InCTF 2017 : Browse? Writeup

Challenge created by sh1v First of thanks to Jim Shaver as the challenge was inspired from this blog. Initially we have a memory dump. On analysing it in volatility using imageinfo plugin we get to know that the memory dump is of Windows 7. Then on further analysis of the processes listed using the pslist... Continue Reading →

Advertisements

SEC-T CTF: G1bs0n Writeup

Solved by sh1v and sherl0ck First of all kudos to the admins for conducting such a great CTF. The challenges were really cool and we had loads of fun solving them. Now getting to this particular challenge, we were given a 326 MB file, which when unpacked, amounted to about 1.1 GB. We were told... Continue Reading →

Volatility: A Memory Forensics Framework

Introduction Windows Memory Forensics mainly deals with analysing the memory dump produced by the windows OS when the system crashes.One can create a memory dump by loading a malicious code into the Vm and suspending or can use the following tools 1.Dumpit(This tools produces the memory dump in raw format) The obtained Memory Dump is... Continue Reading →

Google Ctf-a cute stegosaurus(Steg)

This was one of the Interesting and definitely the most time consuming Ctf challenge that I have played .We are given a pcap file named stego.pcap .We opened the pcap file in Wireshark packet Analyser. In packet number four we can find that there is an HTTP object called message.png Hence this image could be obtained... Continue Reading →

Google CTF ’16 – For2

The challenge was to find the flag from the given pcapng file. Then we convert the file into a pcap file using this site. Initially, when we open the file using wireshark we can get to know that its the packet capture of some kind of USB device. On further investigation we found out what... Continue Reading →

Blog at WordPress.com.

Up ↑