Memory forensics


An introduction to digital forensics.

Yesterday is but today's memory! Using tools like gdb, strace, volatility or just even plain strings, you can peek into the running behavior of programs, no matter if they are alive or long gone! Use your skills to understand what strange binaries are doing, and to analyze some real world windows malware!



Challenges

It's right there. Flag should have a format of \forensics(...)

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

It gets built for you!. Flag should have a format of \forensics(...)

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

The program is listening for your needs! Flag should have a format of \forensics(...)

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

The program is shouting in the dark! Flag should have a format of \forensics(...)

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Using volatility analyse the properties of a memory image

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Using volatility discover the processes that were running

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Using volatility find what goes on in the service host process.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

Using volatility dump the memory of an infected process and discover how it listens for connections.

Connect with SSH

Link your SSH key, then connect with: ssh hacker@pwn.college

30-Day Scoreboard:

This scoreboard reflects solves for challenges in this module after the module launched in this dojo.

7-Day | 30-Day | All-Time

Rank Hacker Badges Score