Critical - Search Secret Data🔏TryHackMe Write-up

 TryHackMe room: Critical - Acquire the basic skills to analyze a memory dump in a practical scenario 🔏Enter our latest giveaway 👉 https://bit.ly/VietTube ✅

TryHackMe Writeup: https://tryhackme.com/r/room/critical

00:00 Task 1: Introduction - Critical - Find Secret Data🔏TryHackMe Write-up | #VietTube #LabViet 9

00:34 Task 2: Memory Forensics

What type of memory is analyzed during a forensic memory task?

RAM

In which phase will you create a memory dump of the target system?

Memory Acquisition


00:45 Task 3: Environment & Setup

Which plugin can help us to get information about the OS running on the target machine?

Windows.info


Which tool referenced above can help us take a memory dump on a Linux OS?

LIME


Which command will display the help menu using Volatility on the target machine?

vol -h


02:08  Task 4: Gathering Target Information

Is the architecture of the machine x64 (64bit) Y/N?

Y

What is the Verison of the Windows OS

10

What is the base address of the kernel?

0xf8066161b000


03:06 Task 5: Searching for Suspicious Activity

Using the plugin "windows.netscan" can you identify the IP address that establish a connection on port 80?

192.168.182.128

Using the plugin "windows.netscan," can you identify the program (owner) used to access through port 80?

msedge.exe

Analyzing the process present on the dump, what is the PID of the child process of critical_updat?

1612

What is the time stamp time for the process with the truncated name critical_updat?

2024-02-24 22:51:50.000000


07:31 Task 6: Finding interesting data

Analyzing the "windows.filescan" output, what is the full path and name for critical_updat?

C:\Users\user01\Documents\critical_update.exe


Analyzing the "windows.mftscan.MFTScan" what is the Timestamp for the created date of important_document.pdf?

2024-02-24 20:39:42.000000


Analyzing the updater.exe memory output, can you observe the HTTP request and determine the server used by the attacker?

SimpleHTTP/0.6 Python/3.10.4


15:09 Task 7: Conclusion & Wrapping Up


👉What kind of video would you like to see next?

Critical TryHackMe Walkthrough

Critical TryHackMe Writeup


👉What did you think of this video?

#Critical #TryHackMe #VietTube


👇For any Query message me on Facebook👇

Facebook Link :- https://FB.COM/K3Lvinmitnick


-----------------

Disclaimer: The content in this video is strictly for Education purposes only. Copyright Disclaimer Under Section 107 of the Copyright Act 1976, allowance is made for "fair use" for purposes such as criticism, comment, news reporting, teaching, scholarship, and research. This video is not forcing anything on you.

-----------------


🔔📢 Subscribe for more TIPs from VietKim → https://bit.ly/VietTube

🌐 Follow VietKim on https://FB.COM/K3Lvinmitnick

🌐 Visit https://bloggeroffer.blogspot.com/ to learn more ...

Comments

Post a Comment

Popular Posts

Crack The Hash TryHackMe Write-ups | THM Walkthroughs | LabViet

Image
# tryhackme TryHackMe Write-ups THM Walkthrough https://tryhackme.com/room/crackthehash $2y$12$Dwt1BZj6pcyc3Dy1FWZ5ieeUznr71EeNkJkUlypTsgbX1H68wsRom Commands: grep '^....$' /usr/share/wordlists/rockyou.txt > LabViet4.txt hashcat -a 0 -m 3200 '$2y$12$Dwt1BZj6pcyc3Dy1FWZ5ieeUznr71EeNkJkUlypTsgbX1H68wsRom' LabViet4.txt $6$aReallyHardSalt$6WKUTqzq.UQQmrm0p/T7MPpMbGNnzXPMAXi4bJMl9be.cfi3/qxIf.hsGpS41BqMhSrHVXgMpdjS6xeKZAs02. Commands: grep '^......$' /usr/share/wordlists/rockyou.txt > LabViet6.txt hashcat -a 0 -m 1800 '$6$aReallyHardSalt$6WKUTqzq.UQQmrm0p/T7MPpMbGNnzXPMAXi4bJMl9be.cfi3/qxIf.hsGpS41BqMhSrHVXgMpdjS6xeKZAs02.' LabViet6.txt e5d8870e5bdd26602cab8dbe07a942c8669e56d6:tryhackme hashcat -a 0 -m 160 'e5d8870e5bdd26602cab8dbe07a942c8669e56d6:tryhackme' /usr/share/wordlists/rockyou.txt ------------- **https://tryhackme.com/room/mrrobot** **Copyright @ http://bloggeroffer.blogspot.com** **Task 1** S1.1 nmap -sC -sV -O [ip-address] -oN basi
Read more

Quick and Easy Fix for "The Password Does Not Meet Minimum Security Requirements" Error

Image
How to Fix "The Password You Entered Does Not Meet Minimum Security Requirements" Error in Windows 10 and 11 How to Fix Password Security Error Are you getting the error "The password you entered does not meet minimum security requirements" when you try to change your password? This error can be frustrating, but it's easy to fix. In this blog post, we'll show you how to fix the error in just 8 steps. Step 1: Disable "Password must meet complexity requirements" The first step is to disable the "Password must meet complexity requirements" setting in Local Security Policy. This setting requires passwords to meet certain criteria, such as containing a minimum number of characters, upper and lowercase letters, and numbers. To disable this setting, follow these steps: Open Run and type secpol.msc. In the Local Security Policy window, expand Security Settings > Account Policies > Password Policy. Double-click on the Password must meet comp
Read more

Unlock the Secrets of Google Dorking: Discover Hidden Content Online on TryHackMe LAB

Image
Welcome to our latest adventure in the world of hacking and online exploration. In this blog post, we're going to delve deep into the fascinating realm of Google Dorking and how it can be used to unearth hidden content online . Get ready to enhance your web search skills and discover valuable information on the web. 00:00 Intro Unlock the Secrets of Google Dorking: Discover Hidden Content Online on TryHackMe LAB  00:43 Task 2 Name the key term of what a "Crawler" is used to do Index What is the name of the technique that “Search Engines” use to retrieve this information about websites? Crawling What is an example of the type of contents that could be gathered from a website? Keywords 02:53 Task 4 Where would “robots.txt” be located on the domain “ablog.com” ablog.com/robots.txt If a website was to have a sitemap, where would that be located? /sitemap.xml How would we only allow “Bingbot” to index the website? User-agent: Bingbot How would we prevent a “Crawler” from i
Read more