Leet Stealer - Malware Analysis Lab
Analysis of a family of malware dubbed Leet Stealer which is distributed over Discord.
Browse
- Reverse Engineering 48
- Windows 44
- MITRE ATT&CK 28
- CTF 27
- Tutorials 23
- PracticalMalwareAnalysis 23
- HTB 19
- Holiday Hack Challenge (HHC) 6
- Penetration Testing 2
- DFIR 2
- Cheatsheet 2
- DEFCON 1
- OSCP 1
- STRRAT 1
- Threat Intelligence 1
- Redline Stealer 1
- Miscellaneous 1
- Aspmuma 1
- Remcos 1
- Game Hacking 1
- Pwn Adventure 1
- Cobalt Strike Stager 1
- Snake Keylogger 1
- Android Malware 1
- PowerShell Webhook Clipper 1
- AgentTesla 1
- BlackNET RAT 1
- Dark Tortilla Crypter 1
- Havoc 1
- Demon 1
- Xworm Loader 1
- Duvet Stealer 1
- BBY Stealer 1
- Fakebat Malware 1
- IDAT Loader 1
- IDAT Injector 1
- Hijack Loader 1
- AsyncRAT Injector 1
- AsyncRAT 1
- Cryptoshuffler 1
- TURS Agent 1
- AMOS 1
- Atomic MacOS Stealer 1
- MacOS 1
- Formbook Downloader 1
- LummaC2 1
- ClearFake 1
- Octowave 1
- Security Analysis 1
- blog 1
- Leet Stealer 1
Reverse Engineering
Octowave Loader - Malware Analysis Lab
Analysis of a new malware loader being used in ClickFix campaigns which I’ve named Octowave Loader
ClearFake - Malware Analysis Lab
Analysis of ClearFake malware which is planted on compromised WordPress websites to convince unsuspecting visitors to download and run malware.
LummaC2 - Malware Analysis Lab
Analysis of a RAR file which leads to the discovery of malicious Github repositories designed to distribute malware.
FormBook Downloader - Malware Analysis Lab
Analysis of a LNK which acts as a FormBook download cradle hosted on a compromised WordPress website.
Atomic MacOS Stealer (AMOS) - Malware Analysis Lab
Analysis of Atomic MacOS Stealer (AMOS) distributed through fake Homebrew domains
Cryptoshuffler/TURS Agent - Malware Analysis Lab
Analysis of a backoored Wasabi Wallet installer and how it deploys TURS Agent onto a system
AsyncRAT Injector - Malware Analysis Lab
Analysis of an AsyncRAT downloader, reflective loader, injector, and perfoming AES decryption using CyberChef
IDAT Loader - Malware Analysis Lab
Analysis of IDAT Loader RAT, an advanced malware-as-a-service injector
Fakebat Malware - Malware Analysis Lab
Analysis of Fakebat Malware a malware-as-a-service downloader
Duvet Stealer - Malware Analysis Lab
Analysis of Duvet Stealer, Electron-based malware designed to target Discord users
Xworm Loader - Malware Analysis Lab
Analysis of an Xworm Loader which invokes a PowerShell script that retrieves a payload from the end of a picture
Havoc Demon Hunting - Malware Analysis Lab
Analysis of a Havoc Demon and how YARA rules can be created with Ghidra to find other samples
Dark Tortilla Crypter - Malware Analysis Lab
Analysis of an Agent Tesla sample which has been wrapped using the Dark Tortilla Crypter.
BlackNET RAT - Malware Analysis Lab
Deep dive analysis of the BlackNET RAT malware which recruits your system into a botnet that can be controlled from a centralised PHP web interface.
Agent Tesla - Malware Analysis Lab
Analysis of a UPX packed AutoIT binary which injects an Agent Tesla payload into memory, combined with some brief analysis of the Agent Tesla payload itself.
