Practical Malware Analysis 2020 CTF

With @sambowne, @djhardb, @KaitlynGuru, and @infosecirvin.

Scoreboard · Submit Flags

       

                                                       

Server 2016 in Google Cloud (Recommended)

PMA 30: Windows 2016 Cloud Machine for Malware Analysis (15 pts)

PMA 101: Basic Static Techniques (Cloud)(20 pts + 30 pts extra)
PMA 102: Unpacking (Cloud) (15 pts + 10 extra)
PMA 110: capa (15)
PMA 131: Custom UPX (25 pts extra)

PMA 221: Basic Dynamic Analysis (30 pts + 30 extra)
PMA 222: Making a Windows Keylogger (10 pts extra)

PMA 301: Jasmin (10 pts + 10 extra)
PMA 303c: IDA Pro (20 pts + 20 extra)
PMA 304: C Constructs in Assembly (15 pts)

PMA 401. Simple EXE Hacking with Ollydbg (30 pts + 90 extra)
PMA 402: Hacking Minesweeper with Ollydbg (15 pts + 30 extra)
PMA 403: API Monitor (15 pts extra)
PMA 410c: Kernel Debugging Windows 2016 Server (15 pts)
PMA 420: Bootkit Analysis with Bochs (15 pts)
PMA 421: Understanding the MBR (15 pts + 55 extra)

FLARE VM (Takes Hours to Prepare)

PMA 60: Cloud Server on Azure (15 extra)
PMA 40: FLARE-VM (20 extra)
PMA 121: Unpacking with OllyDbg and pestudio (50 pts extra)
PMA 122: PE Headers (50 pts extra)
PMA 123: Importing DLLs (45 pts extra)
PMA 124: DLL Hijacking (15 pts extra)
PMA 125: Installing Visual Studio 2019 (10 pts extra)
PMA 126: DLL Proxying (20 pts extra)
PMA 430: WinDbg Preview (15 pts extra)
PMA 431: WinDbg Preview: Source-Level Debugging (10 pts extra)
PMA 432: WinDbg Preview: Kernel Debugging (35 pts extra)
PMA 433: Kernel Debugging with Breakpoints (30 pts extra)
PMA 434: Debugging a Driver (30 pts extra)

Ghidra

PMA 510: Starting with Ghidra (10 extra)
PMA 511: Ghidra Data Displays (40 extra)

Old Windows 2008 Server VM (Legacy)

PMA 20: Malware Analysis Virtual Machine (15 pts)
PMA 101: Basic Static Techniques (20 pts + 30 extra)
PMA 102: Unpacking (15 pts + 10 extra)
PMA 201: Basic Dynamic Analysis (30 pts)
PMA 202: Keylogger (30 extra)
PMA 302: Assembly Code in Masm32 (20 pts extra)
PMA 303: IDA Pro (20 pts + 20 extra)
PMA 410: Kernel Debugging on Windows 2008 Server (15 pts)
PMA 411: SSDT Hooking on Windows 2008 Server (25 extra)

Virtual Machine Resources
(Not Recommended)

Download Textbook Labs Here

Hypervisors

VMware Player (for Windows hosts, free)
VMware Fusion (for Mac hosts, 30-day trial)
VirtualBox (free for all platforms)

Basics

H 101 - 104: Binary Games  20
LJ: Linux Journey  83
B: Bandit Challenges  230
U-Cen and U-Cyb: PowerShell  75
Linux Unhatched: Free Course  
ICSI | Certified Penetration Tester: Free Course  

Networking

H 410: Nmap  40
H 420: Wireshark  110
H 430: Scapy  20

Assembly Language

H 201: Google Cloud Linux Server  10
ASM 100: Basics  69
ASM 104: Bases & Printing  40
ASM 105: ASCII  20
ASM 110: Gdb  30
ASM 120: Files  55
ASM 200: Caesar Cipher  35
ASM 210: XOR  20

New for GRAYHAT 10-30-20