I am a malware guy who mostly deals with malware techniques (as in developing new techniques). AMA!

Is there such a thing as a good firewall and antivirus combo?

Comodo firewall works pretty good. For antivirus, Avira, Avast, BitDefender etc are there. Check their rankings online. Generally their home edition works good. Even free versions are good for decent enough security.

What do you say to people that adress anti-virus software as snake-oil?

My standard reply: It is perfectly possible to not get infected while not using any AV, but in case you get infected from some stuff, that could have been detected and prevented by a half decent AV, don't come to me.

You covered the easy cases.

• Not infected - not protected
• Infected - caught and prevented
• Infected - not protected

What about?

• Infected - had AV

I think that's where the previous question was relevant.

The one way to stop this is for people to stop downloading great_big_folder_of_porn.rar.exe.

Damn!

This is where witch hunt starts, depending upon severity of the case. Result can be anywhere from "Meh, reinstall whole thing", to "Whaddadeya, call the ERT right now".

I work in IT, and malwarebytes has never failed me. It has even picked up time other software has failed to, like Norton and Sophos. What are your opinions about malwarebytes?

MalwareBytes is a very good software when it comes to detection. I get it installed everywhere I have been called.

Common Sense 2015 is the best way to prevent infections

Common sense is not so common.

Don't forget to upgrade to 2016

For $855.55 we'll upgrade you to 2016S Pro Platinum Enterprise.

How much for Home edition?

How Does making Malware benefit you? Do you make money from it?

I don't sell malware. I use those techniques in my offensive trainings, and detection/prevention of those techniques in defensive trainings. Apart from trainings I have done audits, and hardening too.

Sometimes I wear an consultant hat too, mostly if there is some malware related case (incident response, for example).

oh okely dokely i misunderstood :P

It's all about the hat colour.

• White Hat: Ethical hacker/pen tester
• Black Hat: Evil hacker, wants all your data
• Grey hat: wheres the money at?

And red hat?

Fedora wearers

Ball cap wearer here :D

From google research it looks like red hat is just linux. Don't know why they made their own hat.

Because white/grey/black hats are too mainstream maybe?

A lot of people misunderstand ;)

I think part of the problem is your wording. I'm sure it's accurate, but to a layman, offensive training in malware techniques sounds like you're teaching people to fuck with my computer.

True that. I have been asked whether I sell malware countless times.

Offensive techniques are more geared towards testing the security systems in place. Something like pentesting of AV and related stuff.

Tell people you're a security researcher, maybe?

When I am speaking from some public stage, I identify myself as an independent security researcher who is more interested into malware and cryptography.

But that does not help much: bunch of attendees come to me asking for 0 days exploits, malware etc to sell in underground market.

Mostly I speak about offensive stuff, so people assume that I am constantly breaking into one thing or another.

What are your best methods for persistence and stealth in a windows based system?

Rootkits. I have used Managed Code Rootkits for both of them. If something needs to be limited to usermode for whatever reason, it can be injected into some process, and then can be hidden by removing its entry from some queues. Obviously. DLL cannot be kept at hard disk, so we keep it encrypted, decrypt it RAM and inject it directly from the RAM.

There are many more methods to hide. Which methods will be used depends upon exact case at hand.

But the detection ratio is almost close to obvious for the methods mentioned above how would you suggest to keep an evasive manner for persistence. VBR is in the rumors any insights on that.

That depends upon how you perform injections. CreateRemoteThread will get flagged immediately. Perform the injections indirectly instead (using proxies, by hijacking etc.)

There is no hard and fast rule of evasion. You gotta try various methods, and see how it works out. Generally, scattering the techniques here and there helps (basically, make it a multi-piece malware so that no single piece is flagged on its own.)

What is the coolest malware technique you have ever seen?

1. Running mutation engine entirely on graphics card (independent of CPU), without CUDA or AMD APP support.

2. Firmware level malware (http://www.tripwire.com/state-of-security/security-data-protection/backdoors-hardware-attacks-rakshasa-malware/)

3. Hypervisors in rootkits (http://www.zdnet.com/article/blue-pill-the-first-effective-hypervisor-rootkit/)

without CUDA or AMD APP support

Soooo... OpenCL?

