BTLO Replay: PANDEMIC | Reverse Engineering Lab Walkthrough

Описание: Welcome to BTLO Replay, a video series that will take you through retired BTLO labs. Videos posted every Friday at 6pm BST.

This week’s lab is PANDEMIC, a malware analysis scenario set during the second wave of the pandemic. Tools used include Regshot, PEView, and Sysinternals.

Difficulty: Medium

The PANDEMIC scenario:

The second wave of the pandemic has started, and cybercriminals have also started their second wave of attacks. Here comes a new phishing technique: Alert! Alert! Alert! There are masks to safeguard yourself from the pandemic, but do you have a mask on your PC? Our OS vendor released a new PandemicSavior update which will act as a mask to safeguard yourself from the pandemic. Immediately download the attachment and run the update! Quick!! As a malware analyst, your IR team approached you to decide whether the attachment is safe or not. If it’s not safe, provide the IoCs. Malware sample and the necessary toolkit is available on the desktop.

0:00 – Scenario and introduction
2:57 – Toolkit
5:03 – Question 2
7:50 – Question 1
9:31 – Question 3
17:35 – Question 4
18:09 – Question 3 cont.
20:38 – Question 7
21:14 – Question 6
21:39 – Question 7 cont.
23:36 – Question 3 cont.
43:48 – Question 5
44:09 – Question 3 conclusion
47:20 – Question 6 conclusion
49:13 – Question 9
49:22 – Question 8
58:52 – Question 10
1:00:55 – Summary

--

Powered by global blue team training provider, Security Blue Team, BTLO is a gamified platform for defenders to sharpen their skills during engaging security investigation and challenge scenarios.

The BTLO Replay series takes viewers through walkthroughs of retired labs. Visit the BTLO website to take on these challenges for yourself and discover new labs launching regularly.

SUBSCRIBE:    / @blueteamlabsonline  
WEBSITE: https://blueteamlabs.online/
DISCORD:   / discord  
TWITTER:   / bluelabsonline  
LINKEDIN:   / blue-team-labs-online