Beginner Malware Analysis CTF ⭐️ CyberDefenders RE101
🔥 Learn How To Complete This Beginner Malware Analysis CTF
👨💻 Buy Our Courses: https://guidedhacking.com/register/
💰 Donate on Patreon: / guidedhacking
❤️ Follow us on Social Media: https://linktr.ee/guidedhacking
🔗 Article Link: https://guidedhacking.com/threads/cyb...
🔗 CyberDefenders RE101: https://cyberdefenders.org/blueteam-c...
🔗 CyberDefenders Twitter / cyberdefenders
📜 Video Description:
Malware analysts, particularly those at a beginner malware analysis stage, need to constantly practice and use their skills so that they can improve and be prepared for any situation. In this video, we look at the challenges offered by CyberDefenders (CyberDefenders - Blue team certifications, training & CTF challenges), including a particular focus on the CyberDefenders RE101 challenge. This beginner malware analysis tutorial will allow us to work through some questions within a controlled environment and be able to confirm our answers so that we can improve our malware analysis skills.
The malware analysis questions we'll be going through are within the CyberDefenders RE101 challenge. We start with the first binary and check it within Detect It Easy and see whether it has anything interesting within the strings before we'd bring it into a decompiler. Looking through the strings, we see that there is a base64 string which, when base64 decoded, results in our first flag in this malware analysis training.
The next beginner malware analysis challenge is a different kind of problem, but one that is commonly found within CTF challenges. The CyberDefenders RE101 challenge outlines a corrupted zip that the challenge creator placed an encrypted flag into. To solve this malware analysis challenge, we need to fix the broken file headers of the zip file so that we can extract the flag. To do this, I open the zip file in a hex editor and look through the documentation which outlines the first 4 bytes, which are the file signature but this does not seem to be broken the rest of the header outlines different options used when compressing the file.
Up next in our beginner malware analysis is a challenge that again attempts to hide a string. Within the CyberDefenders RE101 course, we check the file in Detect It Easy and then open it within IDA Pro. We browse to the main function and see that besides a print statement there is also a stack string which is our flag. To extract this stack string in our malware analysis process, you can either use the Mandiant plugins for IDA Pro or put the Linux binary into gdb, set a breakpoint on the call after the stack string, and then echo the stack string to get the flag.
The last challenge in our malware analysis within the CyberDefenders RE101 challenge is malware with its own encryption scheme. Reading through it, it generates an XOR key by incrementing a byte for the length of the string and then XORs encrypted data and then bit shifts it. We reverse the operation in Cyberchef and successfully get the final flag, marking the end of this beginner malware analysis exercise.
📝 Timestamps:
0:00 CyberDefenders RE101 Intro
0:26 Analyzing Encrypted File
1:59 Fixing Corrupted Zip File
4:03 Decoding Stack String
5:37 Decrypting Encrypted Flag
9:02 More Resources
✏️ Tags:
#malwareanalysis
Cyber Defenders
#malware
Malware Analysis
#fredhk
Beginner Tutorial
