Notepad.exeReverse 未解决
Challenge Details
It is a powerful scripting language created in Jan 1999 for Microsoft Windows, you can do a lot of amazing things with like creating the new notepad ?
If you encounter Anti Virus threat alert from your antivirus, please run it in a sandbox environment.
Key concepts
Static reverse engineering (Strings, Ghidra, Ida), AutoIt Reversing, Sandboxing, Malware Analysis, Dynamic Debugging
Learning Objectives
Participants will learn about malware analysis such running the sample in sandbox environment, performing static analysis on the binary sample to recover strings to discover that its a autoit binary.
If participants were to perform advanced static analysis/dynamically debug the binary (Rabbit Hole) using Ida/Ghidra/WinDbg, they will also learn about concepts such as anti debugging
Then, participants will learn about deofuscating code as they analyse the recovered au3 script to get back the flag
Author
Tensor (Yong Liang)