Memory

There was no level for each challenge so I am going to rate them as I found them Challenge Name Level Download Link Password InfectedWires Easy Download Challenge NLkEqTsGsYVbijpG97ec MemBase Insane Download Challenge zDLRQGogLxNX7HagpTw2 RanWide Easy Download Challenge yKZuY6X*pfTuetT*dDF_UyvY Bridged Hard Download Challenge 9Zyn2k4geGpv7LPZGWgg BetweenTheLines Medium Download Challenge QDMF8h6znQfudppJubaT PointBreak Easy Download Challenge LmxHXhpvYs4qP.**.bM4Xm4c TimeTravel Hard Download Challenge cADwsoaiTZ2aDkqF3UgG Day 1 InfectedWires Details Description: During a routine compromise assessment, a network capture was collected for analysis....

Description Our friend fell victim to a suspicious crack tool. but it seems it didn't goes in the right path so investigate it to find any evidence. Tools Tools Required 1- Volatility 2- Notepad++ 3- VirusTotal or VM. 4- Linux Command Line Writeup Q1 How many users are on the machine? In this question we can use filescan then grep the Users and sort them and find the uniq...

Description Our friend fell victim to a ransomware attack and reached out to seek your expertise in analyzing the system to uncover the cause of the breach. We have provided you with a memory dump of his computer as the starting point for your investigation. Tools Tools Required 1- Volatility 2- Notepad++ 3- VirusTotal or VM. Writeup Q1 What is the dump profile? Well by checking the file we got it’s a memory dump so we are going to use volatility in this case for our investigations....

Description A user thought they were downloading the SysInternals tool suite and attempted to open it, but the tools did not launch and became inaccessible. Since then, the user has observed that their system has gradually slowed down and become less responsive. Challenge Link : https://cyberdefenders.org/blueteam-ctf-challenges/55 Supportive Tools: Registry Explorer Event Log Explorer AppCompatCachParser VirsuTotal Web Cache View FTK Imager Autopsy Writeup Q1 1: What was the malicious executable file name that the user downloaded?...

Description This Ubuntu Linux honeypot was put online in Azure in early October to watch what happens with those exploiting CVE-2021-41773. Initially, there was a large number of crypto miners that hit the system. You will see one cron script meant to remove files named kinsing in /tmp. This was a way of preventing these miners so more interesting things could occur. Challenge Files: sdb.vhd.gz VHD of the main drive obtained through an Azure disk snapshot ubuntu....