My first post in a while!! Since my last post I’ve gotten a job in Cyber! Moving forward I want to continue to focus on hands on guides and exercises related to blue team. One of the resources that I stumbled upon that provide hands on training is Malware Traffic…

Apply your analytical skills to analyze the malicious network traffic using Wireshark. Questions What was the date and time for the first HTTP connection to the malicious IP? Filtering by http we can see that the first request was sent from our source IP reaching out to destination IP with a GET request. Checking the first layer of the Frame we can see the arrival time What is the name of the zip file that was downloaded?

This sample, question, and answers are all from malware-traffic-analysis.net. Shout out Brad. Opening up this PCAP file we can automatically see that there is large amount of HTTP traffic. We filter by http and see that the first packet is suspicious as we can see that we are using a…

This sample, questions, and answers are based off the post on Malware Traffic Analysis. LEVEL 1 QUESTIONS: What is the IP address of the Windows VM that gets infected? The host most likely is infected via the internet so we can filter wireshark by http.request and see that almost all requests have 172.16.165.165…

In this post, we are looking to manually unpack the sample called Redaman, which is a banking trojan. Some of its capabilities include: Monitor browser activity, Downloading files to the infected host Keylogging activity Capture screen shots and record video of the Windows desktop Collecting and exfiltrating financial data, specifically…

Malware Analysis of Olympic Destroyer. PEStudio:

This is a basic static malware analysis of a Banking Trojan named Dyre. This sample can be found at The Zoo. We are analyzing the Unpacked.DLL which contains two payloads for 32 and 64 bit architecture. Phase 1: Static Analysis PEStudio Before interacting with the live sample, we first use PEStudio to gain some initial…

Writeup on THM Room. — In the room we are introduced to several tools: Steghide zsteg exiftool Stegoveritas Spectograms The final slide introduces us to three challenges, here are my solutions: For Key 1 we have a .jpeg file. We first run exiftool to look at the metadata and find a hint under document name. exiftool exam1.jpeg…

Windows Event Log are divided into three main core logs: Application Logs — contain events logged by applications or user programs System Logs — contain events from drivers loaded and unloaded, network configurations, and windows service events Security Logs — contain events related to Windows authentication and security processes such…