Forum Discussion

Bronze II

8 months ago

Solved

FIN7 Threat Hunting with Splunk: Ep.3 – Execution Logs

For this lab I need to rebuild the PowerShell script using the three parts found in the PowerShell operational logs. Which I am able to do fairly easily but when I am required to obtain the MD5 hash...

defensive cyber

RobN
8 months ago
I think you have the artifacts right as you posted the same code I did. If you paste it into cyberchef and then look at the right hand side and click on crlf, try changing it to line feed (see screenshot) and then delete all the red marks that show up. This should give the correct hash (if you select md5 from the cyberchef recipe menu).

-jlo-

Bronze II

8 months ago

Hats off to RobN and autom8on; they both led me to where I needed to go to get the right answer. I wish I could select both their responses as a "solution" as they both helped.

KieranRowley

Community Manager

8 months ago

Interesting... I think it was our intention that you would be able to mark multiple replies as solutions. Let me check our settings 🤔

Forum Discussion

FIN7 Threat Hunting with Splunk: Ep.3 – Execution Logs

Featured Places

Help & Support Forum

Related Content

FIN7 Threat Hunting with Splunk: Ep.3 – Execution Logs

APT29 Threat Hunting with Splunk: Ep.4 – Clean-up & Reconnaissance

APT29 Threat Hunting with Splunk Ep.11 Q11

FIN7 Threat Hunting with Splunk: Ep.2 – Initial Access

APT29 Threat Hunting with Splunk: Ep.11 – Demonstrate Your Skills - Question to Q9

Recent Discussions

Help with Introduction to Python Scripting: Ep.7 – Demonstrate Your Skills

Privilege Escalation: Windows – Finding Passwords

Microsoft Defender for Cloud: Inventory, Resource Health and Recommendations.

Malware Analysis: Shlayer

CSP Hash Incorrect Despite Correct Script and Hash (CSP Lab Issue?)