Browse

Reverse Engineering

ClearFake - Malware Analysis Lab

26 minute read

Analysis of ClearFake malware which is planted on compromised WordPress websites to convince unsuspecting visitors to download and run malware.

LummaC2 - Malware Analysis Lab

30 minute read

Analysis of a RAR file which leads to the discovery of malicious Github repositories designed to distribute malware.

BlackNET RAT - Malware Analysis Lab

19 minute read

Deep dive analysis of the BlackNET RAT malware which recruits your system into a botnet that can be controlled from a centralised PHP web interface.

Agent Tesla - Malware Analysis Lab

14 minute read

Analysis of a UPX packed AutoIT binary which injects an Agent Tesla payload into memory, combined with some brief analysis of the Agent Tesla payload itself.

Practical Malware Analysis - Lab Write-up

1 minute read

This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...

Back to top ↑

Windows

ClearFake - Malware Analysis Lab

26 minute read

Analysis of ClearFake malware which is planted on compromised WordPress websites to convince unsuspecting visitors to download and run malware.

LummaC2 - Malware Analysis Lab

30 minute read

Analysis of a RAR file which leads to the discovery of malicious Github repositories designed to distribute malware.

BlackNET RAT - Malware Analysis Lab

19 minute read

Deep dive analysis of the BlackNET RAT malware which recruits your system into a botnet that can be controlled from a centralised PHP web interface.

Agent Tesla - Malware Analysis Lab

14 minute read

Analysis of a UPX packed AutoIT binary which injects an Agent Tesla payload into memory, combined with some brief analysis of the Agent Tesla payload itself.

Practical Malware Analysis - Lab Write-up

1 minute read

This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...

Back to top ↑

MITRE ATT&CK

Back to top ↑

CTF

2019 Defcon DFIR CTF Write-up

33 minute read

The Unofficial Defcon DFIR CTF comprised of 5 different challenge categories with a total of 82 DFIR related challenges including a Crypto Challenge, Deadbox...

Hack The Box - Querier

9 minute read

Querier is true to its name, requiring exploitation of common SQL vulnerabilities whilst combining elements of combing through macros, insecure SMB shares, h...

Hack The Box - Bastion

8 minute read

Bastion was a relatively simple machine with the biggest issue steming from maintaining a connection to a remote mounted drive. Utilising a machine vhd backu...

Hack The Box - Netmon

6 minute read

Netmon was a very simple box which highlighted issues with open FTP servers, plaintext configuration files, common password conventions, and blindly trusting...

Hack The Box - Irked

6 minute read

This machine highlighted a few issues such as supply chain compromise, the ease of hiding information using steganography, and how easily a vulnerable binary...

Hack The Box - Ypuffy

5 minute read

This machine was quite interesting, and contained a privilege escalation method I’d not seen mentioned elsewhere. Luckily this was confined to the challenge,...

Hack The Box - Waldo

5 minute read

This machine was interesting, starting with directory traversal and LFI vulnerabilities, it then exploits a feature not commonly known which is supposed to b...

Hack The Box - Zipper

8 minute read

This machine took a bit of thinking outside of the box so it was a bit of a nice challenge and involved exploiting both custom binaries and legitimate servic...

Hack The Box - Carrier

9 minute read

This machine had some interesting elements to it and really made you think outside of the box. It incorporated a number of elements which you wouldn’t typica...

Hack The Box - Curling

3 minute read

This machine had some CTF elements to it, but overall wasn’t that difficult to complete through proper enumeration. It highlights some issues which may be pr...

Hack The Box - Help

5 minute read

Help was an interesting machine which appeared to have multiple ways of gaining access and elevating privileges. In the end it contained elements of graphql,...

Hack The Box - Active

3 minute read

This machine was fairly straight forward and mimicked something you’d unfortunately expect to see even today in a typical penetration test. All in all it’s a...

Hack The Box - Access

6 minute read

This machine was fairly basic but still provided some useful reminders and tools which can be utilised to export pst file contents on Linux, natively transfe...

