ClearFake - Malware Analysis Lab
Analysis of ClearFake malware which is planted on compromised WordPress websites to convince unsuspecting visitors to download and run malware.
Analysis of ClearFake malware which is planted on compromised WordPress websites to convince unsuspecting visitors to download and run malware.
Analysis of a RAR file which leads to the discovery of malicious Github repositories designed to distribute malware.
Analysis of a LNK which acts as a FormBook download cradle hosted on a compromised WordPress website.
Analysis of Atomic MacOS Stealer (AMOS) distributed through fake Homebrew domains
Analysis of a backoored Wasabi Wallet installer and how it deploys TURS Agent onto a system
Analysis of an AsyncRAT downloader, reflective loader, injector, and perfoming AES decryption using CyberChef
Analysis of IDAT Loader RAT, an advanced malware-as-a-service injector
Analysis of Fakebat Malware a malware-as-a-service downloader
Analysis of Duvet Stealer, Electron-based malware designed to target Discord users
Analysis of an Xworm Loader which invokes a PowerShell script that retrieves a payload from the end of a picture
Analysis of a Havoc Demon and how YARA rules can be created with Ghidra to find other samples
Analysis of an Agent Tesla sample which has been wrapped using the Dark Tortilla Crypter.
Deep dive analysis of the BlackNET RAT malware which recruits your system into a botnet that can be controlled from a centralised PHP web interface.
Analysis of a UPX packed AutoIT binary which injects an Agent Tesla payload into memory, combined with some brief analysis of the Agent Tesla payload itself.
Analysis of a PowerShell script which takes the contents of your clipboard and exfiltrates it to a webhook any time you use CTRL + C
Analysis of an Android application which proxies requests and sends specific URLs accessed to remote advertising servers
Analysis of the Snake Keylogger and how it steals information from your system
Analysis of a Cobalt Strike Stager using CyberChef and then supporting findings with specific Python scripts
Analysis of Remcos RAT, a prevalent remote access tool/trojan.
Analysis of the malware Redline Stealer.
Analysis of the malware STRRAT.
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Analysis of a RAR file which leads to the discovery of malicious Github repositories designed to distribute malware.
Analysis of Atomic MacOS Stealer (AMOS) distributed through fake Homebrew domains
Analysis of a backoored Wasabi Wallet installer and how it deploys TURS Agent onto a system
Analysis of an AsyncRAT downloader, reflective loader, injector, and perfoming AES decryption using CyberChef
Analysis of IDAT Loader RAT, an advanced malware-as-a-service injector
Analysis of Duvet Stealer, Electron-based malware designed to target Discord users
Analysis of an Xworm Loader which invokes a PowerShell script that retrieves a payload from the end of a picture
Analysis of a Havoc Demon and how YARA rules can be created with Ghidra to find other samples
Analysis of an Agent Tesla sample which has been wrapped using the Dark Tortilla Crypter.
Deep dive analysis of the BlackNET RAT malware which recruits your system into a botnet that can be controlled from a centralised PHP web interface.
Analysis of a UPX packed AutoIT binary which injects an Agent Tesla payload into memory, combined with some brief analysis of the Agent Tesla payload itself.
Analysis of a PowerShell script which takes the contents of your clipboard and exfiltrates it to a webhook any time you use CTRL + C
Analysis of the Snake Keylogger and how it steals information from your system
Analysis of Remcos RAT, a prevalent remote access tool/trojan.
Analysis of the malware Redline Stealer.
Analysis of the malware STRRAT.
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In December 2023, I successfully c...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In December 2022, I successfully c...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In December 2021, I successfully c...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In December 2020, I successfully c...
The Unofficial Defcon DFIR CTF comprised of 5 different challenge categories with a total of 82 DFIR related challenges including a Crypto Challenge, Deadbox...
Querier is true to its name, requiring exploitation of common SQL vulnerabilities whilst combining elements of combing through macros, insecure SMB shares, h...
Bastion was a relatively simple machine with the biggest issue steming from maintaining a connection to a remote mounted drive. Utilising a machine vhd backu...
Netmon was a very simple box which highlighted issues with open FTP servers, plaintext configuration files, common password conventions, and blindly trusting...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In January 2019, I successfully co...
This machine highlighted a few issues such as supply chain compromise, the ease of hiding information using steganography, and how easily a vulnerable binary...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In December 2019, I successfully c...
This machine was quite interesting, and contained a privilege escalation method I’d not seen mentioned elsewhere. Luckily this was confined to the challenge,...
This machine was interesting, starting with directory traversal and LFI vulnerabilities, it then exploits a feature not commonly known which is supposed to b...
This machine took a bit of thinking outside of the box so it was a bit of a nice challenge and involved exploiting both custom binaries and legitimate servic...
This machine had some interesting elements to it and really made you think outside of the box. It incorporated a number of elements which you wouldn’t typica...
This machine had some CTF elements to it, but overall wasn’t that difficult to complete through proper enumeration. It highlights some issues which may be pr...
