Day 6: If I can't find a nice malware to use, I'm not going.

Task 1 - What is the flag displayed in the popup window after the EDR detects the malware?

There is an edr scripts thats monitor sysmon and alert any suspicious activity.
Run the script .\JingleBells.ps1 which is in the direcoty C:\Tools
Execute the mal exe file ( MerryChristmas.exe ) which is located in C:\Tools\Malware directory.

Mal function executable

A pop up box would occure that contains first flag. I pop doesn't occure than hover on powershell from taskbar OR click Enter key on that previously running powershell script.

Mal function detection alert

Answer 👉 THM{GlitchWasHere}

Task 2 - What is the flag found in the malstrings.txt document after running floss.exe, and opening the file in a text editor?

Now we have to extract all the possible readable strings from that executable file.
By using the floss tool we can extract all the possible strings. And store the strings into a file using Out-file
Open that txt file and do some scroll to find the flag.

Answer 👉 THM{HiddenClue}

Task 3 - If you want to more about sandboxes, have a look at the room FlareVM: Arsenal of Tools.

No Answer Needed

CAPA: The Basics01/02/25 ctf → thm → capa-the-basics

SQLMap: The Basics31/01/25 ctf → thm → sqlmap-the-basics

SQL Fundamentals31/01/25 ctf → thm → sql-fundamentals

Powershell30/01/25 programming → powershell

© 2024 cyberuniversity.tech. All rights reserved.Term of service, Privacy Policy