Assistance: PowerShell Deobfuscation: Ep.4 - Logical and Structural Obfuscation - Question 7
I am stuck on question 7 where I am asked to download a file from a URL I found based on the output file from the previous question. The URL is http://ZGlmZmVyZW50c3VzcGljaW91c2RvbWFpbg.net/, but I dont see an associated IP address in the lab so that I can add that domain to my host file. Any assistance is appreciated.
Practical Malware Analysis: Static Analysis
I am stuck with question 12th and 20th of this lab .Could you please help. 12.What's the new name of the variable that references InternetOpenURL after changing the function signature? (Hint: The original name was iVar2). 20. What native Microsoft service is this malware trying to masquerade as with a legitimate seeming name and a reference to a file path that can be used for persistence? (Hint: Review the briefing panel for information on how to override a function signature.)Question for members: your most rebellious labs
Hello!, I think it would be interesting to share in this Community those labs that have been the most difficult for us to complete; or those that are resisting us and we have invested a significant amount of time: trying tactics and techniques, reading carefully their documentation and references, blog posts about the exploits, testing options or just going step by step. Let's get started :)!: .: I find it hard to finish labs related to access policies or permissions in Cloud: maybe it's the syntax required to give permission to a S3 bucket or to the access point ... but I invest a lot of time to complete them. I am close to having finished 2,400 labs but when I have to write the concrete policy in that json file I struggle :). .: Esoteric labs, as I like to call them ^^. Example: CAN bus. Don't ask me the specific reason, but I have been trying for some time to finish the last few!: I love them, but I'm stuck at the moment. [...] So: which are the labs you have had the hardest time finishing (no matter the difficulty) and which are the ones you are investing the most time in?. Thank you and good luck!.Introduction To Elastic: Ep.9 – ES|QL
I'm stuck on questions 13 and 15. My eval statement seems to be working, and I thought it was fairly straight-forward overall but the values returned are not being accepted. I noticed there was a default limit of 500 being set, so I tried manually added a limit of 255000 to make sure all results are calculated but this still doesn't work. I tried expanding the date range back a year leading to present, but that didn't work. I'm using to_long() for the conversions. I managed to get #13 by guess/checking, but I don't even see the correct value in the list of values I'm looking at. It's in the right range, however, so it makes me think I'm doing this mostly correct. Not sure what else to include here without providing too many spoilers. Let me know what you need.
APT29 Threat Hunting with Elasticsearch: Ep.11 – Demonstrate Your Skills
Hello! I could rather easily get the answers for the other questions, but Q6 has really taken me aback. The question is: A PowerShell script was executed to assist with further enumeration. What command in this script assists with the reverse shell call back? On attacker side, the reverse shell is just deployed with Metasploit shellcode, in Elasticsearch this is a block of base64 powershell in which binary shellcode will be executed. Directly after, the "Invoke-SeaDuke" stage is called, there is no specific handler for the callback one could ask for, what does "assist" even mean here? Even a slight clue would help me out, maybe I'm too lost now. Thank you for your patience!
