Advent of Cyber 4 writeup: A case study in digital forensics and incident response
Tags
Common Information
| Type | Value |
|---|---|
| UUID | a731b54b-0630-4185-bc92-213ba08a07d7 |
| Fingerprint | 15fec99f0df7c749 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Dec. 26, 2022, 1:16 p.m. |
| Added to db | Dec. 26, 2022, 3:14 p.m. |
| Last updated | Nov. 17, 2024, 8:43 p.m. |
| Headline | Advent of Cyber 4 writeup: A case study in digital forensics and incident response |
| Title | Advent of Cyber 4 writeup: A case study in digital forensics and incident response |
| Detected Hints/Tags/Attributes | 86/2/102 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 136 | ✔ | InfoSec Write-ups - Medium | https://infosecwriteups.com/feed | 2024-08-30 22:08 |
| Details | 163 | ✔ | — | https://media.cert.europa.eu/rss?type=category&id=Malware&language=en&duplicates=false | 2024-08-30 22:08 |
| Details | 167 | ✔ | Cybersecurity on Medium | https://medium.com/feed/tag/cybersecurity | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 707 | google.com |
|
| Details | Domain | 89 | vol.py |
|
| Details | Domain | 18 | windows.info |
|
| Details | Domain | 97 | virustotal.com |
|
| Details | Domain | 5 | spamassassin.apache.org |
|
| Details | Domain | 182 | www.mandiant.com |
|
| Details | Domain | 110 | doi.org |
|
| Details | Domain | 1 | jbcsec.com |
|
| Details | Domain | 32 | www.techtarget.com |
|
| Details | Domain | 40 | gchq.github.io |
|
| Details | Domain | 23 | www.rfc-editor.org |
|
| Details | Domain | 177 | www.wired.com |
|
| Details | Domain | 4127 | github.com |
|
| Details | Domain | 1 | www.wattpad.com |
|
| Details | Domain | 397 | www.microsoft.com |
|
| Details | Domain | 154 | youtu.be |
|
| Details | Domain | 360 | attack.mitre.org |
|
| Details | Domain | 3 | nim-lang.org |
|
| Details | Domain | 2 | www.bls.gov |
|
| Details | Domain | 31 | dl.acm.org |
|
| Details | Domain | 207 | learn.microsoft.com |
|
| Details | Domain | 1 | electronicsreference.com |
|
| Details | Domain | 6 | emailrep.io |
|
| Details | Domain | 303 | tryhackme.com |
|
| Details | Domain | 5 | upx.github.io |
|
| Details | Domain | 12 | www.volatilityfoundation.org |
|
| Details | Domain | 52 | www.wireshark.org |
|
| Details | 1 | chief.elf@santaclaus.thm |
||
| Details | 1 | to..........................elves.all@santaclaus.thm |
||
| Details | 1 | elves.all@santaclaus.thm |
||
| Details | 1 | x-original-to...............elves.all@santaclaus.thm |
||
| Details | 1 | murphy.evident@bandityeti.thm |
||
| Details | 1 | delivered-to................elves.all@santaclaus.thm |
||
| Details | File | 1 | urgent.eml |
|
| Details | File | 3 | division_of_labour-load_share_plan.doc |
|
| Details | File | 4 | mysterygift.exe |
|
| Details | File | 85 | vol.py |
|
| Details | File | 20 | windows.inf |
|
| Details | File | 1 | f3aef15d58168b753c9488a4043-1.json |
|
| Details | File | 25 | windows.ps |
|
| Details | File | 1 | 3164smss.exe |
|
| Details | File | 1 | 436428csrss.exe |
|
| Details | File | 1 | 512504csrss.exe |
|
| Details | File | 1 | 536428wininit.exe |
|
| Details | File | 1 | 584504winlogon.exe |
|
| Details | File | 1 | 656536services.exe |
|
| Details | File | 1 | 680536lsass.exe |
|
| Details | File | 1 | 792656svchost.exe |
|
| Details | File | 1 | datasectionobject0xc0090ba87280usbxhci.sys |
|
| Details | File | 3 | c:\users\administrator\appdata\roaming\microsoft\windows\start menu\programs\startup\wishes.bat |
|
| Details | File | 74 | test.jpg |
|
| Details | File | 3 | wishes.bat |
|
| Details | File | 75 | favicon.ico |
|
| Details | File | 1 | information-security-analysts.htm |
|
| Details | File | 1 | a04a40dc-a6f6-f2c1-98f94f16af57232d.pdf |
|
| Details | Github username | 2 | horsicq |
|
| Details | Github username | 1 | wahlflo |
|
| Details | md5 | 1 | 03edd9c682a0c8f60d54b9e4bb86659f |
