bi0s
  •  Home
  •  Categories
  •  Archives
  •  Tags
  •  Home
  •  Categories
  •  Archives
  •  Tags

LOGarithm - InCTF Internationals 2020

stuxn3t
2020-08-04
Forensics / Memory

tl;dr

  • Extract keylogger script from the memory dump.
  • Extract the master key from the packet capture.
  • Reverse the script to get the flag.
Read More
InCTFi Windows Memory Analysis

Investigation Continues - InCTF Internationals 2020

stuxn3t
2020-08-04
Forensics / Memory

tl;dr

  • Extract Invalid Login timestamp from the windows registry.
  • Extract the timestamp of when a JPEG was opened.
  • Extract Google Chrome’s last run time which was pinned to taskbar from windows registry.
Read More
InCTFi Windows Memory Analysis Volatility Windows Registry

Investigation - InCTF Internationals 2020

stuxn3t
2020-08-04
Forensics / Memory

tl;dr

  • Extract process last run time from the windows registry.
  • Extract process run count from the windows registry.
Read More
InCTFi Windows Memory Analysis Volatility Windows Registry

Find My Pass - HackTM CTF Quals 2020

stuxn3t
2020-02-09
Forensics / Memory

tl;dr

  • Memory dump analysis using Volatility.
  • Extracting Keepass Master Password from the memory.
  • Extracting flag from ZIP archive attached in the Keepass database.
Read More
Windows Memory Analysis HackTM

Notch It Up - InCTF Internationals 2019

stuxn3t
2019-09-24
Forensics / Memory

tl;dr

  • Chrome history analysis
  • File recovery from the memory dump
  • Raw analysis of email content
  • Environment variables analysis
  • RAR password cracking
  • Corrupted file analysis
Read More
InCTFi Windows Memory Analysis Volatility

Just Do It - InCTF Internationals 2019

stuxn3t
2019-09-24
Forensics / Memory

tl;dr

  • Master File Table Analysis
  • Deleted file data recovery
Read More
InCTFi Windows Memory Analysis Volatility

Easy Husky - ISITDTU Quals 2019

stuxn3t
2019-07-08
Forensics / Memory

tl;dr - Volatility + Corrupted file analysis
Full solution of Easy Husky challenge from ISITDTU Quals 2019.

Read More
Windows Memory Analysis

Official blog of team bi0s

  Projects
  •   bi0s-wargame
    (Unraveling)
  •   bi0s-wiki
    (Free Encyclopedia)
  •   InCTF
    (bi0s CTF)

Made With Love and Coffee



Blog content follows the Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) License

Use Material X as theme, total visits times.