RogueOne Challenge

Husam ShbibMay 22, 2024May 27, 2024

Credit

This lab is made by HackTheBox.

Lab Scenario

“Your SIEM system generated multiple alerts in less than a minute, indicating potential C2 communication from Simon Stark’s workstation. Despite Simon not noticing anything unusual, the IT team had him share screenshots of his task manager to check for any unusual processes. No suspicious processes were found, yet alerts about C2 communications persisted. The SOC manager then directed the immediate containment of the workstation and a memory dump for analysis. As a memory forensics expert, you are tasked with assisting the SOC team at Forela to investigate and resolve this urgent incident.”

Downloading the Memory Dump / Running on the Cloud Lab

Attention: the sample you are about to download is including malicious files and malware samples. To protect your system, please analyze it on a completely isolated virtual machine if it is not running on cloud

Please visit the lab official link.

Used Tools

Volatili ty2
Volatility3
Strings
M d5 sum
VirusTotal

Instructions

To uncompress the lab file (pass: hacktheblue)
The lab is FREE at the time of writing this post (if retired, it will be paid and only for VIP users)

Conclusion

In this blog, I briefly notified you about a newly released memory forensic challenge.

~ Cya in the Next One

<span class="nav-subtitle screen-reader-text">Page</span>

Previous PostRecollection Challenge

Next PostDo not Underestimate Doing This in Memory Forensics

RogueOne Challenge

Translation

Newsletter

Recent Posts

Tags