How to use Immersive cyber ranges for cyber threat research?
Want to know how to take advantage of the cyber ranges platform to do malware and adversary research in a sandboxed environment? In this post, I’ll walk you through how to get access to the Heimdall Detection Engineering template for CTI so you can do just that! The Heimdall template is a domain-joined range that contains workstations, a domain controller, and security tooling that you’d ordinarily find in a real network. The purpose of this template is to enable cyber threat research, where you can launch attacks and malware, capture indicators of compromise through tools like Velociraptor, a SIEM network packet capture tool, and some analyst workstations with a bunch of analysis and reverse engineering tools. With that said, let’s get started. Firstly, you’ll need to go to the cyber ranges sign-up page and sign up with a name and email address. After hitting “Sign up”, you’ll need to go to your email and find the confirmation email to get your credentials, then go back to the cyber ranges website and log in with your new credentials. After signing in, you’ll be in the main ranges dashboard. You’ll need to connect your own Amazon Web Services (AWS) account to use ranges, as provisioning machines will cost money for every hour that they are active or stored. Once you’ve connected your AWS account, you can then go to “Range Templates” and launch the Heimdall range.
CVE-2022-29799/CVE-2022-29800 (Nimbuspwn) – Defensive
Hello community, I can't find the answer to these question I tried using the Sigma file provided in the lab to query Splunk it returned no events. I also tried doing custom queries with using similar strings. But I never got the correct answers Any helpis appreciated. Thanks
Historic Steganography Lab
I've been stuck on question 6 in the Stenography lab within the Historic Encryption upskill series. I'm not sure if I'm missing something within the command line or if the password/passphrase for the file is wrong. The password/passphrase is supposed to be "carnivale" Here are some screenshots to help zero in where I'm at. Thanks all!
Radare2 Reverse Engineering: Ep.1 – Windows Binary Part 1
I have managed to find the answers to all of the questions within this lab except for question 6. I can not seem to figure out the appropriate step(s) or action(s) to take find the correct answer for this question. Any insight or guidance on what I'm missing / doing incorrectly and how to correct it would be greatly appreciated. I have provided a few screenshots for reference. Thanks in advance.
FIN7 Threat Hunting with Splunk: Ep.3 – Execution Logs
For this lab I need to rebuild the PowerShell script using the three parts found in the PowerShell operational logs. Which I am able to do fairly easily but when I am required to obtain the MD5 hash of the file I am not getting the correct hash. I've removed any trailing white spaces and return characters. Not matter the setup, I just can't seem to find the special sauce on this one. I've tried numerous approaches and still get a no go. Any tips?Help needed for Threat Hunting: Mining Behaviour
Hey everyone! I need some help with this last question of a lab. I already identified the JSON authentication token and the packet that holds it. But within that packet, I just can't find the authentication key that identifies the miner. Anyone was able to solve and help? Thanks!
