Seized Info Category : Digital Forensics SHA1SUM : a2c209bb3c221bc70f3418e079e2a22db3cebc53 Published : May 28, 2022 Authors : 2phi and Nofix Size : 162 MB Tags : LINUX MEMORY CENTOS ROOTKIT Unzip the challenge (pass: cyberdefenders.org), investigate this case, and answer the provided questions. Use the latest version of Volatility, place the attached Volatility profile “Centos7.3.10.1062.zip” in the following path volatility/volatility/plugins/overlays/linux. Scenario Using Volatility, utilize your memory analysis skills to Investigate the provided Linux memory snapshots and figure out attack details.

TeamSpy Info Category : Digital Forensics SHA1SUM : 1bc677daf51be254c8bfb9085f7375bbf1ee8e3b Published : June 4, 2022 Author : Wyatt Roersma Size : 1.4G Tags : GrrCon Memory WIndows TeamViewer Uncompress the challenge (pass: cyberdefenders.org) Scenario An employee reported that his machine started to act strangely after receiving a suspicious email with a document file. The incident response team captured a couple of memory dumps from the suspected machines for further inspection. Analyze the dumps and help the IR team figure out what happened!

Ulysses Info Category : Digital Forensics SHA1SUM : b53238c60a72d6056dacff51ab041c9688553d07 Published : Oct. 19, 2020 Author : The Honeynet Project Size : 429M Tags : Volatility Linux Memory Disk Scenario A Linux server was possibly compromised and a forensic analysis is required in order to understand what really happened. Hard disk dumps and memory snapshots of the machine are provided in order to solve the challenge. Tools Volatility 010 Editor Autopsy Questions 1 2 3 4 5 6 7 8 9 vol.

WireDive Info Category : Digital Forensics SHA1SUM : a2aa9ad4831057e17df585bdac84efc05ec0413d Published : Oct. 7, 2020 Authors : Johannes Weber and Champlain College Size : 26M Tags : Wireshark PCAP SMB Network Uncompress the challenge (pass: cyberdefenders.org) Scenario WireDive is a combo traffic analysis exercise that contains various traces to help you understand how different protocols look on the wire. Challenge Files : dhcp.pcapng dns.pcapng https.pcapng network.pcapng secret_sauce.txt shell.pcapng smb.pcapng Tools BrimSecurity WireShark Questions 1 - File: dhcp.

Catégorie : Forensics Difficulté : ⭐ À l’ancienne Ennoncé Vous devez récupérer et analyser les données échangées dans cette capture. On préfère prévenir, avant de paniquer, il va falloir se décontracter et décompresser pour faire ça tranquillement. SHA256(cap) = 27117fc9487e8ca1a54f7d6a55f39b3223153451a8df41bb02488c2a99dbf059. Solve 1 2 └─$ file cap cap: Sniffer capture file - version 4.0 (Ethernet) We open the file with wireshark, we quickly browse the file. There are practically only DNS requests, the objective is therefore to recover the data of its requests

Catégorie : Forensics Difficulté : ⭐ C-3PO Ennoncé Pour votre première analyse, on vous confie le téléphone du PDG de GoodCorp. Ce dernier est certain que les précieuses photos stockées sur son téléphone sont récupérées par un acteur malveillant. Vous décidez de mettre en place une capture réseau sur le téléphone, afin de voir ce qu’il en est… SHA256(capture.cap) = 7b63c22567098f829dfdc190b6f531bbdf23a23e222508752a0a5e5dfa28259c (61Mo). Note : les épreuves C-3PO, R2-D2 et R5-D4 sont indépendantes