cybergeeks.tech Open in urlscan Pro
162.241.24.179  Public Scan

Form analysis
2 forms found in the DOM

/feed

<form action="/feed"><button id="close-CSS"></button>
</form>

GET https://cybergeeks.tech/

<form role="search" method="get" class="search-form" action="https://cybergeeks.tech/">
  <label>
    <span class="screen-reader-text">Search for:</span>
    <input type="search" class="search-field" placeholder="Search …" value="" name="s" tabindex="-1">
  </label>
  <input type="submit" class="search-submit" value="Search">
</form>

Text Content

Skip to content


CYBER GEEKS

All Things Infosec

Main Menu
 * 


HELLO WORLD

Rants / By exousus / July 18, 2020 July 18, 2020

A quick introduction of the blog`s topics, collaborators and guidelines. This is
a sticky post.


REVERSE ENGINEERING PSEXEC FOR FUN AND KNOWLEDGE

Malware analysis / By CyberMasterV / April 27, 2022 April 27, 2022

Summary PsExec is a tool developed by Mark Russinovich that can be used to
execute applications on remote systems. This post’s purpose is to give details
about the inner workings of PsExec for research purposes only. This is not an
extensive analysis of every argument that PsExec uses, and we only provide
details about the …

Reverse Engineering PsExec for fun and knowledge Read More »


A STEP-BY-STEP ANALYSIS OF THE RUSSIAN APT TURLA BACKDOOR CALLED TINYTURLA

Malware analysis / By CyberMasterV / March 28, 2022 April 28, 2022

Summary Turla is a Russian-based group that has impacted government, embassies,
military, education, and research companies since 2004. Our analysis focuses on
a backdoor called TinyTurla that was installed on an endpoint via a Windows
Service. The list of C2 servers and a password used for authentication with the
servers are stored in the Windows …

A step-by-step analysis of the Russian APT Turla backdoor called TinyTurla Read
More »


HOW TO ANALYZE MALICIOUS DOCUMENTS – CASE STUDY OF AN ATTACK TARGETING UKRAINIAN
ORGANIZATIONS

Malware analysis / By CyberMasterV / February 28, 2022 April 28, 2022

Summary This article presents an analysis of two malicious files and the tools
used. Our approach can be generalized to any other malicious documents. The last
document is a .docx file that was used to attack Ukrainian organizations in the
context of the military conflict between Russia and Ukraine. OLE (Object Linking
and Embedding) is …

How to analyze malicious documents – Case study of an attack targeting Ukrainian
Organizations Read More »


A DETAILED ANALYSIS OF LAZARUS APT MALWARE DISGUISED AS NOTEPAD++ SHELL
EXTENSION

Malware analysis / By CyberMasterV / January 31, 2022 April 28, 2022

Summary Lazarus has targeted its victims using job opportunities documents for
companies such as LockHeed Martin, BAE Systems, and Boeing. In this case, the
threat actor has targeted people that are looking for jobs at Boeing using a
document called Boeing BDS MSE.docx
(https://twitter.com/ShadowChasing1/status/1455489336850325519). The malware
extracts the hostname, username, network information, a list of …

A detailed analysis of Lazarus APT malware disguised as Notepad++ Shell
Extension Read More »


JUST ANOTHER ANALYSIS OF THE NJRAT MALWARE – A STEP-BY-STEP APPROACH

Malware analysis / By CyberMasterV / November 30, 2021 April 28, 2022

Summary njRAT (Bladabindi) is a .NET RAT (Remote Access Trojan) that allows
attackers to take control of an infected machine. This malware has been used by
APT actors in targeted attacks in Colombia
(https://www.welivesecurity.com/2021/01/12/operation-spalax-targeted-malware-attacks-colombia/),
by SideCopy (https://blog.talosintelligence.com/2021/07/sidecopy.html) and has
been distributed via phishing emails
(https://labs.k7computing.com/index.php/malspam-campaigns-download-njrat-from-paste-sites/).
The version number in our analysis is 0.6.4 and the …

Just another analysis of the njRAT malware – A step-by-step approach Read More »


A DETAILED ANALYSIS OF THE STOP/DJVU RANSOMWARE

Malware analysis / By CyberMasterV / October 31, 2021 April 28, 2022

Summary STOP/Djvu ransomware is not a very known ransomware like Conti, REvil or
BlackMatter, however ESET ranked it on the 3rd place in the top ransomware
families in Q2 2020
(https://www.welivesecurity.com/wp-content/uploads/2020/07/ESET_Threat_Report_Q22020.pdf).
This ransomware can run with one of the following parameters: “–Admin”, “–Task”,
“–AutoStart”, “–ForNetRes”, and “–Service”. The process doesn’t target specific
countries based on …

