Home

PowerShell attacks are currently the popular weapon of alternative for several of those attacks as a result of it provides variety of techniques for bypassing existing security. Not least of all, the flexibility to run directly in memory and remotely download payloads gave a lot of benefits to attacker. Let’s learn a little bit about Powershell...

I came across a fileless malware called Lemon-Duck crypto miner during our (my officemate and I) investigation on suspicious communication in our client network. This malware completely leveraging the PowerShell module to execute most of their payloads. PowerShell attacks are currently the popular weapon of alternative for several of those atta...

Hey. A CTF online competition organized by U.S. Department of Homeland Security’s (DHS) Cybersecurity & Infrastructure Security Agency (CISA) was ended yesterday (27/6). This post will going through all challenges that my team solved. Let’s go. Tools used: FTK Imager Linux terminal Online tools Wireshark Forensics For this categ...

Hello everyone. Cynet conducted a CTF DFIR-based where particapted user can test their own skills in Digital Forensics and Incident Response. There are 3 categories splitted by levels. Basic, medium and advanced. The submition can be only submit one attempt only where if your flag is wrong, you cannot submit the right flag again. So, we need...

Hey everyone. May have a nice day! So today I’m gonna explain how a help (.chm) file could be a malicious file in Windows machine. First, we need to clarify what is .chm file and what its function. Based on this website, CHM is an extension for the Compiled HTML file format, most commonly used by Microsoft’s HTML-based help program. It may co...

Welcome back guys. Today I’m gonna do reverse engineering and steganograpy challenges from FSecure2019. Qualification Challenge 1 Investigate the image and then decode the flag. Let’s dive in into the image. Okay first question. We need to decode this image and get “something” from it. Try to extract information using tools like binwalk,...

Below are the few reverse engineering category’s challenges that I’ve been solved. It was a pretty easy challenge to solve. revfun Step 1: Run file command on the binary. Now we know that it’s a ELF 64 bit file. Step 2: Use strings command to display all the strings on the binary and we can see there is a suspicious string “dlr0w_s1h7_s1_...

This write-up are focus on reverse engineering and pwn category for i-Hack 2018 Qualification. Reverse Engineering - Password, Please First, run file command on the binary to check what type of data is it. So based on the output above, it is an ELF 32bit file. So, let’s run it on our terminal. The program ask us for the password and we tes...