Hey everybody!
Hopefully, you have recovered from your turkey-comas and have also restored higher brain functions to within normal parameters, because this week’s set of challenges involve reverse engineering more than one kind of malware. Think of it as practice for trying to figure out what-all is in that fruit cake your aunt sent you. 😉
For screenshots and descriptions of this week’s additions, see below.
Good luck and have fun!
The Cyber Range Team
![A magnifying glass is used to examine digital systems.](https://www.antisyphontraining.com/wp-content/uploads/2023/11/corvus_le_crow_matrix_code_as_seen_through_a_magnifying_glass_6df33ffc-9d15-46e0-92ae-17f22e9e2390-1024x574.png)
P.S. If you’re not already signed up for the BHIS Antisyphon Cyber Range, the following page has screenshots, info, and, of course, a link where you can sign up and join in the fun:
https://www.antisyphontraining.com/cyber-range/
![I used to love art class when I was in school. I could never really draw well though. Instead, I just did that thing where you take a picture, lay a thin piece of paper over it, and followed the lines with a pencil. I don't remember exactly what this fancy technique is called though... Maybe you know what I am talking about! Anyway, here is an example of the software we would use in art class. See if you can make anything from it!](https://www.antisyphontraining.com/wp-content/uploads/2023/11/9297-art-class.png)
![Are Office Macros still a problem today? A quick Google search will confirm the unfortunate truth - people are still clicking "Enable Content" and bad things happen as a result. When reviewing inbound attachments to our mail server at SuperCorp, we noticed this .xls file (unzip with password M3taCTF). We already block the obvious bad extensions like .xlsm and .docm, but could this have malicious content too?](https://www.antisyphontraining.com/wp-content/uploads/2023/11/9296-click-me-please.png)
![This malicious HTA payload was sent to all of THEBOSS' employees. Luckily, nobody fell victim to the phish. We still need to figure out what the IP is for the attacker's command and control server (C2) though so we can block and report it. Can you find the IP Address? (you'll submit this as the flag)](https://www.antisyphontraining.com/wp-content/uploads/2023/11/9343-what-the-ip.png)
![Now that arm64 is getting popular, let's make sure you are prepared to reverse binaries that use it. See if you can crack this aarch64 binary.](https://www.antisyphontraining.com/wp-content/uploads/2023/11/9307-cracking-bones-on-the-ARM.png)