PowerShell Webhook Clipper - Malware Analysis Lab
Analysis of a PowerShell script which takes the contents of your clipboard and exfiltrates it to a webhook any time you use CTRL + C
Android Malware - Malware Analysis Lab
Analysis of an Android application which proxies requests and sends specific URLs accessed to remote advertising servers
Snake Keylogger - Malware Analysis Lab
Analysis of the Snake Keylogger and how it steals information from your system
Cobalt Strike Stager - Malware Analysis Lab
Analysis of a Cobalt Strike Stager using CyberChef and then supporting findings with specific Python scripts
Pwn Adventure 3 - Pwnie Island
Hacking ‘Pwn Adventure 3: Pwnie Island’, an intentionally vulnerable first-person MMORPG.
Remcos RAT - Malware Analysis Lab
Analysis of Remcos RAT, a prevalent remote access tool/trojan.
Aspmuma 2009 ‘xxooxx’ - Malware Analysis Lab
Analysis of a web shell I’ve named Aspmuma 2009 ‘xxooxx’.
Redline Stealer - Malware Analysis Lab
Analysis of the malware Redline Stealer.
STRRAT (Strigoi) - Malware Analysis Lab
Analysis of the malware STRRAT.
Practical Malware Analysis - Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Conclusion Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 9 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 8 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 7 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 6 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 5 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 4 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 3 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 21 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 20 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 2 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 19 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 18 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 17 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 16 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 15 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 14 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 13 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 12 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 11 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 10 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 1 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Windows
Leet Stealer - Malware Analysis Lab
Analysis of a family of malware dubbed Leet Stealer which is distributed over Discord.
Octowave Loader - Malware Analysis Lab
Analysis of a new malware loader being used in ClickFix campaigns which I’ve named Octowave Loader
ClearFake - Malware Analysis Lab
Analysis of ClearFake malware which is planted on compromised WordPress websites to convince unsuspecting visitors to download and run malware.
LummaC2 - Malware Analysis Lab
Analysis of a RAR file which leads to the discovery of malicious Github repositories designed to distribute malware.
FormBook Downloader - Malware Analysis Lab
Analysis of a LNK which acts as a FormBook download cradle hosted on a compromised WordPress website.
Cryptoshuffler/TURS Agent - Malware Analysis Lab
Analysis of a backoored Wasabi Wallet installer and how it deploys TURS Agent onto a system
AsyncRAT Injector - Malware Analysis Lab
Analysis of an AsyncRAT downloader, reflective loader, injector, and perfoming AES decryption using CyberChef
IDAT Loader - Malware Analysis Lab
Analysis of IDAT Loader RAT, an advanced malware-as-a-service injector
Fakebat Malware - Malware Analysis Lab
Analysis of Fakebat Malware a malware-as-a-service downloader
Duvet Stealer - Malware Analysis Lab
Analysis of Duvet Stealer, Electron-based malware designed to target Discord users
Xworm Loader - Malware Analysis Lab
Analysis of an Xworm Loader which invokes a PowerShell script that retrieves a payload from the end of a picture
Havoc Demon Hunting - Malware Analysis Lab
Analysis of a Havoc Demon and how YARA rules can be created with Ghidra to find other samples
Dark Tortilla Crypter - Malware Analysis Lab
Analysis of an Agent Tesla sample which has been wrapped using the Dark Tortilla Crypter.
BlackNET RAT - Malware Analysis Lab
Deep dive analysis of the BlackNET RAT malware which recruits your system into a botnet that can be controlled from a centralised PHP web interface.
Agent Tesla - Malware Analysis Lab
Analysis of a UPX packed AutoIT binary which injects an Agent Tesla payload into memory, combined with some brief analysis of the Agent Tesla payload itself.
PowerShell Webhook Clipper - Malware Analysis Lab
Analysis of a PowerShell script which takes the contents of your clipboard and exfiltrates it to a webhook any time you use CTRL + C
Android Malware - Malware Analysis Lab
Analysis of an Android application which proxies requests and sends specific URLs accessed to remote advertising servers
Snake Keylogger - Malware Analysis Lab
Analysis of the Snake Keylogger and how it steals information from your system
Cobalt Strike Stager - Malware Analysis Lab
Analysis of a Cobalt Strike Stager using CyberChef and then supporting findings with specific Python scripts
Remcos RAT - Malware Analysis Lab
Analysis of Remcos RAT, a prevalent remote access tool/trojan.
