Critical - Find Secret Data🔏TryHackMe Write-up |

Published: 19 July 2024
on channel: VietTube

166

TryHackMe room: Critical - Acquire the basic skills to analyze a memory dump in a practical scenario🔏Click the link in the description to enter our latest giveaway 👉 https://bit.ly/VietTube ✅

TryHackMe Writeup: https://tryhackme.com/r/room/critical

00:00 Task 1: Introduction

00:34 Task 2: Memory Forensics
What type of memory is analyzed during a forensic memory task?
RAM
In which phase will you create a memory dump of the target system?
Memory Acquisition

00:45 Task 3: Environment & Setup

Which plugin can help us to get information about the OS running on the target machine?
Windows.info
Which tool referenced above can help us take a memory dump on a Linux OS?
LIME
Which command will display the help menu using Volatility on the target machine?

vol -h

02:08 Task 4: Gathering Target Information
Is the architecture of the machine x64 (64bit) Y/N?
Y
What is the Verison of the Windows OS
10
What is the base address of the kernel?
0xf8066161b000

03:06 Task 5: Searching for Suspicious Activity
Using the plugin "windows.netscan" can you identify the IP address that establish a connection on port 80?
192.168.182.128
Using the plugin "windows.netscan," can you identify the program (owner) used to access through port 80?
msedge.exe
Analyzing the process present on the dump, what is the PID of the child process of critical_updat?
1612
What is the time stamp time for the process with the truncated name critical_updat?
2024-02-24 22:51:50.000000

07:31 Task 6: Finding interesting data
Analyzing the "windows.filescan" output, what is the full path and name for critical_updat?
C:\Users\user01\Documents\critical_update.exe

Analyzing the "windows.mftscan.MFTScan" what is the Timestamp for the created date of important_document.pdf?
2024-02-24 20:39:42.000000

Analyzing the updater.exe memory output, can you observe the HTTP request and determine the server used by the attacker?
SimpleHTTP/0.6 Python/3.10.4

15:09 Task 7: Conclusion & Wrapping Up

👉What kind of video would you like to see next?
Critical TryHackMe Walkthrough
Critical TryHackMe Writeup

👉What did you think of this video?
#Critical #TryHackMe #VietTube

👇For any Query message me on Facebook👇
Facebook Link :- https://FB.COM/K3Lvinmitnick

-----------------
Disclaimer: The content in this video is strictly for Education purposes only. Copyright Disclaimer Under Section 107 of the Copyright Act 1976, allowance is made for "fair use" for purposes such as criticism, comment, news reporting, teaching, scholarship, and research. This video is not forcing anything on you.
-----------------

🔔📢 Subscribe for more TIPs from VietKim → https://bit.ly/VietTube
🌐 Follow VietKim on https://FB.COM/K3Lvinmitnick
🌐 Visit https://bloggeroffer.blogspot.com/ to learn more ...

Watch video Critical - Find Secret Data🔏TryHackMe Write-up | online without registration, duration hours minute second in high quality. This video was added by user VietTube 19 July 2024, don't forget to share it with your friends and acquaintances, it has been viewed on our site 16 once and liked it people.