Foundational Static Analysis: Analyzing Structures
The question is asking me "In the disassembly at address 00401567, what is the structure EDX is pointing to? Look at Microsoft Docs for help!" At the very end of the briefing they go over the explanation of how to identify which offset is determining which call. I am 90% positive that the offset we are supposed to be identifying in this case is 0x17c. However within this SAME blurb while they are explaining the way the stack line up they simply identify which API the offset in their example is pointing to. THEY NEVER MENTION HOW THEY GOT THERE! I am sure that it requires some research an I have been trying to identify anything within MSDN database but I can't find a single clue how identify what API 0x17c is pointing to. I have even tried looking up references for the offset they had 0x138 which they identified as STARTUPINFO. (I googled both terms together.) Now I am most definitely missing something here. I step within the assembly analysis mayb ebut I am at a loss. If anyone could help me out I would appreciate it.134Views0likes6CommentsCybersecurity and philosophy
Fellow members of the Cyber family: I think the ancient philosophers, those who recognized their own ignorance, were motive: their curiosity to learn, to question, to go a step further, to not settle ... I would like to think that these qualities defined great thinkers. And may we never lose the ability to recognize and be surprised, in the face of threats; studying them, always. I have always believed that a “let's talk” can be more enriching than a “I denounce you”: learning, if possible, from the adversary and his geniuses. And, of course, let's keep learning: every day: tactics, techniques, procedure and vectors. Nobody said this was going to be easy, did they? :). Good luck!.40Views5likes1CommentGOOTLOADER Downloader: Analysis
Hello - I've got all the answers apart from one (usual story with IL isn't it...) 5 What is the name of the domain that contains the obfuscated code I've managed to extract three domain names using the mandiant python scripts but unable to determine {filename.php} from these - how can I get this last stage? I have these candidates from this code... ((cant post code due to html error)) ww.lukeamiller.netslashtest.php www.luckies.ccslashtest.php www.ludovicmarque.frslashtest.phpSolved79Views0likes2CommentsServer-Side Request Forgery
I need help with step 5 and 6 of Server-Side Request Forgery lab. I was able to find the location of potential SSRF i.e "lookup?url=http://localhost:3000/online" after that I have tried directory traversal and other methods in place of HTTP (FTP). Nothing seems to working to get the bot name/service account90Views1like4Comments