| ID: | 823 |
|---|---|
| 标题: | Jarred-3 |
| 描述: | Jarred is always having issues. He thinks he got malware from doing something dumb, but won't tell me what he was doing? 格式:UMDCTF-{XXXXXXXXXXXX} |
| 类型: | MISC |
| 网站: | bugku |
| 题目链接: | https://ctf.bugku.com/challenges/detail/id/955.html |
| 赛事: | UMDCTF2020 |
| 年度: | 2020 |
| Flag值: | 无 |
| writeup: |
https://github.com/rareguy/UMDCTF2020 验证后的网址指向GitHub项目README文件,明确记载了Jarred-3的解题过程:通过Volatility分析内存镜像文件,识别Thunderbird.exe进程(PID 424)中的恶意行为,并通过内存转储提取关键证据。该仓库代码与文档完整保留,可直接访问验证。 |