Home

Lemon-Duck Powershell: An easy way to deobfuscate it!

I came across a fileless malware called Lemon-Duck crypto miner during our (my officemate and I) investigation on suspicious communication in our client network. This malware completely leveraging the PowerShell module to execute most of their payloads. PowerShell attacks are currently the popular weapon of alternative for several of those atta...

Read more

Cheat-Sheet: Malicious Document Analysis

OneNote Analysis Download the OneNoteAnalyzer from the release page in GitHub. Run OneNoteAnalyzer.exe --file malware.one then it will extract the malicious script from the OneNote file. D:\OneNoteAnalyzer>OneNoteAnalyzer.exe --file "AgreementCancelation_395076(Feb08).one" ________ _______ __ _____ ...

Read more

Write-up: FIRST 2020 CTF Challenge

Hey. A CTF online competition organized by U.S. Department of Homeland Security’s (DHS) Cybersecurity & Infrastructure Security Agency (CISA) was ended yesterday (27/6). This post will going through all challenges that my team solved. Let’s go. Tools used: FTK Imager Linux terminal Online tools Wireshark Forensics For this categ...

Read more

Write-up: Cynet Incident Response Challenge

Hello everyone. Cynet conducted a CTF DFIR-based where particapted user can test their own skills in Digital Forensics and Incident Response. There are 3 categories splitted by levels. Basic, medium and advanced. The submition can be only submit one attempt only where if your flag is wrong, you cannot submit the right flag again. So, we need...

Read more

Build Malicious CHM (Help) file

Hey everyone. May have a nice day! So today I’m gonna explain how a help (.chm) file could be a malicious file in Windows machine. First, we need to clarify what is .chm file and what its function. Based on this website, CHM is an extension for the Compiled HTML file format, most commonly used by Microsoft’s HTML-based help program. It may co...

Read more

F-Secure 2019 Qualification and Semi Final: Write-up

Welcome back guys. Today I’m gonna do reverse engineering and steganograpy challenges from FSecure2019. Qualification Challenge 1 Investigate the image and then decode the flag. Let’s dive in into the image. Okay first question. We need to decode this image and get “something” from it. Try to extract information using tools like binwalk,...

Read more

Backdoor CTF Practice Arena: RE Challenges Walktrough

Below are the few reverse engineering category’s challenges that I’ve been solved. It was a pretty easy challenge to solve. revfun Step 1: Run file command on the binary. Now we know that it’s a ELF 64 bit file. Step 2: Use strings command to display all the strings on the binary and we can see there is a suspicious string “dlr0w_s1h7_s1_...

Read more

i-Hack 2018 Qualification: Reverse and Pwn Write-up

This write-up are focus on reverse engineering and pwn category for i-Hack 2018 Qualification. Reverse Engineering - Password, Please First, run file command on the binary to check what type of data is it. So based on the output above, it is an ELF 32bit file. So, let’s run it on our terminal. The program ask us for the password and we tes...

Read more