Not OpenCL. OpenGL shaders.

Why use OpenGL shaders when OpenCL is available?

Because OpenCL does not work on older hardware.

Ransomware scares the crap out of me.

What's the best course of action if one of those bastards pop up?

Is there a good defense?

Always keep a recent working backup, and make sure your users have some common sense.

In some cases, when ransomware is using symmetric cryptography (encryption and decryption keys are same), it is possible to recover data by grabbing the key from reverse engineering of ransomware. Still, it is a serious pain in ass, so having a backup, and recovering from it is the best way to go.

Generally ransomware uses asymmetic crypto (something like RSA), and in this case you are out of luck. Backup is the only way.

BTW, DON'T pay ransom to those retards. It is never a good idea.

How do people get infected by ransomware? Is it possible to get it even if you don't click on links in unexpected emails or run .exe files from dodgy sites?

The same way people get infected by any other malware.

Not completely impossible, but you will be pretty much safe if you follow Common Sense of Internet 101.

Are there any effective steps we can take to prevent malware infection that most people aren't aware of? (Other than using common sense, don't click that suspicious thing and then click through warning prompts about it, etc)

Malware infection can be avoided just by being careful, and following classical gyan (common sense, don't click that suspicious thing and then click through warning prompts about it, etc)

do you speak hindi

Yes I do.

apne sikhi h bad m ya nationality ki wajah se ?? :P

हिन्दी मेरी मातृभाषा है|

English: Hindi is my mothertongue.

you wrote that you are giving exams ,may I ask which exam?

BCA first semester. Signed up for a distance learning course, just for sake of a damn degree.

How much of your consultant work in the business boils down to "Of course having a 3 letter password was a bad idea." Or similar?

around 30-45%.

Speaking of three letter passwords, is a 4-digit PIN reasonably secure? I wouldn't think it is, due to only having 9 characters to choose from compared to an alphanumeric pass.

You should use passphrase on phone too. I guess almost all phones have option to use passphrase in place of some short pin.

What books or learning material would you recommend for someone getting started in this field?

For reverse engineering:

1. http://www.amazon.com/Practical-Reverse-Engineering-Reversing-Obfuscation/dp/1118787315/ref=sr_1_1?s=books&ie=UTF8&qid=1450459302&sr=1-1&keywords=reverse+engineering

2. http://www.amazon.com/Reversing-Secrets-Engineering-Eldad-Eilam/dp/0764574817/ref=sr_1_2?s=books&ie=UTF8&qid=1450459302&sr=1-2&keywords=reverse+engineering

3. http://www.amazon.com/IDA-Pro-Book-Unofficial-Disassembler/dp/1593272898/ref=sr_1_7?s=books&ie=UTF8&qid=1450459302&sr=1-7&keywords=reverse+engineering

For malware analysis and malware techniques

1. http://www.amazon.com/Practical-Malware-Analysis-Hands--Dissecting/dp/1593272901/ref=sr_1_10?s=books&ie=UTF8&qid=1450459302&sr=1-10&keywords=reverse+engineering

2. http://www.amazon.com/Malware-Analysts-Cookbook-DVD-Techniques/dp/0470613033/ref=sr_1_2?s=books&ie=UTF8&qid=1450459367&sr=1-2&keywords=malware+analysis

3. http://www.amazon.com/Art-Memory-Forensics-Detecting-Malware/dp/1118825098/ref=sr_1_5?s=books&ie=UTF8&qid=1450459367&sr=1-5&keywords=malware+analysis

For programming

1. Complete Reference C and Complete Reference C++

2. NASM Manual

3. Intel Software Developer Manual (http://www.intel.com/content/www/us/en/processors/architectures-software-developer-manuals.html)

This should be enough for you to get started.

What IDA Pro alternative would you recommend for those who can't afford.

And how about debuggers? I've been using immunity and Ollydbg so far.

