TeamSpy Lab

Instructions: Uncompress the lab (pass: cyberdefenders.org) Scenario: An employee reported that his machine started to act strangely after receiving a suspicious email with a document file. The incident response team captured a couple of memory dumps from the suspected machines for further inspection. As a soc analyst, analyze the dumps and help the IR team figure out what happened! Resources: http://www.reconstructer.org/papers/_Analyzing%20MSOffice%20malicious file%20with%20OfficeMalScanner.zip https://github.com/volatilityfoundation/volatility/wiki/Command%20Reference