Skip to main contentSkip to main content
Room Banner
Room Icon

Dead End?

Premium room

You're given a memory image and a disk image - help us find the flag!

hard

60 min

1,717

User profile photo.

To access material, start machines and answer questions login.

Set up your virtual environment

To successfully complete this room, you'll need to set up your virtual environment. This involves starting both your AttackBox (if you're not using your VPN) and Target Machines, ensuring you're equipped with the necessary tools and access to tackle the challenges ahead.
Attacker machine
Status:Off
Lab machine - Task 1
Status:Off

An in-depth analysis of specific endpoints is reserved for those you're certain to have been compromised. It is usually done to understand how specific adversary tools or malwares work on the endpoint level; the lessons learned here are applied to the of the incident.

You're presented with two main artefacts: a memory dump and a disk image. Can you follow the artefact trail and find the flag?

Answer the questions below

What binary gives the most apparent sign of suspicious activity in the given memory image?

Use the full path of the artefact.

The answer above shares the same parent process with another binary that references a .txt file - what is the full path of this .txt file?

We use cookies to ensure you get the best user experience. For more information see our cookie policy.