@@uooooooooh Maybe it could be to an extent (until windows ARM becomes more widespread) if one disabled PRISM x86 emulation - though I suspect there is still a bunch of critical windows bits and/or laptop vendor/driver bits relying on it still so that may not be possible.
@@stonebubbleprivatI guess, they tried to say that it is better to run GNU/Linux or Mac OS X which indeed would protect you from the majority of malware, but I would say ‘the best antivirus is your head on your shoulders’
A few days ago I simply typed "potato" Into copilot, It then gave me an essay about something called a "Sea Apple" Yeah, AI Is really smart let me tell ya.
Sea apples are a type of sea cucumber. People like keeping them in marine aquariums, my uncle tried and found out the hard way they are poisonous and will nuke everything if they get bullied to death.
That skull malware was interesting. I can't think of any recent malware that is actually infectious. Not exactly sure what it was trying to accomplish though...
Its crazy to think malware for windows will run on ARM in the first place. AARCH64 is probably my favorite ISA, and its crazy to see how far its come. For a while 64 bit ARM was unheard of and I never anticipated Windows running on it and was used to most software not being built to support ARM.
@@Kwpolska Wonder if it's possible to turn it off until you need it as a security measure (as in you have to tell Windows to run an executable with the emulator, rather than doing it automatically, which it seems to do in the video).
Anything can become vulnerable though. The system doesn't really matter if the user gives the malware/virus admin access. Although linux makes it more difficult to get infected, it's still very possible if you allow the wrong package to get into your system
@@magicalnoodlesI remember this. The vulnerability that was in a fedora release that actually required you to not update until they patched the issue.
Probably just a basic firewall and caution. Maybe defender just because it's there and does a decent job of catching malware if you fucked up hard enough to get infected.
I don't use Windows other than for VMs. I use Mac & Linux both with defaults (no 3rd party), Apple does have a version of Windows defender, but they keep it hidden.
This happened to me when I downloaded a tool from Killnet and even folders from my external drive became shortcuts and excute cmds while opening, they were in system32 I think, I carelessly deleted and it's not opening now 😂. I don't know why I didn't scan the files
Nah - there is no malware, what are you talking about? That gibberish was just Windows trying to talk to you in a new language it invented - totally normal!
vmware hardened loader passes it (I believe by fooling the guest with a rootkit), you can kinda hack KVM / qemu with a kernel edit to be less obvious. The vm exit is extremely uncommon for malware.
@@EricParker Yeah i am pretty sure i used the "VmwareHardenedLoader" from github, and I did some additional tweaks, although this is still the only thing that's getting detected, but as you said, the vm exit is not really common for malware.
Can you do a video on IDPS like Surciata that’s bundled with UniFi hardware? Is use that in conjunction with Bitdefender but am curious on what it can actually stop. Especially the DoS and Botnet filters
I wonder if any of those PE/shellcode packers for x86/x64 would work on this ARM64 device. Maybe give xloader/formbook a try. If they do work, I'd say Microsoft did a really good job on compatibility. Lol.
Malware is made to avoid all AV software, its not like they just target Defender and call it a day, especially when the most profitable victims to infect are often the ones using 3rd party AV instead of Common Sense.
either using a kernel driver to fool the application you're trying to run, or if you're using linux & KVM you can edit the kernel so that the timing is about right. You can also patch the check out of the binary.
@@EricParker using a kvm setup, unfortunately all the patches for vmx.c(Intel) are for kernel version 6.0sum and unfortunately vmx.c has changed in my kernel version so those patches are moot, trying my best here but pre clueless when it comes to kernel dev
As I understand it, malware can still detect it's in a VM environment and/or evade the hypervisor, so how do you protect against malware escaping your VM and potentially disarming your modem or infecting host machine?
> malware can still detect it's in a VM environment Yes, there are ways of making this more difficult, IE the vmware hardened loader rootkit I use. > protect against malware escaping your VM and potentially disarming your modem or infecting host machine Might be worth a video. As far as I know it has never ever happened in the real world to anybody (although there are VM escape demos). It's possible with bad configuration (IE bad ssh settings on host) in theory. If you enable vmware tools, there have been a few exploits based on vulnerabilites in the guest editions driver, not any actual hypervisor escapes. Using Linux /mac on the hos tinstead of windows also helps.
