SSDT View by NoVirusThanks is a tool that checks all function inside the SSDT table for possible hooking.
SSDT View has a set of categories.
One is the service or function.
the other is the module or the owner of the service or function.
Finally, there is an indicator that indicates whether or not the service is hooked.
#tip: any service not owned by ntoskrnl.exe module is regarded hooked and malicious.
Wireshark is a famous network protocol analyzer tool that let you see what is happening on your network at a microscopic level.
TCPView is a tool bundled inside the sysinternals suite that is used to view and monitor network traffic.
Quick Snap of the tool:
Procexp or Process Explorer is a tool bundled inside the sysinternals suite and a task manager a like but gives extra features. It can be used then to monitor processes and checks its properties.
Procmon is a tool bundled inside the sysinternals suite that logs and monitors processes and its tasks during runtime.
AutoRuns is a tool bundled inside the sysinternals suite that is used to view and monitor auto-run processes in Windows.
A Quick Snap of the tool:
AutoRuns detects that some xws.exe is inside the SOFTWARE\Microsoft\Windows\CurrentVersion\Run registry, which is a common type of persistence mechanisms for a malware. In this case, malware that adds itself to this registry key survives the reboot.
Windows Sysinternals a Windows tool suite developed by Mark Russinovich that is used to host, manage and troubleshoot Windows operating systems.
Strings is a malware static analysis tool for extracting ascii and unicode strings from a file. This can reveal valuable information such as URL, IP Aaddress and functions used.
In this topic we will discuss command prompt base strings analysis in Windows Architecture.
Strings is a malware static analysis tool for extracting ascii and unicode strings from a file. This can reveal valuable information such as URL, IP Aaddress and functions used.
In this topic we will discuss cli base strings analysis in Linux Architecture.
The Malleable C2 profile helps make Cobalt Strike an effective emulator for which it is difficult to design traditional firewall defenses.
The post Cobalt Strike Analysis and Tutorial: How Malleable C2 Profiles Make Cobalt Strike Difficult to Detect appeared first on Unit42.
⚠️ YOU ARE TRYING TO DOWNLOAD A FILE THAT CONTAINS MALICIOUS EXECUTABLE ⚠️
eyehatemalwares is “PAY WHAT YOU CAN” project.
The zip file associated with this lab is password protected.
For hands-on experience, click the “Donate” button and you will be redirected to eyehatemalwares Paypal donation homepage or scan the QR Code below.
Click the “Download” button again to download the lab zip file.
After successful donation, email us the zip file name and the Paypal transaction details for the password.
Thank you for helping us build this community!
We will make sure that your donation will be use to bring more value to the community.
Contact us: About
– EHM Team