Search Results for "forensics"

Google CTF is the public repository that houses most of the challenges from Google’s Capture-the-Flag competitions since 2017 and the infrastructure used to run them. It’s a learning and practice archive: competitors and educators can replay tasks across categories like pwn, reversing, crypto, web, sandboxing, and forensics. The code and binaries intentionally contain vulnerabilities—by design—so users can explore exploit chains and patching in realistic settings. The repo also includes infrastructure components and links to a scoreboard implementation, giving organizers reference material for hosting their own events. As a living archive, it documents changes in exploitation trends and defensive techniques year over year. ...

...It enables investigators and malware analysts to extract process lists, network connections, DLLs, strings, artifacts, and more. Volatility supports many plugins for detecting hidden processes, malware, rootkits, and event tracing. It’s essential in digital forensics and incident response workflows.

...This operating system is one variant of Linux distributions, which is used to perform security testing (penetration testing). Dracos linux in Arm by hundreds hydraulic pentest, forensics and reverse engineering. Use a GUI-based tools-tools the software using the CLI (command line interface) and GUI (graphical user interface) to perform its operations. Now Dracos currently already up to version 3.1.5 with the code name "KUNTILANAK WITH REMASTERED".

Rekall is a powerful memory forensics framework that turns raw RAM captures—or live system state—into structured artifacts investigators can query and script. It ships with a large collection of plugins that parse OS internals to recover processes, modules, sockets, registry hives, and file objects, even when rootkits try to hide them. The design emphasizes repeatability: investigators run well-defined analyses that produce timelines, indicators, and reports suitable for case work or automation. ...

pyringe is a powerful Python process “syringe” that attaches to a running interpreter and lets you introspect—and even execute code inside—that live process. It blends debugger-style attachment (via gdb/ptrace techniques) with Python-aware helpers so you can inspect threads, frames, locals, and heap objects without restarting the target. This is invaluable for post-mortem diagnosis of production daemons where reproducing a bug in a dev shell is impractical. pyringe can inject arbitrary...

...Block forwarding, uploading to unauthorized cloud services, or syncing to personal drives. Apply time-based access (expiration dates) and geo/device restrictions. Maintain tamper-evident audit trails for compliance and forensics.