Posts by Tag

Static Malware Analysis

ClearFake - Malware Analysis Lab

26 minute read

Analysis of ClearFake malware which is planted on compromised WordPress websites to convince unsuspecting visitors to download and run malware.

LummaC2 - Malware Analysis Lab

30 minute read

Analysis of a RAR file which leads to the discovery of malicious Github repositories designed to distribute malware.

BlackNET RAT - Malware Analysis Lab

19 minute read

Deep dive analysis of the BlackNET RAT malware which recruits your system into a botnet that can be controlled from a centralised PHP web interface.

Agent Tesla - Malware Analysis Lab

14 minute read

Analysis of a UPX packed AutoIT binary which injects an Agent Tesla payload into memory, combined with some brief analysis of the Agent Tesla payload itself.

Back to top ↑

Dynamic Malware Analysis

LummaC2 - Malware Analysis Lab

30 minute read

Analysis of a RAR file which leads to the discovery of malicious Github repositories designed to distribute malware.

BlackNET RAT - Malware Analysis Lab

19 minute read

Deep dive analysis of the BlackNET RAT malware which recruits your system into a botnet that can be controlled from a centralised PHP web interface.

Agent Tesla - Malware Analysis Lab

14 minute read

Analysis of a UPX packed AutoIT binary which injects an Agent Tesla payload into memory, combined with some brief analysis of the Agent Tesla payload itself.

Back to top ↑

CTF

2019 Defcon DFIR CTF Write-up

33 minute read

The Unofficial Defcon DFIR CTF comprised of 5 different challenge categories with a total of 82 DFIR related challenges including a Crypto Challenge, Deadbox...

Hack The Box - Querier

9 minute read

Querier is true to its name, requiring exploitation of common SQL vulnerabilities whilst combining elements of combing through macros, insecure SMB shares, h...

Hack The Box - Bastion

8 minute read

Bastion was a relatively simple machine with the biggest issue steming from maintaining a connection to a remote mounted drive. Utilising a machine vhd backu...

Hack The Box - Netmon

6 minute read

Netmon was a very simple box which highlighted issues with open FTP servers, plaintext configuration files, common password conventions, and blindly trusting...

Hack The Box - Irked

6 minute read

This machine highlighted a few issues such as supply chain compromise, the ease of hiding information using steganography, and how easily a vulnerable binary...

Hack The Box - Ypuffy

5 minute read

This machine was quite interesting, and contained a privilege escalation method I’d not seen mentioned elsewhere. Luckily this was confined to the challenge,...

Hack The Box - Waldo

5 minute read

This machine was interesting, starting with directory traversal and LFI vulnerabilities, it then exploits a feature not commonly known which is supposed to b...

Hack The Box - Zipper

8 minute read

This machine took a bit of thinking outside of the box so it was a bit of a nice challenge and involved exploiting both custom binaries and legitimate servic...

Hack The Box - Carrier

9 minute read

This machine had some interesting elements to it and really made you think outside of the box. It incorporated a number of elements which you wouldn’t typica...

Hack The Box - Curling

3 minute read

This machine had some CTF elements to it, but overall wasn’t that difficult to complete through proper enumeration. It highlights some issues which may be pr...

Hack The Box - Help

5 minute read

Help was an interesting machine which appeared to have multiple ways of gaining access and elevating privileges. In the end it contained elements of graphql,...

Hack The Box - Active

3 minute read

This machine was fairly straight forward and mimicked something you’d unfortunately expect to see even today in a typical penetration test. All in all it’s a...

Hack The Box - Access

6 minute read

This machine was fairly basic but still provided some useful reminders and tools which can be utilised to export pst file contents on Linux, natively transfe...

Hack The Box - Jerry

2 minute read

Jerry would have to be one of the easiest machines I’ve ever compromised on Hack The Box. This involved using legitimate credentials to log onto an Apache To...

Hack The Box - Dev0ops

8 minute read

Dev0ops highlighted issues with weakly configured XML parsers which lead to an XXE vulnerability, and developer error which lead to SSH keys in commit revisi...

Hack The Box - Solidstate

5 minute read

This machine contained a fairly straightforward SMTP vulnerability which didn’t even need to be exploited to fully compromise the machine. It is an essential...

Hack The Box - Chatterbox

5 minute read

Chatterbox was a reasonably simple machine which required exploiting a vulnerable ‘Achat’ service with custom shellcode, and then migrating to a more stable ...

Hack The Box - Jeeves

5 minute read

Jeeves showed us that an unauthenticated Jenkins server can easily lead to a reverse shell through Groovy Script even if the web-directory is unknown. It hig...

Hack The Box - Bashed

3 minute read

Bashed was an extremely simple box demonstrating some of the most basic techniques for spawning reverse shells and elevating privileges. It is a great beginn...

Hack The Box - Blue

26 minute read

Blue is definitely one of the shortest boxes in Hack The Box history. As the name suggests all that was required to fully compromise this machine was MS17-01...

Back to top ↑

Technical

2019 Defcon DFIR CTF Write-up

33 minute read

The Unofficial Defcon DFIR CTF comprised of 5 different challenge categories with a total of 82 DFIR related challenges including a Crypto Challenge, Deadbox...

Hack The Box - Bastion

8 minute read

Bastion was a relatively simple machine with the biggest issue steming from maintaining a connection to a remote mounted drive. Utilising a machine vhd backu...

Hack The Box - Netmon

6 minute read

Netmon was a very simple box which highlighted issues with open FTP servers, plaintext configuration files, common password conventions, and blindly trusting...

Hack The Box - Irked

6 minute read

This machine highlighted a few issues such as supply chain compromise, the ease of hiding information using steganography, and how easily a vulnerable binary...

Hack The Box - Ypuffy

5 minute read

This machine was quite interesting, and contained a privilege escalation method I’d not seen mentioned elsewhere. Luckily this was confined to the challenge,...

Hack The Box - Waldo

5 minute read

This machine was interesting, starting with directory traversal and LFI vulnerabilities, it then exploits a feature not commonly known which is supposed to b...

Hack The Box - Zipper

8 minute read

This machine took a bit of thinking outside of the box so it was a bit of a nice challenge and involved exploiting both custom binaries and legitimate servic...

Hack The Box - Carrier

9 minute read

This machine had some interesting elements to it and really made you think outside of the box. It incorporated a number of elements which you wouldn’t typica...

Hack The Box - Curling

3 minute read

This machine had some CTF elements to it, but overall wasn’t that difficult to complete through proper enumeration. It highlights some issues which may be pr...

Hack The Box - Help

5 minute read

Help was an interesting machine which appeared to have multiple ways of gaining access and elevating privileges. In the end it contained elements of graphql,...

Hack The Box - Active

3 minute read

This machine was fairly straight forward and mimicked something you’d unfortunately expect to see even today in a typical penetration test. All in all it’s a...

Hack The Box - Access

6 minute read

This machine was fairly basic but still provided some useful reminders and tools which can be utilised to export pst file contents on Linux, natively transfe...

Hack The Box - Jerry

2 minute read

Jerry would have to be one of the easiest machines I’ve ever compromised on Hack The Box. This involved using legitimate credentials to log onto an Apache To...

Hack The Box - Dev0ops

8 minute read

Dev0ops highlighted issues with weakly configured XML parsers which lead to an XXE vulnerability, and developer error which lead to SSH keys in commit revisi...

Hack The Box - Solidstate

5 minute read

This machine contained a fairly straightforward SMTP vulnerability which didn’t even need to be exploited to fully compromise the machine. It is an essential...

Hack The Box - Chatterbox

5 minute read

Chatterbox was a reasonably simple machine which required exploiting a vulnerable ‘Achat’ service with custom shellcode, and then migrating to a more stable ...

Hack The Box - Jeeves

5 minute read

Jeeves showed us that an unauthenticated Jenkins server can easily lead to a reverse shell through Groovy Script even if the web-directory is unknown. It hig...

