grrcon GrrCon 2017 DFIR write up - Level 1 #GrrCon 2017 #DFIR #CTF challenge. Several host images and memory dumps need to be analysed and investigated. Submit IOCs as you progress...
oscp CTF / Boot2Root / SickOS 1.2 If you've not figured out, this is a write-up and will contain spoilers NOTES Part of my OSCP pre-pwk-pre-exam education path, this is one of many recommended unofficial practice boxes. SickOs 1.2
ctf CTF / Boot2Root / Sick Os 1.1 If you've not figured out, this is a write-up and will contain spoilers NOTES Part of my OSCP pre-pwk-pre-exam education path, this is one of many recommended unofficial practice boxes. SickOs details (https:
ctf GrrCon 2016 DFIR Write up - Part 3 Level 3 Question 16) What is the maldoc md5hash? Start by using FILESCAN and searching for documents .rtf, .doc, .docx etc... [email protected]:~# python volatility/vol.py -f /mnt/hgfs/Shared/Part3/ecorpwin7-e73257c4.
grrcon GrrCon 2016 DFIR Write up - Part 2 Level 2 Question 5) What is the password the malware used to enable remote access to the system? From the community Volatility section, download and call the 'editbox' plugin. Also, I didn't know,
forensics GrrCon 2016 DFIR Write up - Part 1 CTF HOMEPAGE https://ir.e-corp.biz/home To start off, get Volatility or a prebuilt vm like SANS SIFT Workstation, they've recommended using the provided Security Onion image. Also, check out the community