Aspmuma 2009 ‘xxooxx’ - Malware Analysis Lab
Analysis of a web shell I’ve named Aspmuma 2009 ‘xxooxx’.
Redline Stealer - Malware Analysis Lab
Analysis of the malware Redline Stealer.
STRRAT (Strigoi) - Malware Analysis Lab
Analysis of the malware STRRAT.
Practical Malware Analysis - Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Conclusion Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 9 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 7 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 6 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 5 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 3 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 21 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 20 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 2 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 19 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 18 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 17 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 16 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 15 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 14 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 13 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 12 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 11 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 10 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 1 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
MITRE ATT&CK
MITRE ATT&CK™ Analysis - T1056.004 Credential API Hooking
Various tests involving methods outlined within the MITRE ATT&CK framework.
MITRE ATT&CK™ Analysis - T1556.002 Password Filter DLL
Various tests involving methods outlined within the MITRE ATT&CK framework.
MITRE ATT&CK™ Analysis - T1090 Proxy
Various tests involving methods outlined within the MITRE ATT&CK framework.
MITRE ATT&CK™ Analysis - T1113 Screen Capture
Various tests involving methods outlined within the MITRE ATT&CK framework.
MITRE ATT&CK™ Analysis - T1087 Account Discovery
Various tests involving methods outlined within the MITRE ATT&CK framework.
MITRE ATT&CK™ Analysis - T1074.001 Local Data Staging
Various tests involving methods outlined within the MITRE ATT&CK framework.
MITRE ATT&CK™ Analysis - T1053.005 Scheduled Task
Various tests involving methods outlined within the MITRE ATT&CK framework.
MITRE ATT&CK™ Analysis - T1021.006 Windows Remote Management
Various tests involving methods outlined within the MITRE ATT&CK framework.
MITRE ATT&CK™ Analysis - T1037.001 Logon Script (Windows)
Various tests involving methods outlined within the MITRE ATT&CK framework.
MITRE ATT&CK™ Analysis - T1218.005 Mshta
Various tests involving methods outlined within the MITRE ATT&CK framework.
MITRE ATT&CK™ Analysis - T1218.002 Control Panel
Various tests involving methods outlined within the MITRE ATT&CK framework.
MITRE ATT&CK™ Analysis - T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
Various tests involving methods outlined within the MITRE ATT&CK framework.
MITRE ATT&CK™ Analysis - T1550.002 Pass the Hash
Various tests involving methods outlined within the MITRE ATT&CK framework.
MITRE ATT&CK™ Analysis - T1218.003 CMSTP
Various tests involving methods outlined within the MITRE ATT&CK framework.
MITRE ATT&CK™ Analysis - T1546.012 Image File Execution Options Injection
Various tests involving methods outlined within the MITRE ATT&CK framework.
MITRE ATT&CK™ Analysis - T1548.002 - Bypass User Account Control
Various tests involving methods outlined within the MITRE ATT&CK framework.
MITRE ATT&CK™ Analysis - T1546.001 Change Default File Association
Various tests involving methods outlined within the MITRE ATT&CK framework.
MITRE ATT&CK™ Analysis - T1218.004 InstallUtil
Various tests involving methods outlined within the MITRE ATT&CK framework.
MITRE ATT&CK™ Analysis - T1091 Replication Through Removable Media
Various tests involving methods outlined within the MITRE ATT&CK framework.
MITRE ATT&CK™ Analysis - T1027.004 Compile After Delivery
Various tests involving methods outlined within the MITRE ATT&CK framework.
MITRE ATT&CK™ Analysis - T1127.001 MSBuild
Various tests involving methods outlined within the MITRE ATT&CK framework.
MITRE ATT&CK™ Analysis - T1546.010 AppInit DLLs
Various tests involving methods outlined within the MITRE ATT&CK framework.
MITRE ATT&CK™ Analysis - T1078 Valid Accounts
Various tests involving methods outlined within the MITRE ATT&CK framework.
MITRE ATT&CK™ Analysis - T1055 Process Injection
Various tests involving methods outlined within the MITRE ATT&CK framework.
MITRE ATT&CK™ Analysis - T1543.003 Windows Service
Various tests involving methods outlined within the MITRE ATT&CK framework.