A detailed analysis of the STOP/Djvu Ransomware Read More »


HOW TO DEFEAT THE RUSSIAN DUKES: A STEP-BY-STEP ANALYSIS OF MINIDUKE USED BY
APT29/COZY BEAR

Malware analysis / By CyberMasterV / September 29, 2021 April 28, 2022

Summary APT29/Cozy Bear is a Russian actor that has been associated with
Russia’s Foreign Intelligence Service (SVR). The US government has blamed this
actor for the SolarWinds supply chain compromise operation, as described at
https://media.defense.gov/2021/Apr/15/2002621240/-1/-1/0/CSA_SVR_TARGETS_US_ALLIES_UOO13234021.PDF/CSA_SVR_TARGETS_US_ALLIES_UOO13234021.PDF.
MiniDuke is a backdoor written in pure assembly that was previously documented
by ESET at
https://www.welivesecurity.com/wp-content/uploads/2019/10/ESET_Operation_Ghost_Dukes.pdf
and Kaspersky at
https://securelist.com/miniduke-is-back-nemesis-gemina-and-the-botgen-studio/64107/,
…

How to defeat the Russian Dukes: A step-by-step analysis of MiniDuke used by
APT29/Cozy Bear Read More »


A STEP-BY-STEP ANALYSIS OF THE NEW MALWARE USED BY APT28/SOFACY CALLED SKINNYBOY

Malware analysis / By CyberMasterV / August 3, 2021 April 28, 2022

Summary The malware extracts configuration information about the machine that it
infects using the systeminfo command, and then it retrieves the list of
processes by spawning a tasklist process. The content of the following
directories, along with the processes’ output, is base64-encoded and exfiltrated
to the C2 server updaterweb[.]com: Desktop folder C:\Program Files C:\Program
Files …

A step-by-step analysis of the new malware used by APT28/Sofacy called SkinnyBoy
Read More »


DISSECTING THE LAST VERSION OF CONTI RANSOMWARE USING A STEP-BY-STEP APPROACH

Malware analysis / By CyberMasterV / July 6, 2021 April 28, 2022

Summary According to multiple online resources, Conti is one of the most active
ransomware families in the last year. One of the infamous attacks happened
against HSE healthcare
(https://threatpost.com/conti-ransomware-fail-costly/166263/), where the
attackers asked for a $20 million ransom. As mentioned by Cybereason at
https://www.cybereason.com/blog/cybereason-vs.-conti-ransomware, Conti is sold
as a RaaS (Ransomware as a Service) in …

Dissecting the last version of Conti Ransomware using a step-by-step approach
Read More »


A STEP-BY-STEP ANALYSIS OF A NEW VERSION OF DARKSIDE RANSOMWARE (V. 2.1.2.3)

Malware analysis / By CyberMasterV / June 14, 2021 April 28, 2022

Summary Darkside ransomware is the malware family responsible for the Colonial
Pipeline attack on May 7 2021 as described at
https://www.zdnet.com/article/darkside-the-ransomware-group-responsible-for-colonial-pipeline-cyberattack-explained/.
The binary contains an encrypted configuration that will be decrypted using a
custom algorithm, which reveals a 22-byte buffer that describes different
actions performed by the malware. These actions include: checking the system
language …

A step-by-step analysis of a new version of Darkside Ransomware (v. 2.1.2.3)
Read More »

Posts navigation
1 2 Next Page →
Search for:


RECENT POSTS

 * Reverse Engineering PsExec for fun and knowledge
 * A step-by-step analysis of the Russian APT Turla backdoor called TinyTurla
 * How to analyze malicious documents – Case study of an attack targeting
   Ukrainian Organizations
 * A detailed analysis of Lazarus APT malware disguised as Notepad++ Shell
   Extension
 * Just another analysis of the njRAT malware – A step-by-step approach


ARCHIVES

 * April 2022
 * March 2022
 * February 2022
 * January 2022
 * November 2021
 * October 2021
 * September 2021
 * August 2021
 * July 2021
 * June 2021
 * February 2021
 * January 2021
 * December 2020
 * November 2020
 * August 2020
 * July 2020


CATEGORIES

 * Binary exploitation
 * Malware analysis
 * Rants