Hack The Box - Bashed

3 minute read

Bashed was an extremely simple box demonstrating some of the most basic techniques for spawning reverse shells and elevating privileges. It is a great beginn...

Hack The Box - Blue

26 minute read

Blue is definitely one of the shortest boxes in Hack The Box history. As the name suggests all that was required to fully compromise this machine was MS17-01...

Back to top ↑

Malware Analysis

Practical Malware Analysis - Lab Write-up

1 minute read

This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...

Back to top ↑

PMA

Practical Malware Analysis - Lab Write-up

1 minute read

This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...

Back to top ↑

No Starch Press

Practical Malware Analysis - Lab Write-up

1 minute read

This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...

Back to top ↑

HTB

2019 Defcon DFIR CTF Write-up

33 minute read

The Unofficial Defcon DFIR CTF comprised of 5 different challenge categories with a total of 82 DFIR related challenges including a Crypto Challenge, Deadbox...

Hack The Box - Querier

9 minute read

Querier is true to its name, requiring exploitation of common SQL vulnerabilities whilst combining elements of combing through macros, insecure SMB shares, h...

Hack The Box - Bastion

8 minute read

Bastion was a relatively simple machine with the biggest issue steming from maintaining a connection to a remote mounted drive. Utilising a machine vhd backu...

Hack The Box - Netmon

6 minute read

Netmon was a very simple box which highlighted issues with open FTP servers, plaintext configuration files, common password conventions, and blindly trusting...

Hack The Box - Irked

6 minute read

This machine highlighted a few issues such as supply chain compromise, the ease of hiding information using steganography, and how easily a vulnerable binary...

Hack The Box - Ypuffy

5 minute read

This machine was quite interesting, and contained a privilege escalation method I’d not seen mentioned elsewhere. Luckily this was confined to the challenge,...

Hack The Box - Waldo

5 minute read

This machine was interesting, starting with directory traversal and LFI vulnerabilities, it then exploits a feature not commonly known which is supposed to b...

Hack The Box - Zipper

8 minute read

This machine took a bit of thinking outside of the box so it was a bit of a nice challenge and involved exploiting both custom binaries and legitimate servic...

Hack The Box - Carrier

9 minute read

This machine had some interesting elements to it and really made you think outside of the box. It incorporated a number of elements which you wouldn’t typica...

Hack The Box - Curling

3 minute read

This machine had some CTF elements to it, but overall wasn’t that difficult to complete through proper enumeration. It highlights some issues which may be pr...

Hack The Box - Help

5 minute read

Help was an interesting machine which appeared to have multiple ways of gaining access and elevating privileges. In the end it contained elements of graphql,...

Hack The Box - Active

3 minute read

This machine was fairly straight forward and mimicked something you’d unfortunately expect to see even today in a typical penetration test. All in all it’s a...

Hack The Box - Access

6 minute read

This machine was fairly basic but still provided some useful reminders and tools which can be utilised to export pst file contents on Linux, natively transfe...

Hack The Box - Jerry

2 minute read

Jerry would have to be one of the easiest machines I’ve ever compromised on Hack The Box. This involved using legitimate credentials to log onto an Apache To...

Hack The Box - Dev0ops

8 minute read

Dev0ops highlighted issues with weakly configured XML parsers which lead to an XXE vulnerability, and developer error which lead to SSH keys in commit revisi...

Hack The Box - Solidstate

5 minute read

This machine contained a fairly straightforward SMTP vulnerability which didn’t even need to be exploited to fully compromise the machine. It is an essential...

Hack The Box - Chatterbox

5 minute read

Chatterbox was a reasonably simple machine which required exploiting a vulnerable ‘Achat’ service with custom shellcode, and then migrating to a more stable ...

Hack The Box - Jeeves

5 minute read

Jeeves showed us that an unauthenticated Jenkins server can easily lead to a reverse shell through Groovy Script even if the web-directory is unknown. It hig...

Hack The Box - Bashed

3 minute read

Bashed was an extremely simple box demonstrating some of the most basic techniques for spawning reverse shells and elevating privileges. It is a great beginn...

Hack The Box - Blue

26 minute read

Blue is definitely one of the shortest boxes in Hack The Box history. As the name suggests all that was required to fully compromise this machine was MS17-01...

Back to top ↑

Nmap

Hack The Box - Querier

9 minute read

Querier is true to its name, requiring exploitation of common SQL vulnerabilities whilst combining elements of combing through macros, insecure SMB shares, h...

Hack The Box - Bastion

8 minute read

Bastion was a relatively simple machine with the biggest issue steming from maintaining a connection to a remote mounted drive. Utilising a machine vhd backu...

Hack The Box - Netmon

6 minute read

Netmon was a very simple box which highlighted issues with open FTP servers, plaintext configuration files, common password conventions, and blindly trusting...

Hack The Box - Irked

6 minute read

This machine highlighted a few issues such as supply chain compromise, the ease of hiding information using steganography, and how easily a vulnerable binary...

Hack The Box - Ypuffy

5 minute read

This machine was quite interesting, and contained a privilege escalation method I’d not seen mentioned elsewhere. Luckily this was confined to the challenge,...

Hack The Box - Waldo

5 minute read

This machine was interesting, starting with directory traversal and LFI vulnerabilities, it then exploits a feature not commonly known which is supposed to b...

Hack The Box - Curling

3 minute read

This machine had some CTF elements to it, but overall wasn’t that difficult to complete through proper enumeration. It highlights some issues which may be pr...

Hack The Box - Help

5 minute read

Help was an interesting machine which appeared to have multiple ways of gaining access and elevating privileges. In the end it contained elements of graphql,...

Hack The Box - Active

3 minute read

This machine was fairly straight forward and mimicked something you’d unfortunately expect to see even today in a typical penetration test. All in all it’s a...

Hack The Box - Access

6 minute read

This machine was fairly basic but still provided some useful reminders and tools which can be utilised to export pst file contents on Linux, natively transfe...

Hack The Box - Jerry

2 minute read

Jerry would have to be one of the easiest machines I’ve ever compromised on Hack The Box. This involved using legitimate credentials to log onto an Apache To...

Hack The Box - Dev0ops

8 minute read

Dev0ops highlighted issues with weakly configured XML parsers which lead to an XXE vulnerability, and developer error which lead to SSH keys in commit revisi...

Hack The Box - Solidstate

5 minute read

This machine contained a fairly straightforward SMTP vulnerability which didn’t even need to be exploited to fully compromise the machine. It is an essential...

Hack The Box - Chatterbox

5 minute read

Chatterbox was a reasonably simple machine which required exploiting a vulnerable ‘Achat’ service with custom shellcode, and then migrating to a more stable ...

Hack The Box - Jeeves

5 minute read

Jeeves showed us that an unauthenticated Jenkins server can easily lead to a reverse shell through Groovy Script even if the web-directory is unknown. It hig...

Hack The Box - Bashed

3 minute read

Bashed was an extremely simple box demonstrating some of the most basic techniques for spawning reverse shells and elevating privileges. It is a great beginn...

Hack The Box - Blue

26 minute read

Blue is definitely one of the shortest boxes in Hack The Box history. As the name suggests all that was required to fully compromise this machine was MS17-01...

Back to top ↑

x86 Disassembly

Back to top ↑

IDA Pro

Back to top ↑

Injector

Agent Tesla - Malware Analysis Lab

14 minute read

Analysis of a UPX packed AutoIT binary which injects an Agent Tesla payload into memory, combined with some brief analysis of the Agent Tesla payload itself.

Back to top ↑

PE-bear

Back to top ↑

.NET

BlackNET RAT - Malware Analysis Lab

19 minute read

Deep dive analysis of the BlackNET RAT malware which recruits your system into a botnet that can be controlled from a centralised PHP web interface.

Agent Tesla - Malware Analysis Lab

14 minute read

Analysis of a UPX packed AutoIT binary which injects an Agent Tesla payload into memory, combined with some brief analysis of the Agent Tesla payload itself.

