cyberpro
5 Topics
Microsoft Defender for Cloud
Anyone having issues with the collection? I am receiving messaging that I am not licensed for it, but as a "Super" admin, I am thinking that the collection is actually down for maintenance. I have checked with a few others who are also at Admin level and they are seeing the same thing. Just making sure I did not consume too much eggnog yesterday....25Views0likes1Comment
Snort Rules: Ep.9 – Exploit Kits
I am pulling my hair with question number 8 Create a Snort rule to detect the third GET request in the second PCAP file, then submit the token. This one should do it but it is not working. alert tcp any any -> any any (msg:"detect the third GET request"; content:"e31e6edb08bf0ae9fbb32210b24540b6fl"; sid:1000001) I tried so many rules base on the first GET header and still unable to get the token. Any tips?Solved184Views0likes3CommentsFIN7 Threat Hunting with Splunk: Ep.3 – Execution Logs
I am pulling my hair with this last question Rebuild the PowerShell script from the previous question using the three parts found in the PowerShell operational logs. What is the MD5 hash of this file? (The file should not contain any trailing white space or return characters) I ran index=* (EventCode=4104) | search "stager.ps1" AND "scriptblock" | table _raw and added the script content of files (1 of 3) (2 of 3) (3 of 3) to a new file. I removed the spaces and made sure they are glued together. I pasted the file in cyber chef with md5 selected and I keep getting the wrong hash. See a sample of the beginning and end of the 3 files This is just a sample below. I really don't know what else to do with this. $EncodedCompressedFile = @' 7b1pk+LKcjD83RH3P5y4cT/Y0ddusfXAfcMRT5U2JJCgBBJIDn8AAQIklmmgBfz6N7O00sCcnuuxH9vPUcRMo1qycqvMrFItfxmsgu3keHqf//avv/2fP//pH/5NiiJts9+9H//xz+H8fTuPatV/mUXRn//p u3rgE9+I/KPY62u+qTQuvp0Xqu3KPkEovj/867/++Z/+9A9/+oe/jFZbY7757V9/w1+96fpvf3NW78fTJCJRtPP/UfjrvxmT4/Lf//Y3Y3L+x79ML8f54V+6821wXP5VOFcEQfgn+FuDv/CnLnCY/za4HI7zzb9Yp+1xtZn/i7Y9zt93+8H8/WPlQ3Vj8n5YTiKAKe72lxToX4W/prj89aaVHEuOm/g+nxznwyX8mQFuRR38ja3//w== '@ $Decoded = [System.Convert]::FromBase64String($EncodedCompressedFile) $MemStream = New-Object System.IO.MemoryStream $MemStream.Write($Decoded, 0, $Decoded.Length) $MemStream.Seek(0,0) | Out-Null $CompressedStream = New-Object System.IO.Compression.DeflateStream($MemStream, [System.IO.Compression.CompressionMode]::Decompress) $StreamReader = New-Object System.IO.StreamReader($CompressedStream) $Output = $StreamReader.readtoend() $Output | IEXSolved139Views0likes1Comment
Introduction to Elastic: Ep.9 - ES|QL
I’m stuck on question 18 i need this to complete the lab. The question says ‘Perform a final query using all of the techniques used in the previous questions. What is the average speed per hour for ALL trips that start in the borough of “Brooklyn” and end in the borough of “Manhattan”? Provide your answer to at least three decimal places. any ideas?Solved164Views1like1Comment
Web Log Analysis: Ep.5 – Searching Web Server Logs using Linux CLI
Looking for some tips to help me get past step 1 (!) of this lab. I have tried to cs into Log-Files/ but nothing is returned, and the same for a cat command. I don't have experience with Linux but want to attempt this lab - maybe even some lab recommendations on how to get to a sufficient level with Linux would help? Thanks!!Solved277Views1like7Comments
