 |
|---|
| THM Room: RedLine |
Introduction
What?
Memory analysis and scanning for IOCs on a Windows, Linux, or macOS endpoint using Redline:
Collect registry data (Windows hosts only)
Collect running processes
Collect memory images (before Windows 10)
Collect Browser History
Look for suspicious strings
etc.
Why?
Find compromised endpoints.