Reveal Challenge
Credit
This lab is made by CyberDefenders team.
Lab Scenario
“As a cybersecurity analyst for a leading financial institution, an alert from your SIEM solution has flagged unusual activity on an internal workstation. Given the sensitive financial data at risk, immediate action is required to prevent potential breaches.
Your task is to delve into the provided memory dump from the compromised system. You need to identify basic Indicators of Compromise (IOCs) and determine the extent of the intrusion. Investigate the malicious commands or files executed in the environment, and report your findings in detail to aid in remediation and enhance future defenses.”
Difficulty Level
Easy
Downloading the Memory Dump / Running on the Cloud Lab
Attention: the sample you are about to download is including malicious files and malware samples. To protect your system, please analyze it on a completely isolated virtual machine if it is not running on cloud
Please visit the lab official link to download and analyze the memory dump.
Instructions
- To uncompress the challenge file (pass: cyberdefenders.org)
- The lab is FREE at the time of writing this post.
- This lab is designed for beginners to get more familiar with some of the most important Windows plugins of Volatiliy3, such as pstree, pslist, cmdline, filescan, malfind, netstat, etc.
Our Walk-through
As it is an active challenge, we will wait until it is retried to make an official writeup.
Stay tuned!
Used Tools
Conclusion
In this blog, we briefly notified you about a newly released memory forensic challenge.
Cya till the Next One ~ Hoxed
Related Posts
Critical Room Challenge
MEM Challenge
