Forum Discussion

Bronze I

6 days ago

APT29 Threat Hunting with Elasticsearch: Ep.11 – Demonstrate Your Skills

Hello! I could rather easily get the answers for the other questions, but Q6 has really taken me aback. The question is: A PowerShell script was executed to assist with further enumeration. What co...

defensive cyber

RobN

Bronze II

6 days ago

As far as I remember on these labs I searched for the powershell codes within elasticsearch and then looked at what it was passing alongside powershell.exe

Forum Discussion

APT29 Threat Hunting with Elasticsearch: Ep.11 – Demonstrate Your Skills

Related Content

APT29 Threat Hunting with Elasticsearch: Ep.5 – LNK File Analysis - Tools?

Zeek - Demonstrate Your Skills

Autopsy: Demonstrate Your Skills

Help needed for Threat Hunting - Credential Access

FIN7 Threat Hunting with Splunk: Ep.3 – Execution Logs

Recent Discussions

The Haunted Hollow: The Cursed Crypt

S3: Access Policies (Q5)

Sentinel Labs

Kubernetes: Native Logging

Practical Malware Analysis: .NET Encryption and Encoding