GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → stuxnet999 → Memlabs

stuxnet999 / Memlabs

Licence: mit
Educational, CTF-styled labs for individuals interested in Memory Forensics

Programming Languages

shell
77523 projects

Labels

securitywindowsctfcybersecuritydfirforensicsdigital-forensics

Projects that are alternatives of or similar to Memlabs

marcellelee.github.io
No description or website provided.
Stars: ✭ 27 (-96.12%)
Mutual labels:  forensics, cybersecurity, ctf
Ir Rescue
A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.
Stars: ✭ 311 (-55.32%)
Mutual labels:  dfir, cybersecurity, forensics
Linuxforensics
Everything related to Linux Forensics
Stars: ✭ 189 (-72.84%)
Mutual labels:  dfir, forensics, digital-forensics
RdpCacheStitcher
RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.
Stars: ✭ 176 (-74.71%)
Mutual labels:  forensics, dfir, cybersecurity
INDXRipper
Carve file metadata from NTFS index ($I30) attributes
Stars: ✭ 32 (-95.4%)
Mutual labels:  forensics, dfir, digital-forensics
EventTranscriptParser
Python based tool to extract forensic info from EventTranscript.db (Windows Diagnostic Data)
Stars: ✭ 22 (-96.84%)
Mutual labels:  forensics, dfir, cybersecurity
ad-privileged-audit
Provides various Windows Server Active Directory (AD) security-focused reports.
Stars: ✭ 42 (-93.97%)
Mutual labels:  forensics, dfir, cybersecurity
robot hacking manual
Robot Hacking Manual (RHM). From robotics to cybersecurity. Papers, notes and writeups from a journey into robot cybersecurity.
Stars: ✭ 169 (-75.72%)
Mutual labels:  forensics, cybersecurity, ctf
truehunter
Truehunter
Stars: ✭ 30 (-95.69%)
Mutual labels:  forensics, dfir
mini-kali
Docker image for hacking
Stars: ✭ 15 (-97.84%)
Mutual labels:  forensics, ctf
WiFi-Project
Pre-connection attacks, gaining access & post-connection attacks on WEP, WPA & WPA2. 🛰✔️
Stars: ✭ 22 (-96.84%)
Mutual labels:  forensics, cybersecurity
ir scripts
incident response scripts
Stars: ✭ 17 (-97.56%)
Mutual labels:  forensics, dfir
artifactcollector
🚨 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system
Stars: ✭ 140 (-79.89%)
Mutual labels:  dfir, digital-forensics
CTF-Write-UP
澳門網絡安全暨奪旗競賽協會(Macau Cyber Security and Capture The Flag Association)MOCSCTF/MOCTF
Stars: ✭ 27 (-96.12%)
Mutual labels:  cybersecurity, ctf
catalyst
Catalyst is an open source SOAR system that helps to automate alert handling and incident response processes
Stars: ✭ 91 (-86.93%)
Mutual labels:  dfir, digital-forensics
pyaff4
The Python implementation of the AFF4 standard.
Stars: ✭ 37 (-94.68%)
Mutual labels:  forensics, digital-forensics
Kuiper
Digital Forensics Investigation Platform
Stars: ✭ 257 (-63.07%)
Mutual labels:  dfir, digital-forensics
Recuperabit
A tool for forensic file system reconstruction.
Stars: ✭ 280 (-59.77%)
Mutual labels:  dfir, forensics
Hindsight
Web browser forensics for Google Chrome/Chromium
Stars: ✭ 589 (-15.37%)
Mutual labels:  dfir, forensics
Swap digger
swap_digger is a tool used to automate Linux swap analysis during post-exploitation or forensics. It automates swap extraction and searches for Linux user credentials, web forms credentials, web forms emails, http basic authentication, Wifi SSID and keys, etc.
Stars: ✭ 354 (-49.14%)
Mutual labels:  dfir, forensics
View All Similar Projects ➔
MemLabs

Table of contents

  1. About MemLabs
  2. Motivation
  3. Structure of Repository
  4. Tools and Frameworks
  5. Flag Submission
  6. Resources
  7. Feedback & suggestions
  8. Usage
  9. Author

About MemLabs 🔍

MemLabs is an educational, introductory set of CTF-styled challenges which is aimed to encourage students, security researchers and also CTF players to get started with the field of Memory Forensics.

Motivation 🎯

The main goal of creating this repository was to provide a reliable platform where individuals can learn, practice and enhance their skills in the field of memory forensics. As of the CTF-style, well, what better & interesting way to learn security than by playing CTFs?

I also believe these labs can be used by anyone to help others become good with the essentials and fundamentals of memory forensics.

Structure of repository

Directory Challenge Name Level Of Difficulty
Lab 0 Never Too Late Mister Sample challenge
Lab 1 Beginner's Luck Easy
Lab 2 A New World Easy
Lab 3 The Evil's Den Easy - Medium
Lab 4 Obsession Medium
Lab 5 Black Tuesday Medium - Hard
Lab 6 The Reckoning Hard

To aid first-timers to understand how to approach CTF challenges & usage of volatility, please refer Lab 0 which comes with a elaborate walkthrough & I hope it will be a great way to start MemLabs!

All the memory dumps are that of a Windows system.

Note: The level of difficulty specified may not be fully accurate as it depends on the individual. I've tried my best to categorize them after receiving feedback from beginners to the field.

Tools and frameworks 🛠

I'd suggest everyone use The Volatility Framework for analysing the memory images.

Please execute the setup.sh file to install all the required dependencies in your system.

Note: Windows users can download the executable file from here.

As these labs are quite introductory, there is no need for installing more tools. However, if the user wishes, they can install many other forensic tools.

The preferred OS would be Linux. However, you can also use Windows (WSL) or macOS.

Flag submission 🚩

Please mail the flags of each lab to [email protected]

Please have a look at the following example to better understand how to submit the solution.

Suppose you find 3 flags in a particular lab,

  • flag{stage1_is_n0w_d0n3}
  • flag{stage2_is_n0w_d0n3}
  • flag{stage3_is_n0w_d0n3}

Concatenate all the flags like this: flag{stage1_is_n0w_d0n3} flag{stage2_is_n0w_d0n3} flag{stage3_is_n0w_d0n3}

Note: Place the flags in the right order. The content inside the flags indicates their place. The flags must be space-separated.

All the labs will follow the same flag format unless specified otherwise.

Email format

Please follow the following guidelines when sending the solution. Below is a sample:

Email Subject: [MemLabs Solution Submission] [Lab-x]

x indicates the Lab number. Ex: 1,2,3 etc..

Email-Picture

Email your solution to [email protected]

If the solution is correct, then the participant will receive a confirmation mail.

Feedback & suggestions

I'd love the community's feedback regarding these labs. Any suggestions or improvements are always welcome. Please email it to me or contact my via Twitter: @_abhiramkumar.

Resources 🚀

This section contains resources which I've composed myself and some others which I have used when I learnt memory forensics. I hope this resources will help everyone in not only solving these labs but also in exploring more areas in memory forensics.

If you're interested to play more CTFs or want to try more challenges,

If you are interested in knowing how to write plugins for Volatility framework,

Usage

MemLabs is completely free to anyone to use. If you wish to use MemLabs in your workshops, classes or use the labs anywhere else, it is my humble request to you to use the original links to the labs and please mention my name as well. For any other queries, please contact me.

Author 👤

P. Abhiram Kumar

Digital Forensics, Team bi0s

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].