DDOS Analysis: UDP Flood (Question 8)
I'm working through the DDoS UDP Analysis lab and am currently stuck on question 8. I've used both the Statistics > Summary tool within Wireshark and also capinfos to try to determine the total length of the DDoS attack. However the time difference I'm coming up with through both methods is not the correct answer. Any suggestions?18Views1like2CommentsWindows Hardening: Ep.6 – Pivoting
I have tackled all the questions of the challenge except the last one, which says: After isolating the host, ping the IP of Workstation-2. What is the output when attempting to send the ping? The ping result is as follows: C:\Users\Administrator>ping 10.102.96.137 Pinging 10.102.96.137 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 10.102.96.137: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss). The answer to the question should be "Ping request timed out." However, the answer is not accepted. Any help would be appreciated. Thank you.Solved14Views1like1CommentPowerShell Deobfuscation: Ep 8 help
I have been stuck on this EP for a week and haven't been able to progress. I am hoping someone can give me a hint to help me get through this one. Here is what I have done so far. I take the original encoded message and apply "FromBase64" and then "Raw Inflate" and I get the following data: You can see it outputs another command that also needs to decoded using the same steps above. That output gives you this... It outputs a string of characters but no obvious way to get this readable. I have tried bit-shifting, rotating characters, and a bunch of other tests and nothing has shown me anything that is remotely readable. I assume I am missing something simple but every time I read it back through, I don't see what I missed. Any help you can provide would be greatly appreciated.59Views1like2CommentsPowershell Deobsfuscation Ep.7
I was working on this and got stuck with Ep.7. Appreciate if anyone can assist with this Powershell de-obfuscation. Step 1: I removed the splits accordingly and converted from hexadecimal Step 2: Next, there was another set of splits to perform and ascii conversion. Ended up with the small snip of string at the bottom with a lot of (spaces and tabs) at the beginning. Basically empty spaces before coming to this short scripts. I am not sure on how to move from here. Anyone can assist with this pls?55Views2likes2CommentsPractical Malware Analysis: Static Analysis question 19
for what native Microsoft service is this malware trying to masquerade as with a legitimate seeming name and a reference to a file path that can be used for persistence, for some reason when typing down the Microsoft Security Center (2.0) Service name, and the info gained from and the registry path HKCU\Software\Microsoft\Windows\CurrentVersion\Run\. it keeps saying that it is wrong. I am wondering about what format are they expecting an answer? or if I am using the wrong name. as mssecsvc2.0 is also wrong.Solved16Views1like1CommentPractical Malware Analysis: Static Analysis question 18
for finding the exact name of the executable file. After dynamically overriding the function as shown in the briefing I cant seem to find any meaningful creation of the filename matching the patter provided in sprintf. I am wondering if I should be overriding a different function? as I cant seem to find any meaningful leads when searching for references or traveling to the next data. I also cant seem to find any leads from searching specifically for local_104 and unaff_EDI references as well.Solved69Views2likes3CommentsPowershell Deobsfuscation Ep.7
Hello can anybody help me or give some hints how to solve this lab? I can notice some URL encoding. I did try in Cyberchef below recipe but still stuck url decode > from hex > from charcode Next thing I was left with are bunch of 2s with random spacing. Appreciate any hints or help? :)Solved426Views1like12CommentsWhat do you prioritise during team cyber attack simulations?
Are you responsible for creating and/or assigning cyber attack simulations to teams within your organisation? 🚨 These planned and facilitated exercise are designed to test and evaluate an organisation's preparedness and response capabilities in the event of a cyber incident, and we are looking to understand how you prioritise aspects of these team events. Please share your expertise with us by answering 2 questions about what is most important to you when planning and running these exercises. Your feedback will help to shape future Immersive products. https://www.surveymonkey.com/r/drills-priorities Thank you!12Views1like0CommentsCVE-2019-1388 (Windows Priv Esc UAC Bypass) question 4
after transferring the certification of the executable given online. and changing the name and saving the file, I cant seem to change it the whoami output to NT Authority. should I be targeting a different executable file? like a legitimate one? should the browsing to the certificate error be displayed as unable to connect, or if I should be getting a different error. After downloading the certificate, should I be doing something else other than immediately going on cmd.exe and typing whoami. ie. running the certificate or storing it somewhere other than the name told to in briefing? saving the certificate does not seem to change anything.Solved21Views1like3Comments