[Day 22] Blue Teaming How It Happened | Advent of Cyber 3 (2021)
Hello Internet…
Back on Advent of Cyber 3, Today we will be learning about The Cyber Swiss Army Knife — CyberChef. For malware analysis CyberChef is very useful and comprehensive tools.
Have you ever seen a malicious file / malware / virus on your document file?
Let’s analysis the doc file..
# What is the username (email address of Grinch Enterprises) from the decoded script?
use oledump.py for opening the malware without exec it.
Actualy I try to all the line, and I found the line number 8 for the Interesting thing.
And then, with our Cyber Swiss Army Knife, We decode the payload.
For the best view, I download that decoded file.
# What is the mailbox password you found?
S@ntai$comingt0t0wn
# What is the subject of the email?
Christmas Wishlist
# What port is the script using to exfiltrate data from the North Pole?
587
# What is the flag hidden found in the document that Grinch Enterprises left behind? (Hint: use the following command oledump.py -s {stream number} -d, the answer will be in the caption).
YouFoundGrinchCookie
# There is still a second flag somewhere… can you find it on the machine?
S@nt@c1Au$IsrEAl
Just walking around the machine’s directorys.
Conclusion
I’ts bad way, if you wanna Analysis Malware with opening the file.
oledump.py and CyberChef is the best tools for this way.
Don’t trust any file or email. Trust your skills. Thanks
