• Flyswat
    link
    fedilink
    arrow-up
    2
    ·
    edit-2
    1 year ago

    I am reminded of a painful memory while playing with a CTF challenge. It was past 2am I executed a .exe with wine of what was supposed to be a malware in that scenario. Sure enough I launched it with Wine (yes, it was a very bad idea)

    There was no window after the couple errors displayed on the console. I gave it a couple of minutes to start and then moved on to fine other clues in the challenge because obviously Wine cannot run it, right? Wine is surely not advanced enough yet! The thing was encrypting all my drives!!

    I killed it after it ran a good 5 minutes and only realised the damage an hour later. I had to put an all nighter to do a crash course on PowerShell to code a decrypter after decompiling the malware to find the encryption key.

    Lessons learned: use containers/VMs for that stuff. And yeah, Wine does work fine, too fine.