Back to top ↑

.NET Decompilation

BlackNET RAT - Malware Analysis Lab

19 minute read

Deep dive analysis of the BlackNET RAT malware which recruits your system into a botnet that can be controlled from a centralised PHP web interface.

Agent Tesla - Malware Analysis Lab

14 minute read

Analysis of a UPX packed AutoIT binary which injects an Agent Tesla payload into memory, combined with some brief analysis of the Agent Tesla payload itself.

Back to top ↑

Dnspy

BlackNET RAT - Malware Analysis Lab

19 minute read

Deep dive analysis of the BlackNET RAT malware which recruits your system into a botnet that can be controlled from a centralised PHP web interface.

Agent Tesla - Malware Analysis Lab

14 minute read

Analysis of a UPX packed AutoIT binary which injects an Agent Tesla payload into memory, combined with some brief analysis of the Agent Tesla payload itself.

Back to top ↑

Strings

Hack The Box - Querier

9 minute read

Querier is true to its name, requiring exploitation of common SQL vulnerabilities whilst combining elements of combing through macros, insecure SMB shares, h...

Hack The Box - Zipper

8 minute read

This machine took a bit of thinking outside of the box so it was a bit of a nice challenge and involved exploiting both custom binaries and legitimate servic...

Back to top ↑

CyberChef

2019 Defcon DFIR CTF Write-up

33 minute read

The Unofficial Defcon DFIR CTF comprised of 5 different challenge categories with a total of 82 DFIR related challenges including a Crypto Challenge, Deadbox...

Back to top ↑

Ghidra

Back to top ↑

Python

Hack The Box - Bashed

3 minute read

Bashed was an extremely simple box demonstrating some of the most basic techniques for spawning reverse shells and elevating privileges. It is a great beginn...

Hack The Box - Bashed

3 minute read

Bashed was an extremely simple box demonstrating some of the most basic techniques for spawning reverse shells and elevating privileges. It is a great beginn...

Back to top ↑

Holiday Hack Challenge (HHC)

Back to top ↑

Kringlecon

Back to top ↑

SANS

Back to top ↑

CounterHack

Back to top ↑

PEview

Back to top ↑

Process Monitor (Procmon)

Back to top ↑

OllyDbg

Back to top ↑

Gobuster

Hack The Box - Carrier

9 minute read

This machine had some interesting elements to it and really made you think outside of the box. It incorporated a number of elements which you wouldn’t typica...

Hack The Box - Help

5 minute read

Help was an interesting machine which appeared to have multiple ways of gaining access and elevating privileges. In the end it contained elements of graphql,...

Hack The Box - Access

6 minute read

This machine was fairly basic but still provided some useful reminders and tools which can be utilised to export pst file contents on Linux, natively transfe...

Hack The Box - Dev0ops

8 minute read

Dev0ops highlighted issues with weakly configured XML parsers which lead to an XXE vulnerability, and developer error which lead to SSH keys in commit revisi...

Hack The Box - Bashed

3 minute read

Bashed was an extremely simple box demonstrating some of the most basic techniques for spawning reverse shells and elevating privileges. It is a great beginn...

Back to top ↑

T1546 - Event Triggered Execution

Back to top ↑

HxD

Back to top ↑

Masquerading

Back to top ↑

XOR

Back to top ↑

Pestudio

Back to top ↑

C++

Back to top ↑

SMB

Hack The Box - Querier

9 minute read

Querier is true to its name, requiring exploitation of common SQL vulnerabilities whilst combining elements of combing through macros, insecure SMB shares, h...

Hack The Box - Bastion

8 minute read

Bastion was a relatively simple machine with the biggest issue steming from maintaining a connection to a remote mounted drive. Utilising a machine vhd backu...

Hack The Box - Blue

26 minute read

Blue is definitely one of the shortest boxes in Hack The Box history. As the name suggests all that was required to fully compromise this machine was MS17-01...

Back to top ↑

Resource Hacker

Back to top ↑

Debugging

Back to top ↑

Mutex

Back to top ↑

Shellcode

Back to top ↑

ApateDNS

Back to top ↑

x64 Disassembly

Back to top ↑

Yara

ClearFake - Malware Analysis Lab

26 minute read

Analysis of ClearFake malware which is planted on compromised WordPress websites to convince unsuspecting visitors to download and run malware.

Back to top ↑

Netcat

Hack The Box - Querier

9 minute read

Querier is true to its name, requiring exploitation of common SQL vulnerabilities whilst combining elements of combing through macros, insecure SMB shares, h...

Hack The Box - Bashed

3 minute read

Bashed was an extremely simple box demonstrating some of the most basic techniques for spawning reverse shells and elevating privileges. It is a great beginn...

Back to top ↑

SSH

Hack The Box - Bastion

8 minute read

Bastion was a relatively simple machine with the biggest issue steming from maintaining a connection to a remote mounted drive. Utilising a machine vhd backu...

Hack The Box - Dev0ops

8 minute read

Dev0ops highlighted issues with weakly configured XML parsers which lead to an XXE vulnerability, and developer error which lead to SSH keys in commit revisi...

Hack The Box - Solidstate

5 minute read

This machine contained a fairly straightforward SMTP vulnerability which didn’t even need to be exploited to fully compromise the machine. It is an essential...

Back to top ↑

FTP

Hack The Box - Netmon

6 minute read

Netmon was a very simple box which highlighted issues with open FTP servers, plaintext configuration files, common password conventions, and blindly trusting...

Hack The Box - Carrier

9 minute read

This machine had some interesting elements to it and really made you think outside of the box. It incorporated a number of elements which you wouldn’t typica...

Hack The Box - Access

6 minute read

This machine was fairly basic but still provided some useful reminders and tools which can be utilised to export pst file contents on Linux, natively transfe...

Back to top ↑

Smbclient

Hack The Box - Querier

9 minute read

Querier is true to its name, requiring exploitation of common SQL vulnerabilities whilst combining elements of combing through macros, insecure SMB shares, h...

Hack The Box - Ypuffy

5 minute read

This machine was quite interesting, and contained a privilege escalation method I’d not seen mentioned elsewhere. Luckily this was confined to the challenge,...

Hack The Box - Active

3 minute read

This machine was fairly straight forward and mimicked something you’d unfortunately expect to see even today in a typical penetration test. All in all it’s a...

Back to top ↑

Curl

Hack The Box - Ypuffy

5 minute read

This machine was quite interesting, and contained a privilege escalation method I’d not seen mentioned elsewhere. Luckily this was confined to the challenge,...

Hack The Box - Curling

3 minute read

This machine had some CTF elements to it, but overall wasn’t that difficult to complete through proper enumeration. It highlights some issues which may be pr...

Back to top ↑

Snort

Back to top ↑

Forensics

2019 Defcon DFIR CTF Write-up

33 minute read

The Unofficial Defcon DFIR CTF comprised of 5 different challenge categories with a total of 82 DFIR related challenges including a Crypto Challenge, Deadbox...

Back to top ↑

T1218 - System Binary Proxy Execution

Back to top ↑

PEiD

Back to top ↑

UPX

Agent Tesla - Malware Analysis Lab

14 minute read

Analysis of a UPX packed AutoIT binary which injects an Agent Tesla payload into memory, combined with some brief analysis of the Agent Tesla payload itself.

Back to top ↑

Packing

Back to top ↑

COM Object

Back to top ↑

Breakpoints

Back to top ↑

Hooking

Back to top ↑

Keylogger

Back to top ↑

Credential Stealer

Back to top ↑

Rundll32

Back to top ↑

Process Explorer (ProcExp)

Back to top ↑

Fakenet-NG

Back to top ↑

Exceptions

Back to top ↑

Structures (Structs)

Back to top ↑

Endianness

Back to top ↑

MSFVenom

Hack The Box - Jerry

2 minute read

Jerry would have to be one of the easiest machines I’ve ever compromised on Hack The Box. This involved using legitimate credentials to log onto an Apache To...

