Memory Forensics

OtterCTF Writeup Memory Forensics 5 - Name Game 2 150

Memory Forensics 5 - Name Game 2 150 From a little research we found that the username of the logged on character is always after this signature: 0x64 0x??{6-8} 0x40 0x06 0x??{18} 0x5a 0x0c 0x00{2} What's rick's character's name? format: C…

OtterCTF Writeup Memory Forensics 2 - General Info 75

Memory Forensics 2 - General Info 75 Let's start easy - whats the PC's name and IP address? format: CTF{flag} FLAG:CTF{PC IP} FLAG:CTF{PC name} 3 - Play Timeに引き続き、メモリダンプの中身を見ていく。 まずはコンピューター名から確認する。調…

OtterCTF Writeup Memory Forensics 3 - Play Time 50

Memory Forensics 3 - Play Time 50 Rick just loves to play some good old videogames. can you tell which game is he playing? whats the IP address of the server? format: CTF{flag} OtterCTF.7zを解凍するとOtterCTF.vmemが渡される。 Volatilityで…

OtterCTF Writeup Memory Forensics 4 - Name Game 100

Memory Forensics 4 - Name Game 100 We know that the account was logged in to a channel called Lunar-3. what is the account name? format: CTF{flag} 引き続きメモリダンプを見ていく。 Lunar-MS.exeをメモリダンプする。 > volatility.exe --profile…