Loading page
Review the challenge brief, files, and requirements.
Analyze memory dump artifacts to detect process hollowing. Process hollowing unmaps the legitimate executable and maps malicious code, leaving detectable indicators in PEB base addresses, entry points, and section permissions.
PEB_ImageBase: 0x00400000
Mapped_Base: 0x00400000
Entry_Point: 0x00401000
Section_.text: 0x00401000-0x00405000 RX
Section_.data: 0x00406000-0x00408000 RW
Memory_0x00401000: RWX
Detection Rules:
base_mismatchRWX_in_text_sectionOutput Format: HOLLOWED: reason1, reason2 or CLEAN
Sign in to attempt this challenge.
Use Proving Grounds to continue your challenge practice.
Open Proving Grounds