Hack The Box - Chatterbox

5 minute read

Chatterbox was a reasonably simple machine which required exploiting a vulnerable ‘Achat’ service with custom shellcode, and then migrating to a more stable ...

Back to top ↑

Apache

Hack The Box - Jerry

2 minute read

Jerry would have to be one of the easiest machines I’ve ever compromised on Hack The Box. This involved using legitimate credentials to log onto an Apache To...

Hack The Box - Solidstate

5 minute read

This machine contained a fairly straightforward SMTP vulnerability which didn’t even need to be exploited to fully compromise the machine. It is an essential...

Back to top ↑

Git

Hack The Box - Dev0ops

8 minute read

Dev0ops highlighted issues with weakly configured XML parsers which lead to an XXE vulnerability, and developer error which lead to SSH keys in commit revisi...

Back to top ↑

Java

Hack The Box - Jerry

2 minute read

Jerry would have to be one of the easiest machines I’ve ever compromised on Hack The Box. This involved using legitimate credentials to log onto an Apache To...

Back to top ↑

Readpst

2019 Defcon DFIR CTF Write-up

33 minute read

The Unofficial Defcon DFIR CTF comprised of 5 different challenge categories with a total of 82 DFIR related challenges including a Crypto Challenge, Deadbox...

Hack The Box - Access

6 minute read

This machine was fairly basic but still provided some useful reminders and tools which can be utilised to export pst file contents on Linux, natively transfe...

Back to top ↑

Metasploit

Hack The Box - Irked

6 minute read

This machine highlighted a few issues such as supply chain compromise, the ease of hiding information using steganography, and how easily a vulnerable binary...

Hack The Box - Access

6 minute read

This machine was fairly basic but still provided some useful reminders and tools which can be utilised to export pst file contents on Linux, natively transfe...

Back to top ↑

Hashcat

Hack The Box - Querier

9 minute read

Querier is true to its name, requiring exploitation of common SQL vulnerabilities whilst combining elements of combing through macros, insecure SMB shares, h...

Hack The Box - Active

3 minute read

This machine was fairly straight forward and mimicked something you’d unfortunately expect to see even today in a typical penetration test. All in all it’s a...

Back to top ↑

Base64

Hack The Box - Carrier

9 minute read

This machine had some interesting elements to it and really made you think outside of the box. It incorporated a number of elements which you wouldn’t typica...

Back to top ↑

SUID

Hack The Box - Irked

6 minute read

This machine highlighted a few issues such as supply chain compromise, the ease of hiding information using steganography, and how easily a vulnerable binary...

Hack The Box - Zipper

8 minute read

This machine took a bit of thinking outside of the box so it was a bit of a nice challenge and involved exploiting both custom binaries and legitimate servic...

Back to top ↑

Searchsploit

Hack The Box - Irked

6 minute read

This machine highlighted a few issues such as supply chain compromise, the ease of hiding information using steganography, and how easily a vulnerable binary...

Hack The Box - Zipper

8 minute read

This machine took a bit of thinking outside of the box so it was a bit of a nice challenge and involved exploiting both custom binaries and legitimate servic...

Back to top ↑

T1078 - Valid Accounts

Hack The Box - Zipper

8 minute read

This machine took a bit of thinking outside of the box so it was a bit of a nice challenge and involved exploiting both custom binaries and legitimate servic...

Back to top ↑

T1505 - Server Software Component

Hack The Box - Querier

9 minute read

Querier is true to its name, requiring exploitation of common SQL vulnerabilities whilst combining elements of combing through macros, insecure SMB shares, h...

Hack The Box - Zipper

8 minute read

This machine took a bit of thinking outside of the box so it was a bit of a nice challenge and involved exploiting both custom binaries and legitimate servic...

Back to top ↑

SQL

Hack The Box - Querier

9 minute read

Querier is true to its name, requiring exploitation of common SQL vulnerabilities whilst combining elements of combing through macros, insecure SMB shares, h...

Back to top ↑

Powershell

Hack The Box - Netmon

6 minute read

Netmon was a very simple box which highlighted issues with open FTP servers, plaintext configuration files, common password conventions, and blindly trusting...

Back to top ↑

Penetration Testing

Hack The Box - Querier

9 minute read

Querier is true to its name, requiring exploitation of common SQL vulnerabilities whilst combining elements of combing through macros, insecure SMB shares, h...

Back to top ↑

T1543.003 - Windows Service

Hack The Box - Querier

9 minute read

Querier is true to its name, requiring exploitation of common SQL vulnerabilities whilst combining elements of combing through macros, insecure SMB shares, h...

Back to top ↑

T1543 - Create or Modify System Process

Hack The Box - Querier

9 minute read

Querier is true to its name, requiring exploitation of common SQL vulnerabilities whilst combining elements of combing through macros, insecure SMB shares, h...

Back to top ↑

DFIR

2019 Defcon DFIR CTF Write-up

33 minute read

The Unofficial Defcon DFIR CTF comprised of 5 different challenge categories with a total of 82 DFIR related challenges including a Crypto Challenge, Deadbox...

Back to top ↑

Cheatsheet

Back to top ↑

PowerShell

Back to top ↑

Rootkit

Back to top ↑

WinDbg

Back to top ↑

Process Hacker

LummaC2 - Malware Analysis Lab

30 minute read

Analysis of a RAR file which leads to the discovery of malicious Github repositories designed to distribute malware.

Back to top ↑

stdcall

Back to top ↑

Scdbg

Back to top ↑

CFF Explorer VIII

Back to top ↑

Wireshark

Back to top ↑

Immunity Debugger

Back to top ↑

ServiceDLL

Back to top ↑

Malware

Back to top ↑

Analysis

Back to top ↑

Practical

Back to top ↑

Lab

Back to top ↑

Reverse

Back to top ↑

Engineering

Back to top ↑

Detect-It-Easy (DIE)

Back to top ↑

FLARE VM

Practical Malware Analysis - Lab Write-up

1 minute read

This details reverse engineering activities and answers for labs contained in the book ‘Practical Malware Analysis’ by Michael Sikorski and Andrew Honig, whi...

Back to top ↑

Java Decompilation

Back to top ↑

Recaf

Back to top ↑

Reflection

Back to top ↑

Dark Tortilla Crypter

BlackNET RAT - Malware Analysis Lab

19 minute read

Deep dive analysis of the BlackNET RAT malware which recruits your system into a botnet that can be controlled from a centralised PHP web interface.

Back to top ↑

de4dot

Back to top ↑

LummaC2

ClearFake - Malware Analysis Lab

26 minute read

Analysis of ClearFake malware which is planted on compromised WordPress websites to convince unsuspecting visitors to download and run malware.

LummaC2 - Malware Analysis Lab

30 minute read

Analysis of a RAR file which leads to the discovery of malicious Github repositories designed to distribute malware.

Back to top ↑

Detect-It-Easy

ClearFake - Malware Analysis Lab

26 minute read

Analysis of ClearFake malware which is planted on compromised WordPress websites to convince unsuspecting visitors to download and run malware.

LummaC2 - Malware Analysis Lab

30 minute read

Analysis of a RAR file which leads to the discovery of malicious Github repositories designed to distribute malware.

Back to top ↑

MS17-010

Hack The Box - Blue

26 minute read

Blue is definitely one of the shortest boxes in Hack The Box history. As the name suggests all that was required to fully compromise this machine was MS17-01...

Back to top ↑

EternalBlue

Hack The Box - Blue

26 minute read

Blue is definitely one of the shortest boxes in Hack The Box history. As the name suggests all that was required to fully compromise this machine was MS17-01...

Back to top ↑

PHPBash

Hack The Box - Bashed

3 minute read

Bashed was an extremely simple box demonstrating some of the most basic techniques for spawning reverse shells and elevating privileges. It is a great beginn...

Back to top ↑

Sudo

Hack The Box - Bashed

3 minute read

Bashed was an extremely simple box demonstrating some of the most basic techniques for spawning reverse shells and elevating privileges. It is a great beginn...

