Forum Discussion
Help needed for Threat Hunting - Credential Access
Hey! I'm not sure if this is the right place to seek help for labs but I've been trying this lab for the longest of time and could not get the answer for this question. OfficeSupplies.7z felt the most suitable as it was the zip file that the creds were stored. Any help or advice on the approach is appreciated!
Hey clermagic224
This question is looking for the specific file that contains the credentials, not a ZIP file containing multiple files. If you keep digging, you'll find a file whose filename specifically refers to "passwords"—this is the file you're looking for! The answer to the next question also might give you a clue as to what the correct file is. I hope this helps!
8 Replies
- NyePrior
Immerser
Hey clermagic224
This question is looking for the specific file that contains the credentials, not a ZIP file containing multiple files. If you keep digging, you'll find a file whose filename specifically refers to "passwords"—this is the file you're looking for! The answer to the next question also might give you a clue as to what the correct file is. I hope this helps!
- clermagic224
Bronze II
thank you very much for the reply! i'll try this approach :)
- clermagic224
Bronze II
Hey, i tried to query using targetimage, targetgetpath, targetfilename, image with, password* and pw* but still could not find. Any suggestions on how else i should filter? thanks!
- NyePrior
Immerser
The full path contains the word password, but doesn't start with it, so you'd need to look for *password*, instead of password*
- KieranRowley
Community Manager
Hi clermagic224
Welcome to The Human Connection and thank you for your question. Please let me discuss this with the lab author and come back to you.