We covered an incident response scenario that involved a using memory forensics to investigate the presence of a malware downloaded from email attachments. The scenario involved a memory dump and Volatility tools to perform memory investigation. We listed the processes running, the process tree and uncovered a Powershell process that was invoked after opening the attachment which was in PDF. We extracted strings from the PDF attachments to find the artifacts (the flag). This was part of HackTheBox Reminiscent

Video Walkthrough

CTF Writeups, HackTheBox, HackTheBox Reminiscent, Memory Forensics, Volatility

Show Comments

Motasem

About the Author

I create cybersecurity notes, digital marketing notes and online courses. I also provide digital marketing consulting including but not limited to SEO, Google & Meta ads and CRM administration.

View Articles

Memory Forensics with Volatility | Uncovering Malware Hidden in Emails | HackTheBox Reminiscent

Leave a Reply Cancel reply

Motasem

About the Author

Other stories

Demonstrating Session Hijacking & Linux Privilege Escalation | TryHackMe Hijack

Time Based SQL Injection | OverTheWire Natas Level 17

Press ESC to close

Memory Forensics with Volatility | Uncovering Malware Hidden in Emails | HackTheBox Reminiscent

Leave a Reply Cancel reply

Motasem

About the Author

Share Article:

Other stories

Demonstrating Session Hijacking & Linux Privilege Escalation | TryHackMe Hijack

Time Based SQL Injection | OverTheWire Natas Level 17