Hello, in this blog post entry I write about malwares which uses https traffic for communication with c2 analysis techniques. We can use Network Miner Wireshark, Fiddler ( very useful tool) for analysing HTTPS traffic for obtaining some IOC. …

Hello all, in this article I will share an experience about malware analysis in a lab simulation network. Assume that you set up a SOC and your tier 1 analyst inform you about an alert, it comes from Suricata to your SIEM as anormal traffic alert and you have decided…

Hello friends. 4 mounths ago I send an email to VT developer team, and I asked them a VirusTotal Intelligence account for using it my university lectures, books and Udemy trainings. I am very thankfull and I want to thank them, they send me a demo account. VT Intelligence is…

Hello firends, it’s been a long time since I wrote a blog, today I mention about Counter Hacking Methods for Cyber Threat Intelligence Analyst and Defence teams (blue and purple teams) This blog content is written only educational purposes and its Content has been made available for informational and educational…

Hello everybody. In this blog post I will analyze cyber attacks by using ELK. I simulated realcase APT attacks tactics and tools in my lab enviorenment. Nowadays I am prepearing Incident Response and Threat Hunting online training for broadcasting on Udemy. I can finished 3 modules of training and 4…

Hello firends, I couldn’t write any blog entry last mounth because I was busy with my new book which will be published in 2020 January. I have written A Web Pentest Hand Book in Turkish Published and it will come soon. In this blogpost I examine some malicious office and…

Hello friends, volatility has been released a new volatiliy version 3.0. In this blog post we use volatility’s new version quickly and give some information about it’s usage. I analyze stuxnet.vmem memory image file which is dumped from stuxnet infected machine whose version XP. …

In this blog post I examine PE injection and thread hijacking for analysis usage windows API calls for getting easier malware analysis. When we reverse the malicious files may be search some API sequence and guess the PE injection or thread hijacking activity. …

Hello friends, in this blog post I will wirte about process injection, process hollowing and dll injection. I give some examples about attack techniques and I anlyze the attacks for detection purpose. I examine windows API’s which is called during attacks and catgorized and tabled them step by step. Before…