Hack The Box - Jerry

2 minute read

Jerry would have to be one of the easiest machines I’ve ever compromised on Hack The Box. This involved using legitimate credentials to log onto an Apache To...

Hack The Box - Dev0ops

8 minute read

Dev0ops highlighted issues with weakly configured XML parsers which lead to an XXE vulnerability, and developer error which lead to SSH keys in commit revisi...

Hack The Box - Solidstate

5 minute read

This machine contained a fairly straightforward SMTP vulnerability which didn’t even need to be exploited to fully compromise the machine. It is an essential...

Hack The Box - Chatterbox

5 minute read

Chatterbox was a reasonably simple machine which required exploiting a vulnerable ‘Achat’ service with custom shellcode, and then migrating to a more stable ...

Hack The Box - Jeeves

5 minute read

Jeeves showed us that an unauthenticated Jenkins server can easily lead to a reverse shell through Groovy Script even if the web-directory is unknown. It hig...

Hack The Box - Bashed

3 minute read

Bashed was an extremely simple box demonstrating some of the most basic techniques for spawning reverse shells and elevating privileges. It is a great beginn...

Hack The Box - Blue

26 minute read

Blue is definitely one of the shortest boxes in Hack The Box history. As the name suggests all that was required to fully compromise this machine was MS17-01...

Back to top ↑

Tutorials

Practical Malware Analysis - Lab Write-up

1 minute read

This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...

Back to top ↑

PracticalMalwareAnalysis

Practical Malware Analysis - Lab Write-up

1 minute read

This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...

Back to top ↑

HTB

Hack The Box - Querier

9 minute read

Querier is true to its name, requiring exploitation of common SQL vulnerabilities whilst combining elements of combing through macros, insecure SMB shares, h...

Hack The Box - Bastion

8 minute read

Bastion was a relatively simple machine with the biggest issue steming from maintaining a connection to a remote mounted drive. Utilising a machine vhd backu...

Hack The Box - Netmon

6 minute read

Netmon was a very simple box which highlighted issues with open FTP servers, plaintext configuration files, common password conventions, and blindly trusting...

Hack The Box - Irked

6 minute read

This machine highlighted a few issues such as supply chain compromise, the ease of hiding information using steganography, and how easily a vulnerable binary...

Hack The Box - Ypuffy

5 minute read

This machine was quite interesting, and contained a privilege escalation method I’d not seen mentioned elsewhere. Luckily this was confined to the challenge,...

Hack The Box - Waldo

5 minute read

This machine was interesting, starting with directory traversal and LFI vulnerabilities, it then exploits a feature not commonly known which is supposed to b...

Hack The Box - Zipper

8 minute read

This machine took a bit of thinking outside of the box so it was a bit of a nice challenge and involved exploiting both custom binaries and legitimate servic...

Hack The Box - Carrier

9 minute read

This machine had some interesting elements to it and really made you think outside of the box. It incorporated a number of elements which you wouldn’t typica...

Hack The Box - Curling

3 minute read

This machine had some CTF elements to it, but overall wasn’t that difficult to complete through proper enumeration. It highlights some issues which may be pr...

Hack The Box - Help

5 minute read

Help was an interesting machine which appeared to have multiple ways of gaining access and elevating privileges. In the end it contained elements of graphql,...

Hack The Box - Active

3 minute read

This machine was fairly straight forward and mimicked something you’d unfortunately expect to see even today in a typical penetration test. All in all it’s a...

Hack The Box - Access

6 minute read

This machine was fairly basic but still provided some useful reminders and tools which can be utilised to export pst file contents on Linux, natively transfe...

Hack The Box - Jerry

2 minute read

Jerry would have to be one of the easiest machines I’ve ever compromised on Hack The Box. This involved using legitimate credentials to log onto an Apache To...

Hack The Box - Dev0ops

8 minute read

Dev0ops highlighted issues with weakly configured XML parsers which lead to an XXE vulnerability, and developer error which lead to SSH keys in commit revisi...

