Speaking at NCCC 2024

Posted on 17 April 2024 by [email protected]

Next week, I will be speaking at the National Cyber Crime Conference 2024 for the second year in a row. This year Dr. Mariam Khader and myself will be running 4 different investigation workshops, mostly focusing on malware analysis with one workshop on Investigating Linux Systems.

1. Malware Mysteries Uncovered: A Friendly Workshop for Beginners
2. Investigating a Compromised Linux Web Server
3. Malware Analysis (Part 1) – Ransomware Simulation
4. Malware Analysis (Part 2) – Investigating Ransomware Compromised Systems

Cyber 5W with Hexordia, will also be there at booth 8, so don’t miss us there for some swag and prizes!

I look forward to meeting new folks there!

Posted in Conferences, Cyber 5W, DFIR, Forensics, Investigations, Malware, Research, Workshops | Tagged , , , , , , , | Leave a comment

C5W Certified Malware Analyst (Friday Giveway) #1

Posted on 5 April 2024 by [email protected]

Last week’s Friday Giveway was the C5W Certified Malware Analysis Course that can be found here. This is an amazing course for those interested in doing Malware Analysis and it has over 45 hands-on labs. These are instructional and guided labs to help the reader not only do malware analysis, but understand what they are actually doing.

To win the course, you have to retweet my post (last week’s post is here) and that’s it. I do not require you to follow my account or anything, just a simple RETWEET!

What I do, is I copy the names of those who participated, put them into a Python List and then use a simple program to randomly select the winner. Last week’s winner was j0sN3T.

Don’t miss these giveaways!

Posted in C5W, DFIR, Life, Malware | Tagged , , | Leave a comment

Malware Tools, Tips and Tricks

Posted on 5 April 2024 by [email protected]

In the past, I used to maintain a Google Doc with all the tools I use or recommend for my students to use for Malware Analysis. A couple of days ago, while doing a Malware Analysis workshop for NW3C, I was asked if I can share my Google Doc and I definitely do not mind doing that. This is where I thought it would be much better to create a GitHub repo and move everything to it. So I used a tool to convert my Google Doc to Markdown and then created the repo here for hosting the content.

Now, I found that it is getting too long and scrolling is going to be an issue, so I searched for a GitHub pages theme and I found this. So, I started to convert the repo into something similar. It is still work in progress and if anyone is interested to help, they are welcome to contribute.

If you have any comments, notes, fixes, recommendations whether for tools, videos, tips and tricks, courses, etc? Please send them my way… You can find me on X (formerly Twitter) here.

Posted in Academia, AntiX, DFIR, Investigations, Malware, Research, Software/Tools | Tagged , , , | Leave a comment

Windows Sandbox Scripts

Posted on 5 April 2024 by [email protected]

Windows Sandbox is an amazing Windows feature that could be used for Malware Analysis. In order to install it you’ll need to follow this blog post here by Microsoft.

Continue reading

Posted in DFIR, Investigations, Malware, Research, Security, Software/Tools, ThreatHunting, Virtualization, Windows | Tagged , , | Leave a comment

GOADv2 in a VM

Posted on 24 December 2023 by [email protected]

Hello,

I finally was able to play with the GOAD v2 project and configure it to run within a single VM using nested Virtualization.

From the developer of the project
“GOAD is a pentest active directory LAB project. The purpose of this lab is to give pentesters a vulnerable Active directory environment ready to use to practice usual attack techniques.”

Important to note, that I did not create this project or collaborate on it, so all credits to the developer, the only thing I did was prepare it to run within a single VM. All the thanks to M4yFly for his work and efforts.
Continue reading

Posted in Exploitation, Investigations, PenTest, Research, Virtualization, Vulnerability, Windows | Tagged , , , , | Comments Off on GOADv2 in a VM