Bronze IHello everyone, I started with Volatility memory analysis and am stuck in question 13 on SID
It ask for first SID that is returned which in this case seems to be "S-1-5-18" (Maybe I am wrong here too). However, it won't take my answer. "PID - 1096"
Bronze IIHello,
I fully concur with MarcioMota; it's essential to always include a "-" before any option you use. A resource I always rely on in my real-life DFIR work is this cheat sheet. It's very supportive and will help you immensely in both this CTF and real-world situations: https://downloads.volatilityfoundation.org/releases/2.4/CheatSheet_v2.4.pdf
Community ManagerHey CapsLockSingh, thanks for the question. It looks like MarcioMota has most recently completed this lab - I wonder if they might be able to give you a tip 👀
Bronze IHi CapsLockSingh, hope you are doing well. So I just issued the command with the "-" before the "p" for the parameter and I got the results below. The Lab is expecting the full SID number.
I hope it can help.
Community ManagerGreat spot!
