CVE-2021-2109: Oracle Weblogic/Peoplesoft Malware attack and Analysis

Introduction People working on Oracle stack must have worked on Oracle Weblogic, application server for hosting enterprise applications. Oracle Weblogic is a leading player in the industry and most of the products from Oracle like PeopleSoft, OBIEE use it for hosting applications. I am working with Oracle products for past many years now and have […]

CyberDefenders- HoneyPot : WireShark PCAP Analysis

Challenge Details: A PCAP analysis exercise highlighting attacker’s interactions with honeypots and how automatic exploitation works. As the part of this challenge a pcap file, HoneyBot.pcap is provided and based on it we have to answer questions. As part of this writeup and analysis, I will refrain from posting exact answers and would recommend you […]

Volatility Forensic Analysis: R2D2 Malware

Hunting R2D2 Malware To start on this malware expedition, please download image from here . Once image file is downloaded, lets find out more about it by using volatility imageinfo plugin C:\volatility>volatility.exe -f 0zapftis.vmem imageinfoVolatility Foundation Volatility Framework 2.6INFO : volatility.debug : Determining profile based on KDBG search… Suggested Profile(s) : WinXPSP2x86, WinXPSP3x86 (Instantiated with WinXPSP2x86) AS […]

Root-me Command and Control Challenges

In this post we will go through command and control challenges on https://www.root-me.org/. Since , this challenge is still open we will not post the answers but will only document the steps and approach that was taken to solve the challenges. Command & Control — level 2 Find workstations hostname from memory dump The first approach that came into my […]