For non-commercial use, free version of IDA Pro is available. Link: https://www.hex-rays.com/products/ida/support/download_freeware.shtml Other similar tools:

1. Hopper (http://www.hopperapp.com/)
2. x64 Debug (http://x64dbg.com/#start)
3. Visual DuxDebugger (http://www.duxcore.com/index.php/prod/visual-duxdebugger/overview)
4. PE Explorer's Disassembler (http://www.heaventools.com/PE_Explorer_disassembler.htm)
5. Hiew (http://www.hiew.ru/)
6. Radare2 (http://radare.org/y/)
7. ODA (http://www.onlinedisassembler.com/)

How does one get into this sort of field? (i.e white-hat hacking & malware development)

By studying about malware techniques from malware analysis books, and then deploying them in Proof of Concept malware. Knowledge of reverse engineering, assembly, C, C++ will be helpful. Also, one should learn about his target platform in depth.

You can grab some malware samples, and try to analyze them. Learn how they work, and then try to replicate the behaviour. With time, a lot of things will become obvious, and you will be able to invent new malware techniques too.

If you can find some malware techniques related course, attend it. Most of the time they are restricted to corporate and gov people.

I too give malware related trainings. Let me know if you are interested.

Where did you learn reverse engineering? I took assembly in school, cs major, and would like to learn. I've done some basic things with ollydbg but nothing even remotely advanced. Any suggestion on where/how to start learning?

Please refer to my response here: https://www.reddit.com/r/IAmA/comments/3xbrnq/i_am_a_malware_guy_who_mostly_deals_with_malware/cy3kr1x

I too give malware related trainings. Let me know if you are interested.

I'm interested, can you give me more details?

Let us discuss in private message.

One of the reasons I use Ubuntu (and its flavors) is the reputation for safety from viruses and malware. Is that reputation deserved?

They are safe from common malware just because LINUX is not mainstream in desktop segment. It is perfectly possible, and not too difficult to make malware for LINUX platform.

Second thing, average Windows user is dumber than average LINUX user. Average Windows user will download and run freemoviedownloader.exe, but av average LINUX user won't, (assuming it is valid ELF binary and can be run).

Before someone gets offended on my second point, please note that this is my general observation. Everyone is different, and exceptions are everywhere.

Also you did say average, there are a lot of terrible users of windows - my dad freaked out over a banner ad that said his computer had 18 viruses, so he clicked on it, getting a virus. I don't think he even knows what Linux is - Linux 80% of the time is used by people who know how to use a computer safely, because there is a higher barrier of entry.

Windows users obviously still can be computer literate, it's just taking all the terrible usage of computers brings their average down.

I agree. Even my parents are like that. My dad has heard that there is something called LINUX. He once asked me why do I use LINUX, because it is supposed to be used by scientists, and I am not a scientist. No idea where he got this information.

Hacking? Are you stealing money from banks, kid? That's what all hackers do, no?

On a serious note, barrier to entry definitely helps.

Silly question perhaps, but why do you keep putting Linux in all-caps?

Out of habit. I don't even remember how and when did I caught this habit.

Yeah, I wonder that too, because unlike UNIX it has never at any time in Linux's history been a correct way to type it.

Let's throw in a serious question too, then. If you were to look into making malware for Linux, what would be your first thoughts on possible vectors?

Rootkits, infected loader, shared object hijacking (similar to DLL hijacking, but on Linux), maybe injecting shared objects etc etc.

In case you asked about vectors to get malware on target machine, it will be through some vulnerability which results in arbitrary code execution. Run a shellcode which downloads and plants the malware. Obviously, privilege escalation will also be required, so one more vvlnerability for that.

That would have huge implications, since many Linux users have no tools for detecting an infection like that. Do you think they should?

Right now, there are not that many malware for Linux, so having common sense, and being careful is more than enough to remain safe.

I don't even know whether some AV exists for Linux or not.

Many Linux users never download binaries from websites. Repositories are the preferred source for software, because it's secure and convenient.

Now that iOS, Android and Windows 8+10 have introduced this app store/repository thinking to the mainstream, do you think it will reduce infections in the main population? Obviously some individuals will still download stupid stuff like ultimate_pron_collection.zip.exe, but I'm interested in the large masses who don't. They download their games and wallpapers from an app store, which should be malware free. Do you think this change will improve the security of most users?

Malware authors will start pushing fraudelant apps in app store. There already have been such cases on Google Play Store and Apple App Store (or whatever it is called).

But still, this will improve the security to some extent, because every submission is subject to security scrutiny before it gets published for public access. It is possible to avoid detection in scrutiny stage, but still it will prevent lame attempts.

