Dead End?
Premium roomYou're given a memory image and a disk image - help us find the flag!
hard
60 min
1,653
To access material, start machines and answer questions login.
An in-depth analysis of specific endpoints is reserved for those you're certain to have been compromised. It is usually done to understand how specific adversary tools or malwares work on the endpoint level; the lessons learned here are applied to the of the incident.
You're presented with two main artefacts: a memory dump and a disk image. Can you follow the artefact trail and find the flag?
What binary gives the most apparent sign of suspicious activity in the given memory image?
Use the full path of the artefact.
The answer above shares the same parent process with another binary that references a .txt file - what is the full path of this .txt file?
Ready to learn Cyber Security?
The Dead End? room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in