Thanks everyone who participated in the CTF and congratulations to all the winners!
1st Place: Kabir Acharya (Australia)
2nd Place: Devesh Mitra (Australia)
3rd Place: Raymond Toh (Singapore)
Welcome to the first edition of the Malienist CTF in collab with HCKSYD. Registration OPEN.
Prizes
G’day Cyber Warrior,
Here are the latest Detection lists.
Please note:
You can use this information to create detect-lists.
All C2i published here is active at the time of publishing but some of these C2s can go offline at any time after that.
All information provided here is free to use.
C2i published on this site or shared via email could cause some FPs as these IPs/URIs get recycled frequently, you agree to that before using any C2i from this site.
Lists are NOT de-duped.
You agree that any false positives or outages caused by use of this list will be your responsibility. To get…Decryptor tool for AES-encrypted payloads
If you want to support me, follow me on Patreon: https://www.patreon.com/malienist
What is Varg?
Varg is a tool written in PowerShell that helps you decrypt data that has been encrypted using AES encryption. The most common application we see in the cyberSec world is malicious scripts that are dropped on victim machines in the for of encrypted payloads that execute malicious code once decrypted.
G’day Cyber Warrior,
Here are the latest IOC lists.
Please note:
You can use this information to create detect-lists.
All C2i published here is active at the time of publishing but some of these C2s can go offline at any time after that.
All information provided here is free to use.
C2i published on this site or shared via email could cause some FPs as these IPs/URIs get recycled frequently, you agree to that before using any C2i from this site.
Lists are NOT de-duped.
You agree that any false positives or outages caused by use of this list will be your responsibility. To get…G’day Cyber Warrior,
Here are the latest IOC lists.
Please note:
You can use this information to create block-lists.
All C2i published here is active at the time of publishing but some of these C2s can go offline at any time after that.
All information provided here is free to use.
C2i published on this site or shared via email could cause some FPs as these IPs/URIs get recycled frequently, you agree to that before using any C2i from this site.
Lists are NOT de-duped.
You agree that any false positives or outages caused by use of this list will be your responsibility. To get…G’day Cyber Warrior,
Here are the latest IOC lists.
Please note:
You can use this information to create block-lists.
All C2i published here is active at the time of publishing but some of these C2s can go offline at any time after that.
All information provided here is free to use.
C2i published on this site or shared via email could cause some FPs as these IPs/URIs get recycled frequently, you agree to that before using any C2i from this site.
Lists are NOT de-duped.
You agree that any false positives or outages caused by use of this list will be your responsibility. To get…G’day Cyber Warrior,
Here are the latest IOC lists.
Please note:
You can use this information to create block-lists.
All C2i published here is active at the time of publishing but some of these C2s can go offline at any time after that.
All information provided here is free to use.
C2i published on this site or shared via email could cause some FPs as these IPs/URIs get recycled frequently, you agree to that before using any C2i from this site.
Lists are NOT de-duped.
You agree that any false positives or outages caused by use of this list will be your responsibility…This is a new series that I've started, where we not just analyse the malware but highlight the steps that can be taken to defend against these threats. You'll still need to do some digging to find out how to implement these in your org but these should give you enough to get started.
Skill level: Intermediate-AdvancedIf you want to support me, follow me on Patreon: https://www.patreon.com/malienist
QuickDefend
The long-story-short version
Use the following info to break execution of this malware:
RestartManager
This malware uses the RestartManager to shutdown/stop running processes and then encrypt them (to bypass the ‘file is in…
Powershell provides a great platform to mess around with Defender
If you want to support me, follow me on Patreon: https://www.patreon.com/malienistMS Powershell is a very powerful tool that MS has provided to the administrators. It can easily be used by malware authors to try to by-pass Windows Defender, the Microsoft anti-malware application that has a large user-base.
Section 1
First, let’s take a look at what features that are available in Powershell to work with anti-malware.
Add-MpPreference
Modifies settings for Windows Defender.
Get-MpComputerStatus
Gets the status of anti-malware software on the computer.
Get-MpPreference
Gets preferences for the Windows Defender scans and…
