Cybrary Challenge: Pumpkin Injection
Course Content
Blue Team Analyst POV: Analyzing
In this month's challenge, you will focus on memory forensic analysis, particularly in malicious threat actor behavior. These files help aid an investigator in determining user behavior. Some scenarios that an investigator may go experience may even be HR related. Has an employee accessed a specific file? Who last opened the shared drive? Was a process injected? Determining user behavior is one of the many scenarios that an investigator may encounter.
Who is this for?
Early career to mid practitioners. This challenge may be difficult for individuals new to cybersecurity, but the difficulty rating on this challenge would be considered intermediate. We encourage using any internet resources and community/colleague assistance in completing the challenge.
Are write ups permitted?
Yes, write-ups are permitted; please do not post answers directly. All write-ups should include a link to Cybrary and the Cybrary Course.
What resources are avaialable to help solve this challenge?
Online search, community, colleagues, or fellow practitioners.
Instructed by
Marc has led, managed, and performed global incident response investigations focused on large-scale data breaches, system compromises, data exfiltration, ransomware, and malware outbreaks. He has worn many hats throughout his Incident Response career, including proactive and reactive services. Outside Blue Teaming, Marc is passionate about Vulnerability Research and Malware Analysis. He is a Technical SME at Cybrary, focusing on Threat Actors and Blue Teaming for course content.