Help was an interesting machine which appeared to have multiple ways of gaining access and elevating privileges. In the end it contained elements of graphql,...
This machine was fairly straight forward and mimicked something you’d unfortunately expect to see even today in a typical penetration test. All in all it’s a...
This machine was fairly basic but still provided some useful reminders and tools which can be utilised to export pst file contents on Linux, natively transfe...
Jerry would have to be one of the easiest machines I’ve ever compromised on Hack The Box. This involved using legitimate credentials to log onto an Apache To...
Dev0ops highlighted issues with weakly configured XML parsers which lead to an XXE vulnerability, and developer error which lead to SSH keys in commit revisi...
This machine contained a fairly straightforward SMTP vulnerability which didn’t even need to be exploited to fully compromise the machine. It is an essential...
Chatterbox was a reasonably simple machine which required exploiting a vulnerable ‘Achat’ service with custom shellcode, and then migrating to a more stable ...
Jeeves showed us that an unauthenticated Jenkins server can easily lead to a reverse shell through Groovy Script even if the web-directory is unknown. It hig...
Bashed was an extremely simple box demonstrating some of the most basic techniques for spawning reverse shells and elevating privileges. It is a great beginn...
Blue is definitely one of the shortest boxes in Hack The Box history. As the name suggests all that was required to fully compromise this machine was MS17-01...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In December 2023, I successfully c...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In December 2022, I successfully c...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In December 2021, I successfully c...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In December 2020, I successfully c...
The Unofficial Defcon DFIR CTF comprised of 5 different challenge categories with a total of 82 DFIR related challenges including a Crypto Challenge, Deadbox...
Bastion was a relatively simple machine with the biggest issue steming from maintaining a connection to a remote mounted drive. Utilising a machine vhd backu...
Netmon was a very simple box which highlighted issues with open FTP servers, plaintext configuration files, common password conventions, and blindly trusting...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In January 2019, I successfully co...
This machine highlighted a few issues such as supply chain compromise, the ease of hiding information using steganography, and how easily a vulnerable binary...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In December 2019, I successfully c...
This machine was quite interesting, and contained a privilege escalation method I’d not seen mentioned elsewhere. Luckily this was confined to the challenge,...
This machine was interesting, starting with directory traversal and LFI vulnerabilities, it then exploits a feature not commonly known which is supposed to b...
This machine took a bit of thinking outside of the box so it was a bit of a nice challenge and involved exploiting both custom binaries and legitimate servic...
This machine had some interesting elements to it and really made you think outside of the box. It incorporated a number of elements which you wouldn’t typica...
This machine had some CTF elements to it, but overall wasn’t that difficult to complete through proper enumeration. It highlights some issues which may be pr...
Help was an interesting machine which appeared to have multiple ways of gaining access and elevating privileges. In the end it contained elements of graphql,...
This machine was fairly straight forward and mimicked something you’d unfortunately expect to see even today in a typical penetration test. All in all it’s a...
This machine was fairly basic but still provided some useful reminders and tools which can be utilised to export pst file contents on Linux, natively transfe...
Jerry would have to be one of the easiest machines I’ve ever compromised on Hack The Box. This involved using legitimate credentials to log onto an Apache To...
Dev0ops highlighted issues with weakly configured XML parsers which lead to an XXE vulnerability, and developer error which lead to SSH keys in commit revisi...
This machine contained a fairly straightforward SMTP vulnerability which didn’t even need to be exploited to fully compromise the machine. It is an essential...
Chatterbox was a reasonably simple machine which required exploiting a vulnerable ‘Achat’ service with custom shellcode, and then migrating to a more stable ...
Jeeves showed us that an unauthenticated Jenkins server can easily lead to a reverse shell through Groovy Script even if the web-directory is unknown. It hig...
Bashed was an extremely simple box demonstrating some of the most basic techniques for spawning reverse shells and elevating privileges. It is a great beginn...
Blue is definitely one of the shortest boxes in Hack The Box history. As the name suggests all that was required to fully compromise this machine was MS17-01...
Analysis of a web shell I’ve named Aspmuma 2009 ‘xxooxx’.
Analysis of the malware Redline Stealer.
Analysis of the malware STRRAT.
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
The Unofficial Defcon DFIR CTF comprised of 5 different challenge categories with a total of 82 DFIR related challenges including a Crypto Challenge, Deadbox...
Querier is true to its name, requiring exploitation of common SQL vulnerabilities whilst combining elements of combing through macros, insecure SMB shares, h...
Bastion was a relatively simple machine with the biggest issue steming from maintaining a connection to a remote mounted drive. Utilising a machine vhd backu...
Netmon was a very simple box which highlighted issues with open FTP servers, plaintext configuration files, common password conventions, and blindly trusting...
This machine highlighted a few issues such as supply chain compromise, the ease of hiding information using steganography, and how easily a vulnerable binary...
This machine was quite interesting, and contained a privilege escalation method I’d not seen mentioned elsewhere. Luckily this was confined to the challenge,...