Back to top ↑

Jenkins

Hack The Box - Jeeves

5 minute read

Jeeves showed us that an unauthenticated Jenkins server can easily lead to a reverse shell through Groovy Script even if the web-directory is unknown. It hig...

Back to top ↑

Groovy

Hack The Box - Jeeves

5 minute read

Jeeves showed us that an unauthenticated Jenkins server can easily lead to a reverse shell through Groovy Script even if the web-directory is unknown. It hig...

Back to top ↑

Snapshot

Hack The Box - Jeeves

5 minute read

Jeeves showed us that an unauthenticated Jenkins server can easily lead to a reverse shell through Groovy Script even if the web-directory is unknown. It hig...

Back to top ↑

KeePass

Hack The Box - Jeeves

5 minute read

Jeeves showed us that an unauthenticated Jenkins server can easily lead to a reverse shell through Groovy Script even if the web-directory is unknown. It hig...

Back to top ↑

PTH

Hack The Box - Jeeves

5 minute read

Jeeves showed us that an unauthenticated Jenkins server can easily lead to a reverse shell through Groovy Script even if the web-directory is unknown. It hig...

Back to top ↑

RelayHash

Hack The Box - Jeeves

5 minute read

Jeeves showed us that an unauthenticated Jenkins server can easily lead to a reverse shell through Groovy Script even if the web-directory is unknown. It hig...

Back to top ↑

ADS

Hack The Box - Jeeves

5 minute read

Jeeves showed us that an unauthenticated Jenkins server can easily lead to a reverse shell through Groovy Script even if the web-directory is unknown. It hig...

Back to top ↑

Pth-winexe

Hack The Box - Jeeves

5 minute read

Jeeves showed us that an unauthenticated Jenkins server can easily lead to a reverse shell through Groovy Script even if the web-directory is unknown. It hig...

Back to top ↑

JTR

Hack The Box - Jeeves

5 minute read

Jeeves showed us that an unauthenticated Jenkins server can easily lead to a reverse shell through Groovy Script even if the web-directory is unknown. It hig...

Back to top ↑

John

Hack The Box - Jeeves

5 minute read

Jeeves showed us that an unauthenticated Jenkins server can easily lead to a reverse shell through Groovy Script even if the web-directory is unknown. It hig...

Back to top ↑

Achat

Hack The Box - Chatterbox

5 minute read

Chatterbox was a reasonably simple machine which required exploiting a vulnerable ‘Achat’ service with custom shellcode, and then migrating to a more stable ...

Back to top ↑

Icacls

Hack The Box - Chatterbox

5 minute read

Chatterbox was a reasonably simple machine which required exploiting a vulnerable ‘Achat’ service with custom shellcode, and then migrating to a more stable ...

Back to top ↑

SMTP

Hack The Box - Solidstate

5 minute read

This machine contained a fairly straightforward SMTP vulnerability which didn’t even need to be exploited to fully compromise the machine. It is an essential...

Back to top ↑

James

Hack The Box - Solidstate

5 minute read

This machine contained a fairly straightforward SMTP vulnerability which didn’t even need to be exploited to fully compromise the machine. It is an essential...

Back to top ↑

Cron

Hack The Box - Solidstate

5 minute read

This machine contained a fairly straightforward SMTP vulnerability which didn’t even need to be exploited to fully compromise the machine. It is an essential...

Back to top ↑

XXE

Hack The Box - Dev0ops

8 minute read

Dev0ops highlighted issues with weakly configured XML parsers which lead to an XXE vulnerability, and developer error which lead to SSH keys in commit revisi...

Back to top ↑

XML

Hack The Box - Dev0ops

8 minute read

Dev0ops highlighted issues with weakly configured XML parsers which lead to an XXE vulnerability, and developer error which lead to SSH keys in commit revisi...

Back to top ↑

Tomcat

Hack The Box - Jerry

2 minute read

Jerry would have to be one of the easiest machines I’ve ever compromised on Hack The Box. This involved using legitimate credentials to log onto an Apache To...

Back to top ↑

JSP

Hack The Box - Jerry

2 minute read

Jerry would have to be one of the easiest machines I’ve ever compromised on Hack The Box. This involved using legitimate credentials to log onto an Apache To...

Back to top ↑

Msfvenom

Hack The Box - Access

6 minute read

This machine was fairly basic but still provided some useful reminders and tools which can be utilised to export pst file contents on Linux, natively transfe...

Back to top ↑

Certutil

Hack The Box - Access

6 minute read

This machine was fairly basic but still provided some useful reminders and tools which can be utilised to export pst file contents on Linux, natively transfe...

Back to top ↑

Runas

Hack The Box - Access

6 minute read

This machine was fairly basic but still provided some useful reminders and tools which can be utilised to export pst file contents on Linux, natively transfe...

Back to top ↑

Cmdkey

Hack The Box - Access

6 minute read

This machine was fairly basic but still provided some useful reminders and tools which can be utilised to export pst file contents on Linux, natively transfe...

Back to top ↑

Mdbtools

Hack The Box - Access

6 minute read

This machine was fairly basic but still provided some useful reminders and tools which can be utilised to export pst file contents on Linux, natively transfe...

Back to top ↑

Enum4linux

Hack The Box - Active

3 minute read

This machine was fairly straight forward and mimicked something you’d unfortunately expect to see even today in a typical penetration test. All in all it’s a...

Back to top ↑

Cpassword

Hack The Box - Active

3 minute read

This machine was fairly straight forward and mimicked something you’d unfortunately expect to see even today in a typical penetration test. All in all it’s a...

Back to top ↑

gpp-decrypt

Hack The Box - Active

3 minute read

This machine was fairly straight forward and mimicked something you’d unfortunately expect to see even today in a typical penetration test. All in all it’s a...

Back to top ↑

GetUserSPNs

Hack The Box - Active

3 minute read

This machine was fairly straight forward and mimicked something you’d unfortunately expect to see even today in a typical penetration test. All in all it’s a...

Back to top ↑

Node.js

Hack The Box - Help

5 minute read

Help was an interesting machine which appeared to have multiple ways of gaining access and elevating privileges. In the end it contained elements of graphql,...

Back to top ↑

GraphQL

Hack The Box - Help

5 minute read

Help was an interesting machine which appeared to have multiple ways of gaining access and elevating privileges. In the end it contained elements of graphql,...

Back to top ↑

HelpDeskZ

Hack The Box - Help

5 minute read

Help was an interesting machine which appeared to have multiple ways of gaining access and elevating privileges. In the end it contained elements of graphql,...

Back to top ↑

GCC

Hack The Box - Help

5 minute read

Help was an interesting machine which appeared to have multiple ways of gaining access and elevating privileges. In the end it contained elements of graphql,...

Back to top ↑

Xxd

Hack The Box - Curling

3 minute read

This machine had some CTF elements to it, but overall wasn’t that difficult to complete through proper enumeration. It highlights some issues which may be pr...

Back to top ↑

Bzip

Hack The Box - Curling

3 minute read

This machine had some CTF elements to it, but overall wasn’t that difficult to complete through proper enumeration. It highlights some issues which may be pr...

Back to top ↑

Pspy

Hack The Box - Curling

3 minute read

This machine had some CTF elements to it, but overall wasn’t that difficult to complete through proper enumeration. It highlights some issues which may be pr...

Back to top ↑

BGP

Hack The Box - Carrier

9 minute read

This machine had some interesting elements to it and really made you think outside of the box. It incorporated a number of elements which you wouldn’t typica...

Back to top ↑

SNMP

Hack The Box - Carrier

9 minute read

This machine had some interesting elements to it and really made you think outside of the box. It incorporated a number of elements which you wouldn’t typica...

Back to top ↑

Injection

Hack The Box - Carrier

9 minute read

This machine had some interesting elements to it and really made you think outside of the box. It incorporated a number of elements which you wouldn’t typica...

Back to top ↑

Zabbix

Hack The Box - Zipper

8 minute read

This machine took a bit of thinking outside of the box so it was a bit of a nice challenge and involved exploiting both custom binaries and legitimate servic...

