License to Kill: Malware Hunting with the Sysinternals Tools

  Рет қаралды 72,906

Mark Russinovich

Mark Russinovich

3 жыл бұрын

This session provides an overview of several Sysinternals tools, including Process Monitor, Process Explorer, and Autoruns, focusing on the features useful for malware analysis and removal. These utilities enable deep inspection and control of processes, file system and registry activity, and autostart execution points. You will see demos for their malware-hunting capabilities through several real-world cases that used the tools to identify and clean malware, and conclude by performing a live analysis of a Stuxnet infection’s system impact.
Filmed at TechEd 2013

Пікірлер: 49
@Comm0ut
@Comm0ut 2 жыл бұрын
agvulpine nailed it and I quote because this would be a major tedium-avoider! : "Want to help us terminate malware processes? Allow us to select multiple processes in Process Explorer, and terminate all of them with one single Delete key press. Currently we have to manually terminate dozens of processes one-by-one, and often times they're multiple processes working in tandem."
@MalwareAnalysisForHedgehogs
@MalwareAnalysisForHedgehogs 3 жыл бұрын
I like your tools and love this talk. I have re-watched it a few times. I know the talk is very old. I still would like to point out that the study conducted by Google did not permit internet access for the AV scanners used in the test, which of course plummets the detection rate a lot, not only from the missing cloud features but also because lots of malware relies on Internet to show malicious behaviour. Extracting from that the general statement that AVs detect only 40% of malware is quite a stretch.
@aaronvaldes3104
@aaronvaldes3104 Жыл бұрын
0:02:00 About this Talk 0:02:46 Sysinternals Antivirus - Don't use it!!!! 0:03:25 Malware Cleaning Steps 0:07:20 What are you looking for? 0:08:53 What About Task Manager? 0:09:14 Process Explorer 0:09:59 sysinternals tools 0:10:45 Process Explorer - Process View 0:13:23 Process Explorer - Refresh Highlighting 0:14:21 Process Explorer - Tooltips 0:15:13 Process Explorer - New Features 0:15:43 Process Explorer - Detailed Process Information 0:17:14 Image Verification 0:19:07 Sigcheck and ListDlls 0:20:27 Process Explorer - Strings 0:21:17 Process Explorer - The DLL View 0:21:45 listdlls 0:22:05 Terminating Malicious Processes 0:23:44 Cleaning Autostarts 0:24:03 msconfig in Windows 8 0:24:31 Autoruns 0:27:09 Autroruns - Alternate Profiles and Offline Scanning 0:27:46 Autroruns - New Features 0:28:08 Autrorunsc 0:28:38 Deleting Autostarts 0:28:55 Tracing Malware Activity - Process Monitor 0:30:20 Process Monitor - Filtering 0:31:07 Process Monitor - category is write 0:31:43 Process Monitor - The Process Tree 0:32:19 Real World Analysis and Cleaning 0:32:35 Cleaning Winwebsec Scareware 0:41:13 The Case of the Fake Antivirus 0:42:55 scarewarez 0:42:55 Analyzing and Lockscreen.CT 0:44:45 lockscreen.ct 0:46:45 SAFE MODE with no Shell!!!! 0:48:01 The Case of the Runaway GPU 0:50:51 bitcoin miner malware - Vicenor 0:53:54 The Case of the Unexplained FTP Connections 1:04:58 Conclusion - Analyzing and Cleaning Flame 1:06:13 Stuxnet 1:09:47 Flame 1:13:50 Summary - The Future of Malware 1:15:20 Trojan Horse - A Novel
