- Популярные видео
- Авто
- Видео-блоги
- ДТП, аварии
- Для маленьких
- Еда, напитки
- Животные
- Закон и право
- Знаменитости
- Игры
- Искусство
- Комедии
- Красота, мода
- Кулинария, рецепты
- Люди
- Мото
- Музыка
- Мультфильмы
- Наука, технологии
- Новости
- Образование
- Политика
- Праздники
- Приколы
- Природа
- Происшествия
- Путешествия
- Развлечения
- Ржач
- Семья
- Сериалы
- Спорт
- Стиль жизни
- ТВ передачи
- Танцы
- Технологии
- Товары
- Ужасы
- Фильмы
- Шоу-бизнес
- Юмор
TryHackMe Masquerade Walkthrough: PowerShell Logs, Wireshark & Malware Analysis
This is not the quick-and-dirty TryHackMe Masquerade walkthrough where we speedrun answers.
In this video, I walk through the room the way a cybersecurity professional would actually approach these artifacts: asking investigative questions, pivoting between logs and network traffic, validating assumptions, and using the malware’s own logic to understand what happened.
We investigate a malware infection using PowerShell logs, Wireshark PCAP analysis, payload decryption, CyberChef, and .NET reverse engineering. If you are interested in malware analysis, SOC investigations, incident response, or learning how pros think through these problems, this walkthrough is built for you.
In this video:
- Investigate PowerShell Operational logs and script block logging
- Deobfuscate malicious PowerShell activity
- Analyze HTTP traffic in Wireshark
- Extract and decrypt a malware payload from a PCAP
- Identify RC4 and AES usage in the attack chain
- Use ILSpy to reverse engineer a .NET payload
- Decrypt C2 traffic using CyberChef and code-based analysis
- Learn how malware analysts and senior SOC analysts reason through evidence
If you just want the flags as fast as possible, this probably is not the walkthrough for you. But if you want to understand how these techniques show up in real investigations, and how to build the mindset behind malware analysis, you’re in the right place.
#TryHackMe #MalwareAnalysis #CybersecurityWalkthrough
▶Links
_______________________
https://tryhackme.com/room/masquerade
https://omerbenamram.github.io/evtx/
https://minusone.skyblue.team
https://github.com/icsharpcode/AvaloniaILSpy/releases
▶Sponsor
_______________________
Tandem Cyber Solutions - https://tandemcybersolutions.com/
▶Affiliate Links
_______________________
You can support the channel by using the affiliate links below.
HTB - https://hacktheboxltd.sjv.io/e1MxWO
_______________________
▶OTHER CHANNELS:
C-Suite Cyber Podcast https://www.youtube.com/@C-SuiteCyberPodcast
_______________________
▶Come Hang Out:
Discord: https://discord.gg/XjHJFp4KSm
_______________________
Chapters
00:00 Introduction to Masquerade Challenge
00:40 Setting Up the Environment for Malware Analysis
01:34 Understanding the Scenario and Artifacts
03:04 Analyzing PowerShell Logs
04:42 1. What external domain was contacted during script execution?
08:01 De-obfuscating the Script
09:10 2. What encryption algorithm was used by the script?
10:49 Timestamp of Server Response
12:25 3. What was the timestamp of the server response containing the payload?
15:53 4. What is the SHA-256 hash of Extracted and Decrypted Payload?
23:37 5. What remote URL did the client use to communicate with the victim machine?
24:48 Introduction to ILSpy and Decompilation
27:39 6. Which encryption key and algorithm does the client use?
28:16 7. Final Flag
33:32 Using CyberChef for Decryption
37:07 Implementing Decryption in Code
38:27 Bonus: Decryption Method
43:07 Conclusion and Real-World Applications
Видео TryHackMe Masquerade Walkthrough: PowerShell Logs, Wireshark & Malware Analysis канала Infosec Wizard
In this video, I walk through the room the way a cybersecurity professional would actually approach these artifacts: asking investigative questions, pivoting between logs and network traffic, validating assumptions, and using the malware’s own logic to understand what happened.
