Brute Ratel: Extracting Indicators of Compromise

Question

Hi Team,&nbsp;Please assist me with "Brute Ratel: Extracting Indicators of Compromise" Lab, I am stuck with Q. 4 and 7.Thank you!

netcat · Answer

We can't give you the solution, but if you tell what you did you'll get hints to point you to the right direction.

phoenix123 · Answer

7. Look at sample2.exe. What IP address can be found in the configuration section?4. What sequence of hexadecimal characters is used to separate sections of the configuration block? (\xDE\xAD\xBE)

phoenix123 · Answer

I got 4th answer.I just need hint to get the 7th, I tried reviewing sample2.exe using &nbsp;Ghex hex editor.

netcat · Answer

Did you identify and decode the configuration section?

samdickison · Answer

Hey Phoenix123​ did you manage to complete the lab in the end?

Forum Discussion

Brute Ratel: Extracting Indicators of Compromise

5 Replies

Featured Places

Help

Related Content

copy-paste-compromise-malicious-documents-analysis

Web server brute force authentication: Ep. 1 - Compromising an account

New CTI/OT Lab: Norwegian Dam Compromise: Campaign Analysis

From XSS and SQLi to AI-generated code and supply-chain compromise: How application security is evolving

Kate's Story: Ep.1 – Gathering Intelligence - Questions 8,9

Recent Discussions

Trick or Treat on Specter Street: Widow's Web

CTI First Principles: Threat Actors and Attribution Question 8

Gemini CLI Lab issue

Microsoft Foundry Guardrails: Jailbreak Protection issue with http://metroliochat.com

Create Teams for Students and assign tasks to be completed