You are a junior threat intelligence analyst at a Cybersecurity firm. You have been tasked with investigating a Cyber espionage campaign known as Operation Dream Job. The goal is to gather crucial information about this operation.

Byte Doctor Reyes is investigating a stealthy post-breach attack where several expected security logs and Windows Defender alerts appear to be missing. He suspects the attacker employed defense evasion techniques to disable or manipulate security controls, significantly complicating detection efforts. Using the exported event logs, your objective is to uncover how the attacker compromised the system's defenses to remain undetected.

Talion suspects that the threat actor carried out anti-virtualization checks to avoid detection in sandboxed environments. Your task is to analyze the event logs and identify the specific techniques used for virtualization detection. Byte Doctor requires evidence of the registry checks or processes the attacker executed to perform these checks.

Malware analysis of Silly Putty from the Practical Malware Analysis Triage course from TCM Security

I recently bought two physical servers and decided to build a homelab for DFIR operations and Malware Analysis

Write-up de la série de challenge Analyse mémoire du FCSC 2025

Windows Attack on Windows host & Detection cheat sheet

Cheat Sheet for fast EVTX forensic with Hayabusa.

Cheat Sheet for some ETW providers that I seen in the HackTheBox CDSA courses. Might be usefull in Windows syscall monitoring