MITRE ATT&CK™ Analysis - T1546.008 Accessibility Features
Various tests involving methods outlined within the MITRE ATT&CK framework.
MITRE ATT&CK™ Analysis - T1197 BITS Jobs
Various tests involving methods outlined within the MITRE ATT&CK framework.
MITRE ATT&CK™ Analysis - T1546.015 Component Object Model Hijacking
Various tests involving methods outlined within the MITRE ATT&CK framework.
CTF
🎅🎄 SANS 2023 Holiday Hack Challenge (HHC) - A Holiday Odyssey 🍹🏖️
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In December 2023, I successfully c...
Pwn Adventure 3 - Pwnie Island
Hacking ‘Pwn Adventure 3: Pwnie Island’, an intentionally vulnerable first-person MMORPG.
🎅🎄 SANS 2022 Holiday Hack Challenge (HHC) - KringleCon 5
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In December 2022, I successfully c...
🎅🎄 SANS 2021 Holiday Hack Challenge (HHC) - KringleCon 4
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In December 2021, I successfully c...
🎅🎄 SANS 2020 Holiday Hack Challenge (HHC) - KringleCon 3
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In December 2020, I successfully c...
2019 Defcon DFIR CTF Write-up
The Unofficial Defcon DFIR CTF comprised of 5 different challenge categories with a total of 82 DFIR related challenges including a Crypto Challenge, Deadbox...
Hack The Box - Querier
Querier is true to its name, requiring exploitation of common SQL vulnerabilities whilst combining elements of combing through macros, insecure SMB shares, h...
Hack The Box - Bastion
Bastion was a relatively simple machine with the biggest issue steming from maintaining a connection to a remote mounted drive. Utilising a machine vhd backu...
Hack The Box - Netmon
Netmon was a very simple box which highlighted issues with open FTP servers, plaintext configuration files, common password conventions, and blindly trusting...
🎅🎄 SANS 2018 Holiday Hack Challenge (HHC) - KringleCon
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In January 2019, I successfully co...
Hack The Box - Irked
This machine highlighted a few issues such as supply chain compromise, the ease of hiding information using steganography, and how easily a vulnerable binary...
🎅🎄 SANS 2019 Holiday Hack Challenge (HHC) - KringleCon 2
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In December 2019, I successfully c...
Hack The Box - Ypuffy
This machine was quite interesting, and contained a privilege escalation method I’d not seen mentioned elsewhere. Luckily this was confined to the challenge,...
Hack The Box - Waldo
This machine was interesting, starting with directory traversal and LFI vulnerabilities, it then exploits a feature not commonly known which is supposed to b...
Hack The Box - Zipper
This machine took a bit of thinking outside of the box so it was a bit of a nice challenge and involved exploiting both custom binaries and legitimate servic...
Hack The Box - Carrier
This machine had some interesting elements to it and really made you think outside of the box. It incorporated a number of elements which you wouldn’t typica...
Hack The Box - Curling
This machine had some CTF elements to it, but overall wasn’t that difficult to complete through proper enumeration. It highlights some issues which may be pr...
Hack The Box - Help
Help was an interesting machine which appeared to have multiple ways of gaining access and elevating privileges. In the end it contained elements of graphql,...
Hack The Box - Active
This machine was fairly straight forward and mimicked something you’d unfortunately expect to see even today in a typical penetration test. All in all it’s a...
Hack The Box - Access
This machine was fairly basic but still provided some useful reminders and tools which can be utilised to export pst file contents on Linux, natively transfe...
Hack The Box - Jerry
Jerry would have to be one of the easiest machines I’ve ever compromised on Hack The Box. This involved using legitimate credentials to log onto an Apache To...
Hack The Box - Dev0ops
Dev0ops highlighted issues with weakly configured XML parsers which lead to an XXE vulnerability, and developer error which lead to SSH keys in commit revisi...
Hack The Box - Solidstate
This machine contained a fairly straightforward SMTP vulnerability which didn’t even need to be exploited to fully compromise the machine. It is an essential...
Hack The Box - Chatterbox
Chatterbox was a reasonably simple machine which required exploiting a vulnerable ‘Achat’ service with custom shellcode, and then migrating to a more stable ...