|
| Details | sha256 | 1 | 0827bb9a2e7c0628b82256759f0f888ca1abd6a2d903acdb8e44aca6a1a03467 |
|
| Details | sha256 | 2 | 0ce160a54d10f8e81448d0360af5c2948ff6a4dbb493fe4be756fc3e2c3f900f |
|
| Details | Pdb | 1 | ntkrnlmp.pdb |
|
| Details | Url | 1 | https://cdn.bandityeti.thm/files/mysterygift.exe |
|
| Details | Url | 39 | https://google.com |
|
| Details | Url | 1 | https://www.secretsanta.thm/goldenticket |
|
| Details | Url | 2 | https://cdn.bandityeti.thm/files/index |
|
| Details | Url | 1 | https://spamassassin.apache.org |
|
| Details | Url | 2 | https://www.mandiant.com/resources/blog/capa-automatically-identify-malware-capabilities |
|
| Details | Url | 1 | https://infosecwriteups.com/tryhackme-advent-of-cyber-2022-day-6-its-beginning-to-look-a-lot-like-phishing-no-answers-p-66b57be74cb3 |
|
| Details | Url | 1 | https://infosecwriteups.com/tryhackme-advent-of-cyber-2022-day-7-maldocs-roasting-on-an-open-fire-no-answers-p-d9d90522bc94 |
|
| Details | Url | 1 | https://doi.org/10.1109/mc.2015.179 |
|
| Details | Url | 1 | https://doi.org/10.1007/978-1-4842-5485-1_9 |
|
| Details | Url | 1 | https://jbcsec.com/advent-of-cyber-2022 |
|
| Details | Url | 1 | https://www.techtarget.com/searchsecurity/definition/incident-response |
|
| Details | Url | 27 | https://gchq.github.io/cyberchef |
|
| Details | Url | 1 | https://www.rfc-editor.org/rfc/rfc6234 |
|
| Details | Url | 1 | https://www.sciencebuddies.org/science-fair-projects/project-ideas/cyber_p006/cybersecurity/air-gap-computer-hacking |
|
| Details | Url | 2 | https://www.wired.com/story/air-gap-researcher-mordechai-guri |
|
| Details | Url | 2 | https://github.com/horsicq/detect-it-easy |
|
| Details | Url | 1 | https://www.wattpad.com/713896884-miraculous-ladybug-and-chat-noir-picture |
|
| Details | Url | 1 | https://learn.microsoft.com/en-us/troubleshoot/windows-server/remote/understanding-remote-desktop-protocol |
|
| Details | Url | 1 | https://support.microsoft.com/en-us/windows/add-an-app-to-run-automatically-at-startup-in-windows-10-150da165-dcd9-7230-517b-cf3c295d89dd |
|
| Details | Url | 1 | https://www.microsoft.com/en-us/microsoft-365/word |
|
| Details | Url | 1 | https://youtu.be/tuzcgxxtxf8 |
|
| Details | Url | 57 | https://attack.mitre.org |
|
| Details | Url | 1 | https://doi.org/10.1504/ijesdf.2019.098784 |
|
| Details | Url | 1 | https://infosecwriteups.com/advent-of-cyber-2022-day5-email-analysis-its-beginning-to-look-a-lot-like-phishing-by-978dab792ebf |
|
| Details | Url | 1 | https://infosecwriteups.com/advent-of-cyber-2022-day-12-malware-analysis-forensic-mcblue-to-the-revscue-write-up-44fc80e95c7 |
|
| Details | Url | 1 | https://nim-lang.org |
|
| Details | Url | 1 | https://www.bls.gov/ooh/computer-and-information-technology/information-security-analysts.htm |
|
| Details | Url | 1 | https://dl.acm.org/doi/fullhtml/10.5555/1631670.1631679 |
|
| Details | Url | 1 | https://www.utica.edu/academic/institutes/ecii/publications/articles/a04a40dc-a6f6-f2c1-98f94f16af57232d.pdf |
|
| Details | Url | 1 | https://doi.org/10.1007/978-3-319-41187-3_10 |
|
| Details | Url | 3 | https://learn.microsoft.com/en-us/sysinternals/downloads/procmon |
|
| Details | Url | 1 | https://electronicsreference.com/thm/advent-of-cyber-2022/day-6 |
|
| Details | Url | 5 | https://emailrep.io |
|
| Details | Url | 2 | https://tryhackme.com/room/adventofcyber4 |
|
| Details | Url | 2 | https://upx.github.io |
|
| Details | Url | 1 | https://www.virustotal.com/gui/file/0827bb9a2e7c0628b82256759f0f888ca1abd6a2d903acdb8e44aca6a1a03467 |
|
| Details | Url | 2 | https://www.volatilityfoundation.org |
|
| Details | Url | 1 | https://github.com/wahlflo/eml_analyzer |
|
| Details | Url | 1 | https://learn.microsoft.com/en-us/windows/win32/sysinfo/registry |
|
| Details | Url | 22 | https://www.wireshark.org |