There is plenty of malware for Linux based systems!

Yeah, but the simple things like banner ads saying "YOUR COMPUTER HAS ELEVEN VIRUSES, CLICK HERE TO FIX" aren't even gonna come close to fooling someone savvy enough to properly run Linux.

Also, Linux makes up much, much less of the OS market than Windows does, and you'd get a lot more effectiveness with a Windows virus than a Linux-only one.

In server market, Linux dominates. But then those servers are hardened, and patched.

In server segment, malware is a lucrative idea to get some benefits.

I am very knowledgable in IT for close to 20 years, though I never finished college. Is it possible to get into that side of the industry with certifications alone? Such as the certified ethical hacker programs?

Did you watch Mr. Robot? If so, what were your thoughts?

Wow mate, high five. I am just 23, and I too am drop out. No certifications so far. All I have is some knowledge gained by self study, and some talk in conferences in related topics (most of them are related to cryptomalware and malicious crypto stuff). Certificates related to field (like GIAC GREM etc) will help definitely.

Yeah I watched Mr. Robot. Although hacking is not depicted totally accurately, still it is much much better than in random hacker movies. Psychology of Elliot is strikingly similar to some hardcore people I know. I would say, similar psychology is pretty common. Most of the techniques showcased there are accurate upto decent level.

I'm in the same boat, never finished high school, but i program in pretty much all popular languages, i admin all sorts *nix box. I have a very good knowledge in white hat hacking and more.

But for some sad reason most of the world runs on certification, you need to make contacts that will give you work and spread your name to other companies. Once you get to know some people and people recommend you then you don't needs certs.

Certificates work like a proxy to judge people. Giving some work, and then evaluating it is very time consuming, that's why people want to see degrees and certifications.

But yeah, once you get a good name, certifications and degrees don't matter much. Except for HR people who think CEH is very hardcore course which makes you super 1337 c00l hax0r.

I've recently seen that ads use a device's mic to listen the environement and cross check other devices in the house to target tailored ads. Are you guys doing anything to prevent this?

Right now, nope. I mostly deal with malicious stuff in native code, kernel land or .NET.

One way to prevent this is to deny access to hardware, or maybe hook the APIs and cancel the call if it seems to be coming from some ad in browser. Just an idea.

a malware guy

uhh, which malware guy?

One of the many :P

But do hackers actually wear colored hats?

At the very least I like to think they do

No, we don't. Except when we are having fun (parties, tours blah blah)

Compared to mobile OS' how has the malware game changed with the proliferation of sandboxing and permission schemes? Is it harder to create effective malware?

I am not mobile domain, so will ask a friend and update you.

Overall, sandboxing and permissions are not major hurdles. All you need is a single vulnerability to bypass permissions (FYI, such vulnerability exists in kernel v4.2.5; did not test later versions).

Is it harder to create effective malware? Not much, as long as you have in-depth knowledge of target OS, architecture, platform/runtime etc. By in depth, I mean really really deep knowledge.

In a war between evil and good geniuses, evil genius ALWAYS wins.

EDIT: Finally android dude responded, and his response is pasted here verbatim

RESPONSE Yes it is pretty hard. Malware on mobile phones makes sense only through 0day exploit or via user dumbness. This dumbnes needs to be much more serious that dumbness required of a user to run a malware on his/her windows pc. END RESPONSE

I am honestly scared, because within my first months of using Android I got an adware. A friend of mine even got a ransomware that rooted the phone, elevated its priority, moved itself to /system, filled phone's storage with very disturbing videos that had to come from the deepest corners of the deep web (I could still access MTP) blocked access to safe mode, removed the recovery mode and all that was working was really the bootloader.

What the fuck did we do basides enabling external sources and installing an App that was "independent" and "not distrubuted through the play store"? We both installed an App that was "independent" and "not distrubuted through the play store" I guess.

Stick to Play Store. Submissions are scrutinized before publishing, so chances of hitting a malware are low (but not zero).

Is Amazon Underground fine? I get a lot of apps from it and I do not really know whether I should trust it or not

I have never used Amazon Underground. Check their policies. If they are scrutinizing submission (which I hope they do), you can trust the apps to sufficient extent.