This machine was interesting, starting with directory traversal and LFI vulnerabilities, it then exploits a feature not commonly known which is supposed to b...
This machine took a bit of thinking outside of the box so it was a bit of a nice challenge and involved exploiting both custom binaries and legitimate servic...
This machine had some interesting elements to it and really made you think outside of the box. It incorporated a number of elements which you wouldn’t typica...
This machine had some CTF elements to it, but overall wasn’t that difficult to complete through proper enumeration. It highlights some issues which may be pr...
Help was an interesting machine which appeared to have multiple ways of gaining access and elevating privileges. In the end it contained elements of graphql,...
This machine was fairly straight forward and mimicked something you’d unfortunately expect to see even today in a typical penetration test. All in all it’s a...
This machine was fairly basic but still provided some useful reminders and tools which can be utilised to export pst file contents on Linux, natively transfe...
Jerry would have to be one of the easiest machines I’ve ever compromised on Hack The Box. This involved using legitimate credentials to log onto an Apache To...
Dev0ops highlighted issues with weakly configured XML parsers which lead to an XXE vulnerability, and developer error which lead to SSH keys in commit revisi...
This machine contained a fairly straightforward SMTP vulnerability which didn’t even need to be exploited to fully compromise the machine. It is an essential...
Chatterbox was a reasonably simple machine which required exploiting a vulnerable ‘Achat’ service with custom shellcode, and then migrating to a more stable ...
Jeeves showed us that an unauthenticated Jenkins server can easily lead to a reverse shell through Groovy Script even if the web-directory is unknown. It hig...
Bashed was an extremely simple box demonstrating some of the most basic techniques for spawning reverse shells and elevating privileges. It is a great beginn...
Blue is definitely one of the shortest boxes in Hack The Box history. As the name suggests all that was required to fully compromise this machine was MS17-01...
Querier is true to its name, requiring exploitation of common SQL vulnerabilities whilst combining elements of combing through macros, insecure SMB shares, h...
Bastion was a relatively simple machine with the biggest issue steming from maintaining a connection to a remote mounted drive. Utilising a machine vhd backu...
Netmon was a very simple box which highlighted issues with open FTP servers, plaintext configuration files, common password conventions, and blindly trusting...
This machine highlighted a few issues such as supply chain compromise, the ease of hiding information using steganography, and how easily a vulnerable binary...
This machine was quite interesting, and contained a privilege escalation method I’d not seen mentioned elsewhere. Luckily this was confined to the challenge,...
This machine was interesting, starting with directory traversal and LFI vulnerabilities, it then exploits a feature not commonly known which is supposed to b...
This machine had some CTF elements to it, but overall wasn’t that difficult to complete through proper enumeration. It highlights some issues which may be pr...
Help was an interesting machine which appeared to have multiple ways of gaining access and elevating privileges. In the end it contained elements of graphql,...
This machine was fairly straight forward and mimicked something you’d unfortunately expect to see even today in a typical penetration test. All in all it’s a...
This machine was fairly basic but still provided some useful reminders and tools which can be utilised to export pst file contents on Linux, natively transfe...
Jerry would have to be one of the easiest machines I’ve ever compromised on Hack The Box. This involved using legitimate credentials to log onto an Apache To...
Dev0ops highlighted issues with weakly configured XML parsers which lead to an XXE vulnerability, and developer error which lead to SSH keys in commit revisi...
This machine contained a fairly straightforward SMTP vulnerability which didn’t even need to be exploited to fully compromise the machine. It is an essential...
Chatterbox was a reasonably simple machine which required exploiting a vulnerable ‘Achat’ service with custom shellcode, and then migrating to a more stable ...
Jeeves showed us that an unauthenticated Jenkins server can easily lead to a reverse shell through Groovy Script even if the web-directory is unknown. It hig...
Bashed was an extremely simple box demonstrating some of the most basic techniques for spawning reverse shells and elevating privileges. It is a great beginn...
Blue is definitely one of the shortest boxes in Hack The Box history. As the name suggests all that was required to fully compromise this machine was MS17-01...
Hacking ‘Pwn Adventure 3: Pwnie Island’, an intentionally vulnerable first-person MMORPG.
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Analysis of an AsyncRAT downloader, reflective loader, injector, and perfoming AES decryption using CyberChef
Analysis of IDAT Loader RAT, an advanced malware-as-a-service injector
Analysis of Duvet Stealer, Electron-based malware designed to target Discord users
Analysis of an Xworm Loader which invokes a PowerShell script that retrieves a payload from the end of a picture
Analysis of a UPX packed AutoIT binary which injects an Agent Tesla payload into memory, combined with some brief analysis of the Agent Tesla payload itself.
Analysis of Remcos RAT, a prevalent remote access tool/trojan.
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Analysis of an AsyncRAT downloader, reflective loader, injector, and perfoming AES decryption using CyberChef
Analysis of an Xworm Loader which invokes a PowerShell script that retrieves a payload from the end of a picture
Analysis of an Agent Tesla sample which has been wrapped using the Dark Tortilla Crypter.
