Forum Widgets
Recent Discussions
Introduction to Microsoft Sentinel - Error
Hi I've tried to open Introduction to MS Sentinel labs but always encounter " The lab has ended due to an error. Error Message: The lab has encountered a critical error.". Tried with different devices ( company/personal) , different browsers and WiFi connections but result remains same.PowerShell Basics: Demonstrate Your Skills
Hi, I'm a little stumped on Q10 and was wondering if I could please get some help. I have used the Invoke-Command once script.ps1 was copied over from my local machine to Server 1 and established the text file. However how would I view the text file in question? I know the Get-Content command but as it's in a different directory it won't work. Many thanks.
Elastic Data Ingest: Demonstrate Your Skills Q9
I have found the answers to all the other questions including 10 but I don't quite understand what Q9 is asking for when it says "Shortly after this file was created, two temp files were also created. What is the last 6 characters in the name of these temp files?" . I have found the files created after q8 answer see below but as far as I can see no combination of the perfstringbackup.tmp file is being accepted (have tried including the file extension and not) . Any guidance on what the question is actually looking for here ?
AI: Plugin Injection – Demonstrate Your Skills
Hi I have a issue/problem here. I found the flaw in DirectoryListingPluginOld that you can craft a argument that executes a 2nd command. But everything I try, is rejected. With "&&" or ";" and then "less", "cat", "head". I even try to escape with "\\000" or "\\x00" the whole argument. I saw working solutions on reddit, but they don't work for me. Even after multiple tries. Is it possible, that the LLM is more secure regarding malicious prompts now? Thanks for a hint. BR
Windows Basics: Demonstrate your knowledge Q11.
Hello, I'm stuck on this question. Though cmd returns the change as being successful, the lab isn't marking the task as complete. I've tried using both Task Scheduler and cmd to change the task action. I've also tried to create the script itself in case it didn't exist and that's what's causing the issue. It says the parameters have been changed, but I'd really appreciate any pointers. Thank you
Wizard Spider DFIR: Ep.9 – Sigma
The question I'm stuck on is : Modify the rule file "file_event_win_macro_file.yml" to also include ".docm" file types. Convert this rule using Sigmac and use the output within Elastic. How many potentially malicious Microsoft Word files are discovered? I have done everything modified the rule and I have converted this rule using sigmac and have this output file.name.keyword:(*.dotm OR *.xlsm OR *.xltm OR *.potm OR *.pptm OR *.pptx OR *.docm) but I just cannot find elastic anywhere to use the output within elastic ? its not in the notes as a link, its not an app. ive even tried putting in the port number and ip address to get it up and that not working has anyone else completed this and no how to open elastic I feel like this should be the easy bit. Please help even Chatgpt has given up.NHS Offensive Cyber Range: Armsdon Hospital
Hi all, Just wanted some advice on this as I am stuck. I managed to get into the intranet using SQL injection/union and extract all the usernames and passwords. I am not sure if I am on the wrong path or doing things in the wrong order for the next part. The FTP server seems to only be active on RDP. The DC has no samba vulnerabilities. So... I assume I try to use the credentials from the intranet to RDP to the DC/FTP (then after this elevate access using other techniques) but so far that has failed for the Armsdon users I have tried their users/passwords (from the intranet). Any tips welcome!
Microsoft Defender for Cloud
Anyone having issues with the collection? I am receiving messaging that I am not licensed for it, but as a "Super" admin, I am thinking that the collection is actually down for maintenance. I have checked with a few others who are also at Admin level and they are seeing the same thing. Just making sure I did not consume too much eggnog yesterday....
If your question has been answered, help others by clicking:
