top of page
Gemini_Generated_Image (1).jpeg

Malware Mondays!

Sharpen your skills with real-world challenges!

  • Dive into hands-on exercises released Monday's featuring a specific malware artifact or data capture.

  • Learn new tools and tactics by tackling these practical challenges

  • Level up your learning with a live stream review every Friday, breaking down the challenges and solutions.

​

Please note, the password for all Zip archives is: thecyberyeti

MM02 - Investigating Processes

Posted: 19 April 2024

This week's exercise will focus on analyzing process activity using Process Explorer from SysInternals and System Informer, the successor to ProcessHacker2.

What you'll learn:​

  • Basic usage of Process Explorer and System Informer

  • How to determine what resources a process has open

  • How to identify process activity
     

Analysis objectives:

  • Identify malicious process(es) by name or PID

  • Determine open resources such as DLLs and mutexes

  • Identify file system location the process was loaded from

​

Download Executable (EXE)
Join the Live stream!
How this artifact was made

MM01 - Analyzing ProcMon Data

Posted: 25 March 2024

This week's exercise will focus on analyzing data from Process Monitor (procmon) from Amadey malware. Your goals are to identify key host-based indicators.​

What you'll learn:​

  • Basic ProcMon usage

  • How to filter ProcMon events to focus on suspicious activity

  • Identify common persistence mechanisms

  • Identify modular activity (ie plugins)
     

Analysis objectives:

  • Identify malicious process(es) by name or PID

  • Does the malware attempt to gain persistence

  • Is this malware modular (i.e. does it download additional payloads)

​

Download PML File (ZIP)
Join the Live stream!
How this artifact was made
bottom of page