Supplemental Memory
Premium roomInvestigate lateral movement, credential theft, and additional adversary actions in a memory dump.
medium
60 min
1,732
To access material, start machines and answer questions login.
As a team member in this room, you are tasked with conducting a memory analysis of a Windows workstation image suspected to have been compromised by a threat actor.
This room is designed for team members, Threat Hunters, and L2/L3 analysts who want to improve and reinforce their skills in memory analysis during a potential incident in order to understand better the value that memory dump investigation can provide in such scenarios.
Learning Objectives
- Uncover the TryHatMe breach with just a memory dump.
- Identify suspicious processes and network connections.
- Explore traces of execution and discovery actions.
- Detect signs of potential lateral movement and credential dumping.
Room Prerequisites
It is suggested to clear the following rooms first before proceeding:
Let's start!
Ready to learn Cyber Security?
The Supplemental Memory room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in