Root-me Command and Control Challenges
In this post we will go through command and control challenges on https://www.root-me.org/. Since , this challenge is still open we will not post the answers but will only document the steps and approach that was taken to solve the challenges. Command & Control — level 2 Find workstations hostname from memory dump The first approach that came into my […]
Forensic Analysis: jackcr difr challenge
After completing Cridex Malware analysis decided to take up jackcr difr challenge for further learning . I will continue to use Volatility Open Source Framework for this analysis .Also, you can read, Cridex Malware analysis here Challenge The challenge consist of 4 memory dumps and one packet capture. Two memory dumps from user machines , 1 memory dump […]
Forensic Memory Analysis with Volatility
After analyzing multiple dump files via Windbg, the next logical step was to start with Forensic Memory Analysis. After going through lots of youtube videos I decided to use Volatility — A memory forensics analysis platform to being my journey into Memory analysis. Why Volatility It is written in python and python is my go to scripting […]
Windows Process
In this post we will take a closer look at Windows Process. We will start with defining different parts of a process, look briefly into Virtual Address space and then will take a closer look into internal data structure and threads. A process is a container inside which a program executes. At a very high […]
Setting Up Windows 2019Virtualbox VM for Kernel Mode Debugging
I’ve been reading on Windows Memory Management and decided to take a deeper dive into Windows Memory Management. For this I decided to use Windbg in Kernel mode, attach it to 2019 VM . I am documenting the steps for future reference. For installing windbg preview please refer to my previous post Before we start we […]