Reminiscent

Ok, I admit I need help. I’ve been poking at Reminiscent off and on for some days now. I’m new at this, so even discovering Volatility existed was part of the fun. I looked at this walkthrough (someone posted it on this forum) CNIT 121 Project 4: Analyzing a RAM Image with Volatility (15 Points) and that helped. I’ve dumped piles of info, and it’s pretty obvious what process I’m meant to care about. But I’m clearly missing some important concept–probably very basic–for finding the flag. Basically all I know how to do is get binary dumps and look for strings, and the flag doesn’t just drop out with that approach. Do I need to learn how to read process memory? Should I be using some tool more sophisticated than xxd to analyze the various binary dumps Volatility gives me? Should I be realizing that something in the dumps is pointing me to a particular memory address?

Type your comment> @ouizbajr said:

Ok, I admit I need help. I’ve been poking at Reminiscent off and on for some days now. I’m new at this, so even discovering Volatility existed was part of the fun. I looked at this walkthrough (someone posted it on this forum) CNIT 121 Project 4: Analyzing a RAM Image with Volatility (15 Points) and that helped. I’ve dumped piles of info, and it’s pretty obvious what process I’m meant to care about. But I’m clearly missing some important concept–probably very basic–for finding the flag. Basically all I know how to do is get binary dumps and look for strings, and the flag doesn’t just drop out with that approach. Do I need to learn how to read process memory? Should I be using some tool more sophisticated than xxd to analyze the various binary dumps Volatility gives me? Should I be realizing that something in the dumps is pointing me to a particular memory address?

I decided to do this challenge because of this post (Sounded interesting) and it’s pretty easy…
U r actually in the right direction :slight_smile:
PM for hints if u still need them :+1:

Thanks, Cyberus, for taking the time to help me out there. I did need the assist.

Anytime :slight_smile:

@cyberus
hi man would you help me out a little
i got to the part where i encoded the base64 string from parent file
but i can not make anything out of that
i think its written in C# and i tried to brake it up in multiple lines but still i don’t get it what i am looking for