Home

Introduction When doing an analysis or investigation on a malware, what is the important things to solve or to answer in analysing the malware? This checklist may help us to determine what is the goal when we’re doing a malware analysis on a malware, so it can avoid us from reversing/analysing part of the malicious code that does not important ...

Introduction Recently, I’ve come across a Golang malware sample which have been packed by UPX. The sample was made to be cannot be unpack using UPX tool. So, I thinks it’s good to write a blog/note to explain how the UPX manually unpacking works. UPX tool doesn’t work In the figure below, there are certain situation when the malware author make...

In this post, we’ll learn together how to write a basic malware program that does a reverse shell connection (using shellcode) and analyze our own compiled malware. We’ll play around with C code using Visual Studio IDE and MSVenom for the creation of the shellcode. The maldev and malware reversing is only for education purpose only! Malware dev...

PowerShell attacks are currently the popular weapon of alternative for several of those attacks as a result of it provides variety of techniques for bypassing existing security. Not least of all, the flexibility to run directly in memory and remotely download payloads gave a lot of benefits to attacker. Let’s learn a little bit about Powershell...

I came across a fileless malware called Lemon-Duck crypto miner during our (my officemate and I) investigation on suspicious communication in our client network. This malware completely leveraging the PowerShell module to execute most of their payloads. PowerShell attacks are currently the popular weapon of alternative for several of those atta...

Hey. A CTF online competition organized by U.S. Department of Homeland Security’s (DHS) Cybersecurity & Infrastructure Security Agency (CISA) was ended yesterday (27/6). This post will going through all challenges that my team solved. Let’s go. Tools used: FTK Imager Linux terminal Online tools Wireshark Forensics For this categ...

Hello everyone. Cynet conducted a CTF DFIR-based where particapted user can test their own skills in Digital Forensics and Incident Response. There are 3 categories splitted by levels. Basic, medium and advanced. The submition can be only submit one attempt only where if your flag is wrong, you cannot submit the right flag again. So, we need...

Hey everyone. May have a nice day! So today I’m gonna explain how a help (.chm) file could be a malicious file in Windows machine. First, we need to clarify what is .chm file and what its function. Based on this website, CHM is an extension for the Compiled HTML file format, most commonly used by Microsoft’s HTML-based help program. It may co...