Ghost Process_B

Memory Forensic 100 pts standard
Challenge Description

Endpoint protection flagged suspicious activity on a corporate machine, but no malware file was found on disk.

A full memory dump was captured before the machine was powered off. Your job is to analyze the dump, uncover the hidden threat running entirely in memory, and trace the attacker's infrastructure.

Category : Memory Forensics

Difficulty : Advanced

Q1. What is the suspicious parent-child process relationship?

Flag format : HackCTF{PARENT.EXE_CHILD.EXE}

Correct answer unlocks Q2 — Injected Process Detection.

Files
↓ memory.raw ↓ memory_structure.txt ↓ profile_hint.txt
Submit Flag

Login to submit a flag.

← All Challenges