Forum Discussion

Bronze II

8 months ago

Solved

Help needed for Threat Hunting: Mining Behaviour

Hey everyone! I need some help with this last question of a lab. I already identified the JSON authentication token and the packet that holds it. But within that packet, I just can't find the authent...

defensive cyber

help & support

MaxCucchi
8 months ago
Hi clermagic225

I just wanted to chime in on this to provide additional help, if possible. Kieran is correct that you should ensure that you are entering the first six characters, not only the first five.

That said, from the second screenshot you shared, it seems you are pulling this value from Packet 2540, which does not appear correct. For this, you will want to be sure you are reviewing the same packet that provided your answer to Task 6 in the lab.

For the value, you should not need to dig much deeper than the results page in Wireshark, as the answer can be found within the Info tab and identified as "Key=".

I hope that this helps out 😊

clermagic225

Bronze II

8 months ago

KieranRowley MaxCucchiThank you for the help! Yeap, I managed to solve it now. I was looking at the wrong packet for the whole time (i.e. the authentication token rather than the one with the embedded miner). Appreciate the help.

Forum Discussion

Help needed for Threat Hunting: Mining Behaviour

Featured Places

Help & Support Forum

Related Content

Help needed for Threat Hunting - Credential Access

Threat Hunting Mining Behaviour - Question 1

APT29 Threat Hunting with Splunk: Ep.4 – Clean-up & Reconnaissance

FIN7 Threat Hunting with Splunk: Ep.3 – Execution Logs

FIN7 Threat Hunting with Splunk: Ep.3 – Execution Logs

Recent Discussions

Help with Introduction to Python Scripting: Ep.7 – Demonstrate Your Skills

Privilege Escalation: Windows – Finding Passwords

Microsoft Defender for Cloud: Inventory, Resource Health and Recommendations.

Malware Analysis: Shlayer

CSP Hash Incorrect Despite Correct Script and Hash (CSP Lab Issue?)