I finally was able to play with the GOAD v2 project and configure it to run within a single VM using nested Virtualization.
From the developer of the project
“GOAD is a pentest active directory LAB project. The purpose of this lab is to give pentesters a vulnerable Active directory environment ready to use to practice usual attack techniques.”
Important to note, that I did not create this project or collaborate on it, so all credits to the developer, the only thing I did was prepare it to run within a single VM. All the thanks to M4yFly for his work and efforts.
Posted in Exploitation, Investigations, PenTest, Research, Virtualization, Vulnerability, Windows
Tagged Active Directory, Attack, GOAD, RedTeam, Vulnerabilities
In this case you are required analyze a memory dump of a Windows 10 system that has been hit with RansomCare.
- E01 for the Memory Dump could be found: here
- Find RansomCare’s code, dump it. and explain what happened to the victim system.
Posted in Anti-Forensics, Challenges, Cyber 5W, DFIR, Forensics, Investigations, Malware
Tagged anti-forensics, Case Study, Challenge, DFIR, Investigation, Malware, memory forensics, RansomCare, Ransomware
In this case you are required to decrypt all the data and files that have been encrypted using different crypto methods.
E01 for the drive could be found: here
#1: Lost in Space:
We noticed that the whole communication started with a README file within the users documents directory. Unfortunately, this file seems to be encrypted with AES and we do not have the password to decrypt it. You would either need to search the cache for the communication or try to recover the file before it was encrypted. It seems this file leads to the solution of our next requirement.
Posted in Anti-Forensics, Challenges, DFIR, Forensics, Investigations, Windows
Tagged aes, anti-forensics, bit-locker, challenges, DFIR, gnupg, Investigations
In this case you are required to find all the data and files that have been hidden using some of the NTFS file system capabilities.
– E01 for the drive could be found: here
– There are 5 hidden things for you to find!
– Explain how these files were hidden
Posted in Challenges, DFIR, File Systems, Forensics, Investigations, Windows
Tagged ant-forensics, challenges, DFIR, file systems, hidden, Investigations, ntfs, Windows Forensics
The user downloaded what they thought was the SysInternals tool suite, double-clicked it, but the tools did not open and were not accessible. Since that time, the user has noticed that the system has “slowed down” and become less and less responsive.
Posted in Challenges, DFIR, Forensics, Investigations, Malware
Tagged challenges, DFIR, Forensics, investigaitons, Malware, SysInternals, Windows Forensics