How to Deploy Cuckoo Sandbox
Marc Rivero López presented a how-to guide that will help you to deploy Cuckoo Sandbox – an open source malware sandbo…
Payload Distribution Format
As a continuation of the “Introduction to Malware Analysis” series, this video walks through an analysis of a po…
Imaginary C2: Malware Network Behavior Analysis Tool
Imaginary C2 is a python tool which aims to help in the behavioral (network) analysis of malware. Imaginary C2 hosts a HTTP …
Search for Malware on Webservers with Blazescan
Blazescan is a Linux webserver malware scanning and incident response tool, with built in support for cPanel servers, but wi…
Deobfuscate malicious VBA Macros with ViperMonkey
ViperMonkey is a VBA Emulation engine written in Python, designed to analyze and deobfuscate malicious VBA Macros contained …
Deobfuscating Emotet’s PowerShell Payload
Lasq has posted a step-by-step guide on how to deobfuscate Emotet’s PowerShell payload. Also he shared a Python script…
How to Disassemble a Word Document with Embedded Macros
Here is a post by Paul Cimino, in which he goes through the steps to create a macro-embedded Word document, extract the file…
A Live Forensic Distribution Executing Malicious Code from a Suspect Drive
Maxim Suhanov has started a DFIR blog, and already submitted the first post – “A Live Forensic Distribution Exec…
Magnet User Summit CTF: Intrusion
So, we decided to finish our write-up today. The forth part – the most interesting part. Intrusion! Again, no more AXI…
Magnet User Summit CTF: Anti-Forensics
Yesterday Troy Schnack and Kevin Pagano suggested on Twitter that it would be good to write how I solved Magnet User Summit …
