CTF

Analyze email headers and threat intelligence to identify phishing indicators, malware persistence, and C2 channels, extracting actionable IOCs. Introduction It’s no secret that I’m no stranger to phishing emails. A lot of the grunt-y SOC work I do is analyzing potential phishing emails. Some people consider it boring or repetitive and while I understand this sentiment I don’t entirely agree with it. The process can be pretty fun if you see new phishing lures and compile IOCs. ...

Analyze a malicious Chrome extension’s code and behavior to identify data theft mechanisms, covert exfiltration via <img> tags, and anti-analysis techniques. Introduction It’s the last day of 2025. No better way to celebrate than to publish a write-up of a year old lab. Specifically the FakeGPT Lab over on CyberDefenders. As we can see from the introductionary text we will be analyzing a malicious chrome extension. We get a quick peek into how data is exfiltrated via <img> tags, and there’s a hint into some evasion/anti-analysis techniques we’ll be looking into. ...

A malicious batch file has been discovered that downloads and executes files associated with the Laplas Clipper malware. Analyze this batch file to understand its behavior and help us investigate its activities. Introduction Happy holidays everyone! The new year is quickly approaching and I have no plans on slowing down. Today we’ll be going through another LetsDefend challenge - Batch Dowloader. Batch files were my introduction into programming and computing. I wrote some small batch files to copy files and easily install MineCraft mods, something along those lines. The number of resources online that were available even back then in the early 2000s made me want to get into software development. Looking back, Python might have been better to learn, but I’ll still have those memories of writing my first Batch file. ...

Your email address has been leaked and you receive an email from Paypal in German. Try to analyze the suspicious email. Another LetsDefend challenge, this time focusing on Phishing emails! I’ve looked at phishing emails a lot at work. I’ve heard and read about SOC Burnout and… I’ll be honest, I’ve never really felt it. Part of what excites me in a SOC role is piecing together the story of an attack. The investigation side of SOC work scratches an itch for me. Maybe it comes from all the mystery novels I read as a kid, but putting together all the pieces of an attack and defining a clear story makes me happy. ...

You are a malware analyst investigating a suspected PowerShell malware sample. The malware is designed to establish a connection with a remote server, execute various commands, and potentially exfiltrate data. Your goal is to analyze the malware’s functionality and determine its capabilities.. I’ve not used letsdefend before. A few years ago I looked at the various infosec learning platforms and decided to settle on TryHackMe. In my recent posts I’ve branched out to CyberDefenders, and today I’ll be trying out the PowerShell Keylogger challenge. ...