We will have a live discord workshop and hangout to discuss some of the concepts in this video, building a malware lab etc. Make sure you sign up in the events section of our discord if you'd like to attend next week: discord.com/invite/XyM5SJqZ?event=1112466823535919194
@@Zach-Hyde Excessive data collection, blatant GDPR violations, proprietary, shady af CEO, very easy to abuse the reporting system... There's a few reasons to avoid it.
Just so you know, the example script you showed could potentially have a huge vulnerability, because if the server hosting that file with the IPs ever gets compromised, an attacker could basically inject whatever Powershell command they want in place of the "ip" that you're appending to the command string, and just like that they can perform arbitrary remote code execution on your PC.
it would be a good idea to just make a weekly reminder to manually download the file from a legitimate site rather than automatically downloading it every day
If anything like that does happen Your antivirus product will kick in to block those threats or block RCE using its behavioral component. If the antivirus is from reputable company ofc.....
A simple more or less effective solution, would be accept only numeric values, and maybe apply some kind of pattern detection to check if it is in an ip valid format.
@TPSC Just to stay safe, when parsing those IP addresses, you can create a regex pattern that would match only IP addresses and nothing else. That would make the process of injecting remote code much more difficult.
Leo, you are talking to normal people here. Unless you show us all step by step from a blank start,this is very good content for tech heads, clear to me and maybe most as Mud.
I think he makes some assumptions since I think a "normal" person, as it were, wouldn't be actively watching a PC security channel. If it were a safe assumption to believe the average person would, it wouldn't repeatedly show most common passwords being like 123456
The proper way to do it is at the firewall/router level! A proper malware that came through phishing would have no problem disabling the windows firewall completely.
In addition, you can make this more automated by adding a task to task scheduler to run this script every day using pythonw, so you don't get the terminal popup while using your computer.
@@ireallyreallyreallylikethisimg The list in his example is tiny - ~2kb, so no.. He deletes everything already blocked, and then adds everything from the most recent list.. You could probably find a lot bigger ip lists online - but never multiple gb's.. If that's the case you'd better off whitelisting the IPs you trust :)
Thanks for the video - I went down a slightly different path. Firstly - I wasn't sure when you said "delete all the rules every day" you meant the default ones windows already had, so that wasn't clear at all. If you were deleting your firewall rules everyday, a good script would include a command line to backup the firewall rules that are already there before deletion. Not all of us are gurus so a safe backup practise is very healthy :) Also, secondly, I go back a bit :) am over 50 (used the text based early internet) and remember using a program called peerblock. Love it or hate it, it is still to my surprise available to download. It's also portable. I don't recommend anyone use it BUT it does give the option of leaving the firewall (and settings untouched). By me using this program ( a proof of concept too) it was able to suck up the complete block list :) For it to work it needs to run all the time. Back in the day it was popular but then unpopular probably because someone worked out how to bypass it........... Still really appreciate these videos and learned about the abuse list from it, Thanks so much......!
awesome vid dude thank you! im getting into cyber security, doing a course so i can get my foot through the door an stuff like this is so helpful on my journey. The reason i decided to get into cyber sec is because I was playing a game one night and some dude got mad an hit me offline, i couldnt play for a whole day almost. With zero knowledge on how to combat that I was like yeah I wanna learn this stuff an so here I am. Thanks again! I look forward to learning more stuff from your vids! cheers!
Yes. I thought about that but this was just the simplest way I could find to implement it. If you can make a more efficient version that works I’m happy to pin it.
I would love to have a list of malicious Microsoft IP's that were updated daily and implemented the way you demonstrated... What I have done manually is blocking the Windows Search executable, it works well, although it delays the local search function a bit. Thanks for this interesting video!
Hi, Thanks for the to the point video. I do have one comment, in my opinion it would be more clean to have one "BadIP" rule with all the IP address in it instead of having 100+ firewall rules. can you also show how to do that with the python script?
Hi there, it was one of the best tutorial videos you made and shared with us. kindly upload more like this content regarding the block Vulnerable IP to protect more on Windows and router. thnx
Great stuff. I used your script but it wasn’t adding in the rules. With help of ChatGpt, I managed to make few changes and it is running perfectly in my Windows 11 22H2 version. Thank you 🙏
You could do this on every host but i think it would be way smarter to do this on a central router/firewall solution like pfsense/opnsense or a commercial solution.
