To access material, start machines and answer questions login.
As a team member in this room, you are tasked with conducting a memory analysis of a Windows workstation image suspected to have been compromised by a threat actor.
This room is designed for team members, Threat Hunters, and L2/L3 analysts who want to improve and reinforce their skills in memory analysis during a potential incident in order to understand better the value that memory dump investigation can provide in such scenarios.
Learning Objectives
- Uncover the TryHatMe breach with just a memory dump.
- Identify suspicious processes and network connections.
- Explore traces of execution and discovery actions.
- Detect signs of potential lateral movement and credential dumping.
Room Prerequisites
It is suggested to clear the following rooms first before proceeding:
Let's start!
Ready to learn Cyber Security?
The Supplemental Memory room is only available for Premium or Max subscribers. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in