No company wants to spoil its reputation by delivering malicous apps. Be limited to apps launched by well known companies/brands/publishers.

Thank you!

Welcome

Can you talk about the state of Mac Malware? Specifically, and the impact Rootless (system integrity protection) may have?

I am sorry, I have no experience of Mac. I will check with my friends, and if I can get something, I will share it here.

What do you think about sandboxing untrusted programs with e.g. Sandboxie or with any other similar software? Do they offer enough protection from common malware and does any known malware have techniques to escape sanboxes?

Sandboxes are very common method to analyze the malware dynamically. But you should not trust it too much, and malware tends to disguise as a non-malicious program if it detects presence of sandbox, or sometimes even virtual machine.

I don't directly deal with analysis of new malware, so I cannot give you a list. But there are malware known to detect and even escape sandbox.

PS: Sandbox detection techniques are more generic (as in, they work on multiple sandboxes) than sandbox escape techniques. Escape techniques are mostly specific to sandbox in question, sometimes specific to a particular version.

What's the salary for your position.?

I am not on a full time job, so there is nothing like a fixed salary. My charges vary from project to project, depending upon type and scale of work, time and effort required, whether it can be done from home or I need to fly to another part of world etc.

How do you test against AV products? Do you have some setup where you can submit a hack to all the engines at once to check for detection?

You can use some online scanner like VirusTotal (https://www.virustotal.com/)

Keep in mind that if you send some sample to these scanners, they will be shared with AV companies too. That means, I can kiss goodbye to my lovely malware once I test it on some online scanner.

Generally, I send my malware samples to some friends who have multiple VMs with different AV scanners. VM is booted from fresh snapshot, signatures are updated, network is disconnected, snapshot is taken, malware is tested, and then VM is restored to previous snapshot.

It is even possible to automate all this stuff, one of my friend has automated all this for Qemu running on LINUX server.

No need to mention, they all are from similar domain (but more into analysis and/or incident response side).

Why do macs not get viruses? Is this even true. As a Mac user, I've never used any sort of defence mechanism to keep my computer protected. but now.. I kinda feel the need to because it seems bizzare to me that just because it's a mac..it can't be harmed. Can you recommend any useful products to keep me protected?

Malware for Mac have been in wild for some time. Again, Mac is not dominating in desktop segment, and therefore is not primary target for malware.

You can try MalwareBytes Anti-Malware (https://www.malwarebytes.org/antimalware/mac/), Kaspersky Internet Security for Mac (http://www.kaspersky.com/security-mac) etc. Please note that I am not a Mac user, so I have no first hand experience. I just googled, and shared some top results.

How easy is it to get malware online? When can even experienced users be fooled?

Getting a malware online is not that difficult. Have you seen those ads which claim that your system is infected, and you need to click here to get rid of them? They are spreading malicious stuff.

Want to fool experienced users? That depends how much experience they have. The more experience they had, the hard it is to fool them.

How safe am I then if I use an ad blocker+tracking cookie blocker and noscript?

Very much safe. Chances of hitting a malware from some website is very low for you.

How good is Windows 10 built in protection?

Most of them can be bypassed. I have not worked on every single security feature yet (because most of the time I am on Linux).

Most of this thread has been in response to Malware that has infected their computers but I haven't seen anything regarding infected websites. What is your experience with infected websites, open source platforms, web application firewalls, etc? What should someone do if their website gets infected?

I have no experience of web application firewalls.

Generally infected websites spread malware through ads (flash), applets (java), or javascripts. You can restore it to clean state if you have backup of entire website.

Make sure you patch the exploited vulnerabilities too. Go for periodic pen-testing, hire someone who can do it for you, ask him to pen-test, get it patched.

What are your qualifications? What languages have you learnt?

All the theory stuff and writing part of Computer Science, will it be useful? I hate writing all that, but before my teacher taught programming(he does a shitty job at explaining)(and he made us write a lot of stuff) I had learnt the basics of programming and had coded in C++. I did not WRITE a single word. I just read and created simple codes that would execute flawlessly. I would say that there needs to be more focus on practicals.

I plan to focus on Computer Science because I want to become a game programmer. But that writing part in school bores me.

Note: The theory I'm talking about here is just definitions of this and that.

