Hi there 👋

Welcome to IntelOverflow. I’m Syed. Explore my articles as I embark on this journey of learning more about Forensics, Threat Hunting, and Cyber-threat Intelligence.

Practical Malware Analysis: LAB 05

Previously, we covered Basic Static Analysis and Basic Dynamic Analysis in Chapter 1 and 3 of Practical Malware Analysis. That marks an end to the first part of the book. The fourth chapter kicks off the second part of the book and takes a slight detour to cover one of the most important pre-requisites to perform malware analysis; assembly language. However, the crash course doesn’t have any exercises. It’s why we’ll be proceeding to exercises of the fifth chapter i....

August 13, 2021 · 13 min · Syed Hasan

MalDoc Analysis: Cheeky HTA Loader

Let’s dig into a (potentially) malicious document and see what indicators it navigates us to. Hash Name 499b2d5a07fbcfbc8a6ec124c14efde7 ordain-08.21.doc fedbbc359e03b17bd7866a31283c3ff87cc693e4 ordain-08.21.doc 331742a3835a6634e1331be491a789f7e5ddcefc6a30b7965dbf970d214b36d4 ordain-08.21.doc Download: You can acquire this sample from MalwareBazaar Initial Analysis Let’s first unzip the file with MalwareBazaar’s standard password: infected [PS: I’m going to rename the file for sanity’s sake] Once done, we can check to see what file type we’re dealing with: file Ordain....

September 2, 2021 · 5 min · Syed Hasan

Practical Malware Analysis: LAB 01

Let’s kick it off. The first chapter of PMA was an introduction to Basic Static Analysis. Although there’s a unique set of tools used in the book, I’d be improvising and testing other tools which might achieve the same purpose. Tooling I’ll be using the following tools/services for this chapter: [I’m diverting from the toolset used by the author… mainly because they’re outdated] PEStudio PEView PEID ExeInfoPE VirusTotal Exercise 1 Hash Filename BB7425B82141A1C0F7D60E5106676BB1 Lab01-01....

August 13, 2021 · 7 min · Syed Hasan

Windows DLLs: Attacks in a Nutshell

What are DLLs? Dynamic-link Libraries (DLLs) are Microsoft’s implementation of shared code on the Windows Operating System. By means of modularizing code into smaller segments and individual files, Windows applications can utilize this shared code. This allows them to avoid including the same piece of code, again and again. Usually, the functions written in a DLL file are exportable. The DllMain function in a particular file carries out the basic tasks, whereas the individual functions can then be imported into code as well....

May 5, 2020 · 7 min · Syed Hasan

Windows API Calls: The Malware Edition

Windows API, in short, the WinAPI, is a set of functions and procedures, which can abstract much of the tasks you perform everyday on the Windows OS. The Application Programming Interface (API) calls exposes these functions to programmers to make use of procedures when writing one of your own isn’t the most effective. Although the API calls are a bit hard to work with, they can still help you achieve much of what you’d like, without further coding....

April 29, 2020 · 9 min · Syed Hasan