Volatility – Red-Orbita

Cyberdefenders – Reveal Blue Team Lab writeup

23 agosto, 202423 agosto, 2024 rokitoh Deja un comentario

Instructions:

Uncompress the lab (pass: cyberdefenders.org)

Scenario:

As a cybersecurity analyst for a leading financial institution, an alert from your SIEM solution has flagged unusual activity on an internal workstation. Given the sensitive financial data at risk, immediate action is required to prevent potential breaches.

Your task is to delve into the provided memory dump from the compromised system. You need to identify basic Indicators of Compromise (IOCs) and determine the extent of the intrusion. Investigate the malicious commands or files executed in the environment, and report your findings in detail to aid in remediation and enhance future defenses.

Tools:

Volatility 3

Cyberdefenders – Ramnit Blue Team Lab writeup

9 julio, 20249 julio, 2024 rokitoh Deja un comentario

Instructions:

Uncompress the lab (pass: cyberdefenders.org)

Scenario:

Our intrusion detection system has alerted us to suspicious behavior on a workstation, pointing to a likely malware intrusion. A memory dump of this system has been taken for analysis. Your task is to analyze this dump, trace the malware’s actions, and report key findings. This analysis is critical in understanding the breach and preventing further compromise.

Tools:

Volatility 3

Cyberdefenders – RedLine Blue Team Lab writeup

4 julio, 20245 julio, 2024 rokitoh Deja un comentario

Scenario:

As a member of the Security Blue team, your assignment is to analyze a memory dump using Redline and Volatility tools. Your goal is to trace the steps taken by the attacker on the compromised machine and determine how they managed to bypass the Network Intrusion Detection System «NIDS». Your investigation will involve identifying the specific malware family employed in the attack, along with its characteristics. Additionally, your task is to identify and mitigate any traces or footprints left by the attacker.

Tools:

Volatility

CHEATSHEET VOLATILITY 2 y 3

21 junio, 202421 junio, 2024 rokitoh Deja un comentario

Introducción

En el ámbito de la respuesta a incidentes y el análisis forense digital, el análisis de la memoria es una herramienta crucial para comprender la actividad de un sistema en el momento de su captura. Volatility, una plataforma de análisis de memoria muy conocida, ha evolucionado significativamente con el tiempo, ofreciendo versiones más avanzadas y funcionales. En este blog, exploraremos en detalle las diferencias clave entre Volatility 2 y Volatility 3, proporcionando una guía exhaustiva de los comandos más utilizados en ambas versiones.

Activando Volatility en Autopsy para Análisis Forense

21 junio, 202421 junio, 2024 rokitoh Deja un comentario

Introducción

En el mundo de la informática forense, disponer de herramientas robustas y eficientes es fundamental para realizar análisis precisos y detallados. En esta entrada de blog, te explicaremos cómo activar y utilizar Volatility dentro de Autopsy para mejorar tus investigaciones forenses.

Cyberdefenders – BSidesJeddah-Part2 writeup

9 marzo, 20229 marzo, 2022 rokitoh Deja un comentario

Scenario

The #NSM gear flagged suspicious traffic coming from one of the organization’s web servers. Analyze the server’s captured memory image and figure out what happened.

Tools

Volatility

Cyberdefenders – DumpMe writeup

26 enero, 202226 enero, 2022 rokitoh Deja un comentario

Scenario:

One of the SOC analysts took a memory dump from a machine infected with a meterpreter malware. As a Digital Forensicators, your job is to analyze the dump, extract the available indicators of compromise (IOCs) and answer the provided questions.

Tools:

Volatility 2