Thanks for the cool guide! I did the same thing but with powershell and it makes one rule for inbound and one for outbound. It works great and downloads the list for me as well.
Not sure how the performance is affacted by the Windows Firewall itself. But if it behaves like the hosts file it... will be pretty much unusable after a certain point, since it will become somewhat unresponsive for minutes. But still an interesting idea, it's still somehow sad that we lack a simple solution to basically have a pihole in your PC itself (since those are hard to get still and became pricey aswell).
Dude awesome video I am a fast learner, love learning new stuff would love to do everything u did in this tutorial foresure just reinstalled windows 11, and realizing how powerful you can make Defender is very cool, save cash too. Would love to learn more alot more on security basic to corporate, and to learn how to see things always from other views. If you have had time to read this or can think of anything I could jump to other links I would appreciate that, as well as becoming part of the community cheers for now.
Keep in mind that if you create a lot of rules in Windows Defender it will unfortunately slow down your internet speeds. (This comment was made in error, read further comments below)
@@pcsecuritychannel Good thing you asked because I forgot I made this comment. I unfortunately made the confusion of this blocking method that you discussed with a different method of editing the Hosts file on a Windows 10 OS. My previous comment was actually in regards to the method of editing the Windows Hosts file. If you want more explanation on the Hosts file method and how I tested that let me know. Sorry for the mistake. 👍
Good video Leo I knew about this already i have Bitdefender but if you are on a budget or you love windows Firewall this is a good thing to do. I would set the rules manually though.
I made a very similar script for the Half-Life 2 Deathmatch community since there is a malicious server that spams the server list with fake redirection servers.
When I get pop ups to allow a game to use the firewall I decline it and the game still works. I checked the firewall rules and in some cases windows just allowed it anyway, in other it is not selected as allowed, but still works anyway.
Yo! Can you do a video on the virus that was in Minecraft mods recently? Would like to know more about it and see what all it does. I thankfully wasn't infected but perhaps you can see what all the virus touches and messes with.
I just let Sordum's freeware Firewall App Blocker in whitelist mode and never have to deal with Windows Defender GUI itself. You can just add EXEs, processes and even folders into the window and voilá. Firewall configured in 5 seconds.
Configuring Firewall on the Local Router is far far easier and effective than dealing with this and also Microsoft cannot reset your firewall settings with system updates
Can we apply this method to the programs that we use but are constantly controlled? For example, we use program A without a license. to its own company so that it does not hinder its use. Does it prevent you from sending information?
Wait, what? 7:58 "As far as I'm aware I've never really seen Windows firewall block the malware IPs I test with." Can you clarify? I used to manually set a lot of Windows firewall rules, and they did work. I also set rules to deny any application that wasn't whitelisted. It just got too cumbersome.
Nice video dude, but I’m getting in doubt. Recently I decided to replace the Windows Defender to Bitdefender Antivirus Free version + comodo firewall and I’ve noticed gains over performance. Here’s my question should I use my actual combo with this tool? or I’m safe with Bitdefender + comodo? (i know that my pc can be susceptible to attacks or any kind of virus) I hope someone can guide me
i reinstall windows every other day, and i tend to export my setting and then convert it to a script be it app settings, registry tweaks etc to a .bat or .cmd i wanted to know if the ips can be added onto one entry instead of having 1000s firewall entrys to keep it organised yknow...well ill be trying to configure it thank you
so do these rules expire ? Or the IP is blocked indefinitely, because that seems like it could cause some issues as those IPs may be used for legitimate services in the future
This video is great from beginner to protect PC from hacker and malware, but I create program same as you but I really got error in my program, the error code is: IndexError: list index out of range in code: ip = row[1]. How to fix this error? Thank you.
Why not block these IP addresses using the host file that way they never come in to begin with where is the firewall still a better idea because it can block both directions? Will this slow down the firewall? How can we get a copy of this script? I don't see a link for it in the description.
Someone keeps deleting the comments... Do you think that list would have any effect with the bots on Kik, I doubt it. I suppose that's way above your pay grade.
