[hsb] Presents: OtterCTF 2018 — Memory Forensics Write-Up

Screenshot

Yeboiii an all-kill! It was a proud moment for our team 😢

Preparation

volatility -f OtterCTF.vmem --profile=Win7SP1x64 dumpregistry -o <virtual memory address of the hive> -D <output directory> 
rip -r <registry file> -f <sam/security/software/system> > <output file>

Walkthrough

$ strings 708.dmp | grep -a Lunar\-3 -C 5
Image 1
Image 2

Thanks for reading!

YES

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store