Formally, I am just Intermediate (10 + 2) from CBSE Board. Took admission in BTech CSE, but dropped as faculty was total shit.

I have learnt C, C++, assembly, C#, Python (little bit). I learnt many more languages and technologies, but forgot most of them due to zero contact for long time.

Theory part of CS, definitely. Pay special attention to data structures (not only how to implement one, but also when and where to use it, as well as when and where to avoid it), various algorithms (apart from implementation, learn use cases of them. You should know when to use algo A, and when to use algo B for same job.) and analysis part, theory of computing, automata etc. Bonus points if you grok compiler design too (it will teach you a lot of usefull skills like how to write a parser, dependency graphs, aggressive optimizations etc). Only definitions won't benefit much.

Writing part? Are you referring to assignments? They are utter crap and huge waste of time and effort (at least in India, except IITs (I guess, no first hand exp), IISc, NITs). Better to invest your time in practicing programming or some other stuff you are interested in (sketching? sports maybe?).

I hate writing all that, but before my teacher taught programming(he does a shitty job at explaining)(and he made us write a lot of stuff) I had learnt the basics of programming

I can relate with this part. I don't know which part of world you are from, but the description look so much like Indian system.

I am from India. Cbse board. The board is so shitty.

Thanks for the advice.

I plan to become a programmer. I will have to take admission is B.Cs.

What are a few good places for my course where I Can get lots of internship opportunities too?

Cbse board. The board is so shitty.

Board is not shitty, teachers are.

For internship, check with various startups in Bangalore, Kochi etc.

Why do people make Malware such as Trojan Horses in the first place? Is it really just sociopathy and bastardness?

That differs from person to person. There are people who develop malware because they can, there are people who are developing for money and selling to scammers and other cyber criminals, there are people who develop because they can (bragging rights, you know).

Then there are people like me, who do it out of curiosity, and share the knowledge with others so that they can secure themselves; can investigate malware powered cyber crime and/or incident etc.

Do you wear any actual hats? (e.g. - fedora, trilby, ball cap, etc)

In summer, I wear ball caps. Fedora is not that popular here.

How easy is it to get a job as a skilled malware reverser?

Skilled malware reversers are almost always in demand. How much work you can grab is mostly dependent upon your skill set, experience, and contacts.

For a full time job, you may try in AV companies, Emergency Response Teams etc.

What would you recommend for server side security? (For Windows server 2012R2)

A good firewall with good configuration, a solid AV, IDS, multilayer security (if one layer gets compromised, another will save you) etc.

Don't push some new piece of software straight on live server (even if it is an update). Test it on another machine, confirm its authenticity, and then install on actual server.

A server admin will be in better place to suggest this.

Any advice to Mac users on vulnerabilities?

Sorry, did not get you. Would you mind clarifying the question a bit?

how to learn linux programming which languages are best suited for this ?

C, C++, Assembly are best suited for the purpose. For managed code rootktis part, learn Java and/or .NET.

For Linux programming, have a look at (http://www.amazon.com/Linux-Programming-Interface-System-Handbook/dp/1593272200/ref=sr_1_1?s=books&ie=UTF8&qid=1450511098&sr=1-1&keywords=LINUX+Programming). In fact, this is a must read book IMHO. Apart from this, you can try these too:

1. http://www.amazon.com/Beginning-Linux-Programming-Neil-Matthew/dp/0470147628/ref=sr_1_2?s=books&ie=UTF8&qid=1450511098&sr=1-2&keywords=LINUX+Programming

2. http://www.amazon.com/Linux-System-Programming-Talking-Directly/dp/1449339530/ref=sr_1_4?s=books&ie=UTF8&qid=1450511098&sr=1-4&keywords=LINUX+Programming

3. http://www.amazon.com/Linux-Programming-Example-Arnold-Robbins/dp/0131429647/ref=sr_1_5?s=books&ie=UTF8&qid=1450511098&sr=1-5&keywords=LINUX+Programming

EDIT: Formatting

Do you perform any reporting to companies if you discover a vulnerability or something like that? I'm curious how you've been received if you have tried to help a company out.

Nope. I don't report at all. I just keep that into my collection.

