CMNatic's Ramblings Infosec & DFIR 2020 Graduate, current healthcare worker - Danny phantom wanna-be.

Practical Malware Analysis Chapter 01

1. Introduction

Welcome to a rolling blog series of my writeups for the Practical Malware Analysis labs that everyone and their mum has done. Note, I’ll mostly be using different tools to that of the book for efficiency, practice and to keep things interesting.

I’ll discuss the tools I use and my justification as I come to it in the labs. Without further ado, let’s get started.

THM Overpass 2 - A Detailed Walkthrough Entirely With TShark

overpass-banner

Overpass 2 - Hacked, developed by NinjaJc01, is the sequel to the Overpass series, however, with a DFIR feel and approach towards it. Fortunate for me, this room doesn’t require having completed the first - although I imagine some of the story is wasted on me.

I decided to create a writeup this room in particular for a few reasons:

  • Forensics is always a welcome surprise to me
  • It’s a great practice room for people who are familiar with network forensics - whilst being approachable for people who are new.
  • A large majority of the recognised write-ups are “brain dumps” in my opinion, not explaining any logic or thought - but just stating fact. Which isn’t necessarily bad per se, but for walkthrough rooms there’s always just that bit missing.

I’ll be using TShark - or terminal Wireshark and explaining my thoughts behind the process (filter commands included!)

My Reflections on Tryhackme's Throwback Lab (Spoilers)

throwback-banner

The following is my reflections and thoughts of TryHackMe’s brand new lab “Throwback”, the first implementation of their “Networks” system. Please prepare for spoilers.

I haven’t had the time nor opportunity to experience pentesting any sort of simulated network such as a Windows corporate environment, only on the sysadmin side of things - so this quite the journey.

So I've Graduated. Now What?

A pertinent question I’ve asked myself for the last 12 months.

It’s quite the cliché thing to say that 2020 isn’t quite what anyone expected. And for someone who was already half-off the boat about Information Security, graduating in it was (and still is) daunting, especially considering the times.

So You Want to Analyse Malware

1. Preface

If you’re reading this, I think it’s fairly safe to assume your motivations for your own lab. When I started, I found it very hard to find up-to-date resources on beginning my interest. Granted, I had the precursory knowledge of tools and techniques that was explored throughout my University studies, making it much more approachable for me.

THM Tony the Tiger (Creators Writeup)

This fun-themed room has two point of entries, aimed at teaching you how to utilise a deserialization attack.

Exploiting Java Deserialization Windows Demo

The following example is a write-up of an example of payload execution that I performed for a University assignment. I have also created a TryHackMe room based upon this. I replicate a java application and the serialization process; ultimately being able to perform RCE on Windows 10.