Bluescreen.rar

unrar , file , strings , Volatility (if a memory dump is inside), BlueScreenView , or WinDbg . 2. Initial Analysis

In many "bluescreen" themed challenges, the "flag" is hidden in one of the following: bluescreen.rar

Quickly identifies the driver or module that triggered the crash. Tool - Volatility : Identify Profile: python vol.py -f dump.raw imageinfo unrar , file , strings , Volatility (if

python vol.py -f dump.raw --profile=Win7SP1x64 pslist (Looking for suspicious or hidden processes). bluescreen.rar