Memory Mystery – CTF Challenge

Memory Mystery – CTF Challenge

Concept of the Contract:

Memory Mystery contract tests the memory forensics and password cracking skills of the player. The player needs to analyze a memory dump and connect dots together to be able to find the encrypted flag to decrypt the flagfile.


Prologue:

Pablo Fernandez was a seasoned digital forensics investigator with a reputation for his expertise in digital forensics. He had been working for the Cyber Crimes Unit (CCU) for over a decade and had seen it all, from tracking down cyber criminals to uncovering complex data breaches. But one day, he received a call from his superior about a new case that would challenge his skills like never before.

A high-profile organization had fallen victim to a suspected cyber attack, and all their critical systems had been compromised. The attackers had left behind minimal traces on the hard drives, but it seems that they had overlooked some traces in the volatile memory data. This presented a unique opportunity for Pablo to dig deep into the memory dumps and uncover the intricate details of the attack.

Pablo immediately took charge of the case and gathered his team of forensic analysts. They started analyzing the memory dumps, meticulously reconstructing the events leading up to the attack. As they delved into the volatile memory data, they discovered remnants of encrypted code, suspicious processes, and unusual patterns of activity.

Pablo knew that time was of the essence. He worked tirelessly, using his expertise in memory forensics to uncover hidden clues and piece together the puzzle. As he peeled back the layers of obfuscation, he realized that they were dealing with a sophisticated adversary group who had expertly covered their tracks.

With each breakthrough, Pablo’s determination grew stronger. He worked tirelessly day and night, pouring over the memory dumps, analyzing code snippets, and tracing network connections. As he made progress, he uncovered a web of deception, with the attackers using advanced memory manipulation techniques to evade detection.

As the investigation progressed, Pablo and his team faced numerous challenges, including encrypted data, anti-forensic techniques, and constantly evolving tactics employed by the attackers. But Pablo remained undeterred, using his expertise and experience to unravel the intricacies of the attack and get closer to identifying the culprits.

This challenge ended with Pablo and his team on the cusp of a major breakthrough. The stakes were high, and the clock was ticking. With his unwavering determination and unmatched skills in memory forensics, Pablo was determined to crack the case and bring the perpetrators to justice. Little did he know that the challenge was far from over, and the real test of his abilities was yet to come.


Briefing:

Hello Agent,

We have received some catastrophic news from our sources about a cyber attack had hit a high-profile organization. Our sources have informed us that the attackers may have overlooked to remove some volatile traces contained in the compromised systems.

Based on our sources, the cyber attack was done by an Avanced Persistent Threat group called APT777. They managed to stay off radar for some time, but we believe that we can trace them back this time.

We have attached a memory dump file of one of the most critical compromised systems that needs to be analyzed using your digital forensics skills to gather more information on this group, and trace them using the evidences that you may find in the memory dump. Hope your ROCK spirit and technical skills help you this time too.

We understand that this mission will not be easy, but we have faith in your abilities. If you choose to accept this mission, you will be provided with all the necessary resources to complete it. Good luck, Agent. The fate of the cyber world rests in your hands.

As always, Special Agent K. The Contract is yours, if you choose to accept.


Notes:

Flag format: Hacktoria{xxx}, example: Hacktoria{I_FounD_THE_p@ssw0rd}

You need to solve the challenge in order to get the flag and be able to decrypt the contract card with the flag!

Disclamier: I made this challenge previously for Hacktoria, and the featured image is made by them.