Halloween Labs - ideas, suggestions, wants 👻🎃🦇
What would you want to see from future Halloween labs? Did you really enjoy a particular aspect of previous years? Any technologies, themes, rewards you want to see? Want more Community content - webinars, events, media within the labs? 👻🎃🦇
PowerShell Deobfuscation: Ep.9
Hello guys I am now on ep 9 on this fantastic collection but been banging my head for couple of days now for this appreciate any help. Able to decode the first layer using frombase64 and raw inflate Then I copied the resulting script and remove some parts to be able to execute it on powershell console I read somewhere that it is a enrypted base64 string given there is a -key on the second layer I found this article which seems related then followed how to decrypt I tried following it with same variable but I am stuck. Not sure how to do this via Cyberchef as well. Appreciate any help in right direction.
Snort Rules: Ep.9 – Exploit Kits
I am pulling my hair with question number 8 Create a Snort rule to detect the third GET request in the second PCAP file, then submit the token. This one should do it but it is not working. alert tcp any any -> any any (msg:"detect the third GET request"; content:"e31e6edb08bf0ae9fbb32210b24540b6fl"; sid:1000001) I tried so many rules base on the first GET header and still unable to get the token. Any tips?Help with Foundational Static Analysis: 64-Bit Analysis
Hello everyone, I received this error while attempting to analyse the malware in this Lab with the default format settings that Ghidra assigned. I attempted to search for the API required in Exercise 1 (CreateProcessWithTokenW) but nothing came up in the Imports or the function list. Am I missing something? Thank you! :)
ICSE / Wireshark final exercice : how to rebuilt the Pdf?
Hi everyone, in the last exercise, I managed to rebuilt the pdf file and it is perfectly readable, however the md5 hash generated from it keeps on been wrong. Is there anything special to consider when rebuilding the file? My method for rebuilting it was to remove top an bottom part that are obviously not part of the pdf, and also the newline character at the end of the last line, then concatenate everything together with a cat command. Thanks in advance for any hint.
Active Directory Basics: Demonstrate Your Skills
Hey team, i am working on the lab in the title and quite sure there's an issue with the answer for one of the questions. 12. What is the full name of the user on COMP-SIREN that begins with L? I am pretty sure it is Larry Young as you can see from the screenshot. Could i check whether there is an error with the question? Or am i missing something