Back to top ↑

Jsonrpc

Hack The Box - Zipper

8 minute read

This machine took a bit of thinking outside of the box so it was a bit of a nice challenge and involved exploiting both custom binaries and legitimate servic...

Back to top ↑

Perl

Hack The Box - Zipper

8 minute read

This machine took a bit of thinking outside of the box so it was a bit of a nice challenge and involved exploiting both custom binaries and legitimate servic...

Back to top ↑

T1505.003 - Web Shell

Hack The Box - Zipper

8 minute read

This machine took a bit of thinking outside of the box so it was a bit of a nice challenge and involved exploiting both custom binaries and legitimate servic...

Back to top ↑

T1190 - Exploit Public-Facing Application

Hack The Box - Zipper

8 minute read

This machine took a bit of thinking outside of the box so it was a bit of a nice challenge and involved exploiting both custom binaries and legitimate servic...

Back to top ↑

T1095 - Non-Application Layer Protocol

Hack The Box - Zipper

8 minute read

This machine took a bit of thinking outside of the box so it was a bit of a nice challenge and involved exploiting both custom binaries and legitimate servic...

Back to top ↑

T1222 - File and Directory Permissions Modification

Hack The Box - Zipper

8 minute read

This machine took a bit of thinking outside of the box so it was a bit of a nice challenge and involved exploiting both custom binaries and legitimate servic...

Back to top ↑

T1222.002 - Linux and Mac File and Directory Permissions Modification

Hack The Box - Zipper

8 minute read

This machine took a bit of thinking outside of the box so it was a bit of a nice challenge and involved exploiting both custom binaries and legitimate servic...

Back to top ↑

Burpsuite

Hack The Box - Waldo

5 minute read

This machine was interesting, starting with directory traversal and LFI vulnerabilities, it then exploits a feature not commonly known which is supposed to b...

Back to top ↑

LFI

Hack The Box - Waldo

5 minute read

This machine was interesting, starting with directory traversal and LFI vulnerabilities, it then exploits a feature not commonly known which is supposed to b...

Back to top ↑

Webapp

Hack The Box - Waldo

5 minute read

This machine was interesting, starting with directory traversal and LFI vulnerabilities, it then exploits a feature not commonly known which is supposed to b...

Back to top ↑

Tac

Hack The Box - Waldo

5 minute read

This machine was interesting, starting with directory traversal and LFI vulnerabilities, it then exploits a feature not commonly known which is supposed to b...

Back to top ↑

Getcap

Hack The Box - Waldo

5 minute read

This machine was interesting, starting with directory traversal and LFI vulnerabilities, it then exploits a feature not commonly known which is supposed to b...

Back to top ↑

PKI

Hack The Box - Ypuffy

5 minute read

This machine was quite interesting, and contained a privilege escalation method I’d not seen mentioned elsewhere. Luckily this was confined to the challenge,...

Back to top ↑

Masscan

Hack The Box - Ypuffy

5 minute read

This machine was quite interesting, and contained a privilege escalation method I’d not seen mentioned elsewhere. Luckily this was confined to the challenge,...

Back to top ↑

Crackmapexec

Hack The Box - Ypuffy

5 minute read

This machine was quite interesting, and contained a privilege escalation method I’d not seen mentioned elsewhere. Luckily this was confined to the challenge,...

Back to top ↑

Puttygen

Hack The Box - Ypuffy

5 minute read

This machine was quite interesting, and contained a privilege escalation method I’d not seen mentioned elsewhere. Luckily this was confined to the challenge,...

Back to top ↑

Doas

Hack The Box - Ypuffy

5 minute read

This machine was quite interesting, and contained a privilege escalation method I’d not seen mentioned elsewhere. Luckily this was confined to the challenge,...

Back to top ↑

SSH-Keygen

Hack The Box - Ypuffy

5 minute read

This machine was quite interesting, and contained a privilege escalation method I’d not seen mentioned elsewhere. Luckily this was confined to the challenge,...

Back to top ↑

Steghide

Hack The Box - Irked

6 minute read

This machine highlighted a few issues such as supply chain compromise, the ease of hiding information using steganography, and how easily a vulnerable binary...

Back to top ↑

TTY

Hack The Box - Irked

6 minute read

This machine highlighted a few issues such as supply chain compromise, the ease of hiding information using steganography, and how easily a vulnerable binary...

Back to top ↑

Chmod

Hack The Box - Irked

6 minute read

This machine highlighted a few issues such as supply chain compromise, the ease of hiding information using steganography, and how easily a vulnerable binary...

Back to top ↑

Stego

Hack The Box - Irked

6 minute read

This machine highlighted a few issues such as supply chain compromise, the ease of hiding information using steganography, and how easily a vulnerable binary...

Back to top ↑

IRC

Hack The Box - Irked

6 minute read

This machine highlighted a few issues such as supply chain compromise, the ease of hiding information using steganography, and how easily a vulnerable binary...

Back to top ↑

Vim

Back to top ↑

SQLite3

Back to top ↑

DB

Back to top ↑

DeBruijn

Back to top ↑

Trufflehog

Back to top ↑

Bloodhound

Back to top ↑

EvtxDump

Back to top ↑

Sed

Back to top ↑

DDE

Back to top ↑

Http2

Back to top ↑

SSL

Back to top ↑

Pcap

Back to top ↑

Sniffing

Back to top ↑

Gdb

Back to top ↑

DNS

Back to top ↑

Reversing

Back to top ↑

Cryptography

Back to top ↑

PlaintextPasswords

Hack The Box - Netmon

6 minute read

Netmon was a very simple box which highlighted issues with open FTP servers, plaintext configuration files, common password conventions, and blindly trusting...

Back to top ↑

PRTG

Hack The Box - Netmon

6 minute read

Netmon was a very simple box which highlighted issues with open FTP servers, plaintext configuration files, common password conventions, and blindly trusting...

Back to top ↑

Config

Hack The Box - Netmon

6 minute read

Netmon was a very simple box which highlighted issues with open FTP servers, plaintext configuration files, common password conventions, and blindly trusting...

Back to top ↑

Grep

Hack The Box - Netmon

6 minute read

Netmon was a very simple box which highlighted issues with open FTP servers, plaintext configuration files, common password conventions, and blindly trusting...

Back to top ↑

SAM

Hack The Box - Bastion

8 minute read

Bastion was a relatively simple machine with the biggest issue steming from maintaining a connection to a remote mounted drive. Utilising a machine vhd backu...

Back to top ↑

PWDump

Hack The Box - Bastion

8 minute read

Bastion was a relatively simple machine with the biggest issue steming from maintaining a connection to a remote mounted drive. Utilising a machine vhd backu...

Back to top ↑

mRemoteNG

Hack The Box - Bastion

8 minute read

Bastion was a relatively simple machine with the biggest issue steming from maintaining a connection to a remote mounted drive. Utilising a machine vhd backu...

Back to top ↑

Guestmount

Hack The Box - Bastion

8 minute read

Bastion was a relatively simple machine with the biggest issue steming from maintaining a connection to a remote mounted drive. Utilising a machine vhd backu...

Back to top ↑

SCP

Hack The Box - Bastion

8 minute read

Bastion was a relatively simple machine with the biggest issue steming from maintaining a connection to a remote mounted drive. Utilising a machine vhd backu...

Back to top ↑

Windows

Hack The Box - Querier

9 minute read

Querier is true to its name, requiring exploitation of common SQL vulnerabilities whilst combining elements of combing through macros, insecure SMB shares, h...

Back to top ↑

Impacket

Hack The Box - Querier

9 minute read

Querier is true to its name, requiring exploitation of common SQL vulnerabilities whilst combining elements of combing through macros, insecure SMB shares, h...

Back to top ↑

Mssqlclient

Hack The Box - Querier

9 minute read

Querier is true to its name, requiring exploitation of common SQL vulnerabilities whilst combining elements of combing through macros, insecure SMB shares, h...

