SANS Digital Forensics and Incident Response Blog: Tag - DFIRCON

APT Malware and Memory Challenge

The memory image contains real APT malware launched against a test system. Your job? Find it. The object of our challenge is simple: Download the memory image and attempt to answer the 5 questions. DOWNLOAD LINK FOR MEMORY IMAGE:http://dfir.to/APT-Memory-Image Questions: What is the Process ID of the rogue process on the system? Determine the name … Continue reading APT Malware and Memory Challenge