cyber ranges
9 Topics
Snort Rules: Ep.9 – Exploit Kits
I am pulling my hair with question number 8 Create a Snort rule to detect the third GET request in the second PCAP file, then submit the token. This one should do it but it is not working. alert tcp any any -> any any (msg:"detect the third GET request"; content:"e31e6edb08bf0ae9fbb32210b24540b6fl"; sid:1000001) I tried so many rules base on the first GET header and still unable to get the token. Any tips?Solved130Views0likes3Comments
CVE-2024-23692 (Rejetto HFS Template Injection) – Offensive
I'm stuck on the last question, number 8. Any help would be appreciated. I feel like I have tried numerous combinations with the query they provide, with no success. What's the full file path to the executable used to run the Rejetto server on the victim machine?14Views0likes1Comment
Free Tier: Limits on Number of Environments (AWS quotas vs Snap Labs limits)?
Hello immersive community, I’m on the free version of Snap Labs and understand the 4 VPN profiles per environment restriction. My question is about environment limits: Is there a Snap Labs–imposed limit on the number of environments I can create/launch under one account? Since Snap Labs ties into my AWS account, should I assume that AWS service quotas (like EC2 vCPUs, VPCs, or Elastic IPs) are the real limiting factor? Just trying to plan ahead so I don’t accidentally hit a ceiling when launching multiple labs. Thanks for clarifying!Solved45Views0likes3CommentsSnort Rules: Ep.7 – Lokibot Infection Traffic
I need help with the last question please. I tried so many rules and I am still getting it wrong 13-Create a Snort rule to detect this User-Agent string in the HTTP header for connections using port 49167, then submit the token. Tried this one which to me it should be able to work. alert tcp any any -> any 49167 (msg:"User-Agent match"; content:"Mozilla/4.08 (Charon; Inferno)"; sid:5000031;) alert tcp any any -> any 49167 (msg:"User-Agent Mozilla/4.08 (Charon; Inferno) detected"; content:"User-Agent: Mozilla/4.08 (Charon; Inferno)"; http_header; sid:5000020;)Solved111Views0likes2CommentsFIN7 Threat Hunting with Splunk: Ep.3 – Execution Logs
I am pulling my hair with this last question Rebuild the PowerShell script from the previous question using the three parts found in the PowerShell operational logs. What is the MD5 hash of this file? (The file should not contain any trailing white space or return characters) I ran index=* (EventCode=4104) | search "stager.ps1" AND "scriptblock" | table _raw and added the script content of files (1 of 3) (2 of 3) (3 of 3) to a new file. I removed the spaces and made sure they are glued together. I pasted the file in cyber chef with md5 selected and I keep getting the wrong hash. See a sample of the beginning and end of the 3 files This is just a sample below. I really don't know what else to do with this. $EncodedCompressedFile = @' 7b1pk+LKcjD83RH3P5y4cT/Y0ddusfXAfcMRT5U2JJCgBBJIDn8AAQIklmmgBfz6N7O00sCcnuuxH9vPUcRMo1qycqvMrFItfxmsgu3keHqf//avv/2fP//pH/5NiiJts9+9H//xz+H8fTuPatV/mUXRn//p u3rgE9+I/KPY62u+qTQuvp0Xqu3KPkEovj/867/++Z/+9A9/+oe/jFZbY7757V9/w1+96fpvf3NW78fTJCJRtPP/UfjrvxmT4/Lf//Y3Y3L+x79ML8f54V+6821wXP5VOFcEQfgn+FuDv/CnLnCY/za4HI7zzb9Yp+1xtZn/i7Y9zt93+8H8/WPlQ3Vj8n5YTiKAKe72lxToX4W/prj89aaVHEuOm/g+nxznwyX8mQFuRR38ja3//w== '@ $Decoded = [System.Convert]::FromBase64String($EncodedCompressedFile) $MemStream = New-Object System.IO.MemoryStream $MemStream.Write($Decoded, 0, $Decoded.Length) $MemStream.Seek(0,0) | Out-Null $CompressedStream = New-Object System.IO.Compression.DeflateStream($MemStream, [System.IO.Compression.CompressionMode]::Decompress) $StreamReader = New-Object System.IO.StreamReader($CompressedStream) $Output = $StreamReader.readtoend() $Output | IEXSolved116Views0likes1Comment
Introduction to Elastic: Ep.9 - ES|QL
I’m stuck on question 18 i need this to complete the lab. The question says ‘Perform a final query using all of the techniques used in the previous questions. What is the average speed per hour for ALL trips that start in the borough of “Brooklyn” and end in the borough of “Manhattan”? Provide your answer to at least three decimal places. any ideas?Solved137Views1like1Comment
Measuring Cyber Resilience: What's the Key Metric?
Is cyber resilience just about fast incident response, or does true resilience go beyond that? Do you prioritize response time, employee awareness, or strategic recovery? What’s your go-to metric for measuring real cyber resilience?Solved52Views1like1Comment