Newbie question, but can a bad ip become a good ip? You know, a year has passed, the person or malware that used that ip no longer exists and the number is allocated to something else.
Pubblic Ip addresses are assigned by IANA (Internet Assigned Numbers Authority), then National organizations distribute them to Internet Service Providers and they administrate them. The choice to blacklist an ip is made by the ISP, if the ip address isn't use for malicius activity the ip is no long blacklisted
It feels so good blocking the huge software companies from taking apps activations. hahaha i was always wondering what are all these ips on netstat ano even that im not running any type of software so i found the greatest firewall evermade outpost firewall and i made a nice fly bag i put on it every ip i found after a fresh windows install its a huge flies bag i was extending it since stone age its like a trip around the world + i use the same copy of software (office - photoshop - note pad ...) no new bloats are alowed so the firewall can recognize them + a bad ass command depencryption always on + and above all of this i turned it into a live os by using deep freeze and i blocked it also from accessing the internet and i made a really nice loop with firewall and here is it the happiest 2gb computer on planet, its live os on hdd its like working on virtual machine no matter what happens it stays on ram thats why i call this os RAMBOO
If there's a list that exists, the @FBI should be looking into it, and take those servers down. It's like when someone commits a crime in the real world, Law Enforcement takes the person down. Same idea but in the cyber world.
We will have a live discord workshop and hangout to discuss some of the concepts in this video, building a malware lab etc. Make sure you sign up in the events section of our discord if you'd like to attend next week: discord.com/invite/XyM5SJqZ?event=1112466823535919194
But why Discord? From a security standpoint, Discord is a big yikes. Any other ways to take part?
@@fiverZ Why is Discord a big yikes?
@@Zach-Hyde Excessive data collection, blatant GDPR violations, proprietary, shady af CEO, very easy to abuse the reporting system... There's a few reasons to avoid it.
@@fiverZ yikes
Is there a way to do this on a router level?
Or wouldn't that help at all,
Just so you know, the example script you showed could potentially have a huge vulnerability, because if the server hosting that file with the IPs ever gets compromised, an attacker could basically inject whatever Powershell command they want in place of the "ip" that you're appending to the command string, and just like that they can perform arbitrary remote code execution on your PC.
so should i do this or no
it would be a good idea to just make a weekly reminder to manually download the file from a legitimate site rather than automatically downloading it every day
If anything like that does happen
Your antivirus product will kick in to block those threats or block RCE using its behavioral component.
If the antivirus is from reputable company ofc.....
A simple more or less effective solution, would be accept only numeric values, and maybe apply some kind of pattern detection to check if it is in an ip valid format.
Good catch!
Great video, just ensure that the list has IP numbers in the correct format, so to avoid code injection.
This is 📅 a bland exploit. Nothing to note
@@-blackcat-4749but where to put it exacly?
@TPSC Just to stay safe, when parsing those IP addresses, you can create a regex pattern that would match only IP addresses and nothing else. That would make the process of injecting remote code much more difficult.
Exactly what I was thinking. I'd also log rejected entries so I'd know if the source cannot be trusted.
Leo, you are talking to normal people here. Unless you show us all step by step from a blank start,this is very good content for tech heads, clear to me and maybe most as Mud.
I think he makes some assumptions since I think a "normal" person, as it were, wouldn't be actively watching a PC security channel. If it were a safe assumption to believe the average person would, it wouldn't repeatedly show most common passwords being like 123456
I mean this is pretty much step by step...I would say this is about as beginner-friendly as this topic gets.
get friendly without everything he mentioned, pause the videos from time to time you'll get it,
it's beginner friendly
Are you 12?
ask chat gpt
The proper way to do it is at the firewall/router level!
A proper malware that came through phishing would have no problem disabling the windows firewall completely.
In addition, you can make this more automated by adding a task to task scheduler to run this script every day using pythonw, so you don't get the terminal popup while using your computer.
Yes, I forgot to add that part, that is how you automate the process daily.
Thanks for pointing this out. I noticed the missing piece of running that script wachting this video. 👍
isnt the list going to end up being multiple gb's in size though?
