In this blog post enrty I analayzed a malicious word document and I use deobfuscation and decoding methods for analysing malicious powershell code. First I used olevba tool in Remnux. When we extract the macro codes of the file, first we recognize a base64 code decoder function. That means adversary probably encode the malicious code with base64.


Hello, in this blog post entry I write about malwares which uses https traffic for communication with c2 analysis techniques. We can use Network Miner Wireshark, Fiddler ( very useful tool) for analysing HTTPS traffic for obtaining some IOC. First I have created a meterpreter reverse https payload for compromising the target system in a lab network and opened a http server with python simplehttpserver module for transferring the binary to the analysis machine.

Ok we need to set up a handler for getting back connect via HTTPS protocol so I used exploit multi handler module with HTTPS payload;


Hello all, in this article I will share an experience about malware analysis in a lab simulation network. Assume that you set up a SOC and your tier 1 analyst inform you about an alert, it comes from Suricata to your SIEM as anormal traffic alert and you have decided to perform network forensic and you have some pcaps about incident. First you analyzed anormal TCP 443 traffic like this;

As you see that traffic flows through TCP 443 but it is not TLS traffic because you dont see 4 handshake and When you follow TCP stream you see this…


Hello friends. 4 mounths ago I send an email to VT developer team, and I asked them a VirusTotal Intelligence account for using it my university lectures, books and Udemy trainings. I am very thankfull and I want to thank them, they send me a demo account. VT Intelligence is a powerfull platform for threat hunting, for finding related files urls, for searching smilar files or exploits and visualize all of this relations with graph tab. VT API is very useful for sending automatically requesting hash values. Today I am gonna show you some dorks for threat hunting and cyber…


Hello firends, it’s been a long time since I wrote a blog, today I mention about Counter Hacking Methods for Cyber Threat Intelligence Analyst and Defence teams (blue and purple teams) This blog content is written only educational purposes and its Content has been made available for informational and educational purposes only. The author cannot be held responsible for all consequences that may arise from unauthorized use of these practices or techniques for good or malicious purposes. I set up a virtual enviorenment for demonstrating some Counter Hacking Techniques in my own local lab. Adversaries and threat actors can target…


MY INCIDENT RESPONSE LAB

Hello everybody. In this blog post I will analyze cyber attacks by using ELK. I simulated realcase APT attacks tactics and tools in my lab enviorenment. Nowadays I am prepearing Incident Response and Threat Hunting online training for broadcasting on Udemy. I can finished 3 modules of training and 4 modules left. I will be completed within two months at the latest. Actually, I originally set up the lab shown in belowto test the products of the companies that I gave consultancy for product development. But later I decided to create an APT analysis training over this lab. …


Hello firends, I couldn’t write any blog entry last mounth because I was busy with my new book which will be published in 2020 January. I have written A Web Pentest Hand Book in Turkish Published and it will come soon. In this blogpost I examine some malicious office and PDF documents and I will give you some information about their analysis process and detection of malicious activities Adversaries use different TTP’s and their tactics changes day after day. Even their IOC’s and techniques changes day after day, we can still detect their malicious activities by impelementing thereat hunting and…


Hello friends, volatility has been released a new volatiliy version 3.0. In this blog post we use volatility’s new version quickly and give some information about it’s usage. I analyze stuxnet.vmem memory image file which is dumped from stuxnet infected machine whose version XP. First you can clone volatility 3 from its Github page for installation.

I installed it to Kali and you can reach documentation link is given below;

Before We start I present you my Udemy Trainings if you want you can benefit my training for learning deeply;

Lets start with examining processes. Commands a little different but…


In this blog post I examine PE injection and thread hijacking for analysis usage windows API calls for getting easier malware analysis. When we reverse the malicious files may be search some API sequence and guess the PE injection or thread hijacking activity. Before We start I present you my Udemy Trainings if you want you can benefit my training for learning deeply;

Let’s start;

Thread Hijacking is an malicious operation which in Malicious DLL path is injected in to a legal thread. Smilar to Process Hollowing thread must be suspended before injection. …


Hello friends, in this blog post I will wirte about process injection, process hollowing and dll injection. I give some examples about attack techniques and I anlyze the attacks for detection purpose. I examine windows API’s which is called during attacks and catgorized and tabled them step by step.

Before We start I present you my Udemy Trainings if you want you can benefit my training for learning deeply;

Process injection is malicious processes code execution in legal processes memory area. Malware authors or threat actors uses this technique for hiding their activities or escalating their priviliges. Please examine the…

Alparslan Akyıldız academy

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store