1. Executive Summary The analyzed artifact is a packed 32-bit Windows PE DLL associated with the Gozi/ISFB malware family. The visible packed layer implements loader behavior, encrypted string sto...

Executive Summary The supplied file is a 32-bit Windows DLL attributable to Raspberry Robin. Attribution is high confidence because its exact SHA-256 hash appears in Zscaler ThreatLabz’s published...

Logon Test This is to verify if you have successfully log in. The flag format for this CTF can be one of the followings: liga{xxx} OWASPKL{xxx} ligactf{xxx} Each challenge description w...

This is a note to easily set a breakpoint in the future. Classic Process Injection inject the legitimate process Obtain handle to a target process CreateToolHelp32Snapshot ...

Filename Zeichnungen Muster.exe Filesize 1.97 MiB Hash cfd13da57bb620ec32a6ad174d4d4cac2c715af8e7aaa57931574152f5fffdd9 Malwa...

Forensics Invisible upon opening pcap. filter http able to see the file that has been access when opening init.js. can see the malicious program was downloaded into the environment opening ...

Information SHA256 hash: c6f2553734e73ffbafab7acba0194ad545cdce3364e60e2014f37b0e49e1ab64 SHA1 hash: 4d44166162cf6a16c1daffa7d40f1c5b0c47b3ca ...

Introduction DarkGate is a modular loader and botnet toolkit first observed in 2017 that enables operators to fully compromise victim hosts, persist, drop secondary payloads, and provide remote ac...

Date: 5-27-2025 (9PM) - 6-28-2025 (9PM) Venue: Online Web Baby Web From the source code, you can see that there’s a filter on the word “String”, which makes it difficult to submit the key rando...

Zogulon Traces Description Quick!! Chase K has been abducted! He will surely be turned into a Zogulon if we don’t find him in time. All I could find was this encoder for their hyperspace drive and...