Back to top ↑

Macro

Hack The Box - Querier

9 minute read

Querier is true to its name, requiring exploitation of common SQL vulnerabilities whilst combining elements of combing through macros, insecure SMB shares, h...

Back to top ↑

Olevba

Hack The Box - Querier

9 minute read

Querier is true to its name, requiring exploitation of common SQL vulnerabilities whilst combining elements of combing through macros, insecure SMB shares, h...

Back to top ↑

Responder

Hack The Box - Querier

9 minute read

Querier is true to its name, requiring exploitation of common SQL vulnerabilities whilst combining elements of combing through macros, insecure SMB shares, h...

Back to top ↑

Powersploit

Hack The Box - Querier

9 minute read

Querier is true to its name, requiring exploitation of common SQL vulnerabilities whilst combining elements of combing through macros, insecure SMB shares, h...

Back to top ↑

T1505.001 - SQL Stored Procedures

Hack The Box - Querier

9 minute read

Querier is true to its name, requiring exploitation of common SQL vulnerabilities whilst combining elements of combing through macros, insecure SMB shares, h...

Back to top ↑

T1059.003 - Windows Command Shell

Hack The Box - Querier

9 minute read

Querier is true to its name, requiring exploitation of common SQL vulnerabilities whilst combining elements of combing through macros, insecure SMB shares, h...

Back to top ↑

T1059.001 - PowerShell

Hack The Box - Querier

9 minute read

Querier is true to its name, requiring exploitation of common SQL vulnerabilities whilst combining elements of combing through macros, insecure SMB shares, h...

Back to top ↑

T1059 - Command and Scripting Interpreter

Hack The Box - Querier

9 minute read

Querier is true to its name, requiring exploitation of common SQL vulnerabilities whilst combining elements of combing through macros, insecure SMB shares, h...

Back to top ↑

T1059.006 - Python

Hack The Box - Querier

9 minute read

Querier is true to its name, requiring exploitation of common SQL vulnerabilities whilst combining elements of combing through macros, insecure SMB shares, h...

Back to top ↑

T1552.006 - Group Policy Preferences

Hack The Box - Querier

9 minute read

Querier is true to its name, requiring exploitation of common SQL vulnerabilities whilst combining elements of combing through macros, insecure SMB shares, h...

Back to top ↑

T1552 - Unsecured Credentials

Hack The Box - Querier

9 minute read

Querier is true to its name, requiring exploitation of common SQL vulnerabilities whilst combining elements of combing through macros, insecure SMB shares, h...

Back to top ↑

Psexec

Hack The Box - Querier

9 minute read

Querier is true to its name, requiring exploitation of common SQL vulnerabilities whilst combining elements of combing through macros, insecure SMB shares, h...

Back to top ↑

DEFCON

2019 Defcon DFIR CTF Write-up

33 minute read

The Unofficial Defcon DFIR CTF comprised of 5 different challenge categories with a total of 82 DFIR related challenges including a Crypto Challenge, Deadbox...

Back to top ↑

FTK Imager

2019 Defcon DFIR CTF Write-up

33 minute read

The Unofficial Defcon DFIR CTF comprised of 5 different challenge categories with a total of 82 DFIR related challenges including a Crypto Challenge, Deadbox...

Back to top ↑

Autopsy

2019 Defcon DFIR CTF Write-up

33 minute read

The Unofficial Defcon DFIR CTF comprised of 5 different challenge categories with a total of 82 DFIR related challenges including a Crypto Challenge, Deadbox...

Back to top ↑

Live Response

2019 Defcon DFIR CTF Write-up

33 minute read

The Unofficial Defcon DFIR CTF comprised of 5 different challenge categories with a total of 82 DFIR related challenges including a Crypto Challenge, Deadbox...

Back to top ↑

Volatility

2019 Defcon DFIR CTF Write-up

33 minute read

The Unofficial Defcon DFIR CTF comprised of 5 different challenge categories with a total of 82 DFIR related challenges including a Crypto Challenge, Deadbox...

Back to top ↑

Deadbox

2019 Defcon DFIR CTF Write-up

33 minute read

The Unofficial Defcon DFIR CTF comprised of 5 different challenge categories with a total of 82 DFIR related challenges including a Crypto Challenge, Deadbox...

Back to top ↑

HexEdit

2019 Defcon DFIR CTF Write-up

33 minute read

The Unofficial Defcon DFIR CTF comprised of 5 different challenge categories with a total of 82 DFIR related challenges including a Crypto Challenge, Deadbox...

Back to top ↑

T1546.015 - Component Object Model Hijacking

Back to top ↑

T1197 - BITS Jobs

Back to top ↑

T1546.008 - Accessibility Features

Back to top ↑

T1055 - Process Injection

Back to top ↑

T1546.010 - AppInit DLLs)

Back to top ↑

T1127 - Trusted Developer Utilities Proxy Execution

Back to top ↑

T1127.001 - MSBuild

Back to top ↑

T1027 - Obfuscated Files or Information

Back to top ↑

T1027.004 - Compile After Delivery

Back to top ↑

T1091 - Replication Through Removable Media

Back to top ↑

System Binary Proxy Execution - T1218

Back to top ↑

T1218.004 - InstallUtil

Back to top ↑

T1546.001 - Change Default File Association)

Back to top ↑

T1548 - Abuse Elevation Control Mechanism

Back to top ↑

T1548.002 - Bypass User Account Control

Back to top ↑

T1546.012 - Image File Execution Options Injection

Back to top ↑

T1218.003 - CMSTP

Back to top ↑

T1550 - Use Alternate Authentication Material

Back to top ↑

T1550.002 - Pass the Hash

Back to top ↑

T1557 - Adversary-in-the-Middle

Back to top ↑

T1557.001 - LLMNR/NBT-NS Poisoning and SMB Relay

Back to top ↑

T1218.002 - Control Panel

Back to top ↑

T1218.005 - Mshta

Back to top ↑

T1021 - Boot or Logon Initialization Scripts

Back to top ↑

T1037.001 - Logon Script (Windows)

Back to top ↑

T1021 - Remote Services

Back to top ↑

T1021.006 - Windows Remote Management

Back to top ↑

T1053 - Scheduled Task/Job

Back to top ↑

T1053.005 - Scheduled Task

Back to top ↑

T1074 - Data Staged

Back to top ↑

T1074.001 - Local Data Staging

Back to top ↑

T1087 - Account Discovery

Back to top ↑

T1113 - Screen Capture

Back to top ↑

T1090 - Proxy

Back to top ↑

T1556 - Modify Authentication Process

Back to top ↑

T1556.002 - Password Filter DLL

Back to top ↑

Input Capture - T1056

Back to top ↑

T1056.004 - Credential API Hooking

Back to top ↑

OSCP

Back to top ↑

VirusTotal

Back to top ↑

Malcode Analyst Pack

Back to top ↑

Dependency Walker

Back to top ↑

Exeinfo PE

Back to top ↑

PE Detective

Back to top ↑

IOCTL Driver

Back to top ↑

DeviceIoControl

Back to top ↑

EPROCESS

Back to top ↑

Kernel Debugging

Back to top ↑

COM serial port

Back to top ↑

Named Pipe

Back to top ↑

Windows Firewall

Back to top ↑

System Service Descriptor Table (SSDT)

Back to top ↑

KiServiceTable

Back to top ↑

Graphical Identification and Authentication (GINA)

Back to top ↑

Professional PE file Explorer - PPEE (Puppy)

Back to top ↑

AppInit_DLLs

Back to top ↑

SMTP Daemon

Back to top ↑

Fakenet

Back to top ↑

010 Editor

Back to top ↑

FindCrypt2

Back to top ↑

Krypto ANALyzer (KANAL)