@@ireallyreallyreallylikethisimg The list in his example is tiny - ~2kb, so no.. He deletes everything already blocked, and then adds everything from the most recent list.. You could probably find a lot bigger ip lists online - but never multiple gb's.. If that's the case you'd better off whitelisting the IPs you trust :)
Thanks for the video - I went down a slightly different path. Firstly - I wasn't sure when you said
"delete all the rules every day" you meant the default ones windows already had, so that wasn't clear at all. If you were deleting your firewall rules everyday, a good script would include a command line to backup the firewall rules that are already there before deletion. Not all of us are gurus so a safe backup practise is very healthy :)
Also, secondly, I go back a bit :) am over 50 (used the text based early internet) and remember using a program called peerblock. Love it or hate it, it is still to my surprise available to download. It's also portable. I don't recommend anyone use it BUT it does give the option of leaving the firewall (and settings untouched).
By me using this program ( a proof of concept too) it was able to suck up the complete block list :) For it to work it needs to run all the time. Back in the day it was popular but then unpopular probably because someone worked out how to bypass it........... Still really appreciate these videos and learned about the abuse list from it, Thanks so much......!
awesome vid dude thank you! im getting into cyber security, doing a course so i can get my foot through the door an stuff like this is so helpful on my journey. The reason i decided to get into cyber sec is because I was playing a game one night and some dude got mad an hit me offline, i couldnt play for a whole day almost. With zero knowledge on how to combat that I was like yeah I wanna learn this stuff an so here I am. Thanks again! I look forward to learning more stuff from your vids! cheers!
when i click on a recent video on your channel my cat jumps onto my lap and watches the whole thing with me
Network security cat, nice!
well intelligent and informed cat
Added these blocklists on my router. Thanks.
Wouldn't it be better to use 1 rule with multiple ips?
But otherwise nice learning!
Yes. I thought about that but this was just the simplest way I could find to implement it. If you can make a more efficient version that works I’m happy to pin it.
@@pcsecuritychannel Left a new comment with a PoC in Powershell :)
@@1superheld where is it ?
I would love to have a list of malicious Microsoft IP's that were updated daily and implemented the way you demonstrated... What I have done manually is blocking the Windows Search executable, it works well, although it delays the local search function a bit. Thanks for this interesting video!
Hi, Thanks for the to the point video. I do have one comment, in my opinion it would be more clean to have one "BadIP" rule with all the IP address in it instead of having 100+ firewall rules. can you also show how to do that with the python script?
Imagine blocking Microsoft using Windows Firewall
Imagine blocking system using the Firewall :D
Thats what the hosts file is for. :)
guess what’s my IP
I would do that 😂
@@ollicron7397 then tell me
Hi there, it was one of the best tutorial videos you made and shared with us. kindly upload more like this content regarding the block Vulnerable IP to protect more on Windows and router. thnx
Great stuff. I used your script but it wasn’t adding in the rules. With help of ChatGpt, I managed to make few changes and it is running perfectly in my Windows 11 22H2 version. Thank you 🙏
Hi, may i know how did you make it work? I also used the script but i cannot run it.
sure, It was just some tweaks here and there. How do I share you the code?
@@vanessamoises8090 sure, It was just some tweaks here and there. How do I share you the code?
You could do this on every host but i think it would be way smarter to do this on a central router/firewall solution like pfsense/opnsense or a commercial solution.
Thanks for the cool guide! I did the same thing but with powershell and it makes one rule for inbound and one for outbound. It works great and downloads the list for me as well.
Great content as always. Next phase: How to block windows spyware using windows defender
ended up using openai to fix whatever happened with the text extracted from the screenshot that I tooked and it works, thx 👍
Not sure how the performance is affacted by the Windows Firewall itself.
But if it behaves like the hosts file it... will be pretty much unusable after a certain point, since it will become somewhat unresponsive for minutes.
But still an interesting idea, it's still somehow sad that we lack a simple solution to basically have a pihole in your PC itself (since those are hard to get still and became pricey aswell).
Very informative video. I actually started building a small tool to check for blacklisted IPs using the same resource.
Dude awesome video I am a fast learner, love learning new stuff would love to do everything u did in this tutorial foresure just reinstalled windows 11, and realizing how powerful you can make Defender is very cool, save cash too. Would love to learn more alot more on security basic to corporate, and to learn how to see things always from other views. If you have had time to read this or can think of anything I could jump to other links I would appreciate that, as well as becoming part of the community cheers for now.