Actually, many people are very skeptical about malware people. They be like, "He may plant some malware in our system/network if he gets pissed off. Better to keep him away from us".

That's the attitude I was thinking was common. I appreciate the work you do if that helps :)

Thank you for appreciation :)

On the school computers, we use VMware and for some reason, Yahoo! for chrome and (not)RealDownloader auto install. The C: drive doesn't save, is there any way to remove these?

I am not an expert on Windows admin stuff, but my first guess is policies. One way is to get access of administrator account, and change policies for user account. There are many ways to access administrator account even if you don't know the password (overwriting NTLM hashes or bruteforcing them using bootable disk; creating a naive backdoor etc etc). Use Google.

PS: Don't do it on school systems. Play on your own instead.

How well do the common OTC/retail firewall software programs work?

They well pretty well, if you know how to configure them properly. Most of the time, it is not the firewall which was shitty, it is the configuration which is shitty.

As an IT professional I have come to swear by Malwarebytes as my first stop for infection removal, usually because its also often the last due to the system being "cleaned"

What is your opinion on the software?

It is pretty good software, and I recommend it to most of the clients.

What easy-to-run anti-malware detection and removal software would you recommend to remove the most common malware after an infection, such as drive-by malicious ads etc?

Use some bootable scanner, boot with it, and scan. You can use one from Avira (http://www.avira.com/en/download/product/avira-rescue-system)

There are other vendors too. A simple Google search should reveal them.

Do you take part in CTFs (Cature the Flag competitions)? Do you feel they are representative?

No, I don't play CTFs. Ob course they are representative of reverseing capabilities of the teams.

Your "Proof" should have just been a virus

I can't do that for obvious reasons. Do you really want noobs to play with malware? and fuck some random systems??

Do you do malware analysis or development? bit confused with your bio there.

What exactly do you mean by malware construction techniques? Are you referring to packer/crypter?

What sort of kernel malware have you written? What do you think about newer Windows protections like PatchGuard? Does isolated usermode prevents any of your techniques?

What you mean by managed rootkits? Written in managed languages like C#/Java? Who writes rootkits in managed languages anyway?

Have you ever written any proper malware other than for your training?

If you have exams tomorrow, what's the big hurry in doing a AMA today?

Mostly development, some analysis work too.

I am referring to rootkits (syscall hooking, injection by live memory patching etc etc), loggers, stealers, injectors, cryptomalware, mutation engines (aka self modifying codes) etc.

All kernel rootkits I have written are for Linux. Made one for system wide monitoring using syscall hooks, another one to infect /dev/random and /dev/urandom. I have not tried those newer features yet, as I am working on some rootkits and mutation techniques on Linux (they can be ported to Windows and Mac too)

Managed rootkits are written in managed languages like C# and Java. .NET is preinstalled on Windows, so obviously it gives one more attack surface.

Yeah, as a research work to get it published. I have submitted one in BloomCON, held by Bloomsburg University.

Exams are boring. :P

None of these technique seems to be new or advanced (known from ages, many of them are).

Who writes rootkits in C#? What you mean by it gives more attack surface? You are not exploiting anything inherent to .NET framework, are you?

True that. Most of the advanced work is related to GPU powered malware (again not a new idea), or sometimes sound-card powered malware (only on high end sound cards which are powered by programmable DSPs).

While it is true that most of these techniques are known since ages, same method does not work for too long. Software is changed, bugs are fixed, AV and other security systems become smarter etc. You need to keep updating your methods even for known techniques.

.NET Framework provides a way to hide malicious code. Nothing inherent to .NET is being exploited.

What are your thoughts on next-generation endpoint protection solutions such as Cylance, CrowdStrike, SentinelOne, etc?

They give peace of mind most of the time. Although nothing stops a dedicated hacker from screwing you given enough time and resource, you will be pretty much safe from wild threats.

PS: 0 experience of these products. The above stuff is coming from some friends.

I am interested with Linux and it's security(I use it too.) How well protected are stupid users that do not have root access that 'click around' and what additional security measures should we add for them?

Clicking around will result in browser based attacks.

Not having root access (assuming you cannot have root access), eliminates a lot of lame attempts. SInce most of the malware in wild is for Windows, you are pretty safe.

Additional security measures: don't be stupid.