I recently had a suspiciously large attachment to analyze. After a few minutes, I discovered that the reason it was that big was because it was embedding a complete Python 3.10 environment. The malware itself consisted of a byte-compiled Python file (with extension pyc). It was a perfect opportunity to try to unravel all the […]
From WinWord to PureLogsStealer with Malcat Read More »
This review is in french because the book only exists in french 😎 J’avais vu l’annonce de ce livre à en septembre 2023 via LinkedIn et je l’avais commandé sur Amazon en me disant que je le lirai plus tard. Etant coincé chez moi toute la semaine à cause d’un mal de dos épouvantable, j’en
This is a small write-up of the “Mic check” challenge from DeadSec CTF 2024 (Misc Category). The difficulty was easy and it was a kind of stuff that appears often in CTF challenges. Description : mic is it ok?mic is it ok? A link is to start a docker container and the command to connect
DeadSec CTF 2024 – Mic check Read More »
SANS FOR610 Training The full name of the FOR610 training from SANS is “Reverse-Engineering Malware: Malware Analysis Tools and Techniques”. The goal is to learn how to efficiently analyze malwares in various forms (mainly Windows and Script files) depending on what is the purpose of the analysis : to understand how a security incident started,
SANS FOR610 Training & GREM – Certification Review Read More »
Attackers started recently to use Microsoft OneNote file to distribute malwares by email. I’ve decided to take a to public sample and analyse it (Thanks @pr0xylife for sharing it !). To proceed, I’ll use my Malware Analysis Lab as described here. I’ll start with a static analysis of the file to discover what will be
From OneNote to Quakbot (BB12) Read More »
In order to safely analyze malwares, the very first step is to setup a lab. I’ve read multiple articles about it but I’ve decided to write my own guide compiling all the small details that were important to me. This guide is for beginners and I hope it can help someone starting his journey into
Installing a Malware Analysis Lab Read More »
I recently received a phishing email to analyze, let’s see how to unbox all the components and identify them using Malcat. We can notice how good is this phishing attempt :– the sender was known by the recipient– the mail was written in correct french (quite unusual)– the mail contains and old discussion from 2021
Unboxing a Quakbot Campaign with Malcat Read More »
*.doc MS Word Document in binary proprietary file format (Compound File Binary Format) used in Office < 2007 *.xls MS Excel Workbook in binary proprietary file format (Compound File Binary Format) used in Office < 2007 *.docx MS Word Document in “Microsoft Office Open XML” file format used since Office 2007, no macro.Zip container with
MS Office Documents Analysis Read More »
This is a small write-up of the “Sniffed Traffic” challenge from SEECTF 2022 (Forensics Category). Description : Author: EnyeiWe inspected our logs and found someone downloading a file from a machine within the same network.Can you help find out what the contents of the file are?For beginners: https://www.javatpoint.com/wiresharkMD5: 71cd3bdbecece8d7919b586959f2d3b7 Solution : Once the capture file
SEETF 2022 – Sniffed Traffic Read More »
This is a small write-up of the “x-sixty-what” challenge from picoCTF 2022 (Binary Exploitation Category). The challenge is now available in picoGym here ! Description : Overflow x64 code Most problems before this are 32-bit x86. Now we’ll consider 64-bit x86 which is a little different! Overflow the buffer and change the return address to
picoCTF 2022 – x-sixty-what Read More »