Memory Analysis Results

1 min read Advanced Security Topics

Memory Analysis Results

Using Volatility 3.0:

Identified process injection in explorer.exe (PID 1234)
Extracted injected code (see Appendix A)
Found cleartext passwords in lsass dump
Discovered attacker's command history