In your experience, which current malware type is the most devastating for the PC? I think fileless malware is pretty bad but it still doesn’t seem to be very prevalent, surprisingly. Most fileless malware i’ve seen uses dated Internet Explorer ActiveX weaknesses which are not as common now adays. Wondering if you guys have encountered anything more recent in this realm
Posts made by Mondragon
What is the most devastating malware for the PC currently?
@hyperootkit also note that with modern Windows, a good idea is to be familiar with how drivers work and how user-mode code communicates with drivers. for example you should learn about IOCTLs and DeviceIoControl() API. If you are able to find a vulnerability in a common driver, you could install a rootkit this way because you will have code execution in the kernel memory space. This is important now because of protections against SSDT hooking and PatchGuard.
Microsoft’s MSDN site has pretty good guides on how to develop drivers now if you really want to learn a lot. Try Device Drivers and MiniFilter drivers for practice. But you will need WinDbg, VirtualKD, and VMWare to do this effectively.
Does anyone feel that bitcoin miners will take over and ransomware will disappear or do you think ransomware is going to stay for a few more years as the most lucrative type of malware for blackhats? Both of these are quite lucrative but the implications are different. Miners require more widespread infection like a botnet whereas ransomware can be more localized to gain profits.
RE: Analysing Malware ATM JackPot
I would recommend if any one want start hardware reversing, the best is to start use https://www.saleae.com/ this it’s very good and has good BP
Ah yes this is a great one. My friend has this one