Video walkthrough for retired @HackTheBox (HTB) Forensics challenge "Lure" [easy]: "The finance team received an important looking email containing an attached Word document. Can you take a look and confirm if it's malicious?" - Hope you enjoy 🙂
Sign up for HackTheBox: https://htb-signup.cryptocat.me
↢HackTheBox↣
https://app.hackthebox.eu/challenges/163
↢Video-Specific Resources↣
https://securityliterate.com/malware-analysis-in-5-minutes-deobfuscating-powershell-scripts
👷♂️Resources🛠
https://cryptocat.me/resources
↢Chapters↣
Start - 0:00
Basic file checks - 0:33
Investigate OLE format and different tools - 1:55
Initial decoding of powershell script - 5:23
Try to execute in Windows Commando VM - 7:31
Investigate powershell deobfuscation - 9:22
Debug/analyse with ISE and find flag - 10:40
Bonus (find flag with Wireshark) - 14:21
