We’re testing our Memory Analysis package (currently in beta) against various challenges available online.

We found this challenge on the Memory Forensic site, so credit goes to them for highlighting it and to Hack The Box for creating it in the first place.

The scenario is as follows:

“You’ve been a SOC analyst for the last 4 years but you’ve been honing your incident response skills! It’s about time you bite the bullet and go for your dream job as an Incident Responder as that’s the path you’d like your career to follow. Currently you are going through the interview process for a medium size incident response internal team and the cocky interviewing responder has given you a tough technical challenge to test your memory forensics aptitude. Can you get all the questions right and secure the job?”

The challenge contains multiple questions. We identified the suspicious process, how it was downloaded, the attacker’s IP, the FTP login attempts and the last visited webpage from the history of Google Chrome.