ISITDTU CTF Quals EASY HUSKY WriteUp

This was probably the easiest memory forensics challenge that I ever attempted. Sadly I could not get the first blood in this as I had to leave for dinner ūüėõ Challenge Description The description does not provide anything, so let us look at the file ūüôā Link to challenge file:¬†Mega Link Solution Okay, let us... Continue Reading →

Advertisements

InCTF Quals 2018 Hard-To-Get WriteUp

I had a lot of fun organizing this CTF. Just too much excitement. Many people have requested me to put out a write-up for the challenge which had only 4 solves in the end. So I'll be writing a short write-up. Challenge Description: So from the challenge, one can pretty much discover that the user... Continue Reading →

SEC-T CTF 2018 Batou Challenge WriteUp

So this is a¬† challenge which I solved in SECT CTF 2018. This challenge requires the use of tools called¬†volatility¬†and its¬†plugins. Please feel free to read my blog on volatility¬†here. Challenge file can be downloaded from¬†here. The description was: "We managed to collect a dump from Bataou's computer. Try to find info/notes that can help... Continue Reading →

Writing Plugins For Volatility

In this post, I'll be talking about how to write plugins for volatility. The prime advantage with volatility is that it can be extended to any level depending on the needs and interests of the user. This feature of volatility is one of the main reasons why it is used in¬†Incident Response¬†and¬†Malware Analysis.¬†I have done... Continue Reading →

The Volatility Framework

Volatility is a python based command line tool that helps in analyzing virtual memory dumps. It provides a very good way to understand the importance as well as the complexities involved in Memory Forensics. Advantages of using Volatility: Runs on Windows, Linux and Mac It can be executed wherever python environment is present. Uses Fast... Continue Reading →

Basics Of Memory Forensics

What is Volatile Memory? Volatile Memory is the memory used by the system or OS during the time the device is powered on. To put it simply, the data stored in¬†RAM(Random Access Memory) can be called as volatile memory. It is also called the primary memory. So, why do we need to analyze memory? For... Continue Reading →

Powered by WordPress.com.

Up ↑

Create your website at WordPress.com
Get started