Aleyna
I am a cyber threat intelligence analyst, and this category contains my cybersecurity posts.
Lab link. Step into the shoes of a Cyber Threat Intelligence Analyst and put your investigation skills to the test. 1. Who shared the malware samples? Oliver Bennett 2. What is the SHA1 hash of the file “pRsm.dll” inside samples.zip? 9d1ecbbe8637fed0d89fca1af35ea821277ad2e8 3. Which malware framework utilizes these DLLs as add-on modules? Calculated the SHA1 hash …
Lab link. 1. What is a technique used by the APT to both perform recon and gain initial access? Spearphishing Link is a technique used by APT28 in both the Reconnaissance and Initial Access phases. This makes T1598.003 – Spearphishing Link a key technique that serves dual purposes in the attack lifecycle. Spearphishing link 2. …
Lab link. Questions 1. What is the first flag you receive after successfully detecting sample1.exe We start by clicking on the sample1.exe file and analyzing it using the Malware Sandbox tool to observe its behavior. Since we don’t have any IP address, domain, or external IOC at this point, we can block the malware using …
Lab link. Your local sticker shop has finally developed its own webpage. They do not have too much experience regarding web development, so they decided to develop and host everything on the same computer that they use for browsing the internet and looking at customer feedback. Smart move! Can you read the flag at http://MACHINE_IP:8080/flag.txt? …
Apply threat intelligence to red team engagements and adversary emulation. Task 5: TTP Mapping 5.2. How many Command and Control techniques are employed by Carbanak? https://mitre-attack.github.io/attack-navigator//#layerURL=https%3A%2F%2Fattack.mitre.org%2Fgroups%2FG0008%2FG0008-enterprise-layer.json 2 5.3. What signed binary did Carbanak use for defense evasion? Rundll32 5.4. What Initial Access technique is employed by Carbanak? Valid Accounts Task 7: Creating a Threat Intel Driven Campaign …
Reveal how attackers can craft client-side credential-stealing webpages that evade detection by security tools. Lab link. Task 3: Email Headers 3.1. According to the IP address, what country is the sending email server associated with? We upload the .eml file to the Message Header Analyzer and find the Received IP address. Since the IP address location …
Lab link. Task 2: Memory Forensics 2.1. What type of memory is analyzed during a forensic memory task? RAM 2.2. In which phase will you create a memory dump of the target system? Memory Acquisition Task 3: Environment & Setup 3.1. Which plugin can help us to get information about the OS running on the target machine? …
Learn the fundamentals of logging, data sources, collection methods and principles to step into the log analysis world. Lab link. Task 2: Expanding Perspectives: Logs as Evidence of Historical Activity 2.1. What is the name of your colleague who left a note on your Desktop? Perry 2.2. What is the full path to the suggested log …
Take your TShark skills to the next level by implementing Wireshark functionalities in the CLI. Lab link. Task 2: Command-Line Wireshark Features I | Statistics I 2.1. Use the “write-demo.pcap” to answer the questions.What is the byte value of the TCP protocol? 62 2.2. In which packet lengths row is our packet listed? 40-79 2.3. What …
Learn the basics of TShark and take your protocol and PCAP analysis skills a step further. Lab link. Task 2: Command-Line Packet Analysis Hints | TShark and Supplemental CLI Tools 2.2. View the details of the demo.pcapng file with “capinfos”.What is the “RIPEMD160” value? 6ef5f0c165a1db4a3cad3116b0c5bcc0cf6b9ab7 Task 3: TShark Fundamentals I | Main Parameters I 3.1. …