Another day, another challenge…
In this post, we’re starting a new series, the Advent of Cyber, hosted by TryHackMe. This is the fourth year of the Advent of Cyber, where a challenge is released every day leading to Christmas. There will be 25 challenges; we’re McSkidy, an elf trying to save Christmas.
In our eleventh challenge, Elf McDave clicked on a document and now there’s a command prompt running code on their computer. As Elf McBlue we create a memory dump and analyze the dump to determine the root cause.
The topics explored in this challenge are memory forensics and why it’s important. We’re also introduced to the volatility tool that can be used to determine processes and programs that were executed before a computer crash.
Can Elf McBlue dump the image to determine the root cause? Find out below!
If you enjoy my content, buy me a coffee. Link –> http://buymeacoffee.com/thefluffy007