Video walkthrough for retired @HackTheBox (HTB) Forensics challenge "Export" [easy]: "We spotted a suspicious connection to one of our servers, and immediately took a memory dump. Can you figure out what the attackers were up to?" - Hope you enjoy 🙂
Sign up for HackTheBox: https://htb-signup.cryptocat.me
↢HackTheBox↣
https://app.hackthebox.eu/challenges/159
↢Video-Specific Resources↣
https://github.com/volatilityfoundation/volatility/wiki/Command-Reference
https://github.com/carlospolop/autoVolatility
👷♂️Resources🛠
https://cryptocat.me/resources
↢Chapters↣
Start - 0:00
Basic file checks - 0:49
Investigate volatility - 1:40
Decoding of powershell script - 5:23
Bonus (more volatility) - 7:39
Bonus (crack hashes) - 10:49
Bonus (autoVolatility) - 13:50