I remember playing bedwars on some russian server and someone was sending a link to a telegram channel with supposed "cheats". Decided to download it and it turns out it was some random Python stealer made with pyinstaller
I enjoy your videos so much more when I imagine Tristan Tate with a fat cigar in his mouth talking about malware to me. Your voice sounds too similar !
Windows 10 master race I plan on emulating my games after End of Life if Valve deprecates Windows 10 I am still set for life modern Windows will still be more secure than you think after End of Life and it might be more different than we think don't push the panic button yet get a security software and you will see why. If you have a security software Valve should ALLOW YOU to continue Windows after end of life since it's basically protecting your system I wish Valve would make Windows 10 a chance to use it at your own risk only if you have a security software. Sorry not joining Linux just yet I keep coming back to Windows I've been a Windows kid all my life and REFUSE to allow Microsoft to mandate a TPM2.0 if they want me to stay then remove it already people just want to upgrade Microsoft can still fix this it's not too late to fix it in Windows 12 by opting out TPM2.0 requirements.
The best antivirus is running an environment where the virus doesn't know what to do or how to do!
seems like Windows on ARM isn''t that, though
Security through obscurity isn't a solution.
@@uooooooooh Maybe it could be to an extent (until windows ARM becomes more widespread) if one disabled PRISM x86 emulation - though I suspect there is still a bunch of critical windows bits and/or laptop vendor/driver bits relying on it still so that may not be possible.
Run them on wine!
@@stonebubbleprivatI guess, they tried to say that it is better to run GNU/Linux or Mac OS X which indeed would protect you from the majority of malware, but I would say ‘the best antivirus is your head on your shoulders’
A few days ago I simply typed "potato" Into copilot, It then gave me an essay about something called a "Sea Apple"
Yeah, AI Is really smart let me tell ya.
Hello AidoBoy. Long time no see.
We know what you have done to headquarters.
Sea apples are a type of sea cucumber. People like keeping them in marine aquariums, my uncle tried and found out the hard way they are poisonous and will nuke everything if they get bullied to death.
That skull malware was interesting. I can't think of any recent malware that is actually infectious. Not exactly sure what it was trying to accomplish though...
Simulating your brain (computer) on drugs
Actually there is no such thing as malware on windows because microsoft says in their terms of use to not make malicious software so its impossible
Clearly you haven't heard of cross-compilation.
You’ve got a point.
what if the bad guys decline the terms of use?
@@Juzevs it SAYS
damn, you're right! malware rates drop to 0%
Its crazy to think malware for windows will run on ARM in the first place. AARCH64 is probably my favorite ISA, and its crazy to see how far its come. For a while 64 bit ARM was unheard of and I never anticipated Windows running on it and was used to most software not being built to support ARM.
How was it unheard of if most smartphones had it?
Windows 11 on ARM emulates x86-64 software. The emulation is apparently good enough to allow malware to work.
@@Kwpolska It's designed to be fully backwards compatible with usermode x86 software.
"I use AARCH64 btw"
@@Kwpolska Wonder if it's possible to turn it off until you need it as a security measure (as in you have to tell Windows to run an executable with the emulator, rather than doing it automatically, which it seems to do in the video).
Windows malware in WINE on Linux on ARM next?
Yesss
i sudo a virus once but thankfully was incompatible
Bro’s UA-cam (subs) is expanding rapidly
ive been watching him since he has had 10k/5k, it's crazy on how much he has grown in not much time.
@Arasiscooli started at 8k
wow almost at 50k
I started late at 30k
i started at 2k lmao@@zombie__
I wanna see more of an investigation of the skull malware and what its end goal is
lain? is that a serial experiments reference?
