Forum Discussion

Bronze I

10 months ago

Solved

APT29 Threat Hunting with Elasticsearch: Ep.11 – Demonstrate Your Skills

Hello! I could rather easily get the answers for the other questions, but Q6 has really taken me aback. The question is: A PowerShell script was executed to assist with further enumeration. What co...

defensive cyber

AbdelrhamnaAttia
10 months ago
Hello
I have completed this question, and I can confirm that the answer is located within the PowerShell. You will find it in plain text, including the IP address, and it is not embedded within the Base64-encoded data, the Powershell includes Base 64.

RobN

Bronze III

10 months ago

As far as I remember on these labs I searched for the powershell codes within elasticsearch and then looked at what it was passing alongside powershell.exe

Forum Discussion

APT29 Threat Hunting with Elasticsearch: Ep.11 – Demonstrate Your Skills

Featured Places

Help & Support Forum

Related Content

APT29 Threat Hunting with Elasticsearch: Ep.5 – LNK File Analysis - Tools?

APT29 Threat Hunting with Splunk: Ep.11 – Demonstrate Your Skills - Question to Q9

Modern Encryption: Demonstrate Your Skills

Offensive PowerShell: Demonstrate Your Skills

Active Directory Basics: Demonstrate Your Skills

Recent Discussions

C++ Stack Overflow Purple Belt

Guardduty: configuration and understanding findings lab not generating findings

Snort Rules: Ep.9 – Exploit Kits

ICS Malware: Triton ModuleNotFoundError: No module named 'pefile

Immersive: Threat Modeling Fundamentals