Forum Discussion

Bronze I

9 months ago

Solved

APT29 Threat Hunting with Elasticsearch: Ep.11 – Demonstrate Your Skills

Hello! I could rather easily get the answers for the other questions, but Q6 has really taken me aback. The question is: A PowerShell script was executed to assist with further enumeration. What co...

defensive cyber

AbdelrhamnaAttia
9 months ago
Hello
I have completed this question, and I can confirm that the answer is located within the PowerShell. You will find it in plain text, including the IP address, and it is not embedded within the Base64-encoded data, the Powershell includes Base 64.

RobN

Bronze III

9 months ago

As far as I remember on these labs I searched for the powershell codes within elasticsearch and then looked at what it was passing alongside powershell.exe

Forum Discussion

APT29 Threat Hunting with Elasticsearch: Ep.11 – Demonstrate Your Skills

Featured Places

Help & Support Forum

Related Content

APT29 Threat Hunting with Elasticsearch: Ep.5 – LNK File Analysis - Tools?

APT29 Threat Hunting with Splunk: Ep.11 – Demonstrate Your Skills - Question to Q9

Active Directory Basics: Demonstrate Your Skills

Help needed for Threat Hunting: Mining Behaviour

FIN7 Threat Hunting with Splunk: Ep.3 – Execution Logs

Recent Discussions

Privilege Escalation: Windows – Automated Enumeration

Elastic Data Ingest: Ep.2 – Filebeat

Web server brute force authentication: Ep. 1 - Compromising an account

Google Cloud Basics: Ep.7 – Demonstrate Your Skills - Task 10

Credential Access: Using Hydra