Volatile Memory Analysis With Volatility : Coreflood Trojan

Introduction This is the first post of multi part series in which we will walk through basics of volatile Memory analysis with Volatility. Though some knowledge of Windows Internal is desirable but I will try to cover things as we progress. In this post, we will start with analyzing Coreflood Trojan with basic command and …

Volatile Memory Analysis With Volatility : Coreflood Trojan Read More »

How to stop Windows Server auto-shutdown every hour after license expire

Recently I was cleaning up old test VMs from my laptop and while doing so observed that a test VM with Windows 10 Enterprise Evaluation version would restart almost every hour. This interested me and I decided to figure out how Microsoft is achieving this. Issue After Windows license expires, you will see a similar …

How to stop Windows Server auto-shutdown every hour after license expire Read More »

CVE-2021-2109: Oracle Weblogic/Peoplesoft Malware attack and Analysis

Introduction People working on Oracle stack must have worked on Oracle Weblogic, application server for hosting enterprise applications. Oracle Weblogic is a leading player in the industry and most of the products from Oracle like PeopleSoft, OBIEE use it for hosting applications. I am working with Oracle products for past many years now and have …

CVE-2021-2109: Oracle Weblogic/Peoplesoft Malware attack and Analysis Read More »

CyberDefenders- HoneyPot : WireShark PCAP Analysis

Challenge Details: A PCAP analysis exercise highlighting attacker’s interactions with honeypots and how automatic exploitation works. As the part of this challenge a pcap file, HoneyBot.pcap is provided and based on it we have to answer questions. As part of this writeup and analysis, I will refrain from posting exact answers and would recommend you …

CyberDefenders- HoneyPot : WireShark PCAP Analysis Read More »

Cyberdefenders.org PacketMaze Challenge: Part 2 Wireshark Pcap analysis

This is a part 2 of challenge posted on cyberdefenders.org and you can find it here. For part 1, please refer to my previous post Q7:What is the server certificate public key that was used in TLS session: da4a0000342e4b73459d7360b4bea971cc303ac18d29b99067e46d16cc07f4ff? To answer this question, first lets filter the traffic by TLS protocol and navigate to any …

Cyberdefenders.org PacketMaze Challenge: Part 2 Wireshark Pcap analysis Read More »

Cyberdefenders.org PacketMaze Challenge: Part 1 Wireshark Pcap analysis

This is a brief writeup of challenge posted on cyberdefenders.org and you can find it here. Challenge As an analyst working for a security service provider, you have been tasked with analyzing a packet capture for a customer’s employee whose network activity has been monitored for a while -possible insider As part of this challenge …

Cyberdefenders.org PacketMaze Challenge: Part 1 Wireshark Pcap analysis Read More »

Root Me: Active Directory -GPO

Category: Forensic The challenge involves analyzing .pcap file having multiple protocols. In this particular challenge we need to analyze SMB protocol and find the missing flag. Prerequisites: Knowledge of a network capture analyzing tool. Knowledge of the group policy. Knowledge of Python You can find the challenge at below link : https://www.root-me.org/en/Challenges/Forensic/Active-Directory-GPO Statement During a security audit, …

Root Me: Active Directory -GPO Read More »

Root Me: SSL — HTTP exchange

Category: Network The challenge involves analyzing .pcap file having multiple protocols. In this particular challenge we need to analyze HTTPs protocol and find the missing flag. Prerequisites: Knowledge of a network capture analyzing tool. Knowledge of the HTTPS protocols. You can find the challenge at below link : https://www.root-me.org/en/Challenges/Network/SSL-HTTP-exchange Statement This challenge comes from the 19th DEFCON …

Root Me: SSL — HTTP exchange Read More »