@kenmosburg2445
@kenmosburg2445 Жыл бұрын
Aaron Valdes! You and Mark are AWESOME HERO's to humanity, you do valuable things to help others, I admire and appreciate you Hero's, for not being as selfish as we humans often become~!
@kreassiva9138
@kreassiva9138 2 жыл бұрын
10:10 as a person with autism I can say this is one of the most satisfying things I have ever seen on KZfaq. Definitely the kind of things I usually do but I have never seen anyone else do until now.
@noviccen388
@noviccen388 Ай бұрын
whats it got to do with autismm ?
@JoaoLucasMacedo
@JoaoLucasMacedo 3 жыл бұрын
I'm a big fan of your work Mark. Now even more I saw you also like DaftPunk.
@sebastianfernandezmora5796
@sebastianfernandezmora5796 2 жыл бұрын
that part was hilarious
@agvulpine
@agvulpine 3 жыл бұрын
Want to help us terminate malware processes? Allow us to select multiple processes in Process Explorer, and terminate all of them with one single Delete key press. Currently we have to manually terminate dozens of processes one-by-one, and often times they're multiple processes working in tandem.
@rev.kenshostad2888
@rev.kenshostad2888 3 ай бұрын
This was made when Windows 7 was a thing... It would be nice to have an update, with newer tools...
@duncanochieng2462
@duncanochieng2462 2 ай бұрын
Woooooow! Just 2 minutes in and I already like the guy.. where have you been all my life😂
@rev.kenshostad2888
@rev.kenshostad2888 Ай бұрын
Yeah, 2 min. in and I'm going to switch to Linux...
@Siik94Skillz
@Siik94Skillz Жыл бұрын
Great great talk! loved it!
@michalialambeis4466
@michalialambeis4466 2 жыл бұрын
Thank you very much. Really helpfull upload.
@0Sejo0
@0Sejo0 3 жыл бұрын
Who's here from the TryHackMe Sysinternals room? Awesome conference by the way!
@tigger2581
@tigger2581 2 жыл бұрын
wow this guys good
@yaserbasaad7984
@yaserbasaad7984 2 жыл бұрын
Mr Mark , Is there any book or site give more practical to use the tools.
@immersivebeats
@immersivebeats 2 ай бұрын
Yeah no I are the man aren't you...u just know it all ...well done brother...u carry on sitting there ending processes
@user-nh6fq6lb7v
@user-nh6fq6lb7v Ай бұрын
Oh my old friend bitcoin if i knew what I know now.
@user-wh2vy8nf3x
@user-wh2vy8nf3x 2 ай бұрын
Great presentation
@mdd1963
@mdd1963 3 жыл бұрын
Is not this exact recorded lecture about 5-7 years old now?
@janisemulis1604
@janisemulis1604 3 жыл бұрын
It's from 2013
@mitraconsultan473
@mitraconsultan473 2 жыл бұрын
How to cloning Aplikasi in explorer..?? pleasee...
@lisaallen7891
@lisaallen7891 3 жыл бұрын
What do you think about McAfee? I have LOTS of things to say about it, but nothing nice, since IT'S malware TOO~
@user-lm2hb7dn7t
@user-lm2hb7dn7t 4 ай бұрын
Awesome!
@c-LAW
@c-LAW 3 жыл бұрын
1:50 "Show me your browser history" 99.9% of people using Windows don't know or understand the overwhelming amount of telemetry flowing from their computers to Microsoft, including browser and search history.
@RaihanAlam
@RaihanAlam 2 жыл бұрын
more like 99.99% of people using any form of computer or smart phone
@user-jk3dm5uu2m
@user-jk3dm5uu2m 2 жыл бұрын
没有字幕
@v4ltonn
@v4ltonn Ай бұрын
There was an time that malware was signed with Microsoft CERT!
@windome4rle
@windome4rle 3 жыл бұрын
Polo Ralph Lauren internals
