Awesome Open Source
Awesome Open Source
MemLabs

Table of contents

  1. About MemLabs
  2. Motivation
  3. Structure of Repository
  4. Tools and Frameworks
  5. Flag Submission
  6. Resources
  7. Feedback & suggestions
  8. Usage
  9. Author

About MemLabs 🔍

MemLabs is an educational, introductory set of CTF-styled challenges which is aimed to encourage students, security researchers and also CTF players to get started with the field of Memory Forensics.

Motivation 🎯

The main goal of creating this repository was to provide a reliable platform where individuals can learn, practice and enhance their skills in the field of memory forensics. As of the CTF-style, well, what better & interesting way to learn security than by playing CTFs?

I also believe these labs can be used by anyone to help others become good with the essentials and fundamentals of memory forensics.

Structure of repository

Directory Challenge Name Level Of Difficulty
Lab 0 Never Too Late Mister Sample challenge
Lab 1 Beginner's Luck Easy
Lab 2 A New World Easy
Lab 3 The Evil's Den Easy - Medium
Lab 4 Obsession Medium
Lab 5 Black Tuesday Medium - Hard
Lab 6 The Reckoning Hard

To aid first-timers to understand how to approach CTF challenges & usage of volatility, please refer Lab 0 which comes with a elaborate walkthrough & I hope it will be a great way to start MemLabs!

All the memory dumps are that of a Windows system.

Note: The level of difficulty specified may not be fully accurate as it depends on the individual. I've tried my best to categorize them after receiving feedback from beginners to the field.

Tools and frameworks 🛠

I'd suggest everyone use The Volatility Framework for analysing the memory images.

Please execute the setup.sh file to install all the required dependencies in your system.

Note: Windows users can download the executable file from here.

As these labs are quite introductory, there is no need for installing more tools. However, if the user wishes, they can install many other forensic tools.

The preferred OS would be Linux. However, you can also use Windows (WSL) or macOS.

Flag submission 🚩

Please mail the flags of each lab to [email protected]

Please have a look at the following example to better understand how to submit the solution.

Suppose you find 3 flags in a particular lab,

  • flag{stage1_is_n0w_d0n3}
  • flag{stage2_is_n0w_d0n3}
  • flag{stage3_is_n0w_d0n3}

Concatenate all the flags like this: flag{stage1_is_n0w_d0n3} flag{stage2_is_n0w_d0n3} flag{stage3_is_n0w_d0n3}

Note: Place the flags in the right order. The content inside the flags indicates their place. The flags must be space-separated.

All the labs will follow the same flag format unless specified otherwise.

Email format

Please follow the following guidelines when sending the solution. Below is a sample:

Email Subject: [MemLabs Solution Submission] [Lab-x]

x indicates the Lab number. Ex: 1,2,3 etc..

Email-Picture

Email your solution to [email protected]

If the solution is correct, then the participant will receive a confirmation mail.

Feedback & suggestions

I'd love the community's feedback regarding these labs. Any suggestions or improvements are always welcome. Please email it to me or contact my via Twitter: @_abhiramkumar.

Resources 🚀

This section contains resources which I've composed myself and some others which I have used when I learnt memory forensics. I hope this resources will help everyone in not only solving these labs but also in exploring more areas in memory forensics.

If you're interested to play more CTFs or want to try more challenges,

If you are interested in knowing how to write plugins for Volatility framework,

Usage

MemLabs is completely free to anyone to use. If you wish to use MemLabs in your workshops, classes or use the labs anywhere else, it is my humble request to you to use the original links to the labs and please mention my name as well. For any other queries, please contact me.

Author 👤

P. Abhiram Kumar

Digital Forensics, Team bi0s


Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
shell (10,203
security (1,874
windows (1,433
ctf (169
cybersecurity (167
dfir (75
forensics (72
digital-forensics (23
ctf-challenges (21