Hack The Box - Solidstate

5 minute read

This machine contained a fairly straightforward SMTP vulnerability which didn’t even need to be exploited to fully compromise the machine. It is an essential...

Hack The Box - Chatterbox

5 minute read

Chatterbox was a reasonably simple machine which required exploiting a vulnerable ‘Achat’ service with custom shellcode, and then migrating to a more stable ...

Hack The Box - Jeeves

5 minute read

Jeeves showed us that an unauthenticated Jenkins server can easily lead to a reverse shell through Groovy Script even if the web-directory is unknown. It hig...

Hack The Box - Bashed

3 minute read

Bashed was an extremely simple box demonstrating some of the most basic techniques for spawning reverse shells and elevating privileges. It is a great beginn...

Hack The Box - Blue

26 minute read

Blue is definitely one of the shortest boxes in Hack The Box history. As the name suggests all that was required to fully compromise this machine was MS17-01...

Back to top ↑

Holiday Hack Challenge (HHC)

Back to top ↑

Penetration Testing

Hack The Box - Querier

9 minute read

Querier is true to its name, requiring exploitation of common SQL vulnerabilities whilst combining elements of combing through macros, insecure SMB shares, h...

Back to top ↑

DFIR

2019 Defcon DFIR CTF Write-up

33 minute read

The Unofficial Defcon DFIR CTF comprised of 5 different challenge categories with a total of 82 DFIR related challenges including a Crypto Challenge, Deadbox...

Back to top ↑

Cheatsheet

Back to top ↑

DEFCON

2019 Defcon DFIR CTF Write-up

33 minute read

The Unofficial Defcon DFIR CTF comprised of 5 different challenge categories with a total of 82 DFIR related challenges including a Crypto Challenge, Deadbox...

Back to top ↑

OSCP

Back to top ↑

STRRAT

Back to top ↑

Threat Intelligence

Back to top ↑

Redline Stealer

Back to top ↑

Miscellaneous

Nuggets of Knowledge

19 minute read

Place to capture random social media posts which I’ve made, and capture various pieces of shared knowledge which proved popular.

Back to top ↑

Aspmuma

Back to top ↑

Remcos

Back to top ↑

Game Hacking

Back to top ↑

Pwn Adventure

Back to top ↑

Cobalt Strike Stager

Back to top ↑

Snake Keylogger

Back to top ↑

Android Malware

Back to top ↑

PowerShell Webhook Clipper

Back to top ↑

AgentTesla

Agent Tesla - Malware Analysis Lab

14 minute read

Analysis of a UPX packed AutoIT binary which injects an Agent Tesla payload into memory, combined with some brief analysis of the Agent Tesla payload itself.

Back to top ↑

BlackNET RAT

BlackNET RAT - Malware Analysis Lab

19 minute read

Deep dive analysis of the BlackNET RAT malware which recruits your system into a botnet that can be controlled from a centralised PHP web interface.

Back to top ↑

Dark Tortilla Crypter

Back to top ↑

Havoc

Back to top ↑

Demon

Back to top ↑

Xworm Loader

Back to top ↑

Duvet Stealer

Back to top ↑

BBY Stealer

Back to top ↑

Fakebat Malware

Back to top ↑

IDAT Loader

Back to top ↑

IDAT Injector

Back to top ↑

Hijack Loader

Back to top ↑

AsyncRAT Injector

Back to top ↑

AsyncRAT

Back to top ↑

Cryptoshuffler

Back to top ↑

TURS Agent

Back to top ↑

AMOS

Back to top ↑

Atomic MacOS Stealer

Back to top ↑

MacOS

Back to top ↑

Formbook Downloader

Back to top ↑

LummaC2

LummaC2 - Malware Analysis Lab

30 minute read

Analysis of a RAR file which leads to the discovery of malicious Github repositories designed to distribute malware.

Back to top ↑

ClearFake

ClearFake - Malware Analysis Lab

26 minute read

Analysis of ClearFake malware which is planted on compromised WordPress websites to convince unsuspecting visitors to download and run malware.

Back to top ↑