Investigating IAM Incidents in AWS: Preparation - Question 7
For the question: The ‘MetrolioQA’ IAM role in your account grants write access to a ‘metrolio’ role from another account. What is the full name of the external principle? I can't seem to find insight onto the role. I am wondering about what is the location of the GUI I should be looking into more of. I have mostly been digging throughout the csv download for any possible insights as well as the IAM access analyzer but I cant seem to get any good leads. Done through the MetrolioIAMAnalyst AWS role account. Summary: I am wondering if there is any direction that can be provided in which I can look into more for finding external principles.
Templates do not add systems
Hello everybody, I just registered yesterday for snaplabs and wanted to deploy a template (does not matter which, I tried several). The problem I am encountering is, that snaplabs does not add any systems to the range and keeps on hanging. Here are some screenshots: Here are no instances listed: Also in the AWS dashboard, nothing but the IP shows up: What is wrong here? I simply clicked on a template, did not even change the name
Trick or Treat on Specter Street: Widow's Web
I am very stucked in Trick or Treat on Specter Street: Widow's Web I can't do none of the questions, but in any case I start by 4th that is the first answerable one Your first task is to simulate the loyal Crawlers. Run legitimate-crawler and inspect the output in Lab-Files to observe their behavior. To simulate the rogue Crawlers, you must discover the hidden paths on the website. Read the blog posts – they contain clues. Disallow these in Website-Files/robots.txt and run malicious-crawler. Inspect the output in Lab-Files. What is the token? I have created the robots.txt file since I understand that malicious-crawler goes expressedly there. My robots.txt contains all url's I can imagin Disallow: /secret Disallow: /treat Disallow: /hidden Disallow: /crypt Disallow: /warden Disallow: /rituals Disallow: /witch-secrets Disallow: /admin Disallow: /vault Disallow: /uncover Disallow: /post1 Disallow: /post2 Disallow: /post3 Disallow: /post4 Disallow: /contact Disallow: /drafts/rituals But the result of malicious-crawler.txt doesn't give me either a token nor a hint I have curl-ed all pages looking for words as token and nothing. I have found some key words in http://127.0.0.1:3000/witch-secrets as intercepted-incantations, decoded them and nothing. I have searched in spider-sigthings.log what hapened at 3.00 am but nothing Can someone gime me a hint?CTI First Principles: Threat Actors and Attribution Question 8
For the question: Which sub-technique has been attributed to this threat actor in the Credential Access Tactic? as the briefing was talking about phishing through attachment, for some reason, the answer Spearphishing Attachment, was not correct. I am wondering about where else I shoud be looking into as the main report mostly taked about email delivery methods in terms of initial access to credentials
