Apply learned skills to probe malicious emails and URLs, exposing a vast phishing campaign. Introduction It鈥檚 been a while since I鈥檝e done a TryHackMe write-up. Initially this was all I ever wrote posts on up until I looked to some other platforms. We鈥檙e back today! Time for more Phishing analysis in today鈥檚 challenge; Snapped Phish-ing Line. We get quite a bit of an introduction to this room. Let鈥檚 go through it: As an IT department personnel of SwiftSpend Financial, one of your responsibilities is to support your fellow employees with their technical concerns. While everything seemed ordinary and mundane, this gradually changed when several employees from various departments started reporting an unusual email they had received. Unfortunately, some had already submitted their credentials and could no longer log in. ...
Analyze a suspicious executable using VirusTotal and MalwareBazaar to extract IOCs, identify C2 infrastructure, MITRE ATT&CK techniques, and privilege escalation mechanisms. Introduction Another Threat Intel focused lab for today. The red stealer lab available through Cyber Defenders. You are part of the Threat Intelligence team in the SOC (Security Operations Center). An executable file has been discovered on a colleague鈥檚 computer, and it鈥檚 suspected to be linked to a Command and Control (C2) server, indicating a potential malware infection. Your task is to investigate this executable by analyzing its hash. The goal is to gather and analyze data beneficial to other SOC members, including the Incident Response team, to respond to this suspicious behavior efficiently. ...
Analyze email headers and threat intelligence to identify phishing indicators, malware persistence, and C2 channels, extracting actionable IOCs. Introduction It鈥檚 no secret that I鈥檓 no stranger to phishing emails. A lot of the grunt-y SOC work I do is analyzing potential phishing emails. Some people consider it boring or repetitive and while I understand this sentiment I don鈥檛 entirely agree with it. The process can be pretty fun if you see new phishing lures and compile IOCs. ...
Analyze a malicious Chrome extension鈥檚 code and behavior to identify data theft mechanisms, covert exfiltration via <img> tags, and anti-analysis techniques. Introduction It鈥檚 the last day of 2025. No better way to celebrate than to publish a write-up of a year old lab. Specifically the FakeGPT Lab over on CyberDefenders. As we can see from the introductionary text we will be analyzing a malicious chrome extension. We get a quick peek into how data is exfiltrated via <img> tags, and there鈥檚 a hint into some evasion/anti-analysis techniques we鈥檒l be looking into. ...
A malicious batch file has been discovered that downloads and executes files associated with the Laplas Clipper malware. Analyze this batch file to understand its behavior and help us investigate its activities. Introduction Happy holidays everyone! The new year is quickly approaching and I have no plans on slowing down. Today we鈥檒l be going through another LetsDefend challenge - Batch Dowloader. Batch files were my introduction into programming and computing. I wrote some small batch files to copy files and easily install MineCraft mods, something along those lines. The number of resources online that were available even back then in the early 2000s made me want to get into software development. Looking back, Python might have been better to learn, but I鈥檒l still have those memories of writing my first Batch file. ...