Reversing CTF - Flare-On 2019 Challenegs

Posted on August 8, 2020

FireEye recently announced the 7th annual Flare-On Challenge! For those who are unaware, Flare-On is the Front Line Applied Research & Expertise (FLARE) team’s annual CTF-style challenge for all active and aspiring reverse engineers, malware analysts and security professionals. I first attempted Flare-on in 2019 and I’m looking forward to... [Read More]
Tags: Reversing dnspy .NET Android DNS CTF x64dbg IDA

Catching Malware In Memory Part 1 - Detecting Process Injection

Posted on July 14, 2020

This post breaks down how to detect classic and reflective DLL injection on a live Windows host by enumerating running processes and their threads for signs of malicious code injection. I’ll be using code snippets from my tool GetInjectedThreads throughout this post to explain the detection process and including screenshots... [Read More]
Tags: Process Injection Windows Memory Forensics C# Programming DFIR P/Invoke .NET Framework DLL Injection Malware meterpreter Cobalt Strike

Hack The Box - Sniper

Posted on January 20, 2020

Sniper was a pretty fun machine that put an interesting spin on a couple of older attack techniques. Unlike some other machines that I’ve come across lately, its difficulty rating is pretty accurate. Overall, exploitation is fairly straightforward apart from a couple of interesting twists - for example having to... [Read More]
Tags: Webapp Exploit nmap gobuster Local File Inclusion Remote File Inclusion Firewall Evasion SSH tunneling Privilege Escalation WinRM Client-Side attack nishang