Swamp CTF 2018 Orcish Challenge WriteUp

Hey Guys!! So I found this challenge a bit tiring. We get a lot of data sent through different protocols (ARP, MDNS, TCP, ICMP etc.) Going through all of them, I found the ICMP packets a bit strange. There were some malformed packets in the capture. Seeing the hex dump of the first 3 packets... Continue Reading →

Advertisements

Learn about the All-Powerful Scapy module

So, guys, I have been studying about network traffic analysis for quite some time now. During CTFs, I always had to extract out some sort of data from multiple packets and that too only specific packets. Well, a lay man's idea would be to write down the content you specifically need. But man, we are... Continue Reading →

SEC-T CTF 2018 Batou Challenge WriteUp

So this is a  challenge which I solved in SECT CTF 2018. This challenge requires the use of tools called volatility and its plugins. Please feel free to read my blog on volatility here. Challenge file can be downloaded from here. The description was: "We managed to collect a dump from Bataou's computer. Try to find info/notes that can help... Continue Reading →

Writing Plugins For Volatility

In this post, I'll be talking about how to write plugins for volatility. The prime advantage with volatility is that it can be extended to any level depending on the needs and interests of the user. This feature of volatility is one of the main reasons why it is used in Incident Response and Malware Analysis. I have done... Continue Reading →

The Volatility Framework

Volatility is a python based command line tool that helps in analyzing virtual memory dumps. It provides a very good way to understand the importance as well as the complexities involved in Memory Forensics. Advantages of using Volatility: Runs on Windows, Linux and Mac It can be executed wherever python environment is present. Uses Fast... Continue Reading →

Basics Of Memory Forensics

What is Volatile Memory? Volatile Memory is the memory used by the system or OS during the time the device is powered on. To put it simply, the data stored in RAM(Random Access Memory) can be called as volatile memory. It is also called the primary memory. So, why do we need to analyze memory? For... Continue Reading →

Powered by WordPress.com.

Up ↑

Create your website at WordPress.com
Get started