Unzip the challenge (pass: cyberdefenders.org), investigate this case, and answer the provided questions.
Use the latest version of Volatility, place the attached Volatility profile "Debian5_26.zip" in the following path volatility/volatility/plugins/overlays/linux, and verify the profile is listed there as in the following screenshot.
A Linux server was possibly compromised, and a soc analyst is required in order to understand what really happened. Hard disk dumps and memory snapshots of the machine are provided in order to solve the challenge.
Challenge Files:
victoria-v8.kcore.img: memory dump done by dd’ing /proc/kcore.
victoria-v8.memdump.img: memory dump done with memdump.
