Posts

Description A Linux server was possibly compromised and a forensic analysis is required in order to understand what really happened. Hard disk dumps and memory snapshots of the machine are provided in order to solve the challenge. Challenge Files: victoria-v8.kcore.img: memory dump done by dd’ing /proc/kcore. victoria-v8.memdump.img: memory dump done with memdump. Debian5_26.zip: volatility custom Linux profile. Challenge Link : https://cyberdefenders.org/labs/41 Supportive Tools: Volatilty 2.6 FTK imger HxD Writeup Q1 The attacker was performing a Brute Force attack....

Challenge We were provided with this info https://77.87.243.155 username: alpha password: 900d1uck734m41ph4 and we will use it to login to the web kalIbox that we will use to solve the machine Writeup I had a little idea that they have the machine on the same box so Ichecked the hosts to know the ip cat /etc/hosts yup I was right the ip was there 192.168.204.3 funbox11 let’s scan it using nmap...

You can get the data from Kaggle Importing Needed Lib import os from tensorflow.keras import layers from tensorflow.keras import Model from tensorflow.keras.preprocessing.image import ImageDataGenerator import tensorflow as tf import matplotlib.pyplot as plt import PIL Getting the Data Ready train_datagen = ImageDataGenerator(rescale = 1./255, rotation_range=40, width_shift_range=0.2, height_shift_range=0.2, shear_range=0.2, zoom_range=0.2, horizontal_flip=True, fill_mode='nearest') test_datagen = ImageDataGenerator( rescale = 1.0/255) train_generator = train_datagen.flow_from_directory('Gender/Train', batch_size =256 , class_mode = 'binary', target_size = (64, 64)) validation_generator = test_datagen....

Ryuk is a ransomware which encrypts its victim’s files and asks for a ransom via bitcoin to release the original files. It is has been observed being used to attack companies or professional environments. Cybersecurity experts figured out that Ryuk and Hermes ransomware shares pieces of codes. Hermes is commodity ransomware that has been observed for sale on dark-net forums and used by multiple threat actors. And I am going to do some analysis form a forensics perspective...

Description Company X has contacted you to perform forensics work on a recent incident that occurred. One of their employees had received an e-mail from a co-worker that pointed to a PDF file. Upon opening, the employee did not notice anything; however, they recently had unusual activity in their bank account. The initial theory is that a user received an e-mail, containing an URL leading to a forged PDF document....