Keep in mind that if you create a lot of rules in Windows Defender it will unfortunately slow down your internet speeds. (This comment was made in error, read further comments below)
I have seen no evidence of that. Have you tested that? How did you measure it.
@@pcsecuritychannel Good thing you asked because I forgot I made this comment. I unfortunately made the confusion of this blocking method that you discussed with a different method of editing the Hosts file on a Windows 10 OS. My previous comment was actually in regards to the method of editing the Windows Hosts file. If you want more explanation on the Hosts file method and how I tested that let me know. Sorry for the mistake. 👍
It would be nice to make the script available to download for those who are not into programming and scripting. Please
Can you not just add all IPs to one rule insteald of creating a single rule for each IP? Would be faster, right?
Good video Leo I knew about this already i have Bitdefender but if you are on a budget or you love windows Firewall this is a good thing to do. I would set the rules manually though.
where to download script?
Thanks took some trys never coded much before
Please do another top anti-virus tier list video
I made a very similar script for the Half-Life 2 Deathmatch community since there is a malicious server that spams the server list with fake redirection servers.
I just use Simplewall and block everything I don't need or what I don't understand why it wants to connect.
When I get pop ups to allow a game to use the firewall I decline it and the game still works. I checked the firewall rules and in some cases windows just allowed it anyway, in other it is not selected as allowed, but still works anyway.
Fantastic thank you
Muchas gracias por el video, muy buena idea.
nice and informative, thanks!
Yo! Can you do a video on the virus that was in Minecraft mods recently? Would like to know more about it and see what all it does. I thankfully wasn't infected but perhaps you can see what all the virus touches and messes with.
I use router Parental Controls feature to block malware and adult IP
I just let Sordum's freeware Firewall App Blocker in whitelist mode and never have to deal with Windows Defender GUI itself. You can just add EXEs, processes and even folders into the window and voilá. Firewall configured in 5 seconds.
Need some soft to automate process, everyday download file and update list in firewall, but nice thing, i like it
do you have a video on how you setup these testing machines? i want to learn how to setup mine so I can test programs etc
By adding all those rules, will that slow down a pc or internet browsing?
yes I was also thinking the same
awesome one mate✔️😛
I recommend: Loaris Trojan Remover, Malwarebytes, and any Endpoint security.
Configuring Firewall on the Local Router is far far easier and effective than dealing with this and also Microsoft cannot reset your firewall settings with system updates
Can we apply this method to the programs that we use but are constantly controlled? For example, we use program A without a license. to its own company so that it does not hinder its use.
Does it prevent you from sending information?
Thank you for your informative video, was wondering where I can get your script please?
I use Skynet Firewall available for Asus routers with Merlin firmware
I'm sure if I tried scripting that in Powershell, I would get errors for every line..
Thank you
Would an anti-virus like Bit Defender already have those IPs black listed?
I suspect the answer is yes and likely better than Windows virus protection
that great, can please give another video for getting all adult websites list, with blocking them. Also automate this on windows startup.
where is the file to download
Hello if you whant a better defender software go to peer to peer blocker. You make your firewalls. Tanks.
Hello love videos question what's the best firewall I use Windows Firewall and Antimalware bytes also what would you recommend for security
Could you make a video on how you would setup a fresh install of Windows 11?
Really nice.
Wait, what? 7:58 "As far as I'm aware I've never really seen Windows firewall block the malware IPs I test with." Can you clarify?
I used to manually set a lot of Windows firewall rules, and they did work. I also set rules to deny any application that wasn't whitelisted. It just got too cumbersome.
Hey man can you make a vedio of how to make a constantly swapping or bouncing ip I really need it
Portmaster for the win
Nice video dude, but I’m getting in doubt. Recently I decided to replace the Windows Defender to Bitdefender Antivirus Free version + comodo firewall and I’ve noticed gains over performance. Here’s my question should I use my actual combo with this tool? or I’m safe with Bitdefender + comodo? (i know that my pc can be susceptible to attacks or any kind of virus) I hope someone can guide me
I use k7 Antivirus free version on my laptop and Phone, it's decent, its web shield
i dont use that i use norton smart firewall that comes with norton 360 delux plus for up to 5 devices
If you add large number of rules , your computer booting will be very very slow .
