Forum Discussion

Bronze I

1 year ago

Solved

APT29 Threat Hunting with Elasticsearch: Ep.11 – Demonstrate Your Skills

Hello! I could rather easily get the answers for the other questions, but Q6 has really taken me aback. The question is: A PowerShell script was executed to assist with further enumeration. What co...

defensive cyber

AbdelrhamnaAttia
11 months ago
Hello
I have completed this question, and I can confirm that the answer is located within the PowerShell. You will find it in plain text, including the IP address, and it is not embedded within the Base64-encoded data, the Powershell includes Base 64.

RobN

Bronze III

1 year ago

As far as I remember on these labs I searched for the powershell codes within elasticsearch and then looked at what it was passing alongside powershell.exe

Forum Discussion

APT29 Threat Hunting with Elasticsearch: Ep.11 – Demonstrate Your Skills

Featured Places

Help

Related Content

APT29 Threat Hunting with Elasticsearch: Ep.5 – LNK File Analysis - Tools?

APT29 Threat Hunting with Splunk: Ep.11 – Demonstrate Your Skills - Question to Q9

Modern Encryption: Demonstrate Your Skills

Threat Hunting Mining Behaviour - Question 1

Help needed for Threat Hunting: Mining Behaviour

Recent Discussions

Kate's Story: Ep.2 – Exploitation - Question 9

AI: Plugin Injection – Demonstrate Your Skills

Radare2 Reverse Engineering: Ep.2 – Windows Binary Part 2; Final Question

Windows Basics: Demonstrate your knowledge Q11.

Modern Encryption: Demonstrate Your Skills