Challenge Details

It is a powerful scripting language created in Jan 1999 for Microsoft Windows, you can do a lot of amazing things with like creating the new notepad ?

If you encounter Anti Virus threat alert from your antivirus, please run it in a sandbox environment.

Key concepts

Static reverse engineering (Strings, Ghidra, Ida), AutoIt Reversing, Sandboxing, Malware Analysis, Dynamic Debugging

Learning Objectives

Participants will learn about malware analysis such running the sample in sandbox environment, performing static analysis on the binary sample to recover strings to discover that its a autoit binary.

If participants were to perform advanced static analysis/dynamically debug the binary (Rabbit Hole) using Ida/Ghidra/WinDbg, they will also learn about concepts such as anti debugging

Then, participants will learn about deofuscating code as they analyse the recovered au3 script to get back the flag

Author

Tensor (Yong Liang)