Help & Support Forum

Do you have a question about an Immersive product or feature? This is where the experts hang out, and they are always happy to help!

Forum Widgets

Recent Discussions

Help Q2 - Tuoni 101: Ep.5 – Demonstrate Your Skills
Looking for some help with the Tuoni 101: Ep.5 Q2. The following method is given to gain initial access: "To gain an initial foothold, you'll need to use the Hosted files page to host an executable. Any file hosted using that method will be run once on the initial target. Once executed, it'll be removed from the hosted files page." I tried this one and wasn't able to get the initial access. I tried originally using the default reverse HTTP listener and generating an x64 .exe file and hosting it on the "Files" tab and waited 5 minutes. As this didn't work I tried an x86 payload. This didn't work so I created a new HTTP listener and tried both approaches. After this didn't work, I generated all payload types for the reverse_HTTP and reverse_TCP listeners and hosted them as files and still didn't have any success. Any ways to get the payload to execute would be greatly appreciated.
Solved
noSkills
11 days ago
challenges
help & support
immersive labs
1like
4Comments
Investigating IAM Incidents in AWS: Preparation
In this Lab, all Tasks can be completed successfully, with the exception of two steps: - Task 8: Proactive scanning with Prowler - Task 10: Preparing to detect leaked credentials Following the task instructions and executing the specified commands in the terminal, -- T8: prowler --profile prowler -c iam_user_hardware_mfa_enabled -- T10: cd ~/Desktop/metrolio-careers git secrets --install git secrets --register-aws git secrets --scan All commands above can be executed with successful responses, but it didn't detect the completion. Could you take a look and help me out? Thanks🙂
Solved
dpnotnull
13 days ago
cloud security
0likes
1Comment
Incident Response and Forensics for EC2: Preparation
Regarding Task 7 in this Lab (Incident Response and Forensics for EC2: Preparation) ---- Create forensics AMI 1/4 I CANNOT find the required AMI "the ubuntu 22.04 ami with ID ami-01dd271720c1ba44f" in the AWS console as shown in the image below: Could you take a look and help me out? Thanks🙂
Solved
dpnotnull
18 days ago
cloud security
0likes
7Comments
Microsoft Defender for Cloud: Setup, CSPM, and Compliance
In the above lab, the last question (11) asks for Mitre technique associated with the previous assessment. The noted Mitre exploit (both name and category number) associated with the answer is not accepted. Anyone else had the same issue?
Solved
VinceBennell
19 days ago
cloud security
2likes
7Comments
Privilege Escalation: Linux – Demonstrate Your Skills
Hello, I’m doing the Lab "Privilege Escalation: Linux – Demonstrate Your Skills". I’m stuck on the second part regarding the FILE-SRV-DEV, I’ve found with linPEAS a file ( /usr/bin/base64) with the SUID but I don’t know if I am on the right way, when I try to use it I get "permission denied". Am I on the right way by trying to use base64 file ? Thanks in advance, Gwenael
Solved
gwenael
23 days ago
help & support
immersive labs
1like
2Comments
S3: Demonstrate Your Skills
I have completed all 10 questions except question 6. 6. Access control Create an access point (AP) called metrolio-dev-ap attached to the metrolio-data-467e6352 bucket. This should allow developers working in the dev vpc vpc-08333ea4fc7562479 using the role arn:aws:iam::447645673093:role/metrolio-developer to list and get all objects in the bucket. Ensure you follow best practices of blocking public access. NOTE: AWS often faces internal errors – we believe these to be race conditions – when applying policies to new access points. You may need to re-apply the policy to the AP. I have re-applied the Access Point policy several times but still is not detected. I’m not sure if it is my Access Point policy or the AWS Immersivelabs that is at fault. Any help would be greatly appreciated. This is my Access Point Policy: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::447645673093:role/metrolio-developer" }, "Action": [ "s3:GetObject", "s3:ListBucket" ], "Resource": [ "arn:aws:s3:eu-west-1:447645673093:accesspoint/metrolio-dev-ap/object/*", "arn:aws:s3:eu-west-1:447645673093:accesspoint/metrolio-dev-ap" ], "Condition": { "StringEquals": { "aws:SourceVpc": "vpc-08333ea4fc7562479" } } } ] } I tried to replicate similar permissions on bucket policy only to be denied by restrictive permission. NOTE: Account ID, Bucket names and few other identifiers do not match between screenshot 1-2 and screenshot 3. The screenshot 3 is from different attempt.
Solved
Madan
27 days ago
cloud security
defensive cyber
immersive labs
1like
2Comments
APT29 Threat Hunting with Splunk: Ep.4 – Clean-up & Reconnaissance
I need help with Q6. Any hint please The attacker launches a PowerScript useful for reconnaissance activities. What is the full file path of the executed script? I searched (EventCode=4103 OR EventCode=4104) combined with powershell.
Solved
retornet
2 months ago
defensive cyber
immersive labs
2likes
5Comments
Autopsy Ep 3: Tags, Comments and Reports
I have attempted this scenario too many times- each time I get to step 30 where it asks for the token in the txt file that is supposed to be on the Desktop. I follow the steps extremely closely and the txt file will not show up on the desktop. I know others have had this issue but I believe it may be a bug.
Solved
samp746
2 months ago
help & support
questions & feedback
1like
6Comments
CVE-2020-11651 (SaltStack RCE) – Defensive
Using the PCAP file located on the Desktop, what are the last five characters of the root_key that was sent to the attacker? I am stuck with question number 5. Any Hint? I tried tcp.payload matches "_send_pub" and just tcp.port == 4506
Solved
retornet
2 months ago
defensive cyber
immersive labs
1like
3Comments
Active Directory Basics: Demonstrate Your Skills
Hey team, i am working on the lab in the title and quite sure there's an issue with the answer for one of the questions. 12. What is the full name of the user on COMP-SIREN that begins with L? I am pretty sure it is Larry Young as you can see from the screenshot. Could i check whether there is an error with the question? Or am i missing something
Solved
clermagic224
2 months ago
defensive cyber
help & support
questions & feedback
1like
2Comments

Explore Other Forums

Community Forum

If you have questions about the community itself or want to chat with the community, come and introduce yourself here.

Cyber Million Forum

Do you have a question about Cyber Million or want to connect with others taking the program? This is where the experts hang out, and they are always happy to help!