PowerShell Deobfuscation: Ep 8 help
I have been stuck on this EP for a week and haven't been able to progress. I am hoping someone can give me a hint to help me get through this one. Here is what I have done so far. I take the original encoded message and apply "FromBase64" and then "Raw Inflate" and I get the following data: You can see it outputs another command that also needs to decoded using the same steps above. That output gives you this... It outputs a string of characters but no obvious way to get this readable. I have tried bit-shifting, rotating characters, and a bunch of other tests and nothing has shown me anything that is remotely readable. I assume I am missing something simple but every time I read it back through, I don't see what I missed. Any help you can provide would be greatly appreciated.PowerShell Deobfuscation: Ep.9
Hello guys I am now on ep 9 on this fantastic collection but been banging my head for couple of days now for this appreciate any help. Able to decode the first layer using frombase64 and raw inflate Then I copied the resulting script and remove some parts to be able to execute it on powershell console I read somewhere that it is a enrypted base64 string given there is a -key on the second layer I found this article which seems related then followed how to decrypt I tried following it with same variable but I am stuck. Not sure how to do this via Cyberchef as well. Appreciate any help in right direction.
Snort Rules: Ep.9 – Exploit Kits
I am pulling my hair with question number 8 Create a Snort rule to detect the third GET request in the second PCAP file, then submit the token. This one should do it but it is not working. alert tcp any any -> any any (msg:"detect the third GET request"; content:"e31e6edb08bf0ae9fbb32210b24540b6fl"; sid:1000001) I tried so many rules base on the first GET header and still unable to get the token. Any tips?Help with Foundational Static Analysis: 64-Bit Analysis
Hello everyone, I received this error while attempting to analyse the malware in this Lab with the default format settings that Ghidra assigned. I attempted to search for the API required in Exercise 1 (CreateProcessWithTokenW) but nothing came up in the Imports or the function list. Am I missing something? Thank you! :)
ICSE / Wireshark final exercice : how to rebuilt the Pdf?
Hi everyone, in the last exercise, I managed to rebuilt the pdf file and it is perfectly readable, however the md5 hash generated from it keeps on been wrong. Is there anything special to consider when rebuilding the file? My method for rebuilting it was to remove top an bottom part that are obviously not part of the pdf, and also the newline character at the end of the last line, then concatenate everything together with a cat command. Thanks in advance for any hint.
Active Directory Basics: Demonstrate Your Skills
Hey team, i am working on the lab in the title and quite sure there's an issue with the answer for one of the questions. 12. What is the full name of the user on COMP-SIREN that begins with L? I am pretty sure it is Larry Young as you can see from the screenshot. Could i check whether there is an error with the question? Or am i missing something
