CyberDefenders

Analyze malware artifacts using threat intelligence platforms like VirusTotal to identify IOCs, C2 servers, and understand adversary tactics. Back again for another CyberDefenders lab. This time, the Yellow RAT Lab. My previous writeup had a similar premise to this lab; Analyze a malware sample and identify the TTP, IOCs, and anything else that can potentially be used to build detection rules or map out the adversary further. Let’s get into it! Scenario Here’s the introductory text we get for this lab: ...

Back to CyberDefenders again today. This time doing the Oski lab. From the looks of things this is more of a Malware analysis type lab. Here’s the description: Analyze a sandbox report using Any.Run to identify Stealc malware behavior, extract configuration details, and map observed tactics to MITRE ATT&CK. Let’s take a look at the scenario further! Introduction The accountant at the company received an email titled “Urgent New Order” from a client late in the afternoon. When he attempted to access the attached invoice, he discovered it contained false order information. Subsequently, the SIEM solution generated an alert regarding downloading a potentially malicious file. Upon initial investigation, it was found that the PPT file might be responsible for this download. Could you please conduct a detailed examination of this file? ...

I’m switching gear a bit and hopping over to CyberDefenders today. I’ve not yet used it, and to be honest with you I hadn’t even heard of CyberDefenders before. I think this more on my part though. The two well-known platforms, being TryHackMe and HackTheBox, are the only ones I had heard of. TryHackMe has been a great experience so far, I’ll still be using it daily (and posting write-ups for the rooms), but I’ll definitely be checking out CyberDefenders’ content from here on. Hands-on blue team experience is something I’ve been focusing on lately, so stay tuned for more! ...