Digital Forensics

Description A Linux server was possibly compromised and a forensic analysis is required in order to understand what really happened. Hard disk dumps and memory snapshots of the machine are provided in order to solve the challenge. Challenge Files: victoria-v8.kcore.img: memory dump done by dd’ing /proc/kcore. victoria-v8.memdump.img: memory dump done with memdump. Debian5_26.zip: volatility custom Linux profile. Challenge Link : https://cyberdefenders.org/labs/41 Supportive Tools: Volatilty 2.6 FTK imger HxD Writeup Q1 The attacker was performing a Brute Force attack....

Ryuk is a ransomware which encrypts its victim’s files and asks for a ransom via bitcoin to release the original files. It is has been observed being used to attack companies or professional environments. Cybersecurity experts figured out that Ryuk and Hermes ransomware shares pieces of codes. Hermes is commodity ransomware that has been observed for sale on dark-net forums and used by multiple threat actors. And I am going to do some analysis form a forensics perspective...

Description Company X has contacted you to perform forensics work on a recent incident that occurred. One of their employees had received an e-mail from a co-worker that pointed to a PDF file. Upon opening, the employee did not notice anything; however, they recently had unusual activity in their bank account. The initial theory is that a user received an e-mail, containing an URL leading to a forged PDF document....

Lab Challenge link difficulty Writeup link Lab 1 Beginner’s Luck Easy Lab 1 Lab 2 A New World Easy Lab 2 Lab 3 The Evil’s Den Easy - Medium Lab 3 Lab 4 Obsession Medium Lab 4 Lab 5 Black Tuesday Medium - Hard Lab 5 Lab 6 The Reckoning Hard Lab 6 Challenge description My sister's computer crashed. We were very fortunate to recover this memory dump. Your job is get all her important files from the system....

Lab Challenge link difficulty Writeup link Lab 1 Beginner’s Luck Easy Lab 1 Lab 2 A New World Easy Lab 2 Lab 3 The Evil’s Den Easy - Medium Lab 3 Lab 4 Obsession Medium Lab 4 Lab 5 Black Tuesday Medium - Hard Lab 5 Lab 6 The Reckoning Hard Lab 6 Challenge description One of the clients of our company, lost the access to his system due to an unknown error....