CHIqueen

The reason that we took rick's PC memory dump is because there was a malware infection. Please find the malware process name (including the extension) BEAWARE! There are only 3 attempts to get the right flag! 3번의 기회를 주고 악성 프로세스의 이름을 찾으라 합니다. 먼저 프로세스 목록을 봅시다. Name Pid PPid Thds Hnds Time -------------------------------------------------- ------ ------ ------ ------ ---- 0xfffffa801b27e060:explore..

Silly rick always forgets his email's password, so he uses a Stored Password Services online to store his password. He always copy and paste the password so he will not get it wrong. whats rick's email password? 이메일 비밀번호를 복사해서 붙여 넣는다고 합니다. 그러면 클립보드에 저장되어 있을테니 클립보드를 떼봅시다. $ vol.py -f OtterCTF.vmem --profile=Win7SP1x64 clipboard Volatility Foundation Volatility Framework 2.6 Session WindowStation ..

We know that the account was logged in to a channel called Lunar-3. what is the account name? format: CTF{flag} Lunar-3채널에 접속해 있는 게임 계정의 이름을 묻고 있습니다. vol.py -f OtterCTF.vmem --profile=Win7SP1x64 memdump -p 708 -D ./ $ strings 708.dmp | grep Lunar-3 -A 3 -B 3 // 위로 3줄 아래로 3줄 추가 출력 c+Yt tb+Y4c+Y b+YLc+Y Lunar-3 Lunar-4 L(dNVxdNV L|eNV -- disabled mouseOver keyFocused Lunar-3 0tt3r8r33z3 Sound/UI.i..