The registry is a hierarchical database, The Windows Registry holds configuration information about all the applications on the system, user-specific settings, configuration of various hardware devices used by the system, …
Author: CYBER-5W
Windows operating systems maintain event logs that capture extensive information about the system, users, activities, and applications. These logs primarily help to inform administrators and users, categorized into five levels: …
In this blog, we will learn how to write a YARA Rule to detect different samples from the same families and hunt for them on a scale.
This section defines …
Email forensics involves the examination, extraction, and analysis of email data to gather digital evidence crucial for resolving crimes and specific incidents, ensuring the integrity of the …
In this blog post, we will go through a famous packing technique which is the use of VirualAlloc and VirtualProtect to decrypt data in memory and execute it, and how …
Hard disks are the containers that hold our evidence files “from the investigator’s perspective”, understanding them is mandatory for every forensic analyst as they can provide valuable information within the …
Experience Level required: beginner
In this blog we will Learn how to analyze MS Office Macro enabled Documents.
1st sample: 8d15fadf25887c2c974e521914bb7cba762a8f03b1c97a2bc8198e9fb94d45a5 2nd sample: a9f8b7b65e972545591683213bb198c1767424423ecc8269833f6e784aa8bc99Let’s see the sample in Virus …
In this report, we will conduct a comprehensive analysis of Gafgyt, which is an ELF malware. Our aim is to examine the malware’s capabilities and determine its functions:
DDoS Attack…Experience Level required: Beginner
In this blog, we will learn how to analyze and deobfuscate Javascript malware.
Let’s view the sample code
The code has obfuscation with ° and g0 …
In this blog post, we are talking about what we can do if we are presented with a Memory image for a suspected machine to investigate and how to leverage …
Experience Level required: Intermediate
In this report, we will analyze the CryptNet Ransomware, starting with deobfuscating the sample and proceeding through the ransomware’s techniques:
Obfuscated strings encrypted strings AES &…In this report, we will analyze the MATANBUCHUS loader, a C++ malware, to determine its function and capabilities:
API Hashing Stack Strings Checks number of running process PEB Traversal Anti-Sandbox…The New Technology File System (NTFS) is a file system developed and introduced by Microsoft in 1995, It was produced to overcome some limitations and offer new features.
Hard-links Improved…