CVE-2022-29799/CVE-2022-29800 (Nimbuspwn) – Defensive
Hello community, I can't find the answer to these question I tried using the Sigma file provided in the lab to query Splunk it returned no events. I also tried doing custom queries with using similar strings. But I never got the correct answers Any helpis appreciated. Thanks
Historic Steganography Lab
I've been stuck on question 6 in the Stenography lab within the Historic Encryption upskill series. I'm not sure if I'm missing something within the command line or if the password/passphrase for the file is wrong. The password/passphrase is supposed to be "carnivale" Here are some screenshots to help zero in where I'm at. Thanks all!
Radare2 Reverse Engineering: Ep.1 – Windows Binary Part 1
I have managed to find the answers to all of the questions within this lab except for question 6. I can not seem to figure out the appropriate step(s) or action(s) to take find the correct answer for this question. Any insight or guidance on what I'm missing / doing incorrectly and how to correct it would be greatly appreciated. I have provided a few screenshots for reference. Thanks in advance.
FIN7 Threat Hunting with Splunk: Ep.3 – Execution Logs
For this lab I need to rebuild the PowerShell script using the three parts found in the PowerShell operational logs. Which I am able to do fairly easily but when I am required to obtain the MD5 hash of the file I am not getting the correct hash. I've removed any trailing white spaces and return characters. Not matter the setup, I just can't seem to find the special sauce on this one. I've tried numerous approaches and still get a no go. Any tips?Help needed for Threat Hunting: Mining Behaviour
Hey everyone! I need some help with this last question of a lab. I already identified the JSON authentication token and the packet that holds it. But within that packet, I just can't find the authentication key that identifies the miner. Anyone was able to solve and help? Thanks!
PowerShell Deobfuscation: Ep.9
Hello guys I am now on ep 9 on this fantastic collection but been banging my head for couple of days now for this appreciate any help. Able to decode the first layer using frombase64 and raw inflate Then I copied the resulting script and remove some parts to be able to execute it on powershell console I read somewhere that it is a enrypted base64 string given there is a -key on the second layer I found this article which seems related then followed how to decrypt I tried following it with same variable but I am stuck. Not sure how to do this via Cyberchef as well. Appreciate any help in right direction.