Deep dive analysis of the BlackNET RAT malware which recruits your system into a botnet that can be controlled from a centralised PHP web interface.
Analysis of a UPX packed AutoIT binary which injects an Agent Tesla payload into memory, combined with some brief analysis of the Agent Tesla payload itself.
Analysis of the Snake Keylogger and how it steals information from your system
Analysis of Remcos RAT, a prevalent remote access tool/trojan.
Analysis of the malware Redline Stealer.
Analysis of an AsyncRAT downloader, reflective loader, injector, and perfoming AES decryption using CyberChef
Analysis of an Xworm Loader which invokes a PowerShell script that retrieves a payload from the end of a picture
Analysis of an Agent Tesla sample which has been wrapped using the Dark Tortilla Crypter.
Deep dive analysis of the BlackNET RAT malware which recruits your system into a botnet that can be controlled from a centralised PHP web interface.
Analysis of a UPX packed AutoIT binary which injects an Agent Tesla payload into memory, combined with some brief analysis of the Agent Tesla payload itself.
Analysis of the Snake Keylogger and how it steals information from your system
Analysis of Remcos RAT, a prevalent remote access tool/trojan.
Analysis of the malware Redline Stealer.
Analysis of an AsyncRAT downloader, reflective loader, injector, and perfoming AES decryption using CyberChef
Analysis of IDAT Loader RAT, an advanced malware-as-a-service injector
Analysis of an Agent Tesla sample which has been wrapped using the Dark Tortilla Crypter.
Deep dive analysis of the BlackNET RAT malware which recruits your system into a botnet that can be controlled from a centralised PHP web interface.
Analysis of a UPX packed AutoIT binary which injects an Agent Tesla payload into memory, combined with some brief analysis of the Agent Tesla payload itself.
Analysis of the Snake Keylogger and how it steals information from your system
Analysis of Remcos RAT, a prevalent remote access tool/trojan.
Analysis of the malware Redline Stealer.
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Querier is true to its name, requiring exploitation of common SQL vulnerabilities whilst combining elements of combing through macros, insecure SMB shares, h...
This machine took a bit of thinking outside of the box so it was a bit of a nice challenge and involved exploiting both custom binaries and legitimate servic...
Analysis of a LNK which acts as a FormBook download cradle hosted on a compromised WordPress website.
Analysis of the malware STRRAT.
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
The Unofficial Defcon DFIR CTF comprised of 5 different challenge categories with a total of 82 DFIR related challenges including a Crypto Challenge, Deadbox...
Analysis of Atomic MacOS Stealer (AMOS) distributed through fake Homebrew domains
Analysis of IDAT Loader RAT, an advanced malware-as-a-service injector
Analysis of a Havoc Demon and how YARA rules can be created with Ghidra to find other samples
Hacking ‘Pwn Adventure 3: Pwnie Island’, an intentionally vulnerable first-person MMORPG.
Analysis of Remcos RAT, a prevalent remote access tool/trojan.
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Analysis of Atomic MacOS Stealer (AMOS) distributed through fake Homebrew domains
Analysis of a Cobalt Strike Stager using CyberChef and then supporting findings with specific Python scripts
Analysis of the malware STRRAT.
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In January 2019, I successfully co...
Bashed was an extremely simple box demonstrating some of the most basic techniques for spawning reverse shells and elevating privileges. It is a great beginn...
Bashed was an extremely simple box demonstrating some of the most basic techniques for spawning reverse shells and elevating privileges. It is a great beginn...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In December 2023, I successfully c...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In December 2022, I successfully c...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In December 2021, I successfully c...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In December 2020, I successfully c...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In January 2019, I successfully co...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In December 2019, I successfully c...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In December 2023, I successfully c...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In December 2022, I successfully c...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In December 2021, I successfully c...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In December 2020, I successfully c...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In January 2019, I successfully co...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In December 2019, I successfully c...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In December 2023, I successfully c...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In December 2022, I successfully c...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In December 2021, I successfully c...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In December 2020, I successfully c...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In January 2019, I successfully co...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In December 2019, I successfully c...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In December 2023, I successfully c...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In December 2022, I successfully c...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In December 2021, I successfully c...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In December 2020, I successfully c...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In January 2019, I successfully co...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In December 2019, I successfully c...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This machine had some interesting elements to it and really made you think outside of the box. It incorporated a number of elements which you wouldn’t typica...
Help was an interesting machine which appeared to have multiple ways of gaining access and elevating privileges. In the end it contained elements of graphql,...
This machine was fairly basic but still provided some useful reminders and tools which can be utilised to export pst file contents on Linux, natively transfe...
Dev0ops highlighted issues with weakly configured XML parsers which lead to an XXE vulnerability, and developer error which lead to SSH keys in commit revisi...
Bashed was an extremely simple box demonstrating some of the most basic techniques for spawning reverse shells and elevating privileges. It is a great beginn...
Various tests involving methods outlined within the MITRE ATT&CK framework.
