Shadow Manifest
HardPurple TeamForensics 2-3 hrs
Challenge Description / Scenario
Incident response handed you a 2GB RAM dump. Carve the image from memory, extract the hidden data, and recover the attacker's implant configuration.
Submit Flags
3 questions — answer all to complete the challenge
450 pts
1
What process PID held the suspicious image in memory?
2
What steganography tool was used?
3
Submit the extracted implant C2 address.
Similar Challenges