Wizard Spider DFIR: Ep.9 – Sigma
The question I'm stuck on is : Modify the rule file "file_event_win_macro_file.yml" to also include ".docm" file types. Convert this rule using Sigmac and use the output within Elastic. How many potentially malicious Microsoft Word files are discovered? I have done everything modified the rule and I have converted this rule using sigmac and have this output file.name.keyword:(*.dotm OR *.xlsm OR *.xltm OR *.potm OR *.pptm OR *.pptx OR *.docm) but I just cannot find elastic anywhere to use the output within elastic ? its not in the notes as a link, its not an app. ive even tried putting in the port number and ip address to get it up and that not working has anyone else completed this and no how to open elastic I feel like this should be the easy bit. Please help even Chatgpt has given up.
Modern Maze
The Maze Challenge consists of a series of eight “mazes” of increasing complexity based on real-world-inspired cyber attack scenarios, testing a variety of offensive skills, such as web, infrastructure, Active Directory, scripting, and binary exploitation. The Maze is an Active Directory Environment This intricate lab places you within a maze designed as a simulated Active Directory environment, requiring you to utilize your knowledge of AD concepts and potential vulnerabilities. 🏅 Exclusive Community Challenge Coins are available to any community member who escapes this maze. Need a hint to help you escape this maze? SabrinaKayaci and StefanApostol will be on hand in this webinar to answer your questions and point you in the right direction. To locate the Maze Challenge navigate to Exercise > Challenges & Scenarios > Maze Good Luck!
Trick or Treat on Specter Street: Widow's Web
I am very stucked in Trick or Treat on Specter Street: Widow's Web I can't do none of the questions, but in any case I start by 4th that is the first answerable one Your first task is to simulate the loyal Crawlers. Run legitimate-crawler and inspect the output in Lab-Files to observe their behavior. To simulate the rogue Crawlers, you must discover the hidden paths on the website. Read the blog posts – they contain clues. Disallow these in Website-Files/robots.txt and run malicious-crawler. Inspect the output in Lab-Files. What is the token? I have created the robots.txt file since I understand that malicious-crawler goes expressedly there. My robots.txt contains all url's I can imagin Disallow: /secret Disallow: /treat Disallow: /hidden Disallow: /crypt Disallow: /warden Disallow: /rituals Disallow: /witch-secrets Disallow: /admin Disallow: /vault Disallow: /uncover Disallow: /post1 Disallow: /post2 Disallow: /post3 Disallow: /post4 Disallow: /contact Disallow: /drafts/rituals But the result of malicious-crawler.txt doesn't give me either a token nor a hint I have curl-ed all pages looking for words as token and nothing. I have found some key words in http://127.0.0.1:3000/witch-secrets as intercepted-incantations, decoded them and nothing. I have searched in spider-sigthings.log what hapened at 3.00 am but nothing Can someone gime me a hint?Improbable Maze
The Maze Challenge consists of a series of eight “mazes” of increasing complexity based on real-world-inspired cyber attack scenarios, testing a variety of offensive skills, such as web, infrastructure, Active Directory, scripting, and binary exploitation. This lab will challenge your web hacking skills by presenting a maze where the walls are not physical barriers but rather vulnerabilities in the web application itself. You must identify and exploit these web-based weaknesses to effectively bypass the maze walls and successfully navigate to the end. Need a hint to help you escape this maze? SabrinaKayaci and StefanApostol will be on hand in this webinar to answer your questions and point you in the right direction. To locate the Maze Challenge navigate to Exercise > Challenges & Scenarios > Maze Good Luck!
Having problems running the Python Expert Challenge 4 in OWASP Training: Access Control
Hi, I've just tried running the code in the Python Expert Challenge 4 in OWASP Training: Access Control. When I first tried to test the code, the error I saw in Preview said that I needed to add 1120418.proxy-http.us.immersivelabs.com to ALLOWED_HOSTS. I've added that but it's now giving me the message below. Could you tell me what I need to do to get the Preview working, please ?Thanks Dave ImproperlyConfigured at / The included URLconf '<module 'apps.siteadmin.urls' from '/app/rentaride/apps/siteadmin/urls.py'>' does not appear to have any patterns in it. If you see the 'urlpatterns' variable with valid patterns in the file then the issue is probably caused by a circular import.The Maze Challenge
Put your Offensive Security skills to the ultimate test in eight of the most challenging offensive labs ever assembled by the Immersive team - welcome to The Maze! Navigate a series of eight “mazes” of increasing complexity based on real-world-inspired cyber attack scenarios, testing a variety of offensive skills, such as web, infrastructure, Active Directory, scripting, and binary exploitation. Best of all, taking part gives you a fantastic opportunity to win exclusive challenge coins and be recognized in our Cyber Resilience Awards during Cyber Awareness Month! Do you think you have what it takes to escape The Maze? Try it Now: Maze Want to get a head start on the competition? Join the fiendish minds behind The Maze in the Immersive community, Tuesday 19th August, for a Live walkthrough of the first lab in the series “The Improbable Maze” and providing hints and tips that will help you to escape some of the other mazes. Register Now: Labs Live