✨"rybody my name is Eric" ✨
Almost 50k subscribers congratulations
id rather this guy doesnt go mainstream, never goes well
being so used to win11 aesthetics, seeing sharp corners put me off
Ew 11
Windows 11 will use the sharp edges if there aren’t any display drivers
as a hyprland user, same
@@another-niko-pfp-holder W hypr, wayland is fire
at the end of the day, windows is still windows and vulnerable as fuck
Anything can become vulnerable though. The system doesn't really matter if the user gives the malware/virus admin access. Although linux makes it more difficult to get infected, it's still very possible if you allow the wrong package to get into your system
linux and macos, the way most people use them aren't secure either
@@magicalnoodles sudo destroy_my_computer
@@magicalnoodlesI remember this. The vulnerability that was in a fedora release that actually required you to not update until they patched the issue.
@@minecrafter9099 sudo rm -rf --no-preserve-root / (don't execute that in your bash tho, it's gonna nuke your whole drive)
I ran the malware through Recorded Future's Triage and it appears to be an XMRig miner and Lumma stealer
All your videos are extremely entertaining, thanks :)
Hey Eric, what security do you use on your main system? Just insanely curious...
CommonSense
Probably just a basic firewall and caution. Maybe defender just because it's there and does a decent job of catching malware if you fucked up hard enough to get infected.
@@wrathofainz configure correctly Defender can be insane tbh
I don't use Windows other than for VMs.
I use Mac & Linux both with defaults (no 3rd party), Apple does have a version of Windows defender, but they keep it hidden.
@@EricParker thank you very much for the answer!
ur subs are growing so fast been here for 3yrs!
will you do a 50k celebration video or similar Eric?
great video as always!
This happened to me when I downloaded a tool from Killnet and even folders from my external drive became shortcuts and excute cmds while opening, they were in system32 I think, I carelessly deleted and it's not opening now 😂. I don't know why I didn't scan the files
Nah - there is no malware, what are you talking about? That gibberish was just Windows trying to talk to you in a new language it invented - totally normal!
how cute
Are there any possible workarounds for vmware on how to get around the RDTSC forcing vm exit detection?
vmware hardened loader passes it (I believe by fooling the guest with a rootkit), you can kinda hack KVM / qemu with a kernel edit to be less obvious. The vm exit is extremely uncommon for malware.
@@EricParker Yeah i am pretty sure i used the "VmwareHardenedLoader" from github, and I did some additional tweaks, although this is still the only thing that's getting detected, but as you said, the vm exit is not really common for malware.
1:35 Hang on how did we find the same malware
you should definitely do a deepin or uos demonstration
You should try to see how many viruses you can get in windows s mode
Exactly 0, but trying that might be fun.
Surprised you used a vm connected to the internet to run this. 😅
Or is it on a different vlan?
Of course if I want to see net behavior.
Can you do a video on IDPS like Surciata that’s bundled with UniFi hardware? Is use that in conjunction with Bitdefender but am curious on what it can actually stop. Especially the DoS and Botnet filters
what if every company you accepted the EULA from, owns your soul. Wouldn't that be great :)
Do they own parts of it?
What would they do with it? Inject into an AI to make it alive?
@@kirill9064 maybe who knows :)
My soul slot has a half-eaten pack of bacon lays
Mine is an Borken Soundbar
do you have the paid version of binary ninja?
yes
What exactly is ARM? I heard that many times but what is it?
What arm emulator are you using?
so we can say that it is unarmed?
Well, expected, windows emulation layers doesn't discriminate against viruses! Be safe kids!
ngl i dont know anything he is saying but its making me wanna know
i do not know how youtubers who test viruses don't wee themselves everytime they download it, i know it is a VM but i would be too paranoid
11:11 how is the tool called for editing code or what it is it looks kinda good
I think it's dnSpy, and it's not a code editor
@@redlionstudio2750Code Editor is called a IDE
Binary ninja. Not a code editor, it's a reverse engineering tool.
What do you think if you were to turn off windows antimalware executable? like derp the registry and use tools to disable it?
how did u build a scrapper
More on that soon.
It does effect my home systems...seems like no removing it and ive hired programers that just walked away from it
I wonder if any of those PE/shellcode packers for x86/x64 would work on this ARM64 device. Maybe give xloader/formbook a try. If they do work, I'd say Microsoft did a really good job on compatibility. Lol.
Hey :D, also you start to get so much subs recently :D
I thought windows itself was the malware nowadays
There is malware made to avoid the MS Defender and thats also the reason why I always recommend to instal an AV...
