[riq_]

nice video, I liked it. But the I wouldn't call it "deep dive". In any case, it is just a quick overview.

by "deep dive" I would expect in detail infecting techniques (.com is mentioned, but MBR is missing), stealth techniques (how virus by passed debuggers and anti-virus), techniques used by antivirus (besides basic pattern matching).

[EvanAnderson]

There was definitely some interesting stuff in the DOS virus era. One of the "Priest" / "Little Loc" viruses (can't remember which one right now) exploited a vulnerability in the tracing code in the ThunderByte "TBCLEAN" utility to detect when the virus was being run under single-step. It would "break out" of TBCLEAN and destroy data. (ThunderByte didn't correctly emulate / "virtualize" every instruction that could expose the trap flag. There was also a vulnerability to allow you to override their single-step interrupt handler.) Priest also ended up using what he learned when he found that vulnerability in the ISR trace code in "Natas" to bypass TSR anti-virus by locating the original BIOS and DOS entry points (by executing a call under single-step and emulating / virtualizing instructions that expose the trap flag to avoid detection.) I've wondered if his techniques might actually be prior art for some of the various patents on virtualizing x86.