Bird Hacks

Bird Hacks

GRTP Acquired

It's been a while, I know. I've been busy with some more important real-world things that have kept me from posting writeups on my personal blog. This is also unfortunately not a writeup. This is about me passing the GIAC Red Team Professional (GRTP) test following the SANS Red Team

OSDA Acquired

This one was pretty straightforward since I have a few years in a SOC under my belt. I skimmed the course and took the test, took about 15 hours of the 24 to pass. I think the test/cert is a great metric for competent SOC analysts, but can't talk

Exploit Development

OSED Acquired

Cert 1 of 3 down for OSCE3. If you are looking for a course review or exam experience, I highly recommend John Hammond's video. OffSec Exploit Developers (OSEDs) have the skills and expertise necessary to write their own shellcode and create custom exploits from scratch. They can use these exploits

RecordBreaker Malware Analysis, Part 3

Reverse Engineering Featured

RecordBreaker Malware Analysis, Part 3

If you remember from part 2 of the writeup series, we left off with an instance of AppLaunch.exe created in a suspended state. I left some hints at what it was going to be used for. If you didn't pick up on it - spoiler alert - it's process hollowing. In this part, I'm going to work with...

RecordBreaker Malware Analysis, Part 2

Reverse Engineering

RecordBreaker Malware Analysis, Part 2

RecordBreaker malware (AKA Raccoon Stealer V2) is reported to be a "full rewrite in C/C++" of Raccoon Stealer. The Racoon Stealer malware family is an MaaS (Malware as a Service) "product" available for sale in online black markets that is primarily reported to be a password/credential stealer.

RecordBreaker Malware Analysis, Part 1

RecordBreaker Malware Analysis, Part 1

RecordBreaker malware (AKA Raccoon Stealer V2) is reported to be a "full rewrite in C/C++" of Raccoon Stealer. The Racoon Stealer malware family is an MaaS (Malware as a Service) "product" available for sale in online black markets that is primarily reported to be a password/credential stealer.

Malware Analysis: SocGoulish JS Dropper

Malware Analysis: SocGoulish JS Dropper

This is a quick analysis of a SocGoulish dropper. The JavaScript defines a series of functions, a variable that contains the URL it attempts to download from at a later point, and then calls a "request" function that will download...

Offensive Security's Proving Grounds: Pwned1 Write-Up

Hacking Featured

Offensive Security's Proving Grounds: Pwned1 Write-Up

Pwned1 is a box on Proving Grounds Play. It's listed as intermediate, with a community rating to match. Pwned1 Linux machine created by Ajs Walker. It's very CTF-like and is not a difficult box at all. It technically has multiple ways to get the initial foothold, however...

Russian Phishing Email Analysis

Russian Phishing Email Analysis

Step-by-step analysis of three Russian phishing emails. This writeup is written over several days in my free time. You will see varying dates in tool output and screenshots. I am using a modified Flare-VM install for this analysis.