That certainly happens hen you do this with the host file.
i reinstall windows every other day, and i tend to export my setting and then convert it to a script be it app settings, registry tweaks etc to a .bat or .cmd
i wanted to know if the ips can be added onto one entry instead of having 1000s firewall entrys to keep it organised yknow...well ill be trying to configure it thank you
This is crazy complicated, really it is.
Not really. In fact, it's simple enough that those who are in the know can spot the possible threat vectors in the script almost immediately.
@@andso7068 I will keep Bitdefender(paid), just the same👍
Now what about what is the best free firewall? Is Comodo firewall good, I have that along side with my antivirus. (And I also have Crowdsec)
if I wish to add the link from this file then how to do without automation ?
Is 365 referencing this site already? Or do we have to add IOC list and if so, how do we keep that updated without a CSV pull via PS
can your script subnet them to make the list smaller ??
so do these rules expire ? Or the IP is blocked indefinitely, because that seems like it could cause some issues as those IPs may be used for legitimate services in the future
Very good channel and my question is illegal apps in Play store installing my phone how much dangerous
I believe I can simply use the mentioned blocklist with my Pihole ?
Hey TPSC , What is the way that I can get a copy of that script that you wrote to have all of those Bad IP's blocked by Windows Firewall?
This video is great from beginner to protect PC from hacker and malware, but I create program same as you but I really got error in my program, the error code is: IndexError: list index out of range in code: ip = row[1]. How to fix this error? Thank you.
can you make a video for safing port master program
I can’t put my script in the command prompt
Glasswire all the way !!!
Couldn't you use something like peerblock and add this list?
Comodo Firewall vs Windows Firewall which is better?
If using a pi-hole, will be this redundant?
you live under a rock if you think people are going to do that every day. Some people got lives bro
Is Malwarebytes good compare to what you showed on your video.
Why not block these IP addresses using the host file that way they never come in to begin with where is the firewall still a better idea because it can block both directions? Will this slow down the firewall?
How can we get a copy of this script? I don't see a link for it in the description.
Someone keeps deleting the comments... Do you think that list would have any effect with the bots on Kik, I doubt it. I suppose that's way above your pay grade.
Is this available for home routers, like ASUS, Netgear, etc?
how can i run the python script by pulling in a admin command prompt screen
Does not Malwarebytes Premium do this sort of thing? I have it and it constantly blocks sites.
Could you do that with a batch file ?
Newbie question, but can a bad ip become a good ip? You know, a year has passed, the person or malware that used that ip no longer exists and the number is allocated to something else.
Pubblic Ip addresses are assigned by IANA (Internet Assigned Numbers Authority), then National organizations distribute them to Internet Service Providers and they administrate them. The choice to blacklist an ip is made by the ISP, if the ip address isn't use for malicius activity the ip is no long blacklisted
You say its pretty simple! huh. I was lost after 2 minutes.
It feels so good blocking the huge software companies from taking apps activations. hahaha i was always wondering what are all these ips on netstat ano even that im not running any type of software so i found the greatest firewall evermade outpost firewall and i made a nice fly bag i put on it every ip i found after a fresh windows install its a huge flies bag i was extending it since stone age its like a trip around the world + i use the same copy of software (office - photoshop - note pad ...) no new bloats are alowed so the firewall can recognize them + a bad ass command depencryption always on + and above all of this i turned it into a live os by using deep freeze and i blocked it also from accessing the internet and i made a really nice loop with firewall and here is it the happiest 2gb computer on planet, its live os on hdd its like working on virtual machine no matter what happens it stays on ram thats why i call this os RAMBOO
If there's a list that exists, the @FBI should be looking into it, and take those servers down. It's like when someone commits a crime in the real world, Law Enforcement takes the person down. Same idea but in the cyber world.
Would like to have this script. Please and thank you. Also, will this script work in PiHole on a network wide basis?
nice video, i do already a .bat for do the same thing but when i enable the firewall my connection interrupt :/
nothing i fixed, thanks for the proof of concept
Does that Python script clear the old rules and start over?
i wish there was android version of this
6:18 eww imagine doing string concatenation using the "+" operator, use f-strings instead.
Where can i get the script and what do i edit it with?