License to Kill: Malware Hunting with the Sysinternals Tools

preview_player
Показать описание
This session provides an overview of several Sysinternals tools, including Process Monitor, Process Explorer, and Autoruns, focusing on the features useful for malware analysis and removal. These utilities enable deep inspection and control of processes, file system and registry activity, and autostart execution points. You will see demos for their malware-hunting capabilities through several real-world cases that used the tools to identify and clean malware, and conclude by performing a live analysis of a Stuxnet infection’s system impact.

Filmed at TechEd 2013
  1. Mark Russinovich
Рекомендации по теме
License to Kill: 1:18:10

License to Kill: Malware Hunting with the Sysinternals Tools

TechEd Europe 2013 1:23:13

TechEd Europe 2013 License to Kill Malware Hunting with the Sysinternals Tools

Clean ANY malware 0:11:54

Clean ANY malware or virus off ANY Windows computer with one FREE and SIMPLE program!

Best Virus Removal 0:08:31

Best Virus Removal Tools: Cleaning a deeply infected system

Malware Hunting with 1:26:37

Malware Hunting with Mark Russinovich and the Sysinternals Tools

Malware Hunting with 0:27:36

Malware Hunting with Microsoft Sysintenals Tools | TryHackMe

Finding Malware with 0:09:26

Finding Malware with Sysinternals Process Explorer

Detect Hackers & 0:16:38

Detect Hackers & Malware on your Computer (literally for free)

Malware/ Threat Hunting 0:59:22

Malware/ Threat Hunting using Sysinternals Suite

How to know 0:10:19

How to know if your PC is hacked? Suspicious Network Activity 101

How to Remove 0:10:48

How to Remove ANY Virus from Windows in ONE STEP | Delete Virus | Remove Trojan

Malware Hunting and 0:24:34

Malware Hunting and Analysis | With Microsoft Tool Process Explorer

Threat Hunting using 0:13:42

Threat Hunting using Sysmon | Identify malicious or anomalous activity

Malware Hunting with 0:10:01

Malware Hunting with the Sysinternals Tools, Part 1 of 8

Hunting Malware With 0:04:22

Hunting Malware With Powershell | Hacoder

Malware Hunter Pro 0:03:19

Malware Hunter Pro

How to tell 0:08:57

How to tell if your PC is Hacked? Process Forensics

2. Piotr Białczak 0:42:48

2. Piotr Białczak - Hunting malware using its fingerprints

Detecting & Hunting 1:21:16

Detecting & Hunting Ransomware Operator Tools: It Is Easier Than You Think!

The Anti-Virus Tier 0:09:38

The Anti-Virus Tier List

How risky is 0:08:00

How risky is Piracy: Do cracks contain malware?

Malware hunting using 0:08:09

Malware hunting using Process Explorer (Sysinternals Suite) and VirusTotal

How to kill 0:00:46

How to kill all malware on your PC.

Hunting Malware 0:43:38

Hunting Malware

Комментарии
Автор

agvulpine nailed it and I quote because this would be a major tedium-avoider! :

"Want to help us terminate malware processes? Allow us to select multiple processes in Process Explorer, and terminate all of them with one single Delete key press. Currently we have to manually terminate dozens of processes one-by-one, and often times they're multiple processes working in tandem."

