Home
~/FareedFauzi
Cancel

UPX manual unpack: ELF and EXE

Introduction Recently, I’ve come across a Golang malware sample which have been packed by UPX. The sample was made to be cannot be unpack using UPX tool. So, I thinks it’s good to write a blog/note...

Malware Analysis: Checklist aka Cheatsheet? Maybe.

Introduction When doing an analysis or investigation on a malware, what is the important things to solve or to answer in analysing the malware? This checklist may help us to determine what is the ...

Fileless malware: AV comparison on fileless attack

I’ve test some fileless command in my lab with AV Protection (Most of them are free/trial version) and here’s the result. Symbol Description ✔️ Blo...

Malware 101: Develop and Analyze our own malware

In this post, we’ll learn together how to write a basic malware program that does a reverse shell connection (using shellcode) and analyze our own compiled malware. We’ll play around with C code us...

Powershell script: An easy way to deobfuscate it!

I came across a fileless malware called Lemon-Duck crypto miner during our (my officemate and I) investigation on suspicious communication in our client network. This malware completely leveraging ...

Malicious Document: Cheatsheet and Note

“ms-msdt” scheme A sample shared by nao_sec that abusing ms-msdt to execute code. Refer here. Unzipping the documents, and navigate to maldoc-name\word\_rels\document.xml.rels will reveal the HTML...

Malware Sandbox: List of Automated Analysis platform

MultiAV VirusTotal: Analyze suspicious files and URLs to detect types of malware, automatically share them with the security community VirScan: Free virus scan is a free online scan service, u...

Powershell: Understanding the complexity behind it

PowerShell attacks are currently the popular weapon of alternative for several of those attacks as a result of it provides variety of techniques for bypassing existing security. Not least of all, t...

Malware Analysis: Common commands in malware

This example is all credit to Mastar fumik0 cause highlighted it at his blog. I’m just copy the content (make as a note) and improve it in terms of explanation and structure able to make me (or you...