RedLine Blue Team Lab Write-up

Credit

This lab is made by CyberDefenders and this is only my walk-through for the challenge.

Lab Scenario 

“As a member of the Security Blue team, your assignment is to analyze a memory dump using Redline and Volatility tools. Your goal is to trace the steps taken by the attacker on the compromised machine and determine how they managed to bypass the Network Intrusion Detection System “NIDS”. Your investigation will involve identifying the specific malware family employed in the attack, along with its characteristics. Additionally, your task is to identify and mitigate any traces or footprints left by the attacker.” 

Downloading the Memory Dump

Attention: the sample you are about to download is including malicious files and malware samples. To protect your system, please analyze it on a completely isolated virtual machine. 

Please visit the lab official link to download it.

My Walk-through 

Please watch my video for the detailed write-up

Used Tools

• Volatility Framework 3
• Volatility Workbench
• Strings

Conclusion

In this blog, I talked about how to step-by-step solve RedLine memory forensic challenge using Volatility CLI and GUI tools.

~ Cya in the Next One