Memory Challenge 18: Reminiscent
嗯,用户让我总结一下这篇文章的内容,控制在一百个字以内,而且不需要用“文章内容总结”之类的开头。好的,我先看看文章讲的是什么。 文章主要讲的是他们测试一个内存分析软件包,遇到了一个Hack The Box上的挑战。场景是检测到可疑流量,从一个招聘人员的虚拟机里获取了内存转储。然后他们分析邮件,找到了恶意软件的来源和flag。虽然他们尝试解码PowerShell阶段,但因为无法下载最终IP的payload,所以用了字符串搜索找到了flag。 好的,我需要把这些信息浓缩到一百字以内。首先,测试内存分析工具包;遇到Hack The Box的挑战;虚拟机内存转储;分析邮件;找到恶意软件来源和flag;虽然尝试解码PowerShell但没成功,改用字符串搜索找到flag。 可能可以这样写:测试内存分析工具包时遇到Hack The Box挑战,分析虚拟机内存转储和邮件,发现恶意软件来源并找到flag。虽然尝试解码PowerShell阶段未果,但通过字符串搜索成功获取flag。 再检查一下字数是否在一百字以内。嗯,应该没问题。 </think> 测试内存分析工具包时遇到Hack The Box挑战, 分析虚拟机内存转储和邮件, 发现恶意软件来源并找到flag。虽然尝试解码PowerShell阶段未果, 但通过字符串搜索成功获取flag。 2026-3-12 11:49:30 Author: blog.cerbero.io(查看原文) 阅读量:6 收藏

Skip to content

We’re testing our Memory Analysis package (currently in beta) against various challenges available online.

We found this challenge on Hack The Box, so credit goes to them for creating it.

The scenario is as follows:

“Suspicious traffic was detected from a recruiter’s virtual PC. A memory dump of the offending VM was captured before it was removed from the network for imaging and analysis. Our recruiter mentioned he received an email from someone regarding their resume. A copy of the email was recovered and is provided for reference. Find and decode the source of the malware to find the flag.”

We tried to find the flag by decoding the malicious PowerShell stages, but since we couldn’t download the payload from the final IP, we simply performed a string search and found the flag. Easy peasy.


文章来源: https://blog.cerbero.io/memory-challenge-18-reminiscent/
如有侵权请联系:admin#unsafe.sh