Various tests involving methods outlined within the MITRE ATT&CK framework.
Various tests involving methods outlined within the MITRE ATT&CK framework.
Various tests involving methods outlined within the MITRE ATT&CK framework.
Various tests involving methods outlined within the MITRE ATT&CK framework.
Analysis of a LNK which acts as a FormBook download cradle hosted on a compromised WordPress website.
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Analysis of Remcos RAT, a prevalent remote access tool/trojan.
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Analysis of IDAT Loader RAT, an advanced malware-as-a-service injector
Analysis of a Havoc Demon and how YARA rules can be created with Ghidra to find other samples
Analysis of Remcos RAT, a prevalent remote access tool/trojan.
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Querier is true to its name, requiring exploitation of common SQL vulnerabilities whilst combining elements of combing through macros, insecure SMB shares, h...
Bastion was a relatively simple machine with the biggest issue steming from maintaining a connection to a remote mounted drive. Utilising a machine vhd backu...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In January 2019, I successfully co...
Blue is definitely one of the shortest boxes in Hack The Box history. As the name suggests all that was required to fully compromise this machine was MS17-01...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Analysis of a Havoc Demon and how YARA rules can be created with Ghidra to find other samples
Analysis of a Cobalt Strike Stager using CyberChef and then supporting findings with specific Python scripts
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Analysis of an AsyncRAT downloader, reflective loader, injector, and perfoming AES decryption using CyberChef
Analysis of IDAT Loader RAT, an advanced malware-as-a-service injector
Analysis of Remcos RAT, a prevalent remote access tool/trojan.
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Analysis of ClearFake malware which is planted on compromised WordPress websites to convince unsuspecting visitors to download and run malware.
Analysis of a Havoc Demon and how YARA rules can be created with Ghidra to find other samples
Analysis of the malware STRRAT.
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Querier is true to its name, requiring exploitation of common SQL vulnerabilities whilst combining elements of combing through macros, insecure SMB shares, h...
Bashed was an extremely simple box demonstrating some of the most basic techniques for spawning reverse shells and elevating privileges. It is a great beginn...
Bastion was a relatively simple machine with the biggest issue steming from maintaining a connection to a remote mounted drive. Utilising a machine vhd backu...
Dev0ops highlighted issues with weakly configured XML parsers which lead to an XXE vulnerability, and developer error which lead to SSH keys in commit revisi...
This machine contained a fairly straightforward SMTP vulnerability which didn’t even need to be exploited to fully compromise the machine. It is an essential...
Netmon was a very simple box which highlighted issues with open FTP servers, plaintext configuration files, common password conventions, and blindly trusting...
This machine had some interesting elements to it and really made you think outside of the box. It incorporated a number of elements which you wouldn’t typica...
This machine was fairly basic but still provided some useful reminders and tools which can be utilised to export pst file contents on Linux, natively transfe...
Querier is true to its name, requiring exploitation of common SQL vulnerabilities whilst combining elements of combing through macros, insecure SMB shares, h...
This machine was quite interesting, and contained a privilege escalation method I’d not seen mentioned elsewhere. Luckily this was confined to the challenge,...
This machine was fairly straight forward and mimicked something you’d unfortunately expect to see even today in a typical penetration test. All in all it’s a...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In January 2019, I successfully co...
This machine was quite interesting, and contained a privilege escalation method I’d not seen mentioned elsewhere. Luckily this was confined to the challenge,...
This machine had some CTF elements to it, but overall wasn’t that difficult to complete through proper enumeration. It highlights some issues which may be pr...
Analysis of the malware STRRAT.
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In January 2019, I successfully co...
Cheatsheet containing a variety of commands and concepts relating to digital forensics and incident response.
The Unofficial Defcon DFIR CTF comprised of 5 different challenge categories with a total of 82 DFIR related challenges including a Crypto Challenge, Deadbox...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In January 2019, I successfully co...
Various tests involving methods outlined within the MITRE ATT&CK framework.
Various tests involving methods outlined within the MITRE ATT&CK framework.
Various tests involving methods outlined within the MITRE ATT&CK framework.
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Analysis of a UPX packed AutoIT binary which injects an Agent Tesla payload into memory, combined with some brief analysis of the Agent Tesla payload itself.
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Analysis of the malware Redline Stealer.
Analysis of the malware STRRAT.
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Jerry would have to be one of the easiest machines I’ve ever compromised on Hack The Box. This involved using legitimate credentials to log onto an Apache To...
Chatterbox was a reasonably simple machine which required exploiting a vulnerable ‘Achat’ service with custom shellcode, and then migrating to a more stable ...
Jerry would have to be one of the easiest machines I’ve ever compromised on Hack The Box. This involved using legitimate credentials to log onto an Apache To...
This machine contained a fairly straightforward SMTP vulnerability which didn’t even need to be exploited to fully compromise the machine. It is an essential...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In January 2019, I successfully co...
Dev0ops highlighted issues with weakly configured XML parsers which lead to an XXE vulnerability, and developer error which lead to SSH keys in commit revisi...