Hack The Box - Jeeves
Jeeves showed us that an unauthenticated Jenkins server can easily lead to a reverse shell through Groovy Script even if the web-directory is unknown. It hig...
Hack The Box - Bashed
Bashed was an extremely simple box demonstrating some of the most basic techniques for spawning reverse shells and elevating privileges. It is a great beginn...
Hack The Box - Blue
Blue is definitely one of the shortest boxes in Hack The Box history. As the name suggests all that was required to fully compromise this machine was MS17-01...
Tutorials
Practical Malware Analysis - Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Conclusion Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 9 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 8 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 7 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 6 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 5 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 4 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 3 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 21 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 20 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 2 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 19 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 18 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 17 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 16 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 15 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 14 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 13 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 12 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 11 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 10 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 1 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
PracticalMalwareAnalysis
Practical Malware Analysis - Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Conclusion Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 9 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 8 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 7 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 6 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 5 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 4 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 3 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 21 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 20 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 2 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 19 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 18 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 17 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 16 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 15 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 14 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 13 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 12 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 11 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 10 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Practical Malware Analysis - Chapter 1 Lab Write-up
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
HTB
Hack The Box - Querier
Querier is true to its name, requiring exploitation of common SQL vulnerabilities whilst combining elements of combing through macros, insecure SMB shares, h...
Hack The Box - Bastion
Bastion was a relatively simple machine with the biggest issue steming from maintaining a connection to a remote mounted drive. Utilising a machine vhd backu...
Hack The Box - Netmon
Netmon was a very simple box which highlighted issues with open FTP servers, plaintext configuration files, common password conventions, and blindly trusting...
Hack The Box - Irked
This machine highlighted a few issues such as supply chain compromise, the ease of hiding information using steganography, and how easily a vulnerable binary...
Hack The Box - Ypuffy
This machine was quite interesting, and contained a privilege escalation method I’d not seen mentioned elsewhere. Luckily this was confined to the challenge,...
Hack The Box - Waldo
This machine was interesting, starting with directory traversal and LFI vulnerabilities, it then exploits a feature not commonly known which is supposed to b...
Hack The Box - Zipper
This machine took a bit of thinking outside of the box so it was a bit of a nice challenge and involved exploiting both custom binaries and legitimate servic...
Hack The Box - Carrier
This machine had some interesting elements to it and really made you think outside of the box. It incorporated a number of elements which you wouldn’t typica...
Hack The Box - Curling
This machine had some CTF elements to it, but overall wasn’t that difficult to complete through proper enumeration. It highlights some issues which may be pr...
Hack The Box - Help
Help was an interesting machine which appeared to have multiple ways of gaining access and elevating privileges. In the end it contained elements of graphql,...
Hack The Box - Active
This machine was fairly straight forward and mimicked something you’d unfortunately expect to see even today in a typical penetration test. All in all it’s a...
Hack The Box - Access
This machine was fairly basic but still provided some useful reminders and tools which can be utilised to export pst file contents on Linux, natively transfe...
Hack The Box - Jerry
Jerry would have to be one of the easiest machines I’ve ever compromised on Hack The Box. This involved using legitimate credentials to log onto an Apache To...
Hack The Box - Dev0ops
Dev0ops highlighted issues with weakly configured XML parsers which lead to an XXE vulnerability, and developer error which lead to SSH keys in commit revisi...
Hack The Box - Solidstate
This machine contained a fairly straightforward SMTP vulnerability which didn’t even need to be exploited to fully compromise the machine. It is an essential...
Hack The Box - Chatterbox
Chatterbox was a reasonably simple machine which required exploiting a vulnerable ‘Achat’ service with custom shellcode, and then migrating to a more stable ...
Hack The Box - Jeeves
Jeeves showed us that an unauthenticated Jenkins server can easily lead to a reverse shell through Groovy Script even if the web-directory is unknown. It hig...
Hack The Box - Bashed
Bashed was an extremely simple box demonstrating some of the most basic techniques for spawning reverse shells and elevating privileges. It is a great beginn...
Hack The Box - Blue
Blue is definitely one of the shortest boxes in Hack The Box history. As the name suggests all that was required to fully compromise this machine was MS17-01...
