|
You are here |
www.redblue.team | ||
| | | | |
dfirmadness.com
|
|
| | | | | This PCAP Analysis lab will walk you through finding adversary activity in network traffic captured at the perimeter of victim network. | |
| | | | |
volatilityfoundation.org
|
|
| | | | | The Volatility Blog offers ongoing information to support the Volatility Foundation's open-source memory forensics framework. | |
| | | | |
x0rb3l.github.io
|
|
| | | | | IntroductionIn this article I will be examining a Windows executable malware specimen. Based on a couple reports from automated malware sandboxes, the specimen drops multiple files to disk and calls out to multiple domains and IP addresses.The purpose of this article is to give readers a look into malware reverse engineering using static analysis, behavioral analysis, and code analysis. This is Part 1 of several more articles to come.The specimen in question is a Windows PE (Portable Executable) named setup.exe. You can find it's hashes below.MD5: d1b2c8ddca2f8dd02e2c132153055084SHA-1: 21c011ac7406eef048c175f5887e4eb885c050d6SHA256: 506c2f513d64242fcb20ccff8c26c0ed1755fe9120b984c29ba224b311d635c3I pulled this malware from Any.Run which contains nearly 75,000... | |
| | | | |
gist.github.com
|
|
| | | GitHub Gist: instantly share code, notes, and snippets. | ||