Decrypting the Breach: PCAP and Memory Forensics

Jan 19 · 4 min read · The tryhackme challenge (Block) provides us with a PCAP(Packet Capture) file and a dump file LSASS(Local Security Authority Subsystem Service). We have to decrypt the encrypted SMB(Server Message Block) files to find solutions for the given questions...