Analysis of the malware STRRAT.
Jerry would have to be one of the easiest machines I’ve ever compromised on Hack The Box. This involved using legitimate credentials to log onto an Apache To...
The Unofficial Defcon DFIR CTF comprised of 5 different challenge categories with a total of 82 DFIR related challenges including a Crypto Challenge, Deadbox...
This machine was fairly basic but still provided some useful reminders and tools which can be utilised to export pst file contents on Linux, natively transfe...
This machine highlighted a few issues such as supply chain compromise, the ease of hiding information using steganography, and how easily a vulnerable binary...
This machine was fairly basic but still provided some useful reminders and tools which can be utilised to export pst file contents on Linux, natively transfe...
Querier is true to its name, requiring exploitation of common SQL vulnerabilities whilst combining elements of combing through macros, insecure SMB shares, h...
This machine was fairly straight forward and mimicked something you’d unfortunately expect to see even today in a typical penetration test. All in all it’s a...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In January 2019, I successfully co...
This machine had some interesting elements to it and really made you think outside of the box. It incorporated a number of elements which you wouldn’t typica...
This machine highlighted a few issues such as supply chain compromise, the ease of hiding information using steganography, and how easily a vulnerable binary...
This machine took a bit of thinking outside of the box so it was a bit of a nice challenge and involved exploiting both custom binaries and legitimate servic...
This machine highlighted a few issues such as supply chain compromise, the ease of hiding information using steganography, and how easily a vulnerable binary...
This machine took a bit of thinking outside of the box so it was a bit of a nice challenge and involved exploiting both custom binaries and legitimate servic...
Various tests involving methods outlined within the MITRE ATT&CK framework.
This machine took a bit of thinking outside of the box so it was a bit of a nice challenge and involved exploiting both custom binaries and legitimate servic...
Querier is true to its name, requiring exploitation of common SQL vulnerabilities whilst combining elements of combing through macros, insecure SMB shares, h...
This machine took a bit of thinking outside of the box so it was a bit of a nice challenge and involved exploiting both custom binaries and legitimate servic...
Querier is true to its name, requiring exploitation of common SQL vulnerabilities whilst combining elements of combing through macros, insecure SMB shares, h...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In January 2019, I successfully co...
Netmon was a very simple box which highlighted issues with open FTP servers, plaintext configuration files, common password conventions, and blindly trusting...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In January 2019, I successfully co...
Cyber Security resources for OSCP and penetration testing.
Querier is true to its name, requiring exploitation of common SQL vulnerabilities whilst combining elements of combing through macros, insecure SMB shares, h...
Various tests involving methods outlined within the MITRE ATT&CK framework.
Querier is true to its name, requiring exploitation of common SQL vulnerabilities whilst combining elements of combing through macros, insecure SMB shares, h...
Various tests involving methods outlined within the MITRE ATT&CK framework.
Querier is true to its name, requiring exploitation of common SQL vulnerabilities whilst combining elements of combing through macros, insecure SMB shares, h...
Cheatsheet containing a variety of commands and concepts relating to digital forensics and incident response.
The Unofficial Defcon DFIR CTF comprised of 5 different challenge categories with a total of 82 DFIR related challenges including a Crypto Challenge, Deadbox...
Cheatsheet containing a variety of commands and concepts relating to digital forensics and incident response.
Cyber Security resources for OSCP and penetration testing.
Analysis of an Xworm Loader which invokes a PowerShell script that retrieves a payload from the end of a picture
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Analysis of a RAR file which leads to the discovery of malicious Github repositories designed to distribute malware.
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...
Analysis of a backoored Wasabi Wallet installer and how it deploys TURS Agent onto a system
Analysis of the malware STRRAT.
Analysis of a backoored Wasabi Wallet installer and how it deploys TURS Agent onto a system
Analysis of the malware STRRAT.
Analysis of an Android application which proxies requests and sends specific URLs accessed to remote advertising servers
Analysis of the malware Redline Stealer.
Analysis of an Agent Tesla sample which has been wrapped using the Dark Tortilla Crypter.
Deep dive analysis of the BlackNET RAT malware which recruits your system into a botnet that can be controlled from a centralised PHP web interface.
Analysis of a backoored Wasabi Wallet installer and how it deploys TURS Agent onto a system
Analysis of an AsyncRAT downloader, reflective loader, injector, and perfoming AES decryption using CyberChef
Analysis of ClearFake malware which is planted on compromised WordPress websites to convince unsuspecting visitors to download and run malware.
Analysis of a RAR file which leads to the discovery of malicious Github repositories designed to distribute malware.
Analysis of ClearFake malware which is planted on compromised WordPress websites to convince unsuspecting visitors to download and run malware.
Analysis of a RAR file which leads to the discovery of malicious Github repositories designed to distribute malware.
Blue is definitely one of the shortest boxes in Hack The Box history. As the name suggests all that was required to fully compromise this machine was MS17-01...
