Forum Discussion

-jlo-'s avatar
-jlo-
Icon for Bronze II rankBronze II
16 days ago

FIN7 Threat Hunting with Splunk: Ep.3 – Execution Logs

For this lab I need to rebuild the PowerShell script using the three parts found in the PowerShell operational logs.  Which I am able to do fairly easily but when I am required to obtain the MD5 hash...
  • RobN's avatar
    RobN
    14 days ago

    I think you have the artifacts right as you posted the same code I did. If you paste it into cyberchef and then look at the right hand side and click on crlf, try changing it to line feed (see screenshot) and then delete all the red marks that show up. This should give the correct hash (if you select md5 from the cyberchef recipe menu).