddy steps up in his place , this will keep happening until you know the root cause and eliminate the threat. Mark mentioned that instead of killing the malware you put it to sleep “suspend” it until you fully deal with it. Hope that makes sense
💯💯
I think i have a wmi malware but its not showing up in autoruns pls halp!
there is a grayed out wmiprvse service in process explorer and it wont let me look at it there is no verification and i saw two fo the same file then one disappeared.
Are there any significant differences with malware now in 2022?
Is the information in the presentation still entirely relevant?
For cleaning the system, wouldn't it be better to fully wipe, format the drive, and reinstall Windows?
If the software you are using have unpatched or zero day vulnerabilities, you will be stuck in an infinite loop; Fully wipe drive, Reinstall Windows, Reinstall Vulnerable software/process, Get hacked again, and goto 10 (repeat). Without understanding the root cause, reinstalling windows may achieve little to nothing. In a distant future if newer programming languages with stricter enforcement for code safety like Rust or GoLang replace older ones like C for writing operating systems and application software, maybe then we can see a significant reduction in malware. Until then, keep formatting and reinstalling is the only solution for common people. There are so called opensource software contributors who are actually government agents deliberately incorporating vulnerable code to be exploited later that makes the matter more complex. You can't secure a product if some of its components are deliberately designed to exploited by certain people later.
Linux anyone? I'm sure people will bash me, touting how secure Linux is because it is open source, and there for it is safer or more secure... I can show my dog my secret diary, do you think my dog can make any sense of what's in it?
I blame powershell.
18:00
AaaS LMAOO
This is a nice presentation but the video quality sucks.
Yeah that is super annoying.
An intrussion mega virus like windose, searching for an intrusion virus.
Hilarious.
just use kaspersky and forget this flex..
At 26:00, your malware is so bad it is detected just by looking similar to other malware even though you haven't even published it as you say. Also all the malware you examine are super obvious, you make absolutely no effort to analyze something that tries to evade detection. Also everything you say is completely useless if you don't already know beforehand the name of the malware that exists on your pc.
The video has educational purposes dude, calm down.