Blue is definitely one of the shortest boxes in Hack The Box history. As the name suggests all that was required to fully compromise this machine was MS17-01...
Bashed was an extremely simple box demonstrating some of the most basic techniques for spawning reverse shells and elevating privileges. It is a great beginn...
Bashed was an extremely simple box demonstrating some of the most basic techniques for spawning reverse shells and elevating privileges. It is a great beginn...
Jeeves showed us that an unauthenticated Jenkins server can easily lead to a reverse shell through Groovy Script even if the web-directory is unknown. It hig...
Jeeves showed us that an unauthenticated Jenkins server can easily lead to a reverse shell through Groovy Script even if the web-directory is unknown. It hig...
Jeeves showed us that an unauthenticated Jenkins server can easily lead to a reverse shell through Groovy Script even if the web-directory is unknown. It hig...
Jeeves showed us that an unauthenticated Jenkins server can easily lead to a reverse shell through Groovy Script even if the web-directory is unknown. It hig...
Jeeves showed us that an unauthenticated Jenkins server can easily lead to a reverse shell through Groovy Script even if the web-directory is unknown. It hig...
Jeeves showed us that an unauthenticated Jenkins server can easily lead to a reverse shell through Groovy Script even if the web-directory is unknown. It hig...
Jeeves showed us that an unauthenticated Jenkins server can easily lead to a reverse shell through Groovy Script even if the web-directory is unknown. It hig...
Jeeves showed us that an unauthenticated Jenkins server can easily lead to a reverse shell through Groovy Script even if the web-directory is unknown. It hig...
Jeeves showed us that an unauthenticated Jenkins server can easily lead to a reverse shell through Groovy Script even if the web-directory is unknown. It hig...
Jeeves showed us that an unauthenticated Jenkins server can easily lead to a reverse shell through Groovy Script even if the web-directory is unknown. It hig...
Chatterbox was a reasonably simple machine which required exploiting a vulnerable ‘Achat’ service with custom shellcode, and then migrating to a more stable ...
Chatterbox was a reasonably simple machine which required exploiting a vulnerable ‘Achat’ service with custom shellcode, and then migrating to a more stable ...
This machine contained a fairly straightforward SMTP vulnerability which didn’t even need to be exploited to fully compromise the machine. It is an essential...
This machine contained a fairly straightforward SMTP vulnerability which didn’t even need to be exploited to fully compromise the machine. It is an essential...
This machine contained a fairly straightforward SMTP vulnerability which didn’t even need to be exploited to fully compromise the machine. It is an essential...
Dev0ops highlighted issues with weakly configured XML parsers which lead to an XXE vulnerability, and developer error which lead to SSH keys in commit revisi...
Dev0ops highlighted issues with weakly configured XML parsers which lead to an XXE vulnerability, and developer error which lead to SSH keys in commit revisi...
Jerry would have to be one of the easiest machines I’ve ever compromised on Hack The Box. This involved using legitimate credentials to log onto an Apache To...
Jerry would have to be one of the easiest machines I’ve ever compromised on Hack The Box. This involved using legitimate credentials to log onto an Apache To...
This machine was fairly basic but still provided some useful reminders and tools which can be utilised to export pst file contents on Linux, natively transfe...
This machine was fairly basic but still provided some useful reminders and tools which can be utilised to export pst file contents on Linux, natively transfe...
This machine was fairly basic but still provided some useful reminders and tools which can be utilised to export pst file contents on Linux, natively transfe...
This machine was fairly basic but still provided some useful reminders and tools which can be utilised to export pst file contents on Linux, natively transfe...
This machine was fairly basic but still provided some useful reminders and tools which can be utilised to export pst file contents on Linux, natively transfe...
This machine was fairly straight forward and mimicked something you’d unfortunately expect to see even today in a typical penetration test. All in all it’s a...
This machine was fairly straight forward and mimicked something you’d unfortunately expect to see even today in a typical penetration test. All in all it’s a...
This machine was fairly straight forward and mimicked something you’d unfortunately expect to see even today in a typical penetration test. All in all it’s a...
This machine was fairly straight forward and mimicked something you’d unfortunately expect to see even today in a typical penetration test. All in all it’s a...
Help was an interesting machine which appeared to have multiple ways of gaining access and elevating privileges. In the end it contained elements of graphql,...
Help was an interesting machine which appeared to have multiple ways of gaining access and elevating privileges. In the end it contained elements of graphql,...
Help was an interesting machine which appeared to have multiple ways of gaining access and elevating privileges. In the end it contained elements of graphql,...
Help was an interesting machine which appeared to have multiple ways of gaining access and elevating privileges. In the end it contained elements of graphql,...
This machine had some CTF elements to it, but overall wasn’t that difficult to complete through proper enumeration. It highlights some issues which may be pr...
This machine had some CTF elements to it, but overall wasn’t that difficult to complete through proper enumeration. It highlights some issues which may be pr...
This machine had some CTF elements to it, but overall wasn’t that difficult to complete through proper enumeration. It highlights some issues which may be pr...
