Forum Discussion

Bronze III

3 months ago

Solved

APT29 Threat Hunting with Splunk: Ep.4 – Clean-up & Reconnaissance

I need help with Q6. Any hint please The attacker launches a PowerScript useful for reconnaissance activities. What is the full file path of the executed script? I searched (EventCode=4103 OR Eve...

defensive cyber

immersive labs

retornet
3 months ago
Found it at the end. Thanks

beejar

Bronze I

2 months ago

How did you find the answer to the first question.

I solved all of them except the "The attacker uploads additional tools via a compressed archive. What is the full path of this folder? Look for IOCs in the event logs to find the correct answer." I am quite sure the file is an image extension with the name of an animal, but tried all the combinations with full path, path without file name... and nothing is working :( Any help?

netcat

Silver III

2 months ago

At some point the archive will be decompressed.
Anyway, the original question was answered, so you'd better start a new thread.

Forum Discussion

APT29 Threat Hunting with Splunk: Ep.4 – Clean-up & Reconnaissance

Featured Places

Help & Support Forum

Related Content

Help needed for Threat Hunting: Mining Behaviour

FIN7 Threat Hunting with Splunk: Ep.3 – Execution Logs

FIN7 Threat Hunting with Splunk: Ep.3 – Execution Logs

APT29 Threat Hunting with Splunk Ep.11 Q11

Help needed for Threat Hunting - Credential Access

Recent Discussions

Foundational Static Analysis: API Analysis step 10

Microsoft Defender for Cloud: Inventory, Resource Health and Recommendations.

Snort Rules: Ep.9 – Exploit Kits

Snort Rules: Ep.7 – Lokibot Infection Traffic

Pen Test CTFs: Artica Shipping Company