Post 61 - Once more it begins

01 Dec 2024

Task 7, Day 1 OPSEC Maybe SOC-mas music, he thought, doesn’t come from a store?

Investigating a website, in this case a Youtube to MP3 converter.

Issues to be aware of:

• Malvertising: Malicious ads that can exploit vulnerabilities and cause infection
• Phishing scams: fake surveys or offers to harvest personal/sensitive info
• Bundled malware: As described on tin

Tests applied:

1) Download result of conversion and run file command against the files 2) Run exiftool on questionable file

Embedded command details:

• -ep Bypass -nop flags disable PS’ usual restrictions, allowing scripts to run without interference from security settings or user profiles
• DownloadFile pulls file from remote server and saves to local machine (‘download source’,’target path’)
• iex executes file downloaded

3) Search web for unique items in code, check places like GitHub, looking for ideas of who creator is

The Task

Provide details from files downloaded and GitHub

Recommended Stuff

OPSEC room