Posts

Investigate an insider threat by analyzing GitHub repositories for exposed credentials, using OSINT tools to correlate online accounts, and performing image analysis to identify locations. Unlike in any of my previous write-ups, this time I completed the entire lab before sitting down to write this. I think it’s important to keep the flow of how I answered all the questions, including any mistakes or rabbit-holes. With an OSINT focused room like this one it’s very easy to find false-positives and go on a deep dive on profiles that aren’t related at all to the target. ...

Analyze malware artifacts using threat intelligence platforms like VirusTotal to identify IOCs, C2 servers, and understand adversary tactics. Back again for another CyberDefenders lab. This time, the Yellow RAT Lab. My previous writeup had a similar premise to this lab; Analyze a malware sample and identify the TTP, IOCs, and anything else that can potentially be used to build detection rules or map out the adversary further. Let’s get into it! Scenario Here’s the introductory text we get for this lab: ...

Back to CyberDefenders again today. This time doing the Oski lab. From the looks of things this is more of a Malware analysis type lab. Here’s the description: Analyze a sandbox report using Any.Run to identify Stealc malware behavior, extract configuration details, and map observed tactics to MITRE ATT&CK. Let’s take a look at the scenario further! Introduction The accountant at the company received an email titled “Urgent New Order” from a client late in the afternoon. When he attempted to access the attached invoice, he discovered it contained false order information. Subsequently, the SIEM solution generated an alert regarding downloading a potentially malicious file. Upon initial investigation, it was found that the PPT file might be responsible for this download. Could you please conduct a detailed examination of this file? ...

Catch the phish before the phish catches you. Introduction Back to a brand new (at the time of writing) TryHackMe room. There’s been a trend of Phishing related challenges lately on this blog. Being able to recognize phishing emails, and analyze the process of what happens when a phishing link is clicked is an important tool to have as an analyst. This challenge room is Easy. The information given is rather introductory as well, which is nice to see if you’re still starting out using THM. ...

I’m switching gear a bit and hopping over to CyberDefenders today. I’ve not yet used it, and to be honest with you I hadn’t even heard of CyberDefenders before. I think this more on my part though. The two well-known platforms, being TryHackMe and HackTheBox, are the only ones I had heard of. TryHackMe has been a great experience so far, I’ll still be using it daily (and posting write-ups for the rooms), but I’ll definitely be checking out CyberDefenders’ content from here on. Hands-on blue team experience is something I’ve been focusing on lately, so stay tuned for more! ...