Open in app

Sign In

Write

Sign In

Jon
Jon

34 Followers

Home

About

Feb 16, 2022

THM — Carnage

Apply your analytical skills to analyze the malicious network traffic using Wireshark. Questions What was the date and time for the first HTTP connection to the malicious IP? Filtering by http we can see that the first request was sent from our source IP reaching out to destination IP with a GET request. Checking the first layer of the Frame we can see the arrival time What is the name of the zip file that was downloaded?

Malware

5 min read

THM — Carnage
THM — Carnage
Malware

5 min read


Feb 3, 2022

Malware Traffic Analysis — Sweet Orange Exploit Kit

This sample, question, and answers are all from malware-traffic-analysis.net. Shout out Brad. Opening up this PCAP file we can automatically see that there is large amount of HTTP traffic. …

Malware Analysis

3 min read

Malware Traffic Analysis — Sweet Orange Exploit Kit
Malware Traffic Analysis — Sweet Orange Exploit Kit
Malware Analysis

3 min read


Feb 2, 2022

Malware Traffic Analysis — RIG Exploit Kit

This sample, questions, and answers are based off the post on Malware Traffic Analysis. LEVEL 1 QUESTIONS: What is the IP address of the Windows VM that gets infected? The host most likely is infected via the internet so we can filter wireshark by http.request and see that almost all requests have 172.16.165.165…

Malware

3 min read

Malware Traffic Analysis — RIG Exploit Kit
Malware Traffic Analysis — RIG Exploit Kit
Malware

3 min read


Jan 26, 2022

Malware Analysis —Manual Unpacking of Redaman

In this post, we are looking to manually unpack the sample called Redaman, which is a banking trojan. Some of its capabilities include: Monitor browser activity, Downloading files to the infected host Keylogging activity Capture screen shots and record video of the Windows desktop Collecting and exfiltrating financial data, specifically…

Malware

6 min read

Malware Analysis —Manual Unpacking of Redaman
Malware Analysis —Manual Unpacking of Redaman
Malware

6 min read


Jan 14, 2022

Malware Analysis — Olympic Destroyer

Malware Analysis of Olympic Destroyer. PEStudio:

Malware Analysis

7 min read

Malware Analysis — Olympic Destroyer
Malware Analysis — Olympic Destroyer
Malware Analysis

7 min read


Jan 6, 2022

Malware Analysis —Banking Trojan: Dyre

This is a basic static malware analysis of a Banking Trojan named Dyre. This sample can be found at The Zoo. We are analyzing the Unpacked.DLL which contains two payloads for 32 and 64 bit architecture. Phase 1: Static Analysis PEStudio Before interacting with the live sample, we first use PEStudio to gain some initial…

Malware Analysis

5 min read

Malware Analysis —Banking Trojan: Dyre
Malware Analysis —Banking Trojan: Dyre
Malware Analysis

5 min read


Nov 16, 2021

THM- CC: Steganography

Writeup on THM Room. — In the room we are introduced to several tools: Steghide zsteg exiftool Stegoveritas Spectograms The final slide introduces us to three challenges, here are my solutions: For Key 1 we have a .jpeg file. We first run exiftool to look at the metadata and find a hint under document name. exiftool exam1.jpeg…

Tryhackme

2 min read

Tryhackme

2 min read


Oct 27, 2021

Analyzing Windows Event Logs

Windows Event Log are divided into three main core logs: Application Logs — contain events logged by applications or user programs System Logs — contain events from drivers loaded and unloaded, network configurations, and windows service events Security Logs — contain events related to Windows authentication and security processes such…

Wi̇ndows

2 min read

Wi̇ndows

2 min read


Oct 16, 2021

Investigating common Windows Processes

Malware can sometimes hide itself or impersonate common Windows processes. These are some of my notes on how to differentiate between real and fake. Checklist: What is the expected parent process? Is it running on the expected path? Is it spelled correctly? Is it running under the correct SID? Is…

Windows

3 min read

Windows

3 min read


Oct 12, 2021

PCAP Traffic Hunting

Some notes that I’ve used when to identify suspicious activity searching through packet captures. Of course some of the basic hunting should include looking at ports and strange host/ip addresses. Other than those basic locations, we can look at the different protocols. …

Pcap Analysis

1 min read

Pcap Analysis

1 min read

Jon

Jon

34 Followers

cyber security

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech