This a is a video walk-through of TryHackMe’s Profile. If you prefer a written walk-through, you can find it here:
Buy Me A Coffee 🙂
0:00 Intro
1:20 Viewing files and installing Volatility
3:40 Reviewing installation script
5:40 Quick review on Linux profiles for Volatility
7:05 Searching how to create profiles for Volatility
8:40 Finding the Kernel version
9:45 Setting up Volatility and Docker
10:30 Fixing Makefile but made a small error
15:30 Building profile fail and finally catching my error
19:05 Error fixed and finishing profile creation
20:10 Setting up profile location and testing
21:10 Reviewing Linux bash history plugin
24:05 Reviewing the process list plugin
26:30 Looking for the malicious file and extracting it
27:55 Minor reversing and looking of Indicators of Compromise
29:00 Finding the reverse shell connection
31:45 Finding a cronjob that was placed by the malicious actor
[ad_2]
source
