Deobfuscating Emotet’s PowerShell Payload
Lasq has posted a step-by-step guide on how to deobfuscate Emotet’s PowerShell payload. Also he shared a Python script…
How to Disassemble a Word Document with Embedded Macros
Here is a post by Paul Cimino, in which he goes through the steps to create a macro-embedded Word document, extract the file…
A Live Forensic Distribution Executing Malicious Code from a Suspect Drive
Maxim Suhanov has started a DFIR blog, and already submitted the first post – “A Live Forensic Distribution Exec…
Magnet User Summit CTF: Intrusion
So, we decided to finish our write-up today. The forth part – the most interesting part. Intrusion! Again, no more AXI…
Magnet User Summit CTF: Anti-Forensics
Yesterday Troy Schnack and Kevin Pagano suggested on Twitter that it would be good to write how I solved Magnet User Summit …
Beginner Malware Reversing Challenges
The purpose of these challenges is to familiarize beginners with common malware techniques. Don’t worry if you can’t complet…
Windows Process Genealogy
As an incident responder, one of the things you need to be able to quickly do when looking at a list of processes, is immedi…
Finding Metasploit’s Meterpreter Traces with Memory Forensics
Metasploit Framework is very popular not only among pentesters, but also quite often used by real adversaries. So why memory…
Portable Dynamic Malware Analysis with an Improved Scalability and Automatisation
A malware is deployed ubiquitously to steal safety or liability-critical information and damage the compromised systems. In …
Learning Malware Analysis
Packt Publishing has announced “Learning Malware Analysis“ by Monappa K A. The book is expected to be published …
