manjil@home:~$

CyberDen

About

Notes

2025

Basic Malware RE

Basic Malware RE

THM | February 24, 2025 — 7 min read

By Manjil

These challenges are aimed towards learning about the "Static Analysis" technique used to analyze the malware. The main aim for this room is not to used any types of debuggers neither the executable's/programs should be run on any platform. You are required to answer all the questions without even using the debugger and even not executing the executable's/programs.
Loggy

Loggy

HTB | February 17, 2025 — 10 min read

By Manjil

Janice from accounting is beside herself! She was contacted by the SOC to tell her that her work credentials were found on the dark web by the threat intel team. We managed to recover some files from her machine and sent them to the our REM analyst.

2024

Silly Putty

Silly Putty

| October 12, 2024 — 10 min read

By Manjil

“Hello Analyst, The help desk has received a few calls from different IT admins regarding the attached program. They say that they've been using this program with no problems until recently. Now, it's crashing randomly and popping up blue windows when it's run. I don't like the sound of that. Do your thing! -- IR Team”

2023

CVE-2023–38408 (OpenSSH Vulnerability to RCE)

CVE-2023–38408 (OpenSSH Vulnerability to RCE)

| August 14, 2023 — 15 min read

By Manjil

“Surprise! System Hack!”
Diagnostic

Diagnostic

HackTheBox | June 26, 2023 — 8 min read

By Manjil

Our SOC has identified numerous phishing emails coming in claiming to have a document about an upcoming round of layoffs in the company. The emails all contain a link to diagnostic.htb/layoffs.doc. The DNS for that domain has since stopped resolving, but the server is still hosting the malicious document (your docker). Take a look and figure out what's going on.
RedLine

RedLine

Cyberdefenders | June 14, 2023 — 9 min read

By Manjil

Analyze a memory dump using Redline and Volatility tools. Trace the steps taken by the attacker on the compromised machine and determine how they managed to bypass the Network Intrusion Detection System "NIDS".
Bucket

Bucket

Cyberdefenders | May 25, 2023 — 10 min read

By Manjil

Welcome, Defender! As an incident responder, we’re granting you access to the AWS account called “Security” as an IAM user. This account contains a copy of the logs during the time period of the incident and has the ability to assume the “Security” role in the target account so you can look around to spot the misconfigurations that allowed for this attack to happen.