Forum Discussion
-jlo-
Bronze II
8 months agoFIN7 Threat Hunting with Splunk: Ep.3 – Execution Logs
For this lab I need to rebuild the PowerShell script using the three parts found in the PowerShell operational logs. Which I am able to do fairly easily but when I am required to obtain the MD5 hash...
- 8 months ago
I think you have the artifacts right as you posted the same code I did. If you paste it into cyberchef and then look at the right hand side and click on crlf, try changing it to line feed (see screenshot) and then delete all the red marks that show up. This should give the correct hash (if you select md5 from the cyberchef recipe menu).
-jlo-
Bronze II
8 months agoHats off to RobN and autom8on; they both led me to where I needed to go to get the right answer. I wish I could select both their responses as a "solution" as they both helped.
KieranRowley
Community Manager
8 months agoInteresting... I think it was our intention that you would be able to mark multiple replies as solutions. Let me check our settings 🤔