TurboWindX
  • Welcome
  • Hacking Methodologies
    • Known Tools & Technologies
    • Kill Chain
    • Phyisical and hardware
      • Full Screen Escape
  • Checklist - WebApps
  • Checklist - Windows
  • External Recon
    • Ports & services scanning
    • Web Recon
      • CMS
        • Wordpress
      • Path traversal & LFI/RFI
      • XSS - Cross site scripting
      • XML External Entity - XXE
  • Internal Recon
    • Active Directory
  • Post Exploitation
    • Container/Sandbox Breakout
    • Privilege Escalation
      • Hashing & Cracking
    • Persistence
      • Windows
    • Data Exfiltration
      • Steganography
      • Pivot & Tunneling
  • Shells
  • Protocols
    • FTP
    • SSH
    • DNS
    • IPP
  • Binary Exploitation
    • Linux - Simple reverse & crack
  • Memory Analysis
  • Forensics
  • Android & iOS
  • Database Injection & Exploitation
  • DDoS
  • Kubernetes & Docker
  • Phish
Powered by GitBook
On this page

Was this helpful?

Memory Analysis

PreviousLinux - Simple reverse & crackNextForensics

Last updated 3 years ago

Was this helpful?

VMEM dump

Use volatility to get some info about the memory dump

Depending if you are using Volatility2 or Volatility3, the commands below might differ but the methodology stays pretty much the same.

While running Vol3, If you run into: AttributeError: function/symbol 'ARC4_stream_init' Fix: pip3 install pycryptodome==3.0.0.

python3 vol.py imageinfo -f Snapshot.vmem

Depending on the output, you might be able to enumerate further.

python3 vol.py -f Snapshot.vmem hashdump