[Vol-users] Shellcode use in memory - forensic challenge related

Jared Greenhill jared703 at gmail.com
Thu Oct 1 16:02:43 CDT 2015


I've been messing around with this fun challenge as of late -
http://www.binary-zone.com/2015/09/16/digital-forensic-challenge-4/ and
have been struggling with question #5 (using memory forensics, can you
identify the shellcode used?).

My initial approach was starting with malfind and dumping malfind artifacts
and reviewing. I also threw some shellcode based yara sigs together, but
didn't have much luck there either.

Anyways, any help or direction pointing is appreciated :)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.volatilityfoundation.org/pipermail/vol-users/attachments/20151001/70cd5108/attachment.html

More information about the Vol-users mailing list