1. PowerShell: Analyzing an Obfuscated Script PowerShell is commonly used by attackers because it is built into Windows and can interact with the .NET Framework. Malware authors like PowerShell be...

Shellcode Analysis In this analysis, I worked with a suspicious sample that contained embedded shellcode. The goal was to extract the shellcode, analyze it safely, understand what API calls it mak...

Static Analysis of Excel Maldocs In this section, we are going to analyze an Excel file that is believed to contain malware or a malicious macro. There is usually more to an Excel file than wha...

Introduction Malware analysis is the process of studying a suspicious file to understand what it does, how it works, and what damage it can cause. The goal is not just to run the malware, but to u...

Overview In this lab, I explored how TCP can be abused through three different attacks: SYN flooding, TCP reset, and TCP session hijacking. I used the SEED lab setup to observe the packet flow, te...

This report covers two malware challenges: RAT.Unknown2.exe putty.exe from the SillyPutty challenge The RAT.Unknown2.exe Basic Static Analysis File hashes C:\Users\sire\Desktop λ sha25...

The RAT.Unknown.exe Instructions Analyst Excellent work with the last sample. Please take a look at the one in this directory. Our IR team said it might have command execution capabilities, but ...

This report is based on my hands-on analysis of a malware sample, following my previous static analysis. In this phase, I wanted to see what the malware actually does when executed, rather than ju...

In this lab, I explored out a basic static malware analysis on a suspicious Windows executable without running it. The goal was to collect useful indicators early, understand what the sample might ...

Objective The goal of this attack is to use packet spoofing to launch an ARP cache poisoning attack so that when two victim machines (A and B) communicate, their traffic is redirected through the ...