Day 9 - "She sells C# shells by the C2shore"
The learning objectives for day 9 were:
- The foundations of analysing malware samples safely
- The fundamentals of .NET binaries
- The dnSpy tool for decompiling malware samples written in .NET
- Building an essential methodology for analysing malware source code
In this task we were provided with a compiled malware file written using C#, we had to analyse this malware and answer some questions based on it .
We were briefed with dotnet compiled binaries, C# basics, C2 server, a tool called dnSpy and malware functionalities .We used dnSpy to decompile the malware and retrieve its source code , then we analysed the functionalities of each functions used and the main program. After understanding the working of this malware we were able to answer the questions.
C2, or command and control, refers to a centralised system or infrastructure that malicious actors use to remotely manage and control compromised devices or systems. It serves as a channel through which attackers issue commands to compromised entities, enabling them to carry out various activities, such as data theft, surveillance, or further malware propagation.
dnSpy is an open-source .NET assembly (C#) debugger and editor. It is typically used for reverse engineering .NET applications and analysing their code and is primarily designed for examining and modifying .NET assemblies in a user-friendly, interactive way. It's also capable of modifying the retrieved source code (editing), setting breakpoints, or running through the code one step at a time.
Click here to see the walkthrough.
No comments:
Post a Comment