PinnedRifqi Ardia RamadhanVolatility 3 Plugin — kusertime, notepad, sticky, evtxlogThis blog explains every plugin I made for Volatility 3 Plugin contest 2023 submission.Nov 12, 2023Nov 12, 2023
Rifqi Ardia RamadhanBrain Cipher Sandbox Dynamic Analysis — What it doesRecently, there has been an incident occurred around Indonesian National Data Center (PDN). The immigration system crashed so hard that it…Jun 281Jun 281
Rifqi Ardia RamadhanStealer Malware Analysis: With file padding to avoid detection.This article will cover a very recent variation of a stealer malware.Apr 17, 20231Apr 17, 20231
Rifqi Ardia RamadhanCracking LUKS Encrypted filesystem using hashcat brute-forcingI was in a CTF some time ago and I stumbled upon an interesting thing which surprisingly not a lot of people wrote a documentation about…Feb 13, 2023Feb 13, 2023
Rifqi Ardia RamadhanVidar Credential Stealer Analysis: Using Social Media Display Name to be an Intermediate C&C MethodRecently, I have been meddling with a new malware which I found lurking in random websites which offer “<software> free download”. It’s a…Jan 27, 2023Jan 27, 2023
Rifqi Ardia RamadhaninMII Cyber Security Consulting ServicesWhy is there a lot of Windows Logon Success with Logon Type 3? -A quick look-Windows Security Event Log is unbelievably verbose when it comes to logging. Looking at how complicated the operating system is, keeping…Dec 7, 2021Dec 7, 2021
Rifqi Ardia RamadhanDecrypting WinRM traffic from AD hashes — HTB Uni Quals 2021 “Keep the Steam Activated” WriteupPrologueNov 30, 2021Nov 30, 2021
Rifqi Ardia RamadhaninMII Cyber Security Consulting ServicesThreat Hunting with Jupyter Notebook: Excessive Usage of FTP User ScenarioWe’re taking a look at FTP Zeek log. Zeek or previously Bro log is a stream of high level entries that correspond to lower level events. A…Feb 20, 2021Feb 20, 2021
Rifqi Ardia RamadhaninMII Cyber Security Consulting ServicesUsing Jupyter Notebook for Analyzing access.log file — Directory Brute-force Case StudyNote: This article is originally made in Jupyter Notebook. If you’d like to test it yourself, visit this repository to get the dataset…Feb 13, 2021Feb 13, 2021
Rifqi Ardia RamadhaninMII Cyber Security Consulting ServicesRemote Desktop Connection (mstsc.exe) Screen in a Memory Dump AnalysisYesterday, I joined a team to compete in justCTF [*] 2021. We finished around 60th. Generally most of the tasks were already hard to begin…Feb 6, 2021Feb 6, 2021