A short post, this time: I just published a short guide about converting VMware VMs for use with VirtualBox. Check it out! Many of the VMs I intend to use with hal9k will come from VulnHub, and many of those will be created for use in VMware. Since hal9k uses VirtualBox, it’s important to be able to convert VMware files into a format that VirtualBox can understand. As I continue to build and expand my hacking lab, I will continue to publish additional guides on how to create, modify, import and export VMs with VirtualBox, as well as on a variety of other subjects.
For years I’ve wanted to build a hacker lab akin to the OSCP or HackTheBox labs. I did tons of research, read blogs and wikis and how-to guides, learned all I could about the subject, and even built some prototypes with VirtualBox on my laptop. Yet I never allowed myself to spend the money. In 2018, I was living on the road as a truck driver, so it was an impractical goal.
I’m blown away by how many people enjoyed my first PowerShell reverse-engineering write-up! In fact, it was such a popular post that people were even sharing it with their work teams in order to learn new malware techniques being used by attackers! I’m thrilled that my post was useful, and I hope that it inspires others to give malware reversing a try. After reading my write-up, a Twitter user named Chad got in touch with me and shared a couple other samples of PowerShell malware that his team had found.
Greetings, friends! I know it’s been a while, but today I’ve got a special treat for you. Earlier this week, a malicious PowerShell script was detected on one of the systems I protect. After a bit of digging, my colleagues were able to extract the complete code listing, which I decided to reverse-engineer. It’s big, it’s ugly, and it’s fascinating as hell. When I first looked at the script, I recognized that it had been carefully obfuscated in order to be impossible to read and understand, but that didn’t deter me; I love a good challenge.
Hello, dear readers! A lot has passed since last we spoke. On February 2, I competed in the Trace Labs Global Missing Persons CTF, accompanied by three fellow hackers I met at the Dallas Hackers Association. We called ourselves the “DHA Dream Team.” Out of 138 teams competing in the event, we placed 7th overall — significantly better than I could have expected, considering it was our first proper CTF event.