CQURE 5-Day Challenge – Day 5: Memory Dump
Last day is reserved for working with memory. The challenge can be found here.
The video tutorial shows ‘Volatility‘, a powerful memory forensics tool. I never used the tool before, but after the video, I’m a lot more curious and I’ll probably end up spending some time on it.
The challenge itself is a fairly easy one. Following the described steps will get you through the finish line. Basically you have to install a certificate with the private key marked as not exportable. After that, ‘Invoke-Mimikatz.ps1’ PowerShell script is used to extract the certificate from memory. Just another testament to how powerful PowerShell can be.
I really enjoyed CQURE’s challenges. I learned a ton of new stuff and I sincerely thank them for throwing these out at the community. For more hidden gems and awesome content, check out their blog and YouTube channel.