Recollection Challenge

Credit

This lab is made by HackTheBox.

Lab Scenario

“A junior member of our security team has been performing research and testing on what we believe to be an old and insecure operating system. We believe it may have been compromised & have managed to retrieve a memory dump of the asset. We want to confirm what actions were carried out by the attacker and if any other assets in our environment might be affected. Please answer the questions below.”

Downloading the Memory Dump / Running on the Cloud Lab

Attention: the sample you are about to download is including malicious files and malware samples. To protect your system, please analyze it on a completely isolated virtual machine if it is not running on cloud

Please visit the lab official link.

Used Tools

• Volatility2
• Strings
• VirusTotal

Instructions

• To uncompress the lab file (pass: hacktheblue)
• The lab is FREE at the time of writing this post (if retired, it will be paid and only for VIP users)

Conclusion

In this blog, I briefly notified you about a newly released memory forensic challenge.

~ Cya in the Next One