Introducing MemLabs - Educational challenges to get started with memory forensics

栏目: IT技术 · 发布时间: 4年前

内容简介:MemLabs is an educational, introductory set of CTF-styled challenges which is aimed to encourage students, security researchers and also CTF players to get started with the field ofThis repository is brought to you by

Introducing MemLabs - Educational challenges to get started with memory forensics

MemLabs is an educational, introductory set of CTF-styled challenges which is aimed to encourage students, security researchers and also CTF players to get started with the field of Memory Forensics .

This repository is brought to you by Team bi0s . You can view other popular open soure project from bi0s at https://github.com/teambi0s .

Team bi0s also conducts various flagship CTF events like

  • InCTF International
  • InCTF Nationals - India's first Hacking contest.
  • Amrita InCTF Junior - The only cybersecurity contest for school students in India.

Motivation

The main goal of creating this repository was to provide a reliable platform where individuals can learn, practice and enhance their skills in the field of memory forensics. As of the CTF-style, well, what better & interesting way to learn security than by playing CTFs?

I also believe these labs can be used by anyone to help others become good with the essentials and fundamentals of memory forensics.

Structure Of The Repository

Directory Challenge Name Level Of Difficulty
Lab 1 Beginner's Luck Easy
Lab 2 A New World Easy
Lab 3 The Evil's Den Easy - Medium
Lab 4 Obsession Medium
Lab 5 Black Tuesday Medium - Hard
Lab 6 The Reckoning Hard

All the memory dumps are that of a Windows system.

Tools and Frameworks

I'd suggest everyone use The Volatility Framework for analysing the memory images.

To install the necessary tools required for this lab,

$ sudo apt install volatility
$ sudo apt install ghex

As these labs are quite introductory, there is no need for installing more tools. However, if the user wishes, they can install many other forensic tools.

There are some widely used forensic CTF tools here: bi0s Wiki

The preferred OS would be Linux. However, you can also use Windows (WSL) or macOS.

Flag Submission

Please mail the flags of each lab to memlabs.submit@gmail.com

Please have a look at the following example to better understand how to submit the solution.

Suppose you find 3 flags in a particular lab,

  • flag{stage1_is_n0w_d0n3}
  • flag{stage2_is_n0w_d0n3}
  • flag{stage3_is_n0w_d0n3}

Concatenate all the flags like this: flag{stage1_is_n0w_d0n3} flag{stage2_is_n0w_d0n3} flag{stage3_is_n0w_d0n3}

Note: Place the flags in the right order. The content inside the flags indicates their place. The flags must be space-separated.

Email Format

Please follow the following guidelines when sending the solution. Below is a sample:

Email Subject: [MemLabs Solution Submission] [Lab-x]

Introducing MemLabs - Educational challenges to get started with memory forensics

Email your solution to memlabs.submit@gmail.com

If the solution is correct, then the participant will receive a confirmation mail.

Feedback & Suggestions

I'd love the community's feedback regarding these labs. Any suggestions or improvements are always welcome. Please email it to me.

Resources

New to CTFs? Don't know what CTFs are? Have a look at https://ctftime.org/ctf-wtf/

Author

P. Abhiram Kumar

Cyber Forensics, Team bi0s


以上所述就是小编给大家介绍的《Introducing MemLabs - Educational challenges to get started with memory forensics》,希望对大家有所帮助,如果大家有任何疑问请给我留言,小编会及时回复大家的。在此也非常感谢大家对 码农网 的支持!

查看所有标签

猜你喜欢:

本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们

梦断代码

梦断代码

Scott Rosenberg / 韩磊 / 电子工业出版社 / 2008.06 / 49.00元

软件乃是人类自以为最有把握,实则最难掌控的技术。本书作者罗森伯格对OSAF主持的Chandler项目进行田野调查,跟踪经年,试图借由Chandler的开发过程揭示软件开发中的一些根本性大问题。. 本书是讲一事,也是讲百千事;是写一软件,也是写百千软件;是写一群人,也是写百千万人。任何一个在软件领域稍有经验的技术人员看完本书,必掩卷长叹:做软件难。...一起来看看 《梦断代码》 这本书的介绍吧!

CSS 压缩/解压工具
CSS 压缩/解压工具

在线压缩/解压 CSS 代码

RGB转16进制工具
RGB转16进制工具

RGB HEX 互转工具

MD5 加密
MD5 加密

MD5 加密工具