Or simply avoid downloading dubious software or mail attachments and you will probably be fine.
@@zombi1034 you know it's possible to get malware from trusted websites like Steam?
Malware is made to avoid all AV software, its not like they just target Defender and call it a day, especially when the most profitable victims to infect are often the ones using 3rd party AV instead of Common Sense.
Microsoft provides the OS to you with spyware, so that's nice of them for this challenge
What's the network drive on the VM?
connects to the host.
Great video!
can you share the yt scraper ?
running a quick scan will not scan all file in Defender you need to run a full scan
I am using an M1 mac and UTM.
@@EricParker you still need to do full scan Defender will only scan common known path with quick scan while full scan it scan every file on the system
Step 1: Uninstall Windows
Step 2: Install Linux
can you do a video on bloxstrap? its a like client on roblox
I
losing an arm and a leg
what vm do you use
windows sandbox you need windows 11 pro
vmware most videos, qemu a few. This is UTM under an M1 mac for ARM.
how would you pass the rdtsc check on a x86 installation?
either using a kernel driver to fool the application you're trying to run, or if you're using linux & KVM you can edit the kernel so that the timing is about right. You can also patch the check out of the binary.
@@EricParker using a kvm setup, unfortunately all the patches for vmx.c(Intel) are for kernel version 6.0sum and unfortunately vmx.c has changed in my kernel version so those patches are moot, trying my best here but pre clueless when it comes to kernel dev
you sir just gain a sub
As I understand it, malware can still detect it's in a VM environment and/or evade the hypervisor, so how do you protect against malware escaping your VM and potentially disarming your modem or infecting host machine?
> malware can still detect it's in a VM environment
Yes, there are ways of making this more difficult, IE the vmware hardened loader rootkit I use.
> protect against malware escaping your VM and potentially disarming your modem or infecting host machine
Might be worth a video. As far as I know it has never ever happened in the real world to anybody (although there are VM escape demos).
It's possible with bad configuration (IE bad ssh settings on host) in theory. If you enable vmware tools, there have been a few exploits based on vulnerabilites in the guest editions driver, not any actual hypervisor escapes. Using Linux /mac on the hos tinstead of windows also helps.
@@EricParker Cheers.
I'm having huge issues on my phone I'd let anyone curious about it to take a look at my system
My pc is still stuck, win def did nothing 😂,I trusted a Russian tg channel
I remember playing bedwars on some russian server and someone was sending a link to a telegram channel with supposed "cheats". Decided to download it and it turns out it was some random Python stealer made with pyinstaller
Also, I forgot to say that this was done in Triage vm
how did u run that. did u actualy bought it or maybe qemu catched up somehow?
Your accent is so cool what is it
UA-cam scraper?
people finding you bro! keep making videos your on the up
What is an alm?
I use typewriters and punch cards so them damn viruses cant come for me!
Step 1 get recall
username is lain🔥🗣️
1 second ago
No views
No comments
No likes
I'm first
malware is fun
I enjoy your videos so much more when I imagine Tristan Tate with a fat cigar in his mouth talking about malware to me. Your voice sounds too similar !
w video
virus for the love of the game
7000th view
Windows 10 master race I plan on emulating my games after End of Life if Valve deprecates Windows 10 I am still set for life modern Windows will still be more secure than you think after End of Life and it might be more different than we think don't push the panic button yet get a security software and you will see why. If you have a security software Valve should ALLOW YOU to continue Windows after end of life since it's basically protecting your system I wish Valve would make Windows 10 a chance to use it at your own risk only if you have a security software. Sorry not joining Linux just yet I keep coming back to Windows I've been a Windows kid all my life and REFUSE to allow Microsoft to mandate a TPM2.0 if they want me to stay then remove it already people just want to upgrade Microsoft can still fix this it's not too late to fix it in Windows 12 by opting out TPM2.0 requirements.
There's something called a full stop, use it
Hi
2nd
shut up bro
How about you leave uttp
@@Mamikokh0 sorry i didnt know its bad 😔
didnt mean for everyone to hate me
@@NatetheNintendofan i left 🫡
27th
Hi