Malware Exercise 2016-12-17 Your Holiday Present
Below is my write up of the latest exercise from Brad. There are two things that I learned from doing this exercise: 1) there is a difference between TCP Stream and HTTP Stream as there is more information available in TCP Stream, and 2) how to convert an encoded file from base64 to ASCII. For this last one, I came across Matt Bromiley’s blog covering Brad’s exercise and this was included in his write-up. As usual, all artifacts for this write-up can be found over in my repo located here. Executive Summary ================= Based on my analysis, it looks as…