🚩
Anthony Morell's Gitbook
Capture The Flag
CertificationsCapture The FlagBug BountiesHome
Capture The Flag
CertificationsCapture The FlagBug BountiesHome
  • 🖥️CTF Writeups
  • 🟦TryHackMe
    • THM Overview
      • Reverse Engineering
      • Game Server
      • Obscure Web Vulns
      • UltraTech
      • Linux Privilege Escalation
      • The Marketplace
      • RootMe
      • Agent Sudo
      • Startup
      • Lian_Yu
      • Advent of Cyber 2022
        • [Day 1] Frameworks
        • [Day 2] Log Analysis
        • [Day 3] OSINT
        • [Day 4] Scanning
        • [Day 5] Brute-Forcing
        • [Day 6] Email Analysis
        • [Day 7] CyberChef
        • [Day 8] Smart Contracts
        • [Day 9] Pivoting
        • [Day 10] Hack a game
        • [Day 11] Memory Forensics
        • [Day 12] Malware Analysis
        • [Day 13] Packet Analysis
        • [Day 14] Web Applications
        • [Day 15] Secure Coding
        • [Day 16] Secure Coding
        • [Day 17] Secure Coding
        • [Day 18] Sigma
        • [Day 19] Hardware Hacking
        • [Day 20] Firmware
        • [Day 21] MQTT
        • [Day 22] Attack Surface Reduction
        • [Day 23] Defence in Depth
        • [Day 24] The End
  • 🟫PentesterLab
    • PL Overview
      • Recon Badge
        • Badge Solutions
  • 🟩Hack The Box
    • HTB Overview
      • HTB Post
  • 🟧BurpSuite Academy
    • BSA Overview
      • GraphQL API vulnerabilities
        • Accessing private GraphQL posts
        • Accidental exposure of private GraphQL fields
        • Finding a hidden GraphQL endpoint
  • 🏁Competitions
    • Competition Overview
      • GM Bug Bounty Competition
Powered by GitBook
On this page
  1. TryHackMe
  2. THM Overview
  3. Advent of Cyber 2022

[Day 11] Memory Forensics

December 11, 2022

Previous[Day 10] Hack a gameNext[Day 12] Malware Analysis

Last updated 2 years ago

Today's challenge was about volatile memory forensics. Using a tool called 'volatility3' I am able to view an image of active processes in RAM. This analysis is critical in digital forensics because the volatility in this type of memory can be lost if a computer is reset or turned off.

volatility3 - https://github.com/volatilityfoundation/volatility3

Flags

What is the Windows version number that the memory image captured?

10

What is the name of the binary/gift that secret Santa left?

mysterygift.exe

What is the Process ID (PID) of this binary?

2040

Dump the contents of this binary. How many files are dumped?

16

🟦
  • Flags
  • What is the Windows version number that the memory image captured?
  • What is the name of the binary/gift that secret Santa left?
  • What is the Process ID (PID) of this binary?
  • Dump the contents of this binary. How many files are dumped?