Holiday Hack Challenge (HHC)
🎅🎄 SANS 2023 Holiday Hack Challenge (HHC) - A Holiday Odyssey 🍹🏖️
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In December 2023, I successfully c...
🎅🎄 SANS 2022 Holiday Hack Challenge (HHC) - KringleCon 5
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In December 2022, I successfully c...
🎅🎄 SANS 2021 Holiday Hack Challenge (HHC) - KringleCon 4
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In December 2021, I successfully c...
🎅🎄 SANS 2020 Holiday Hack Challenge (HHC) - KringleCon 3
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In December 2020, I successfully c...
🎅🎄 SANS 2018 Holiday Hack Challenge (HHC) - KringleCon
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In January 2019, I successfully co...
🎅🎄 SANS 2019 Holiday Hack Challenge (HHC) - KringleCon 2
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In December 2019, I successfully c...
Penetration Testing
OSCP and Penetration Testing
Cyber Security resources for OSCP and penetration testing.
Hack The Box - Querier
Querier is true to its name, requiring exploitation of common SQL vulnerabilities whilst combining elements of combing through macros, insecure SMB shares, h...
DFIR
Digital Forensics and Incident Response
Cheatsheet containing a variety of commands and concepts relating to digital forensics and incident response.
2019 Defcon DFIR CTF Write-up
The Unofficial Defcon DFIR CTF comprised of 5 different challenge categories with a total of 82 DFIR related challenges including a Crypto Challenge, Deadbox...
Cheatsheet
Digital Forensics and Incident Response
Cheatsheet containing a variety of commands and concepts relating to digital forensics and incident response.
OSCP and Penetration Testing
Cyber Security resources for OSCP and penetration testing.
DEFCON
2019 Defcon DFIR CTF Write-up
The Unofficial Defcon DFIR CTF comprised of 5 different challenge categories with a total of 82 DFIR related challenges including a Crypto Challenge, Deadbox...
OSCP
OSCP and Penetration Testing
Cyber Security resources for OSCP and penetration testing.
STRRAT
STRRAT (Strigoi) - Malware Analysis Lab
Analysis of the malware STRRAT.
Threat Intelligence
STRRAT (Strigoi) - Malware Analysis Lab
Analysis of the malware STRRAT.
Redline Stealer
Redline Stealer - Malware Analysis Lab
Analysis of the malware Redline Stealer.
Miscellaneous
Nuggets of Knowledge
Place to capture random social media posts which I’ve made, and capture various pieces of shared knowledge which proved popular.
Aspmuma
Aspmuma 2009 ‘xxooxx’ - Malware Analysis Lab
Analysis of a web shell I’ve named Aspmuma 2009 ‘xxooxx’.
Remcos
Remcos RAT - Malware Analysis Lab
Analysis of Remcos RAT, a prevalent remote access tool/trojan.
Game Hacking
Pwn Adventure 3 - Pwnie Island
Hacking ‘Pwn Adventure 3: Pwnie Island’, an intentionally vulnerable first-person MMORPG.
Pwn Adventure
Pwn Adventure 3 - Pwnie Island
Hacking ‘Pwn Adventure 3: Pwnie Island’, an intentionally vulnerable first-person MMORPG.
Cobalt Strike Stager
Cobalt Strike Stager - Malware Analysis Lab
Analysis of a Cobalt Strike Stager using CyberChef and then supporting findings with specific Python scripts
Snake Keylogger
Snake Keylogger - Malware Analysis Lab
Analysis of the Snake Keylogger and how it steals information from your system
Android Malware
Android Malware - Malware Analysis Lab
Analysis of an Android application which proxies requests and sends specific URLs accessed to remote advertising servers
PowerShell Webhook Clipper
PowerShell Webhook Clipper - Malware Analysis Lab
Analysis of a PowerShell script which takes the contents of your clipboard and exfiltrates it to a webhook any time you use CTRL + C
AgentTesla
Agent Tesla - Malware Analysis Lab
Analysis of a UPX packed AutoIT binary which injects an Agent Tesla payload into memory, combined with some brief analysis of the Agent Tesla payload itself.
