Next week, I will be speaking at the National Cyber Crime Conference 2024 for the second year in a row. This year Dr. Mariam Khader and myself will be running 4 different investigation workshops, m...

Last week’s Friday Giveway was the C5W Certified Malware Analysis Course that can be found here. This is an amazing course for those interested in doing Malware Analysis and it has over 45 hands-on...

In the past, I used to maintain a Google Doc with all the tools I use or recommend for my students to use for Malware Analysis. A couple of days ago, while doing a Malware Analysis workshop for NW3...

Windows Sandbox is an amazing Windows feature that could be used for Malware Analysis. In order to install it you’ll need to follow this blog post here by Microsoft. One thing about this Sandbox...

Hello, I finally was able to play with the GOAD v2 project and configure it to run within a single VM using nested Virtualization. From the developer of the project “GOAD is a pentest active d...

In this case you are required analyze a memory dump of a Windows 10 system that has been hit with RansomCare. E01 for the Memory Dump could be found: here Find RansomCare’s code,...

In this case you are required to decrypt all the data and files that have been encrypted using different crypto methods. E01 for the drive could be found: here #1: Lost in Space: We noticed that...

In this case you are required to find all the data and files that have been hidden using some of the NTFS file system capabilities. – E01 for the drive could be found: here – There are 5 hidden t...

The user downloaded what they thought was the SysInternals tool suite, double-clicked it, but the tools did not open and were not accessible. Since that time, the user has noticed that the system h...

Sometimes you have one of those VMs that you downloaded from Microsoft and then you used it for some testing. Now, after a certain amount of time, the free license given will expire and what will h...