Introduction to Microsoft Sentinel - Error
Hi I've tried to open Introduction to MS Sentinel labs but always encounter " The lab has ended due to an error. Error Message: The lab has encountered a critical error.". Tried with different devices ( company/personal) , different browsers and WiFi connections but result remains same.PowerShell Basics: Demonstrate Your Skills
Hi, I'm a little stumped on Q10 and was wondering if I could please get some help. I have used the Invoke-Command once script.ps1 was copied over from my local machine to Server 1 and established the text file. However how would I view the text file in question? I know the Get-Content command but as it's in a different directory it won't work. Many thanks.
IoT & Embedded Devices: Certificate Underpinning
I am also stuck on Step 5 and having trouble with the trigger. I have self-signed certs, an HTTP server listening on 443 (bound to 0.0.0.0) as well as a sniffer for anything coming from the target. I have tried to trigger the target to connect using: for i in {1..5}; do echo '{"Update":"1","ClientId":"AXG1337VFXL","Server Ip":"<KALI_IP>"}' | nc -u <TARGET_IP> 8080; sleep 2; done Can anyone point me in the right direction?Elastic Data Ingest: Demonstrate Your Skills Q9
I have found the answers to all the other questions including 10 but I don't quite understand what Q9 is asking for when it says "Shortly after this file was created, two temp files were also created. What is the last 6 characters in the name of these temp files?" . I have found the files created after q8 answer see below but as far as I can see no combination of the perfstringbackup.tmp file is being accepted (have tried including the file extension and not) . Any guidance on what the question is actually looking for here ?
insufficient permissions for the lab "IAM and EC2: Instance Profiles"
I am working on the lab "IAM and EC2: Instance Profiles" and in section 4 it requires launching an EC2 instance. The problem is that following all the steps, it returns the following error: Instance launch failed You are not authorized to perform this operation. User: arn:aws:iam::250176780079:user/aBCbsrMbk6Um5GQlxs7G is not authorized to perform: ec2:RunInstances on resource: arn:aws:ec2:us-east-1:250176780079:volume/* with an explicit deny in an identity-based policy. Encoded authorization failure message: ktHE_tnENT_yEI9xSX3pGA8Rv36ZXZirDZ_QIdV4cyWE9UtT_w-drjPxlGAyZIXfOUOKRgN42SjowCSdb5GLXvXfzYF0VLxOAtrmhyJcQOVwkXSuRrRVJ5-Bov1rX_uAt4E-VWR07oGDsl1LnJvKoNxgyVRV0fDUMgvzFcnskDDn_toD2yrFQeaQZLeVEA8dnk0IvNVtsXRp_KB3Mbc6kIkpbkCDzrAZMswqUI92w04__Hm2GATKTNr4Ok7ryj3fX9pqNmL4GxWxnamQitqaWyuQo45WD-4IMqu1OPVfxixHJ9OcDYFFWlFkc6w8-lXwwLzk5O5SvAhHbMPjM8JYpE9ECvZL1UDnTy8L39hOB8QS-p2YIayS4AbcUK4GXCzVqUrUYL5p5Jid9DrboEgXgMhgRg87YQX_H_4fiiGibLN_3N7-64hKyGPgKTsfXv1Yq7Zl-wJ0ckgo4QfQyxNNdb6iqRUm8WFtShWidZujtE3GdMXsqeSUKYsx2rDVEaX2qlFF7M6EDErOvhVa2Ify8X9VKkkgcEP6kkwiO-WLz7nHEnnNj8lCzNadkkc6tXsBWTerF6Q7kdO0lqczi3-c3nUSAH7q79GCX49IfvTHU6AOT59VWJCCKw7XjAYReMHXpeH9yUDQee6JlnAQ2qeuX09TTpC9LcZWMbgtr_cDd7rTJmhwdUTLkN3sSyzw0KuU3n9kgu0bHZWkm0P7X4y7E0mOXSZ2BGOni9OyEy_D8DYV9Y8f3JJ8XBT5_jzNInxSo0hogSginKSnH9xZUq_wuyxCPu1L2znbcM7KFrW1wkivq8OoGek Am I doing something wrong or is there actually a lack of permissions to complete it? Thank you very much for your help.Modern Encryption: Demonstrate Your Skills
Hello, I am a little stuck on Q3 for this lab and would really appreciate any help I can get. So I have followed the steps as required by encrypting the file - plaintext_1.txt and set the password as per steps on the actual file itself - plaintext_1.txt. However after setting the password I am not getting token_1.txt appearing in the Lab-Files folder. What am I doing incorrectly?
Wizard Spider DFIR: Ep.9 – Sigma
The question I'm stuck on is : Modify the rule file "file_event_win_macro_file.yml" to also include ".docm" file types. Convert this rule using Sigmac and use the output within Elastic. How many potentially malicious Microsoft Word files are discovered? I have done everything modified the rule and I have converted this rule using sigmac and have this output file.name.keyword:(*.dotm OR *.xlsm OR *.xltm OR *.potm OR *.pptm OR *.pptx OR *.docm) but I just cannot find elastic anywhere to use the output within elastic ? its not in the notes as a link, its not an app. ive even tried putting in the port number and ip address to get it up and that not working has anyone else completed this and no how to open elastic I feel like this should be the easy bit. Please help even Chatgpt has given up.