This machine had some interesting elements to it and really made you think outside of the box. It incorporated a number of elements which you wouldn’t typica...
This machine had some interesting elements to it and really made you think outside of the box. It incorporated a number of elements which you wouldn’t typica...
This machine had some interesting elements to it and really made you think outside of the box. It incorporated a number of elements which you wouldn’t typica...
This machine took a bit of thinking outside of the box so it was a bit of a nice challenge and involved exploiting both custom binaries and legitimate servic...
This machine took a bit of thinking outside of the box so it was a bit of a nice challenge and involved exploiting both custom binaries and legitimate servic...
This machine took a bit of thinking outside of the box so it was a bit of a nice challenge and involved exploiting both custom binaries and legitimate servic...
This machine took a bit of thinking outside of the box so it was a bit of a nice challenge and involved exploiting both custom binaries and legitimate servic...
This machine took a bit of thinking outside of the box so it was a bit of a nice challenge and involved exploiting both custom binaries and legitimate servic...
This machine took a bit of thinking outside of the box so it was a bit of a nice challenge and involved exploiting both custom binaries and legitimate servic...
This machine took a bit of thinking outside of the box so it was a bit of a nice challenge and involved exploiting both custom binaries and legitimate servic...
This machine took a bit of thinking outside of the box so it was a bit of a nice challenge and involved exploiting both custom binaries and legitimate servic...
This machine was interesting, starting with directory traversal and LFI vulnerabilities, it then exploits a feature not commonly known which is supposed to b...
This machine was interesting, starting with directory traversal and LFI vulnerabilities, it then exploits a feature not commonly known which is supposed to b...
This machine was interesting, starting with directory traversal and LFI vulnerabilities, it then exploits a feature not commonly known which is supposed to b...
This machine was interesting, starting with directory traversal and LFI vulnerabilities, it then exploits a feature not commonly known which is supposed to b...
This machine was interesting, starting with directory traversal and LFI vulnerabilities, it then exploits a feature not commonly known which is supposed to b...
This machine was quite interesting, and contained a privilege escalation method I’d not seen mentioned elsewhere. Luckily this was confined to the challenge,...
This machine was quite interesting, and contained a privilege escalation method I’d not seen mentioned elsewhere. Luckily this was confined to the challenge,...
This machine was quite interesting, and contained a privilege escalation method I’d not seen mentioned elsewhere. Luckily this was confined to the challenge,...
This machine was quite interesting, and contained a privilege escalation method I’d not seen mentioned elsewhere. Luckily this was confined to the challenge,...
This machine was quite interesting, and contained a privilege escalation method I’d not seen mentioned elsewhere. Luckily this was confined to the challenge,...
This machine was quite interesting, and contained a privilege escalation method I’d not seen mentioned elsewhere. Luckily this was confined to the challenge,...
This machine highlighted a few issues such as supply chain compromise, the ease of hiding information using steganography, and how easily a vulnerable binary...
This machine highlighted a few issues such as supply chain compromise, the ease of hiding information using steganography, and how easily a vulnerable binary...
This machine highlighted a few issues such as supply chain compromise, the ease of hiding information using steganography, and how easily a vulnerable binary...
This machine highlighted a few issues such as supply chain compromise, the ease of hiding information using steganography, and how easily a vulnerable binary...
This machine highlighted a few issues such as supply chain compromise, the ease of hiding information using steganography, and how easily a vulnerable binary...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In January 2019, I successfully co...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In January 2019, I successfully co...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In January 2019, I successfully co...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In January 2019, I successfully co...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In January 2019, I successfully co...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In January 2019, I successfully co...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In January 2019, I successfully co...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In January 2019, I successfully co...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In January 2019, I successfully co...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In January 2019, I successfully co...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In January 2019, I successfully co...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In January 2019, I successfully co...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In January 2019, I successfully co...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In January 2019, I successfully co...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In January 2019, I successfully co...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In January 2019, I successfully co...
Every year the SANS Institute and the Counter Hack Team hosts a ‘Holiday Hack Challenge’ also commonly referred to as HHC. In January 2019, I successfully co...
Netmon was a very simple box which highlighted issues with open FTP servers, plaintext configuration files, common password conventions, and blindly trusting...
Netmon was a very simple box which highlighted issues with open FTP servers, plaintext configuration files, common password conventions, and blindly trusting...
Netmon was a very simple box which highlighted issues with open FTP servers, plaintext configuration files, common password conventions, and blindly trusting...
Netmon was a very simple box which highlighted issues with open FTP servers, plaintext configuration files, common password conventions, and blindly trusting...
Bastion was a relatively simple machine with the biggest issue steming from maintaining a connection to a remote mounted drive. Utilising a machine vhd backu...
Bastion was a relatively simple machine with the biggest issue steming from maintaining a connection to a remote mounted drive. Utilising a machine vhd backu...
Bastion was a relatively simple machine with the biggest issue steming from maintaining a connection to a remote mounted drive. Utilising a machine vhd backu...