Threat Investigation using OSINT Online Tools
Hi hi! So, this is another cheat sheet for security analysts and researchers which often rely on OSINT (Open Source Intelligence) tools to investigate malware samples and gather actionable insights about potential threats. These tools provide information on malware samples, network communications, domain and IP reputation, as well as any related...
Dive into PEB Walk in Malware Analysis
Hello world!
It’s July and this is another blog post on malware analysis. I came up with the idea to write this blog because I feel that beginners in the malware analysis field should understand this topic thoroughly as it is commonly used by modern malware.
The reasons malware authors implement this technique are fairly simple.
To avoid st...
Determine and understand hashing algorithms for Malware Analysis
Malware commonly uses hashing algorithms for various purposes, such as creating hashes, API hashing, obfuscating malicious code, and verifying the integrity of data. Some of the most commonly used hashing algorithms in malware include MD5, SHA-1, SHA-256, CRC32, and custom algorithms.
In this blog, we will examine a few hashing algorithms from ...
Cheatsheet: Malicious Document Analysis
General
What to look for in Maldoc analysis?
URLs to download second payload such as fileless commands or executable
Commands such as Powershell, Javascript, wscript, etc
Filenames such as what it is downloaded and where it been downloaded
Embedded file signatures such as PE header with MZ magic bytes
Encoded file or commands
Lab’...
Cheatsheet: Linux Forensics Analysis
Linux Forensic in a nutshell:
Validate compromised
Interviewing client/user/administrator (what, why, how, when, where, who?)
Live response commands / Run triage scripts
Collect evidence
Live response triage script collection
Disk image
Memory dump
Investigation and analysis
...
Cheatsheet: Windows Forensics Analysis
During a Windows Forensics engagement, I occasionally find myself forgetting essential tasks or unintentionally skipping analyzing importants artifacts. Therefore, this checklist (along with cheatsheet) could help myself (or readers) and ensure that I adhere to a systematic workflow when conducting Windows Forensics.
Typical Forensic investigat...
Yet another Malicious Android Apps targeting Malaysian
In this post, we will be discussing a disturbing new trend in malicious Android apps that have been targeting users in Malaysia. These apps, which have been disguised as legitimate services such as Cleaning service, have been found to contain SMS stealer and banking credential phishing capabilities, putting the sensitive information of their vic...
Building Offensive Malicious Documents
Generally, the attacker will use the below techniques in leveraging Microsoft Office features and vulnerabilities:
Exploits
Macros
Remote template injection and many more…
In this post, we will learn various techniques on how to make malicious documents that can execute our malicious code. Of course, to make it simple we will just run ...
20 post articles, 3 pages.