(Wannacry Ransomware) Note- This challenge write-up is a “blind analysis”, which was written prior to viewing the answer section of this course. I include how I answered questions, if I got it right or wrong, and why as a reflection for further learning. (Contains spoilers!) Practical Malware analysis and Triage “WannaCry” Challenge This write up comes from the PMAT course that was produced by Husky Hacks. My review of this course can be seen here- https://cybersec. More

Summary Credits Hayden @CybersecReviews Anna Moose Overview Sample Hash: d7c808bceb5752abbe1e56151e8ac382a6dd94a4ff1499d14baef362e4cf08a0 Sample Name: RuneLite Stealer Capabilitie(s): Information Stealer (RuneScape Credentials) A friend of mine came across this Reddit thread that was posted on December 15th, 2022 and shared with me that he was attempting to view what the executable was and how it works. The malware sample was a modified game client for Runescape called RuneLite. Runescape is popular online MMO game that I played a lot in middle school and investigating a possible malware sample was intriguing to me. More

Note: This challenge write-up is a “blind analysis”, which was written prior to viewing the answer section of this course. I include how I answered questions, if I got it right or wrong, and why as a reflection for further learning. (Contains spoilers!) Practical Malware analysis and Triage “Siko Mode” Challenge This write up comes from the PMAT course that was produced by Husky Hacks. At the time of writing, I am about 3/4 through the course and have found it very valuable from a SOC analyst perspective. More

Note: This challenge write-up is a “blind analysis”, which was written prior to viewing the answer section of this course. I include how I answered questions, if I got it right or wrong, and why as a reflection for further learning. (Contains spoilers!) Practical Malware Analysis and Triage “Silly Putty” Challenge This write up comes from the PMAT course that was produced by Husky Hacks. At the time of writing, I am about halfway through the course and have found it very valuable from a SOC analyst perspective. More

Note: To protect the identify of individuals in this CTF. The missing person in cases are referred to as subject or subjects. Overview OSINT stands for Open Source Intelligence and is defined as, “the collection and analysis of data gathered from open sources (overt and publicly available sources) to produce actionable intelligence (https://en.wikipedia.org/wiki/Open-source_intelligence). Trace Labs (https://tracelabs.org) Offers a unique OSINT CTF that was very surprising to me when I came across it. More