Skip to main content
bubka hacks stuff

Malware Analysis (21) Reverse Engineering (14) SIEM (27) SOC (31)
.NET (4) AbuseIPDB (9) Active Directory (5) AD CS (1) AdFind (1) AES (3) AgentTesla (1) Anti-Debugging (1) Anti-VM (2) ANY.RUN (1) AnyDesk (1) AS-REP Roasting (1) AsyncRAT (1) Avr (1) AWS (1) BlackBasta (1) Blockchain (1) Broken Access Control (1) BruteForce (4) BumbleBee (1) Capa (1) CAPEv2 (1) ChaCha20 (1) ChromeHistoryView (1) Click Fix (1) Clipboard Hijacking (2) CloudTrail (1) Cobalt (1) Command Injection (1) Conti (1) CRC32 (1) Credential Dumping (2) CryptnetUrlCache (1) Cryptocurrency Stealer (2) CVE-2017-0199 (1) CVE-2017-11882 (1) CVE-2021-24762 (1) CVE-2024-14847 (1) CVE-2024-24919 (1) CVE-2024-4577 (1) CVE-2024-48990 (1) CVE-2024-6473 (1) CVE-2025-53770 (1) CVE-2025-55182 (1) CVE-2026-24061 (1) Debug (1) DFIR (8) DigitalOcean (1) DLL (2) DLL Hijacking (2) DNS Tunneling (1) Dnspy (4) Doc (1) Dridex (1) Dynamic API Resolution (1) EDR (16) ELF (4) ELF64 (1) ELK (5) Emotet (1) Endpoint Forensic (1) Escalation to L2 (7) Ethereum (1) EtherRAT (1) Event Viewer (4) Excel (1) Extension (1) False Positive (1) File-Upload (1) Fileless Malware (2) Ghidra (1) Golang (1) GOLD CABIN (1) HashDB (1) Heaven's Gate (1) HTA (2) IAM (1) IDA (9) IDOR (1) IDS (2) IIS (1) Indirect Calls (1) Infostealer (3) Injection (1) Installer (1) ISO (1) JavaScript (5) JuicyPotato (1) Kerberoasting (1) Keylogger (2) LFI (2) Linux (10) LKM (1) LNK (4) Loader (1) Log Analysis (27) LOLbins (4) Lsass (2) Lumma Stealer (1) MEGA (1) Memory Analysis (2) MFTExplorer (3) Mimikatz (3) Mini Dump (1) Mongodb (1) MotW Bypass (1) Mshta (1) MSSQL (1) NAT Traversal (1) Needrestart (1) Network Analysis (8) Nmap (3) No Escalation (4) NSIS (1) Oleid (1) Olevba (2) Packer (1) Password Spraying (1) Path Traversal (3) PCAP (3) PDF (3) Pdf-Parser (2) Pdfid (2) PE (12) PECmd (2) Phishing (11) PHORPIEX (1) PoshC2 (1) Powercat (1) PowerShell (8) PowerView (2) Privilege Escalation (1) ProcDump (1) Process Injection (3) PsExec (3) Qradar (1) Ransomware (6) RAT (2) RBCD (1) RC4 (1) RCE (3) RDP (3) RegistryExplorer (2) REvil (1) Rootkit (1) RTF (1) Rtfobj (1) Rubeus (1) Rust (1) Rust-Gdb (1) S3 (1) Salsa20 (1) Sandbox (5) Sandbox Evasion (1) Scdbg (1) Self-Extracting Archive (1) SharePoint (1) Shellcode Analysis (2) Smart Contract (1) SMB (1) SMTP (1) Splunk (6) SQL Injection (3) Sqlite (1) Sqlmap (1) Srand (1) Suricata (2) Sysmon (2) T1053.003 (1) T1098.004 (1) T1110 (1) T1136.001 (1) T1190 (1) T1543.002 (1) Telnet (1) TLS Sniffer (1) Tor (1) True Positive (13) UPnP Exploitation (1) UPX (1) USB Spreading (1) VBA (4) VBScript (1) Vectored Exception Handling (1) VirusTotal (13) Vmonkey (1) Volatility3 (3) Wazuh (3) Web (1) Web Attack (8) WinDBG (1) Windows (24) Wireshark (6) WMI (1) WordPress (1) WPScan (1) X64dbg (1) Xlm-Macros (1) Xlmdeobfuscator (1) Xlsx (1) XSS (1) XWorm (1) Zeek (1)

2026

HTB-Packet_Puzzle

SOC Network Analysis Windows CVE-2024-4577 T1190 Wireshark
Analyzed network traffic showing exploitation of CVE-2024-4577 (PHP-CGI argument injection) against a Windows server running PHP 8.1.25. Attacker achieved RCE, established reverse shell on port 4545, then escalated privileges using GodPotato to spawn a SYSTEM-level shell on port 5555.

HTB-CrashDump

Malware Analysis Windows PE WinDBG Mini Dump Cobalt
Analyzed two process dumps (notepad.exe and update.exe) revealing a Cobalt Strike Beacon infection. The malware used process injection with reflective DLL loading, communicated with C2 server at 101.10.25.4:8023, and possessed capabilities for privilege escalation, token manipulation, and lateral movement via named pipes.