Instructions:
Use the password "cyberdefenders.org" to uncompress challenge files and open the maldoc.
It is common for threat actors to utilize living off the land (LOTL) techniques, such as the execution of PowerShell to further their attacks and transition from macro code. This challenge is intended to show how you can often times perform quick analysis to extract important IOCs. The focus of this exercise is on static techniques for analysis.
As a security blue team analyst, analyze the artifacts and answer the questions.
Suggested Tools:
- REMnux Virtual Machine (remnux.org)
- Terminal/Command prompt w/ Python installed
- Oledump
- Text editor
