Cybersecurity and philosophy
Fellow members of the Cyber family: I think the ancient philosophers, those who recognized their own ignorance, were motive: their curiosity to learn, to question, to go a step further, to not settle ... I would like to think that these qualities defined great thinkers. And may we never lose the ability to recognize and be surprised, in the face of threats; studying them, always. I have always believed that a “let's talk” can be more enriching than a “I denounce you”: learning, if possible, from the adversary and his geniuses. And, of course, let's keep learning: every day: tactics, techniques, procedure and vectors. Nobody said this was going to be easy, did they? :). Good luck!.39Views5likes1CommentMalicious Document Analysis: Dropper Analysis
I have completed up to question 6 on here and I can not get the python script to work. I have gone through and "fixed" the required portions but keep getting "modulenotfound: no module named 'oletools'". Any pointers on what I'm doing wrong and how to fix it would be appreciated.Solved102Views3likes7CommentsCVE-2022-29799/CVE-2022-29800 (Nimbuspwn) – Defensive
Hello community, I can't find the answer to these question I tried using the Sigma file provided in the lab to query Splunk it returned no events. I also tried doing custom queries with using similar strings. But I never got the correct answers Any helpis appreciated. ThanksSolved55Views2likes3CommentsFIN7 Threat Hunting with Splunk: Ep.3 – Execution Logs
For this lab I need to rebuild the PowerShell script using the three parts found in the PowerShell operational logs. Which I am able to do fairly easily but when I am required to obtain the MD5 hash of the file I am not getting the correct hash. I've removed any trailing white spaces and return characters. Not matter the setup, I just can't seem to find the special sauce on this one. I've tried numerous approaches and still get a no go. Any tips?Solved187Views1like27CommentsHelp needed for Threat Hunting: Mining Behaviour
Hey everyone! I need some help with this last question of a lab. I already identified the JSON authentication token and the packet that holds it. But within that packet, I just can't find the authentication key that identifies the miner. Anyone was able to solve and help? Thanks!Solved89Views1like5CommentsPowerShell Deobfuscation: Ep.9
Hello guys I am now on ep 9 on this fantastic collection but been banging my head for couple of days now for this appreciate any help. Able to decode the first layer using frombase64 and raw inflate Then I copied the resulting script and remove some parts to be able to execute it on powershell console I read somewhere that it is a enrypted base64 string given there is a -key on the second layer I found this article which seems related then followed how to decrypt I tried following it with same variable but I am stuck. Not sure how to do this via Cyberchef as well. Appreciate any help in right direction.Solved33Views1like2CommentsPowershell Deobsfuscation Ep.7
Hello can anybody help me or give some hints how to solve this lab? I can notice some URL encoding. I did try in Cyberchef below recipe but still stuck url decode > from hex > from charcode Next thing I was left with are bunch of 2s with random spacing. Appreciate any hints or help? :)Solved127Views1like9Commentstweaks to career paths
Hi - I'm reasonably close to finishing career path: Advanced Threat Hunting and Digital Forensics However I really don't like the look of "DFIR CTF: LightNeuron DLL" Is it possible to get the career path amended so that this lab does not have to be completed. many thanks - gus58Views1like2Comments