Commut
Автор

0:02:00 About this Talk
0:02:46 Sysinternals Antivirus - Don't use it!!!!
0:03:25 Malware Cleaning Steps
0:07:20 What are you looking for?
0:08:53 What About Task Manager?
0:09:14 Process Explorer
0:09:59 sysinternals tools
0:10:45 Process Explorer - Process View
0:13:23 Process Explorer - Refresh Highlighting
0:14:21 Process Explorer - Tooltips
0:15:13 Process Explorer - New Features
0:15:43 Process Explorer - Detailed Process Information
0:17:14 Image Verification
0:19:07 Sigcheck and ListDlls
0:20:27 Process Explorer - Strings
0:21:17 Process Explorer - The DLL View
0:21:45 listdlls
0:22:05 Terminating Malicious Processes
0:23:44 Cleaning Autostarts
0:24:03 msconfig in Windows 8
0:24:31 Autoruns
0:27:09 Autroruns - Alternate Profiles and Offline Scanning
0:27:46 Autroruns - New Features
0:28:08 Autrorunsc
0:28:38 Deleting Autostarts
0:28:55 Tracing Malware Activity - Process Monitor
0:30:20 Process Monitor - Filtering
0:31:07 Process Monitor - category is write
0:31:43 Process Monitor - The Process Tree
0:32:19 Real World Analysis and Cleaning
0:32:35 Cleaning Winwebsec Scareware
0:41:13 The Case of the Fake Antivirus
0:42:55 scarewarez
0:42:55 Analyzing and Lockscreen.CT
0:44:45 lockscreen.ct
0:46:45 SAFE MODE with no Shell!!!!
0:48:01 The Case of the Runaway GPU
0:50:51 bitcoin miner malware - Vicenor
0:53:54 The Case of the Unexplained FTP Connections
1:04:58 Conclusion - Analyzing and Cleaning Flame
1:06:13 Stuxnet
1:09:47 Flame
1:13:50 Summary - The Future of Malware
1:15:20 Trojan Horse - A Novel

aaronvaldes
Автор

I like your tools and love this talk. I have re-watched it a few times.

I know the talk is very old. I still would like to point out that the study conducted by Google did not permit internet access for the AV scanners used in the test, which of course plummets the detection rate a lot, not only from the missing cloud features but also because lots of malware relies on Internet to show malicious behaviour. Extracting from that the general statement that AVs detect only 40% of malware is quite a stretch.

MalwareAnalysisForHedgehogs
Автор

10:10 as a person with autism I can say this is one of the most satisfying things I have ever seen on YouTube. Definitely the kind of things I usually do but I have never seen anyone else do until now.

kreassiva
Автор

Want to help us terminate malware processes? Allow us to select multiple processes in Process Explorer, and terminate all of them with one single Delete key press. Currently we have to manually terminate dozens of processes one-by-one, and often times they're multiple processes working in tandem.

agvulpine
Автор

I'm a big fan of your work Mark. Now even more I saw you also like DaftPunk.

JoaoLucasMacedo
Автор

This was made when Windows 7 was a thing... It would be nice to have an update, with newer tools...

rev.kenshostad
Автор

Make an updated presentation on malware detection and cleaning with pdf of slides please.

KernelKrunch
Автор

Just 2 minutes in and I already like the guy.. where have you been all my life😂

duncanochieng
Автор

Who's here from the TryHackMe Sysinternals room?
Awesome conference by the way!

Sejo
Автор

Mr Mark, Is there any book or site give more practical to use the tools.

yaserbasaad
Автор

Oh my old friend bitcoin if i knew what I know now.

nhfqlbv
Автор

Is not this exact recorded lecture about 5-7 years old now?

mdd
Автор

Thank you very much. Really helpfull upload.

michalialambeis
Автор

hey so i wanted to know if sysinternals suite from microsoft store is completely safe. Thank you

alimirqasimov
Автор

What do you think about McAfee? I have LOTS of things to say about it, but nothing nice, since IT'S malware TOO~

lisaallen
Автор

1:50 "Show me your browser history" 99.9% of people using Windows don't know or understand the overwhelming amount of telemetry flowing from their computers to Microsoft, including browser and search history.

c-LAW
Автор

There was an time that malware was signed with Microsoft CERT!

vltonn
Автор

How to cloning Aplikasi in explorer..?? pleasee...

mitraconsultan
Автор

data redundancy makes the wiping easier, in particular in enterprise envioments, not for the rest of us mortals storing an epic Ultima VII saved stage for years now🥴😅

GabiGris