PwnedDC Challenge
Credit
This lab is made by CyberDefenders.
Lab Scenario
“An ActiveDirectory compromise case: adversaries were able to take over the corporate domain controller. As a soc analyst, Investigate the case and reveal the Who, When, What, Where, Why, and How.”
Downloading the Memory Dump / Running on the Cloud Lab
Attention: the sample you are about to download is including malicious files and malware samples. To protect your system, please analyze it on a completely isolated virtual machine if it is not running on cloud.
Please visit the lab official link to download it.
Used Tools
- volatility2
- volatility3
- Arsenal Image Mounter
- IDA
- Capa-Explorer
- TurnedOnTimesView
- FullEventLogView
- MFTECmd
- USB Forensic Tracker
- WinDbg
- Outlook Forensics Wizard
- FakeNet
- oletools
- wireshark
- scdbg
- Resource Hacker
- mimikatz
- event log explorer
- Registry Explorer
- Strings
Instructions
“Use Win2016x64_14393 profile with volatility2 to analyze the memory dump”
Additional Details
This lab is under the Pro edition, so you need to have an active subscription (not free) to try it.
Conclusion
In this blog, I briefly notified you about a newly released memory forensic challenge.
~ Cya in the Next One
Related Posts
Akira Challenge
Linux Memory Forensics Challenge
