Generate Memory Dump from .vmss file using vmss2core
Previously, I’ve encountered a problem where I’m unable to copy the .vmem file for further analysis. So, the next alternative way that we can do is to use .vmss file…
Previously, I’ve encountered a problem where I’m unable to copy the .vmem file for further analysis. So, the next alternative way that we can do is to use .vmss file…
Question: Let’s try connect to the domain & port given via netcat Hmm. There’s mathematic question that we need to solve. But we’re too slow on solving it.. What if…
Question: Download & extract the file. You’ll see named “nm01.pcapng“ Open the pcap file using Wireshark. Usually, I sort frame with large “Length” number and view the content. On Frame…
Recently, we have an incident where suspicious traffic was observed related to external C2. Initial finding found that this IP 172.241.27.17 (172.241.24.0/21) resolved to atakaitechnologieshost; according to pDNS in Virustotal…
For this question, I use Volatility to solve it. You can try to use Volatility Workbench. For me, it seems like not working properly (or I’m just too noob to…
Recently I’ve observed a phishing mail as below:https://www.virustotal.com/#/file/cf027dd938f1a268f45f2ea786dc538ab47f35006fb12d0b64e0867bccf789c0/detection – clean The file seems to be clean per VT. Interestingly, on details sections, found 2 URLs under OpenXML Doc Info; section…
Recently I’ve encounter list of IPs that are related to CoinHive. So I want to check for domains that tied to these IPs. We can do that by using dig…
Recently I’ve changed my workstation to new one. Previously I’ve installed bunch of Cygwin packages on my old workstation. So I thought; can I somehow migrate my installed Cygwin packages…
Recently we received an alert from our WAF related to an attack towards our environment. Further review of the alert found that the attacker is using Oracle WebLogic RCE Deserialization…
Challenge 12 : ezfile sharing and the hint for this challenge: Initially, one of our teammate was fuzzing around the website and found “.git” folder. Seems related to the hint.…