We investigate a malware infection using PowerShell logs, Wireshark PCAP analysis, payload decryption, CyberChef, and .NET reverse engineering. If you are interested in malware analysis, SOC investigations, incident response, or learning how pros think through these problems, this walkthrough is built for you.
In this video:
- Investigate PowerShell Operational logs and script block logging
- Deobfuscate malicious PowerShell activity
- Analyze HTTP traffic in Wireshark
- Extract and decrypt a malware payload from a PCAP
- Identify RC4 and AES usage in the attack chain
- Use ILSpy to reverse engineer a .NET payload
- Decrypt C2 traffic using CyberChef and code-based analysis
- Learn how malware analysts and senior SOC analysts reason through evidence
If you just want the flags as fast as possible, this probably is not the walkthrough for you. But if you want to understand how these techniques show up in real investigations, and how to build the mindset behind malware analysis, you’re in the right place.
#TryHackMe #MalwareAnalysis #CybersecurityWalkthrough
▶Links
_______________________
https://tryhackme.com/room/masquerade
https://omerbenamram.github.io/evtx/
https://minusone.skyblue.team
https://github.com/icsharpcode/AvaloniaILSpy/releases
▶Sponsor
_______________________
Tandem Cyber Solutions - https://tandemcybersolutions.com/
▶Affiliate Links
_______________________
You can support the channel by using the affiliate links below.
HTB - https://hacktheboxltd.sjv.io/e1MxWO
_______________________
▶OTHER CHANNELS:
C-Suite Cyber Podcast https://www.youtube.com/@C-SuiteCyberPodcast
_______________________
▶Come Hang Out:
Discord: https://discord.gg/XjHJFp4KSm
_______________________
Chapters
00:00 Introduction to Masquerade Challenge
00:40 Setting Up the Environment for Malware Analysis
01:34 Understanding the Scenario and Artifacts
03:04 Analyzing PowerShell Logs
04:42 1. What external domain was contacted during script execution?
08:01 De-obfuscating the Script
09:10 2. What encryption algorithm was used by the script?
10:49 Timestamp of Server Response
12:25 3. What was the timestamp of the server response containing the payload?
15:53 4. What is the SHA-256 hash of Extracted and Decrypted Payload?
23:37 5. What remote URL did the client use to communicate with the victim machine?
24:48 Introduction to ILSpy and Decompilation
27:39 6. Which encryption key and algorithm does the client use?
28:16 7. Final Flag
33:32 Using CyberChef for Decryption
37:07 Implementing Decryption in Code
38:27 Bonus: Decryption Method
43:07 Conclusion and Real-World Applications
Видео TryHackMe Masquerade Walkthrough: PowerShell Logs, Wireshark & Malware Analysis канала Infosec Wizard
Комментарии отсутствуют
Информация о видео
29 апреля 2026 г. 21:01:34
00:44:23
Другие видео канала
Most Common Ports You MUST Know for Cybersecurity | Port 80, 445, 3389 & More
The Help Desk Trap: Why It's Killing Your SOC Analyst Career
⚡ Not everyone in cyber does the same thing.
Live Hacking Session on TryHackMe
Cybersecurity Doesn’t Let You Coast
TryHackMe: Viewers Choice
Persistence Is More Than Just Getting a Shell
Why SOC Analysts Check VirusTotal First #shorts
Malware Dev! What should we call it?
Why Every Security Tester Needs to Take Notes
DLL Proxying Makes Your Payload Stealthy
Windows Process Tree, Finally Explained!
OSCP, OSEP, GXPN, GCIA — Not Just Certs. Mindset Shifts.
Good analysts dont guess. They predict. #shorts
How SOC Teams Handle Zero-Day Vulnerabilities
Yes, Everyone Mixes Up Query Languages
The Cybersecurity Community Is Smaller Than You Think
Privilege Escalation Demo | Spoofer64.exe Explained
🚀 From car rentals → cybersecurity
Stop Skipping the Basics: Ports & Protocols Explained 🔥
Live Resume and Roadmap Clinic for SOC Analysts
