Lemon-Duck Powershell: An easy way to deobfuscate it!
I came across a fileless malware called Lemon-Duck crypto miner during our (my officemate and I) investigation on suspicious communication in our client network. This malware completely leveraging the PowerShell module to execute most of their payloads.
PowerShell attacks are currently the popular weapon of alternative for several of those atta...
Cheat-Sheet: Malicious Document Analysis
OneNote Analysis
Download the OneNoteAnalyzer from the release page in GitHub.
Run OneNoteAnalyzer.exe --file malware.one then it will extract the malicious script from the OneNote file.
D:\OneNoteAnalyzer>OneNoteAnalyzer.exe --file "AgreementCancelation_395076(Feb08).one"
________ _______ __ _____ ...
Write-up: FIRST 2020 CTF Challenge
Hey. A CTF online competition organized by U.S. Department of Homeland Security’s (DHS) Cybersecurity & Infrastructure Security Agency (CISA) was ended yesterday (27/6).
This post will going through all challenges that my team solved. Let’s go.
Tools used:
FTK Imager
Linux terminal
Online tools
Wireshark
Forensics
For this categ...
Write-up: Cynet Incident Response Challenge
Hello everyone. Cynet conducted a CTF DFIR-based where particapted user can test their own skills in Digital Forensics and Incident Response.
There are 3 categories splitted by levels. Basic, medium and advanced.
The submition can be only submit one attempt only where if your flag is wrong, you cannot submit the right flag again. So, we need...
Build Malicious CHM (Help) file
Hey everyone. May have a nice day! So today I’m gonna explain how a help (.chm) file could be a malicious file in Windows machine.
First, we need to clarify what is .chm file and what its function.
Based on this website,
CHM is an extension for the Compiled HTML file format, most commonly used by Microsoft’s HTML-based help program. It may co...
F-Secure 2019 Qualification and Semi Final: Write-up
Welcome back guys. Today I’m gonna do reverse engineering and steganograpy challenges from FSecure2019.
Qualification
Challenge 1
Investigate the image and then decode the flag. Let’s dive in into the image.
Okay first question. We need to decode this image and get “something” from it. Try to extract information using tools like binwalk,...
Backdoor CTF Practice Arena: RE Challenges Walktrough
Below are the few reverse engineering category’s challenges that I’ve been solved. It was a pretty easy challenge to solve.
revfun
Step 1:
Run file command on the binary. Now we know that it’s a ELF 64 bit file.
Step 2:
Use strings command to display all the strings on the binary and we can see there is a suspicious string “dlr0w_s1h7_s1_...
i-Hack 2018 Qualification: Reverse and Pwn Write-up
This write-up are focus on reverse engineering and pwn category for i-Hack 2018 Qualification.
Reverse Engineering - Password, Please
First, run file command on the binary to check what type of data is it. So based on the output above, it is an ELF 32bit file. So, let’s run it on our terminal.
The program ask us for the password and we tes...
17 post articles, 3 pages.