Cybersecurity and philosophy
Fellow members of the Cyber family: I think the ancient philosophers, those who recognized their own ignorance, were motive: their curiosity to learn, to question, to go a step further, to not settle ... I would like to think that these qualities defined great thinkers. And may we never lose the ability to recognize and be surprised, in the face of threats; studying them, always. I have always believed that a “let's talk” can be more enriching than a “I denounce you”: learning, if possible, from the adversary and his geniuses. And, of course, let's keep learning: every day: tactics, techniques, procedure and vectors. Nobody said this was going to be easy, did they? :). Good luck!.
CVE-2022-29799/CVE-2022-29800 (Nimbuspwn) – Defensive
Hello community, I can't find the answer to these question I tried using the Sigma file provided in the lab to query Splunk it returned no events. I also tried doing custom queries with using similar strings. But I never got the correct answers Any helpis appreciated. Thanks
FIN7 Threat Hunting with Splunk: Ep.3 – Execution Logs
For this lab I need to rebuild the PowerShell script using the three parts found in the PowerShell operational logs. Which I am able to do fairly easily but when I am required to obtain the MD5 hash of the file I am not getting the correct hash. I've removed any trailing white spaces and return characters. Not matter the setup, I just can't seem to find the special sauce on this one. I've tried numerous approaches and still get a no go. Any tips?
Help needed for Threat Hunting: Mining Behaviour
Hey everyone! I need some help with this last question of a lab. I already identified the JSON authentication token and the packet that holds it. But within that packet, I just can't find the authentication key that identifies the miner. Anyone was able to solve and help? Thanks!
PowerShell Deobfuscation: Ep.9
Hello guys I am now on ep 9 on this fantastic collection but been banging my head for couple of days now for this appreciate any help. Able to decode the first layer using frombase64 and raw inflate Then I copied the resulting script and remove some parts to be able to execute it on powershell console I read somewhere that it is a enrypted base64 string given there is a -key on the second layer I found this article which seems related then followed how to decrypt I tried following it with same variable but I am stuck. Not sure how to do this via Cyberchef as well. Appreciate any help in right direction.
tweaks to career paths
Hi - I'm reasonably close to finishing career path: Advanced Threat Hunting and Digital Forensics However I really don't like the look of "DFIR CTF: LightNeuron DLL" Is it possible to get the career path amended so that this lab does not have to be completed. many thanks - gus
