Memory Forensics
Master volatile memory analysis to uncover hidden processes, extract malware artifacts, and reconstruct attack timelines from system RAM captures.
Volatility Traces
Endpoint Forensics
Easy
30min
Analyze a memory dump using Volatility to identify malicious processes, persistence mechanisms, defense evasion techniques, and map them to MITRE ATT&CK.
7 Questions
RedLine
Endpoint Forensics
Easy
45min
Employ Volatility to analyze a memory dump, identifying suspicious processes, network IOCs, memory protections, and attacker's command-and-control infrastructure.
7 Questions
Amadey - APT-C-36
Endpoint Forensics
Medium
30min
Reconstruct Amadey Trojan behavior by analyzing memory dumps with Volatility3 to identify malicious processes, C2 communications, payload delivery, and persistence mechanisms.
7 Questions
Andromeda Bot - UNC4210
Endpoint Forensics
Medium
1hr
Analyze memory images and event logs using MemProcFS, EvtxECmd, and Timeline Explorer to identify Andromeda bot IOCs, reconstruct its infection timeline, and attribute it to an APT group.
7 Questions
BlackEnergy
Endpoint Forensics
Medium
1hr
Develop practical skills in Windows memory forensics using Volatility by detecting malware indicators, analyzing suspicious processes, and identifying code injection and unauthorized DLLs in a compromised system.
8 Questions
QBot
Endpoint Forensics
Medium
Reconstruct the QBot malware infection timeline by analyzing memory dumps, identifying malicious processes, files, and network communications using Volatility3 and VirusTotal.
6 Questions
IcedID 2 - GOLD CABIN
Endpoint Forensics
Medium
1hr
Analyze memory artifacts and trace a ransomware attack's origin, execution, and persistence using forensic tools like Volatility 3 and MemProcFS.
6 Questions
Akira - Storm-1567
Endpoint Forensics
Medium
1hr 30min
Learn to investigate Akira ransomware using memory forensics to identify IOCs, analyze attacker behavior, reconstruct timelines, and uncover system compromise, defense evasion, and persistence methods.
10 Questions
Reveal
Endpoint Forensics
Easy
45min
Reconstruct a multi-stage attack by analyzing Windows memory dumps using Volatility 3, identifying malicious processes, command lines, and correlating findings with threat intelligence.
7 Questions
Brave
Endpoint Forensics
Medium
45min
Investigate Windows memory images using Volatility3, PowerShell, and a hex editor to extract system artifacts, analyze processes, network connections, and reconstruct user activity.
10 Questions
BankingTroubles
Endpoint Forensics
Hard
Evaluate a memory image using Volatility and forensic tools to reconstruct the attack chain initiated by a malicious PDF with JavaScript.
15 Questions
Ulysses
Endpoint Forensics
Medium
1hr 30min
Analyze Linux system artifacts, including memory dumps and logs, with Volatility and FTK Imager to reconstruct an attack and identify IOCs.
11 Questions
TeamSpy
Endpoint Forensics
Hard
Reconstruct the attack timeline by analyzing memory dumps and suspicious document files using Volatility, OfficeMalScanner, and VirusTotal.
16 Questions
NintendoHunt
Endpoint Forensics
Hard
Analyze a Windows memory dump using Volatility to identify malicious processes, extract hidden data, investigate registry artifacts, and uncover user activity and persistence mechanisms.
6 Questions