Want early access to new videos and some behind the scenes content? Consider becoming a channel member kzbin.info/door/QvW_89l7f-hCMP1pzGm4xwjoin

New challange: infect the Antimalware service executable

Fun tip about Mcaffee... it doesn't actually check the files. All it does is notice it is new, gets a hash of it, and send it back to McAffe's servers for a determination there. this could take days.

i never knew you COULD hide code in the executable without directly injecting onto the actual code well i guess im going to look into the portable executable format, seems interesting

Wait, what about the code digital signature? I thought it was supposed to detect modifications.

Your content is the best. I love your vids. They are so accessible and interesting yet just detailed enough to learn something new.

Would be neat for a follow up video to see how you would code an antivirus for this virus

Great video, very interesting! Also it’s been nice to see you grow as a content creator - the videos keep getting better and better produced.

Really interesting and informative video! Always wondered how viruses are made. It's pretty fascinating what is possible when you look below the tidy surface and overcome your default mindset of wanting things to work as expected.

Love your content. Really enjoy the flow of your videos and how you walk the viewer through complex concepts.

This was quite an interesting and different video from your previous work. I'd love to see more of it!

ohh so good, this video was delightful. It enlightens clearly so many concepts, like a structured list to later later study more deeply knowing how they relate, THIS was what I most liked.

I remember learning about the Portable Executable (PE) file format writing an ELF loader for my UEFI bootloader. This is a great refresher!

This was very good. I read some books on Windows Internals a few years ago but never did anything as practical with the knowledge beyond normal development. Thanks for sharing!

Me watching and nodding along. Mhm mhm I understood nothing but loved it.

What an underrated channel, damn!

This is actually how a lot of DOS viruses worked. One of the first ways to know a system file was infected was to verify the size, so if you can obfuscate your changes by injecting code into dummy data, you could hide in plain sight. And thus the cat and mouse game that is cybersecurity.

Another fantastic video!

This is such a great video. A lot of folks like to play it safe and not share the "secrets" of malware development. The thing is, the information is all out there. There's nothing gained from hiding anything. The "bad guys" can find this information all over the place. More people knowing about it means more bad people can use it. . .but it also means more good people know how it works so that they can work to defend against it. As we all know, security by obscurity doesn't work.

plot twist: this video is a virus

I don't think I've ever heard anyone pronounce EXE the way you do. Made me chuckle a lil

Love your videos!

I love it 😮 really really nice video 😍 it's awesome how easy it was dude

It would have been nice to see a virustotal result and see how many of its AVs detect you.

yer a wizard harry

Always excited to watch a new video by you!

All you need to trip Windows defender is downloading and executing another executable (or sometimes executing another executable at all) - something I have to fight frequently as there are many perfectly reasonable reasons to do this :)

In Windows Defender you can chose to ignore a threat if you think it's a false positive. What this video really shows is that making a zero day exploit is very doable, that antivirus programs may only see certain injections in certain code-caves that it is actively looking for. From a personal point of view as a user and not a developer, I would like it if every system call was prompted on screen much like the "would you like to run this program, yes or no?", but it would show a window with what folder the program wants to change and what files it wants to affect, much like when you copy files and replace them in a folder. The same way Android apps asks for permissions to use location, microphone or access folders, I would like executable files to ask me for permission, and that all these syscalls and permissions would have to be reviewed before granting a program permissions to change certain folders. One of the most annoying things with any executable program, is when it changes a file, folder or registry index without telling you what it's changing. Most installers shows a list of things it wants to install and a user can opt out of optional packages by clicking a checklist. A program or game should say promptly: "We wish to add this to your %appdata% folder" or "Install additional libraries in this location". Since switching to SSDs, a lot of apps chose to install ludicrous big files in the %appdata% folder, which is stored on the OS drive, and it takes up a lot of space for no reason, (looking at you Spotify). There is literally no speed benefit of putting cache in %appdata% compared to putting it in the installation folder on a normal HDD, unless the program or game specifically benefit from loading certain files from an SSD. I find myself creating symlinks from a HDD and putting it into %appdata% folders very often, just to save on space. Until I get a 1TB SSD, I won't be allowing 20GB of cache files to just collect dust on the SSD for a program I run once in a blue moon. Thank you for a very educational video.

Wait, did you reupload the video with a different thumbnail/title? I'm pretty sure I've seen it on my feed before, but I didn't actually watch it yet

I really love your videos

It's important to note that all the worry about ensuring the program can still execute its own code is only a concern if you're trying to create a stealthy virus that can act without alerting the user to its presence. Plenty of viruses throughout history have foregone the stealthy approach and made it obvious when the user has run an infected program.

i read somewhere that now you can attack a pc from the bios logo and its nothing you can do about it!crazy

this is a really similar concept to win32 sality it used to bytepatch exes to run itself and was a nasty bit of kit.

this channel is so good

I love videos that are for educational purposes only. They are so.... educational. :)

9:13 Does that mean that if you were to stick with .text instead of .reloc, windows wouldn't have found any threats?

Nice video! I really like your VSCode theme, would you mind sharing your setup?

Do you always wear the AVGN fit in videos

Into - if it replicates further, it's a worm :). Or, it's simply ads..

As usual, McAfee is a total joke

Fine. I'll put down Fortnight and watch this 😂

I made a virus and I went to prison. (oh how I wish I was joking)

Hello. I like you.

Hehehe, smart. “easIER”, yet not “easY” 😅

your computer cant run infected code if all its processing power goes to 4 AVs

Video was paced way too fast for me to keep up with. Would’ve been appreciated if you slowed it down and explained things a bit more.

LOL "Don't do anything malicious" FFS! This is where stupid is as stupid does.