Malware Mondays!
Sharpen your skills with real-world challenges!
-
Dive into hands-on exercises released Monday's featuring a specific malware artifact or data capture.
-
Learn new tools and tactics by tackling these practical challenges
-
Level up your learning with a live stream review every Friday, breaking down the challenges and solutions.
​
Please note, the password for all Zip archives is: thecyberyeti
MM02 - Investigating Processes
Posted: 19 April 2024
This week's exercise will focus on analyzing process activity using Process Explorer from SysInternals and System Informer, the successor to ProcessHacker2.
What you'll learn:​
-
Basic usage of Process Explorer and System Informer
-
How to determine what resources a process has open
-
How to identify process activity
Analysis objectives:
-
Identify malicious process(es) by name or PID
-
Determine open resources such as DLLs and mutexes
-
Identify file system location the process was loaded from
​
MM01 - Analyzing ProcMon Data
Posted: 25 March 2024
This week's exercise will focus on analyzing data from Process Monitor (procmon) from Amadey malware. Your goals are to identify key host-based indicators.​
What you'll learn:​
-
Basic ProcMon usage
-
How to filter ProcMon events to focus on suspicious activity
-
Identify common persistence mechanisms
-
Identify modular activity (ie plugins)
Analysis objectives:
-
Identify malicious process(es) by name or PID
-
Does the malware attempt to gain persistence
-
Is this malware modular (i.e. does it download additional payloads)
​