Wargames.MY 2023 CTF – Compromised
As usual, start your CTF by read the question/description that indeed “very helpful” XD Download the “evidence.zip” & extract it. You’ll get the folders like below: So I randomly checked…
As usual, start your CTF by read the question/description that indeed “very helpful” XD Download the “evidence.zip” & extract it. You’ll get the folders like below: So I randomly checked…
As usual, real the description given. It says that “a file” been “transferred” to another “internal computer“. So we know that this might involving traffic between 2 internal IPs. Download…
Recently, I got an incident related to Windows Defender detected & quarantined file related to some backdoor. The MDE alert details show something like this: Usually, we go with the…
Recently, I saw a person asking question on one of Telegram group that I’ve joined. The person said that if anyone know what kind of request is this. The person…
Recently, we have host machine that been infected with QBot/QakBot. Upon investigation, we found that it added a registry with some random name. Based on Googling, I found this article…
Intro When you open a password protected zip archive using Windows Explorer (“Extract All…”); in Windows 8.x/10, the password is automatically cached in the Credentials Manager for the life of…
So, if you read my previous article; Hunting for Log4j RCE (CVE-2021-44228) using Splunk & Excel, last time we leveraging Splunk as our platform to hunt event/logs related to this…
As you are aware, there are new Log4j vuln (CVE-2021-44228) vuln been disclosed and exploited in the wild currently. So, I’m using Splunk query as below; based from Splunk blog…
Based on GitHub Advisory Database:https://github.com/advisories/GHSA-g2q5-5433-rhrf – Embedded malware in rchttps://github.com/advisories/GHSA-73qr-pfmq-6rp8 – Embedded malware in coa rc affected versions:= 1.2.9= 1.3.9= 2.3.9 coa affected versions:= 2.0.3= 2.0.4= 2.1.1= 2.1.3= 3.0.1= 3.1.3…
Recently, I encountered incident where several hosts been infected by < █████████ >. So, to investigate this incident, we received bunch of logs to be analyze; mostly Linux related logs.…