top of page
Gemini_Generated_Image (1).jpeg

Malware Mondays!

Sharpen your skills with real-world challenges!
  • Dive into hands-on exercises released Monday's featuring a specific malware artifact or data capture.

  • Learn new tools and tactics by tackling these practical challenges

  • Level up your learning with a live stream review every Friday, breaking down the challenges and solutions.

Please note, the password for all Zip archives is: thecyberyeti

MM01 - Analyzing ProcMon Data

Posted: 25 March 2024

This week's exercise will focus on analyzing data from Process Monitor (procmon) from Amadey malware. Your goals are to identify key host-based indicators.

What you'll learn:​

  • Basic ProcMon usage

  • How to filter ProcMon events to focus on suspicious activity

  • Identify common persistence mechanisms

  • Identify modular activity (ie plugins)
     

Analysis objectives:

  • Identify malicious process(es) by name or PID

  • Does the malware attempt to gain persistence

  • Is this malware modular (i.e. does it download additional payloads)

bottom of page