Skip to content
/ MemLabs Public
forked from stuxnet999/MemLabs

Educational, CTF-styled labs for individuals interested in Memory Forensics

License

MIT license
0 stars 200 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

hackers4f/MemLabs

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
Images
Images
 
 
Lab 1
Lab 1
 
 
Lab 2
Lab 2
 
 
Lab 3
Lab 3
 
 
Lab 4
Lab 4
 
 
Lab 5
Lab 5
 
 
Lab 6
Lab 6
 
 
.gitattributes
.gitattributes
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

logo

MemLabs is an educational, introductory set of CTF-styled challenges which is aimed to encourage students, security researchers and also CTF players to get started with the field of Memory Forensics.

Warning: The size of the repository is over 1 GB. Please clone or download files as needed.

Motivation

The main goal of creating this repository was to provide a reliable platform where individuals can learn, practice and enhance their skills in the field of memory forensics. As of the CTF-style, well, what better & interesting way to learn security than by playing CTFs?

I also believe these labs can be used by anyone to help others become good with the essentials and fundamentals of memory forensics.

Structure Of The Repository

Directory Challenge Name Level Of Difficulty
Lab 1 Beginner's Luck Easy
Lab 2 A New World Easy
Lab 3 The Evil's Den Easy - Medium
Lab 4 Obsession Medium
Lab 5 Black Tuesday Medium - Hard
Lab 6 The Reckoning Hard

Tools and Frameworks

I'd suggest everyone use The Volatility Framework for analysing the memory images.

To install the necessary tools required for this lab,

$ sudo apt install volatility
$ sudo apt install ghex

As these labs are quite introductory, there is no need for installing more tools. However, if the user wishes, they can install many other forensic tools.

There are some widely used forensic CTF tools here: bi0s Wiki

The preferred OS would be Linux. However, you can also use Windows (WSL) or macOS.

Flag Submission

Please mail the flags of each lab to memlabs.submit@gmail.com

Please have a look at the following example to better understand how to submit the solution.

Suppose you find 3 flags in a particular lab,

  • flag{stage1_is_n0w_d0n3}
  • flag{stage2_is_n0w_d0n3}
  • flag{stage3_is_n0w_d0n3}

Concatenate all the flags like this: flag{stage1_is_n0w_d0n3} flag{stage2_is_n0w_d0n3} flag{stage3_is_n0w_d0n3}

Note: Place the flags in the right order. The content inside the flags indicates their place. The flags must be space-separated.

Email Format

Please follow the following guidelines when sending the solution. Below is a sample:

Email Subject: [MemLabs Solution Submission] [Lab-x]

Email-Picture

Email your solution to memlabs.submit@gmail.com

If the solution is correct, then the participant will receive a confirmation mail.

Feedback & Suggestions

I'd love the community's feedback regarding these labs. Any suggestions or improvements are always welcome. Please email it to me.

Resources

Author

P. Abhiram Kumar

Cyber Forensics, Team bi0s

About

Educational, CTF-styled labs for individuals interested in Memory Forensics

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Roff 100.0%