Posts

Analyze a malicious Chrome extension’s code and behavior to identify data theft mechanisms, covert exfiltration via <img> tags, and anti-analysis techniques. Introduction It’s the last day of 2025. No better way to celebrate than to publish a write-up of a year old lab. Specifically the FakeGPT Lab over on CyberDefenders. As we can see from the introductionary text we will be analyzing a malicious chrome extension. We get a quick peek into how data is exfiltrated via <img> tags, and there’s a hint into some evasion/anti-analysis techniques we’ll be looking into. ...

A malicious batch file has been discovered that downloads and executes files associated with the Laplas Clipper malware. Analyze this batch file to understand its behavior and help us investigate its activities. Introduction Happy holidays everyone! The new year is quickly approaching and I have no plans on slowing down. Today we’ll be going through another LetsDefend challenge - Batch Dowloader. Batch files were my introduction into programming and computing. I wrote some small batch files to copy files and easily install MineCraft mods, something along those lines. The number of resources online that were available even back then in the early 2000s made me want to get into software development. Looking back, Python might have been better to learn, but I’ll still have those memories of writing my first Batch file. ...

Day Seventeen Question one Another homonym! Together they give the solution. I was very confused when I first read this. There’s another hint that reads: Hint: I have the homonym, I know why he is famous, and I am stuck Remember Nike’s slogan. That clears nothing up. I used Yandex to run a reverse image search and found the full image: Looks like a neat little band. The Yandex results also led me to this page that reveals their full name: Kazuhisa Hashimoto ...

Day Sixteen Yesterday was pretty easy. I got lucky finding that larger image right away that gave us all the clues we needed for the two questions. Let’s hope that today goes a similar way! Question one During the autumn of 2025, the UK Maritime Trade Operations (UKMTO) issued a warning regarding a maritime incident that occurred near the following coordinates: 12.381162, 46.468557. The cause of the incident, however, could not be determined with certainty. What is the IMO number of the vessel involved? ...

Day Fifteen Question one This photo shows Santa Claus receiving his pilot’s licence. The seated man holds the very first licence issued by this organisation. To whom had this first licence originally been offered? A quick reverse image search shows this other version of the image. The description of the image is as follows: Santa Claus receives aeroplane pilot’s license from Assistant Secretary of Commerce. Although there may not be sufficient snow for his reindeer sleigh, Santa Claus will still be able to deliver his load of presents on time this Christmas by using the air route. The old saint called at the Commerce Department in Washington today where he is shown receiving an aeroplane pilot’s license from Assistant Secretary of Commerce. for Aeronautics William P. MacCracken, while Clarence M. Young (right) Director of Aeronautics, Department of Commerce, looks on. Airway maps and the assurance that the lights would be burning on the airways Christmas Eve were also given to Santa ...