A place where I just blog about my interests and learning.
Currently merging a few blogs into this one location. Please check back in later to view them.
-
An intro to Webshells
Introduction Webshells, a deceptively simple yet powerful tool in the hands of cyber adversaries, pose a critical threat to web servers and the data they hold. These malicious scripts infiltrate vulnerable web applications, providing unauthorised remote access to attackers. In this technical blog, we will explore the inner workings of common webshells such as PHP-based […]
-
Unveiling the World’s Largest Security Threat: A Deep Dive into its Complex Mechanisms and How Threat Hunting is Essential
Introduction In the vast landscape of cybersecurity, one adversary looms above all others, the colossal and enigmatic world’s largest security threat. As we embark on this perilous journey, we must shed the allure of hyperbole and delve into the substance of this monolith. In this blog, we shall dissect the intricate layers of this formidable […]
-
Setting up a home lab
I bought myself a server to expand my development as the war between gaming and personal development was finally over and you guess it, games won. Instead of simply copying from virtual machines over, I decided to build my lab again from the ground up using new tools and endpoints. This blog will be split […]
-
PersistenceIsFutile | Moderate
Challenge brief Hackers made it onto one of our production servers. We’ve isolated it from the internet until we can clean the machine up. The IR team reported eight different backdoors on the server but didn’t say what they were and we can’t get in touch with them. We need to get this server back […]
-
Obsecure | Easy
Challenge brief An attacker has found a vulnerability in our web server that allows arbitrary PHP file upload to our Apache server. Suchlike, the hacker has uploaded what seems to be an obfuscated shell (support.php). We monitor our network 24/7 and generate logs from tcpdump (we provided the log file for the period of two […]
-
Reminiscent | Easy
Challenge brief Suspicious traffic was detected from a recruiter’s virtual PC. A memory dump of the offending VM was captured before it was removed from the network for imaging and analysis. Our recruiter mentioned he received an email from someone regarding their resume. A copy of the email was recovered and is provided for reference. […]
-
Exploring the Top 10 Windows Process Injection Techniques: Detection and Mitigation
Introduction Process injection is a common tactic employed by malicious actors to inject code into a legitimate process, allowing them to evade detection and execute their malicious payloads. In this blog, we will delve into the top 10 Windows process injection techniques used by adversaries. For each technique, we will provide C++ code demonstrating the […]
-
Malicious Adversaries Concealed in Windows Memory: A Cyber Security Digital Forensic Approach
Introduction In the relentless battlefield of cybersecurity, malicious adversaries often resort to advanced techniques to evade detection. One such insidious strategy involves hiding within Windows memory, where they can maintain stealth and perpetrate their malevolent activities undetected. In this blog, we will delve into the realm of memory forensics and explore how cyber security analysts […]
-
Unmasking Malicious Activity with Logman for Windows Event Tracing Analysis
IntroductionIn the realm of computer forensics, detecting and investigating malicious activities is a paramount challenge. Event Tracing for Windows (ETW) serves as a powerful arsenal for digital investigators, allowing them to log crucial events and unravel suspicious behaviors. In this blog, we will explore how to utilize Logman, a command-line tool for managing ETW sessions, […]
-
ScareCrow: Unveiling the Technical Intricacies of an Elusive Cyber Threat
Introduction In the ever-evolving landscape of cyber threats, adversaries continuously hone their tactics to infiltrate and exploit vulnerable systems. Among these advanced threats lurks “ScareCrow,” a stealthy and highly sophisticated malware that targets corporate networks and critical infrastructure. Unlike conventional malware, ScareCrow deploys sophisticated evasion techniques, making it a formidable adversary for even the most […]