Back to top ↑

IDA-Ent

Back to top ↑

FindCrypt-Ghidra

Back to top ↑

WhatIsMyBrowser

Back to top ↑

PfSSense

Back to top ↑

Anti-Disassembly

Back to top ↑

Anti-Debugging

Back to top ↑

ScyllaHide

Back to top ↑

TitanHide

Back to top ↑

HideDebug

Back to top ↑

Thread Local Storage

Back to top ↑

Anti-Virtual Machine

Back to top ↑

ScoopyNG

Back to top ↑

VmwareHardenedLoader

Back to top ↑

SIDT - Red Pill Technique

Back to top ↑

STR

Back to top ↑

SLDT - No Pill Technique

Back to top ↑

SGDT

Back to top ↑

SMSW

Back to top ↑

IN

Back to top ↑

CPUID

Back to top ↑

Maclookup

Back to top ↑

Original Entry Point (OEP)

Back to top ↑

OllyDump

Back to top ↑

PEiD Generic Unpacker

Back to top ↑

Snaker's Generic Unpacker

Back to top ↑

ImpREC

Back to top ↑

POPAD

Back to top ↑

PUSHAD

Back to top ↑

POPFD

Back to top ↑

PUSHFD

Back to top ↑

ASPack

Back to top ↑

UPack

Back to top ↑

PE Explorer

Back to top ↑

Upack Unpacker

Back to top ↑

Shellcode_launcher

Back to top ↑

Blob Runner

Back to top ↑

Position-Independent Code (PIC)

Back to top ↑

NOP Sled/Slide

Back to top ↑

LODSB

Back to top ↑

STOSB

Back to top ↑

PDFStreamDumper

Back to top ↑

Virtual Machine

Back to top ↑

Vtables

Back to top ↑

Overloading and Mangling

Back to top ↑

Inheritance and Function Overriding

Back to top ↑

Virtual and Non-Virtual Functions

Back to top ↑

XAMPP

Back to top ↑

FileZilla

Back to top ↑

Leaf and Nonlead Functions

Back to top ↑

Prologue and Epilogue Code

Back to top ↑

WOW64 Subsystem

Back to top ↑

Processs Monitor (Procmon)

Back to top ↑

Cutter

Back to top ↑

x64Dbg

Back to top ↑

x32Dbg

Back to top ↑

Pesstudio

Back to top ↑

BinDiff

Back to top ↑

HashMyFiles

Back to top ↑

Regshot

Back to top ↑

FakeNet

Back to top ↑

Process Hollowing

Back to top ↑

Abstraction

Back to top ↑

Memory

Back to top ↑

Assembly Instructions

Back to top ↑

x86 Opcodes

Back to top ↑

Operands

Back to top ↑

Registers

Back to top ↑

x86 Logical Operators

Back to top ↑

Stack

Back to top ↑

Conditionals

Back to top ↑

Branching

Back to top ↑

Buffers

Back to top ↑

C

Back to top ↑

Variables

Back to top ↑

Arithmetic

Back to top ↑

cdecl

Back to top ↑

fastcall

Back to top ↑

Binary Patching

Back to top ↑

YarGen

Back to top ↑

MalQuery

Back to top ↑

Hybrid Analysis

Back to top ↑

STRRAT

Back to top ↑

Strigoi

Back to top ↑

Sigma

Back to top ↑

Crimson Shadow

Back to top ↑

GoAccess

Back to top ↑

Java Decompiler (JD-GUI)

Back to top ↑

JavaScript

Back to top ↑

CarLambo

Back to top ↑

Allatori Java Obfuscator

Back to top ↑

PBKDF2

Back to top ↑

AES

Back to top ↑

Urlscan

Back to top ↑

OSINT

Back to top ↑

RAT

Back to top ↑

Redline Stealer

Back to top ↑

Miscellaneous

Nuggets of Knowledge

19 minute read

Place to capture random social media posts which I’ve made, and capture various pieces of shared knowledge which proved popular.

Back to top ↑

Twitter

Nuggets of Knowledge

19 minute read

Place to capture random social media posts which I’ve made, and capture various pieces of shared knowledge which proved popular.

Back to top ↑

Aspmuma

Back to top ↑

Webshell

Back to top ↑

ASPX

Back to top ↑

Remcos

Back to top ↑

RC4

Back to top ↑

Game Hacking

Back to top ↑

Pwn Adventure

Back to top ↑

Pwnie Island

Back to top ↑

Windbg

Back to top ↑

Cheat Engine

Back to top ↑

Key Generation

Back to top ↑

Integer Overflow

Back to top ↑

Integer Underflow

Back to top ↑

Race Condition

Back to top ↑

Memory Analysis

Back to top ↑

Cobalt Strike Stager

Back to top ↑

Cyberchef

Back to top ↑

Snake Keylogger

Back to top ↑

Android Malware

Back to top ↑

JADX

Back to top ↑

Spyware

Back to top ↑

PowerShell Webhook Clipper

Back to top ↑

Clipper

Back to top ↑

AgentTesla

Agent Tesla - Malware Analysis Lab

14 minute read

Analysis of a UPX packed AutoIT binary which injects an Agent Tesla payload into memory, combined with some brief analysis of the Agent Tesla payload itself.

Back to top ↑

SFX

BlackNET RAT - Malware Analysis Lab

19 minute read

Deep dive analysis of the BlackNET RAT malware which recruits your system into a botnet that can be controlled from a centralised PHP web interface.

Back to top ↑

Havoc

Back to top ↑

Demon

Back to top ↑

Xworm Loader

Back to top ↑

Steganography

Back to top ↑

Duvet Stealer

Back to top ↑

BBY Stealer

Back to top ↑

VSCode

Back to top ↑

Electron

Back to top ↑

NodeJS

Back to top ↑

Fakebat Malware

Back to top ↑

MSIX

Back to top ↑

IDAT Loader

Back to top ↑

AsyncRAT Injector

Back to top ↑

TURS Agent

Back to top ↑

Cryptoshuffler

Back to top ↑

.JAR

Back to top ↑

AMOS

Back to top ↑

Atomic MacOS Stealer

Back to top ↑

Mac-O

Back to top ↑

Formbook Downloader

Back to top ↑

LECmd

Back to top ↑

LNK

Back to top ↑

PE-Bear

LummaC2 - Malware Analysis Lab

30 minute read

Analysis of a RAR file which leads to the discovery of malicious Github repositories designed to distribute malware.

Back to top ↑

Scylla

LummaC2 - Malware Analysis Lab

30 minute read

Analysis of a RAR file which leads to the discovery of malicious Github repositories designed to distribute malware.

Back to top ↑

x64dbg

LummaC2 - Malware Analysis Lab

30 minute read

Analysis of a RAR file which leads to the discovery of malicious Github repositories designed to distribute malware.

Back to top ↑

x32dbg

LummaC2 - Malware Analysis Lab

30 minute read

Analysis of a RAR file which leads to the discovery of malicious Github repositories designed to distribute malware.

Back to top ↑

API Monitor

LummaC2 - Malware Analysis Lab

30 minute read

Analysis of a RAR file which leads to the discovery of malicious Github repositories designed to distribute malware.

Back to top ↑

FakeNet-NG

LummaC2 - Malware Analysis Lab

30 minute read

Analysis of a RAR file which leads to the discovery of malicious Github repositories designed to distribute malware.

Back to top ↑

ClearFake

ClearFake - Malware Analysis Lab

26 minute read

Analysis of ClearFake malware which is planted on compromised WordPress websites to convince unsuspecting visitors to download and run malware.

Back to top ↑

Fake Browser Update

ClearFake - Malware Analysis Lab

26 minute read

Analysis of ClearFake malware which is planted on compromised WordPress websites to convince unsuspecting visitors to download and run malware.

Back to top ↑

pestudio

ClearFake - Malware Analysis Lab

26 minute read

Analysis of ClearFake malware which is planted on compromised WordPress websites to convince unsuspecting visitors to download and run malware.

Back to top ↑

FLOSS

ClearFake - Malware Analysis Lab

26 minute read

Analysis of ClearFake malware which is planted on compromised WordPress websites to convince unsuspecting visitors to download and run malware.

Back to top ↑

Incident

Back to top ↑

Response

Back to top ↑

IR

Back to top ↑