BlackNET RAT
BlackNET RAT - Malware Analysis Lab
Deep dive analysis of the BlackNET RAT malware which recruits your system into a botnet that can be controlled from a centralised PHP web interface.
Dark Tortilla Crypter
Dark Tortilla Crypter - Malware Analysis Lab
Analysis of an Agent Tesla sample which has been wrapped using the Dark Tortilla Crypter.
Havoc
Havoc Demon Hunting - Malware Analysis Lab
Analysis of a Havoc Demon and how YARA rules can be created with Ghidra to find other samples
Demon
Havoc Demon Hunting - Malware Analysis Lab
Analysis of a Havoc Demon and how YARA rules can be created with Ghidra to find other samples
Xworm Loader
Xworm Loader - Malware Analysis Lab
Analysis of an Xworm Loader which invokes a PowerShell script that retrieves a payload from the end of a picture
Duvet Stealer
Duvet Stealer - Malware Analysis Lab
Analysis of Duvet Stealer, Electron-based malware designed to target Discord users
BBY Stealer
Duvet Stealer - Malware Analysis Lab
Analysis of Duvet Stealer, Electron-based malware designed to target Discord users
Fakebat Malware
Fakebat Malware - Malware Analysis Lab
Analysis of Fakebat Malware a malware-as-a-service downloader
IDAT Loader
IDAT Loader - Malware Analysis Lab
Analysis of IDAT Loader RAT, an advanced malware-as-a-service injector
IDAT Injector
IDAT Loader - Malware Analysis Lab
Analysis of IDAT Loader RAT, an advanced malware-as-a-service injector
Hijack Loader
IDAT Loader - Malware Analysis Lab
Analysis of IDAT Loader RAT, an advanced malware-as-a-service injector
AsyncRAT Injector
AsyncRAT Injector - Malware Analysis Lab
Analysis of an AsyncRAT downloader, reflective loader, injector, and perfoming AES decryption using CyberChef
AsyncRAT
AsyncRAT Injector - Malware Analysis Lab
Analysis of an AsyncRAT downloader, reflective loader, injector, and perfoming AES decryption using CyberChef
Cryptoshuffler
Cryptoshuffler/TURS Agent - Malware Analysis Lab
Analysis of a backoored Wasabi Wallet installer and how it deploys TURS Agent onto a system
TURS Agent
Cryptoshuffler/TURS Agent - Malware Analysis Lab
Analysis of a backoored Wasabi Wallet installer and how it deploys TURS Agent onto a system
AMOS
Atomic MacOS Stealer (AMOS) - Malware Analysis Lab
Analysis of Atomic MacOS Stealer (AMOS) distributed through fake Homebrew domains
Atomic MacOS Stealer
Atomic MacOS Stealer (AMOS) - Malware Analysis Lab
Analysis of Atomic MacOS Stealer (AMOS) distributed through fake Homebrew domains
MacOS
Atomic MacOS Stealer (AMOS) - Malware Analysis Lab
Analysis of Atomic MacOS Stealer (AMOS) distributed through fake Homebrew domains
Formbook Downloader
FormBook Downloader - Malware Analysis Lab
Analysis of a LNK which acts as a FormBook download cradle hosted on a compromised WordPress website.
LummaC2
LummaC2 - Malware Analysis Lab
Analysis of a RAR file which leads to the discovery of malicious Github repositories designed to distribute malware.
ClearFake
ClearFake - Malware Analysis Lab
Analysis of ClearFake malware which is planted on compromised WordPress websites to convince unsuspecting visitors to download and run malware.
Octowave
Octowave Loader - Malware Analysis Lab
Analysis of a new malware loader being used in ClickFix campaigns which I’ve named Octowave Loader
Security Analysis
HISAC - High Impact Security Analysis and Communication
How to be a well rounded SOC/MDR/Cyber/Information Security Analyst.
blog
HISAC - High Impact Security Analysis and Communication
How to be a well rounded SOC/MDR/Cyber/Information Security Analyst.
Leet Stealer
Leet Stealer - Malware Analysis Lab
Analysis of a family of malware dubbed Leet Stealer which is distributed over Discord.