Author: Frédéric Bourla

Insomni’hack 2025 – GuLosity writeup

The challenge

A malware was provided from a real DFIR case that occurred in January 2024. The final payloads were disarmed here, to allow the analysts to dissect the binary safely until they fully understand the execution chain of a reflective shellcode loader named GuLoader [which initially led to the delivery of Remcos RAT with an additional keylogger, but the original nasty shellcodes were replaced by benign ones to provide the most realistic challenge].

Continue reading Insomni’hack 2025 – GuLosity writeup

Insomni’hack 2024 – Bash to the Future writeup

The Challenge

You have been contracted to help COPERNIC Inc spot the light on a potential compromise. It seems that one of their scientists has been spied through a 20 years old malware… And fortunately, Zeus was on your side since the 4 Gb snapshot was carried out at the best possible time to facilitate your analysis.

Continue reading Insomni’hack 2024 – Bash to the Future writeup

Insomni’hack 2023 – hex-filtrate writeup

In this forensic challenge, a company has been compromised and their initial investigation led to a suspicious workstation. The CEO was very anxious about a potential exfiltration, and we were provided with a network dump of that workstation in the hope that we would be able to help him make some sweet dreams again.

Continue reading Insomni’hack 2023 – hex-filtrate writeup