Mal.EDU

Overview

Mal.EDU - originally designed for a cybersecurity "obstacle course" at CCIC, is a program which simulates behaviors of real viruses as an educational and interactive way for teaching virus removal techniques on Windows machines.

Introduction

This project is designed as an educational exercise for understanding and practicing malware removal techniques. It simulates behaviors commonly associated with malware, such as disabling certain keyboard shortcuts and implementing persistence mechanisms. It's intended strictly for educational purposes within controlled environments

Features

Keyboard Shortcut Interception: Denies the use of Alt + F4 | Win + Tab | and Alt + Tab to simulate malware-like behavior.
Self-Termination Prevention: The script will terminate itself if unfocused simulating malware's evasion techniques making it hard to track in programs like task manager.
Misleading Name and Icon: In attempts to trick the technician the EXE and Icon are designed to deceive.

Technologies Used

Python

Batchfile

Limitations

Somewhat easy to find if the user knows to look for it in startup or task scheduler.

Cannot recover from deletion.

Every once in a while, it can trip Windows Defender. Due to the nature of an EXE built in pyinstaller, it can trigger WD to delete it instantly. It will also sometimes get flagged due to evasion behavior. (Review Github)

Get it Set Up

Please refer the Github Repo which is linked below.
There, you can find everything you need to get set up by reading the README file.

There is also a printable PDF quickstart guide below to download as well!

Initial Disclaimer

Mal.EDU is strictly designed for a controlled setting on consented systems. It is NEVER to be used for malicious intentions.

Access & Download

Mal.EDU | Github

Access ↗

Mal.EDU | PDF Manual

Access ↗

Mal.EDU | TOS

Ridgeline's Terms of Service for Mal.EDU.

By using or accessing Mal.EDU, you agree to:

Use it only for educational purposes and NEVER for malicious intent.
Obtain consent before deploying it on any system.
Accept that security software may detect and block it.
Understand that Ridgeline and or StrataBytes are not liable for misuse, system disruptions, or legal consequences.

Last Updated: 3/8/25

1. Acceptance of Terms By downloading, installing, or using Mal.EDU ("the Application"), you agree to comply with and be bound by these Terms of Service ("Terms"). If you do not agree with these Terms, do not use the Application.

2. License Mal.EDU is an open-source project licensed under the GNU General Public License v3 (GPLv3). Ridgeline and StrataBytes grant you a limited, non-exclusive, non-transferable, revocable license to use the Application for educational purposes within controlled environments. In the event of any conflict between these Terms and the GPLv3 license, the GPLv3 shall prevail.

3. Educational Use Only Mal.EDU is strictly intended for educational purposes to simulate malware behavior for cybersecurity training. Users agree: Not to deploy the Application on any system without explicit consent from the system owner. Not to use the Application for any malicious or unauthorized purpose. To use the Application solely within ethical hacking, cybersecurity education, or controlled learning environments.

4. User Responsibility and Compliance Users acknowledge and accept the following responsibilities: Ensuring compliance with local laws and regulations regarding ethical hacking and cybersecurity tools. Understanding that deploying the Application on unauthorized systems may violate laws and terms of service. Taking necessary precautions when running the Application to prevent unintentional disruptions.

5. Third-Party Interference The Application may be detected by antivirus software, including Windows Defender, due to its simulated malware behavior. Users acknowledge: The Application may be flagged or removed by security tools. Running the Application may require temporary antivirus exceptions for educational purposes. Ridgeline and StrataBytes are not responsible for any interference caused by third-party security software.

6. No Warranty or Liability The Application is provided "as is" and "as available," without any warranties of any kind. Ridgeline and StrataBytes make no guarantees regarding the functionality, security, or uninterrupted operation of the Application. To the fullest extent permitted by law, Ridgeline and StrataBytes shall not be liable for any damages, including but not limited to: Data loss, system disruptions, or unintended consequences arising from the use of the Application. Any legal repercussions resulting from the misuse of the Application. Third-party security measures interfering with or blocking the Application.

7. Updates and Modifications Ridgeline and StrataBytes reserve the right to update, modify, or discontinue the Application at any time without prior notice. Continued use of the Application following such changes constitutes acceptance of the modified Terms.

8. Termination Ridgeline and StrataBytes may terminate or suspend your access to the Application at their sole discretion if you violate these Terms. Upon termination, you must cease all use of the Application and delete any copies from your devices.

9. Governing Law These Terms shall be governed by and construed in accordance with the laws of the State of Colorado. Any disputes arising from these Terms will be subject to the exclusive jurisdiction of the courts in the State of Colorado.

10. Contact Information If you have any questions about these Terms, please contact us at ridgeline.email@gmail.com.