CTF Writeups

Forensics, malware analysis, incident response, and more from competitions worldwide.

CTF Writeup

Cybertek CTF — Malsou9a

Full analysis of a .NET malware implant found in a memory dump — from DLL extraction and AES key recovery to C2 communication, PDF payload analysis, and JavaScript deobfuscation to retrieve the flag from Azure Blob Storage.

Memory Forensics Malware Analysis AES Encryption C2 Analysis PDF Analysis JavaScript Deobfuscation Azure Blob Storage
Hard Memory Forensics • Malware Analysis ⏱ 7 min
Read
CTF Writeup

Securinets 2025 — Lost File

Ransomware-style challenge requiring memory capture analysis and reverse engineering of an encryption tool to recover a deleted key.

Memory Forensics Reverse Engineering IDA Pro Cryptography
Hard Memory Forensics • Encryption Recovery ⏱ 3 min
Read
Walkthrough

Memory Forensics with Volatility 3

A complete beginner-to-intermediate guide to memory forensics using Volatility 3. Covers installation, essential plugins, process analysis, network artifact extraction, and memory-resident malware hunting.

Memory Forensics Volatility DFIR Malware Analysis
Beginner-Intermediate • ~20 min read ⏱ 3 min
Read
CTF Writeup

QnQSec 2025 — Masks

Tracing a phishing attack chain from initial email delivery in Outlook to scheduled task persistence using Volatility 3 and AmCache forensics.

Memory Forensics Volatility 3 AmCache Incident Response
Medium 8 Questions • Memory Forensics ⏱ 2 min
Read