Wargames.MY 2023 CTF – Compromised
As usual, start your CTF by read the question/description that indeed “very helpful” XD Download the “evidence.zip” & extract it. You’ll get the folders like below: So I randomly checked…
As usual, start your CTF by read the question/description that indeed “very helpful” XD Download the “evidence.zip” & extract it. You’ll get the folders like below: So I randomly checked…
As usual, real the description given. It says that “a file” been “transferred” to another “internal computer“. So we know that this might involving traffic between 2 internal IPs. Download…
Recently, we have host machine that been infected with QBot/QakBot. Upon investigation, we found that it added a registry with some random name. Based on Googling, I found this article…
Intro When you open a password protected zip archive using Windows Explorer (“Extract All…”); in Windows 8.x/10, the password is automatically cached in the Credentials Manager for the life of…
Recently, I encountered incident where several hosts been infected by < █████████ >. So, to investigate this incident, we received bunch of logs to be analyze; mostly Linux related logs.…
There is no excerpt because this is a protected post.
There is no excerpt because this is a protected post.
There is no excerpt because this is a protected post.
There is no excerpt because this is a protected post.
For this question, I use Volatility to solve it. You can try to use Volatility Workbench. For me, it seems like not working properly (or I’m just too noob to…