Help & Support Forum

Do you have a question about an Immersive Labs product or feature? This is where the experts hang out, and they are always happy to help!

Forum Widgets

Recent Discussions

Events & Breaches: Magecart Skimmer
Hello - I need a hand locating the domain. (Q7) I've found the name of the file that contains the skimmer then exported that. I have then opened that in a text editor and searched for "http://" and "https://" in the big chunk of text but nothing is matching.
GusC
2 days ago
defensive cyber
1like
0Comments
Zeek - Demonstrate Your Skills
Hi, I've done the Q1-15 and added the SHA1 Hash from Q14 to the hash-intel.txt. When i rerun the pcap with "zeek -r demonstrate.pcap", no logs for the Intel-Files will be created (no token generated on the desktop)... any help?
lupolder
2 days ago
defensive cyber
help & support
0likes
5Comments
SuperSonic: Ep.6 – TEMPLE
I have Problems with the last two questions: In which file did the attacker find the credentials for the second account they accessed? I extracted the 14 files with SMB/Wireshark but i am not able to find anyything. Which two user accounts did the attacker use to access the SMB share? (Use a comma to separate the two usernames.) I think i found one Account in the 14 files but at restart of the lab i dont find it anymore. (This are the last two Questions for Supersonic-Badge)
schmitty
3 days ago
help & support
0likes
0Comments
CVE-2022-29799/CVE-2022-29800 (Nimbuspwn) – Defensive
Hello community, I can't find the answer to these question I tried using the Sigma file provided in the lab to query Splunk it returned no events. I also tried doing custom queries with using similar strings. But I never got the correct answers Any helpis appreciated. Thanks
AtakanBal
3 days ago
defensive cyber
help & support
2likes
2Comments
Foundational Static Analysis: Analyzing Structures
The question is asking me "In the disassembly at address 00401567, what is the structure EDX is pointing to? Look at Microsoft Docs for help!" At the very end of the briefing they go over the explanation of how to identify which offset is determining which call. I am 90% positive that the offset we are supposed to be identifying in this case is 0x17c. However within this SAME blurb while they are explaining the way the stack line up they simply identify which API the offset in their example is pointing to. THEY NEVER MENTION HOW THEY GOT THERE! I am sure that it requires some research an I have been trying to identify anything within MSDN database but I can't find a single clue how identify what API 0x17c is pointing to. I have even tried looking up references for the offset they had 0x138 which they identified as STARTUPINFO. (I googled both terms together.) Now I am most definitely missing something here. I step within the assembly analysis mayb ebut I am at a loss. If anyone could help me out I would appreciate it.
Fastlime
6 days ago
application security
cyber team simulations
defensive cyber
help & support
0likes
6Comments
Malicious Document Analysis: Dropper Analysis
I have completed up to question 6 on here and I can not get the python script to work. I have gone through and "fixed" the required portions but keep getting "modulenotfound: no module named 'oletools'". Any pointers on what I'm doing wrong and how to fix it would be appreciated.
Solved
wubzydadbod
7 days ago
defensive cyber
3likes
7Comments
Malicious Document Analysis: Dropper Analysis
Hello, I am having an issue running the script for this lab. When I try to it says that there are no "oletools" module found. Does anyone know how to fix this or is there a problem with my script? Doesn't show any errors.
umb444fam
8 days ago
defensive cyber
feedback
help & support
1like
3Comments
Reverse Engineering (Offensive) JavaScript Analysis: JSDetox
I'm stuck at below two questions Q6: Which variable does the initial script try to return? Q8: The exploit kit contains a large block of hex encoded shellcode stored in a variable. This shellcode is also XOR encoded. What is the single byte xor key? (In the format 0xNN e.g. 0x11.) So farI downloaded the HTTP objects via Wireshark, extracted the script to JSDetox then decoded base64 strings which resolves to other 2 scripts. With these steps I was able to answer other questions but I can't go any further, any guidance? Thanks in advance
Solved
AtakanBal
8 days ago
help & support
offensive cyber
1like
9Comments
Candidate screening assessments
Can you please provide guidance on how a user should navigate to a Candidate Screening Assessment?
ImreSolymosi
8 days ago
candidate screening
1like
1Comment
Node.js - Beginner -- What am I missing?
In the Node.js - Beginner collection there is a practical lab on Forced Browsing. I have completed what is setup as the criteria for the lab but it keeps telling me that the code isn't secure. I have tested with two different users and the solution works to prevent forced browsing. Is there some other criteria that needs to be met that I'm missing. Remediation: Authorization check: returns a 401 if the user isn't logged in I have also added the author check to verify that only the logged in user retrieves their own drafts.
rfrymire
8 days ago
feedback
help & support
1like
5Comments

Tags

help & support62

defensive cyber36

offensive cyber25

application security24

cloud security15

cyber crisis simulations12

cyber team simulations6

workforce exercising2

candidate screening2