@urielpelaezcdmx
@urielpelaezcdmx 2 ай бұрын
⭐⭐
@safetime100
@safetime100 7 ай бұрын
Legend ❤
@PassionataDance
@PassionataDance 3 жыл бұрын
Can you make a webshell hunting tool forensic compromise seeking tool.
@GabiGris
@GabiGris 2 ай бұрын
data redundancy makes the wiping easier, in particular in enterprise envioments, not for the rest of us mortals storing an epic Ultima VII saved stage for years now🥴😅
@andis2595
@andis2595 4 ай бұрын
why is this 3 year old video from 2013 😭
@immersivebeats
@immersivebeats 2 ай бұрын
its not in cyber you able to modify the date as well
@AvidDigital.m
@AvidDigital.m 5 ай бұрын
It's from 2013 - 10 yrs late | I wanted somthiing from 2023
@immersivebeats
@immersivebeats 2 ай бұрын
Where's all Ur processors now lol😅😂? Mr know it all
@tbremard
@tbremard 2 жыл бұрын
I was in trouble..... And... I.. Used... Process Monitor! And her is the Post-mortem : kzfaq.info/get/bejne/m7x1aLh9ravdqqM.html
@israelgarcia7801
@israelgarcia7801 3 ай бұрын
Wow
@immersivebeats
@immersivebeats 2 ай бұрын
Next time worry about Ur own life..dnt look so deep into mine...maybe we should start calling u 007
@immersivebeats
@immersivebeats 2 ай бұрын
busy busy busy
@immersivebeats
@immersivebeats 2 ай бұрын
Scareware????is that what u call urself..lol license to kill I don't think so
@tubeDude48
@tubeDude48 3 ай бұрын
Run RKILL and TRON rather then this crap! They automate every step and DON'T require intervention!! Another way for Microshaft to make money! 👎
@kreassiva9138
@kreassiva9138 2 жыл бұрын
10:10 as a person with autism I can say this is one of the most satisfying things I have ever seen on KZfaq. Definitely the kind of things I usually do but I have never seen anyone else do until now.
Malware Hunting with Mark Russinovich and the Sysinternals Tools
1:26:37
Mark Russinovich
Рет қаралды 62 М.
55 Most Useful FREE SOFTWARE Everyone Should Know!
48:30
Brett In Tech
Рет қаралды 1,4 МЛН
Неприятная Встреча На Мосту - Полярная звезда #shorts
00:59
Полярная звезда - Kuzey Yıldızı
Рет қаралды 4,5 МЛН
Khóa ly biệt
01:00
Đào Nguyễn Ánh - Hữu Hưng
Рет қаралды 19 МЛН
IS THIS REAL FOOD OR NOT?🤔 PIKACHU AND SONIC CONFUSE THE CAT! 😺🍫
00:41
Pass-the-Hash: How Attackers Spread and How to Stop Them
1:12:27
Mark Russinovich
Рет қаралды 20 М.
🔴 Malware Mondays Episode 01 - Identifying Malicious Activity in Process Monitor (ProcMon) Data
55:51
Threat Hunting via Sysmon - SANS Blue Team Summit
51:01
SANS Institute
Рет қаралды 59 М.
Where People Go When They Want to Hack You
34:40
CyberNews
Рет қаралды 1,1 МЛН
Sysinternals Overview | Microsoft, tools, utilities, demos
29:40
Windows IT Pro
Рет қаралды 45 М.
My “Aha!” Moment - Methods, Tips, & Lessons Learned in Threat Hunting - SANS THIR Summit 2019
33:41
SANS Digital Forensics and Incident Response
Рет қаралды 13 М.
Finding Malware with Sysinternals Process Explorer
9:26
Professor K
Рет қаралды 58 М.
Practical Malware Analysis Essentials for Incident Responders
50:49
RSA Conference
Рет қаралды 144 М.
Is your PC hacked? RAM Forensics with Volatility
14:29
The PC Security Channel
Рет қаралды 898 М.
💅🏻Айфон vs Андроид🤮
0:20
Бутылочка
Рет қаралды 490 М.
AI от Apple - ОБЪЯСНЯЕМ
24:19
Droider
Рет қаралды 131 М.
Gizli Apple Watch Özelliği😱
0:14
Safak Novruz
Рет қаралды 2,8 МЛН