Malware Analysis

DokDok Challenge Overview Name: DokDok Level: Easy Link: docker pull mmox/dokdok Scenario A CyAPT group abused a public Docker image to stage a quick web deployment and drop a memory-resident miner. The attacker attempted to cover their tracks by removing the payload after installation. Your job is to recover evidence from the image layers and answer three questions: Attacker wallet address (Ethereum-style 0x...) Cryptocurrency balance remaining in that wallet Malware group name (APT name) Flag format:...

Description We captured this traffic from P13's computer so can you help him? Tools 1- Wireshark 2- OSINT Tools 3- Reverse engineering 4- Python scripting Writeup Q1 in this challenge I got a network traffic. so let’s openit and investigate that traffics. As we can see there are 25,262 packets so let’s filter the streams to TCP protocols and check if there is anything suspicious. Okay got 7780 stream so let’s check the whole stream and find something interesting....

Description: You are a Digital Forensics and Incident Response (DFIR) analyst tasked with investigating a ransomware attack that has affected a company's system. The attack has resulted in file encryption, and the attackers are demanding payment for the decryption of the affected files. You have been given a memory dump of the affected system to analyze and provide answers to specific questions related to the attack. Q1: Using a memory dump analysis, can you determine the date and time that the device was infected with the malware?...

Description Recently, we have seen a resurgence of Excel-based malicous office documents. Howerver, instead of using VBA-style macros, they are using older style Excel 4 macros. This changes our approach to analyzing these documents, requiring a slightly different set of tools. In this challenge, you'll get hands-on with two documents that use Excel 4.0 macros to perform anti-analysis and download the next stage of the attack. Challenge Link : https://cyberdefenders....