Posts for: #Volatility

CyberTalents Forensics Eagle Eye Writeup

#Forensics  #Volatility  #Memory 
Eagle Eye Eagle eye is a memory forensics challenge rated between hard and insane, as of writing this writeup the challenge has 15 solves in 4 months TL:DR Windows memory forensics using volatility2 using mftdump vol2 plugin Challenge Description When you deal with an attacker, don’t always trust what you see. Solution Inorder to solve this challenge successfully we are to first determine a suitable profile to use. using the syntax
Read more →

HeroCTF Writeups

#Forensics  #Volatility  #SSRF  #Web 
Howdy, we recently took part in HeroCTF V3 and we settled for #68 from 645 teams here are some of my writeups Forensics We need you 1/5 Category Forensics Description Interpol and the FBI have been investigating for over a year now. They are trying to get their hands on two hackers very well known for their ransomware and their ultra efficient botnet. After long months of investigation, they managed to get their hands on one of their servers.
Read more →

Help Me,Memory Forensics Shakti 2021

#Forensics  #Volatility 
Shakti took place over the weekend and I happened to miss out, but i got a memory forensics challenge before it ended and i found it interesting Challenge Help Me 400 re memory Our department had taken up the responsibility of solving a mysterious case but unfortunately our system crashed. We could only recover this memory dump. Your job is get all the important files from the system and use the files to find out the secret informatiom.
Read more →

TrollCat Forensics Writeups

#Forensics  #Volatility  #Aircrack-ng 
Forbidden points 100 challenge description Agent Troll recieved some file but not able to read the data can you help us? Author: White_Wolf Forbidden (link is dead but file is attached) solution we are given a trollcats.car $file trollcats.car trollcats.car: data on further investigation $binwalk trollcats.car DECIMAL HEXADECIMAL DESCRIPTION -------------------------------------------------------------------------------- 50 0x32 bzip2 compressed data, block size = 900k extracting the file $binwalk -e trollcats.car DECIMAL HEXADECIMAL DESCRIPTION -------------------------------------------------------------------------------- 50 0x32 bzip2 compressed data, block size = 900k ┌─[@parrot]─[~/Desktop/CTFs/TrollCAT/Forensics] └──╼ $cd _trollcats.
Read more →