Custom Lab creation AWS EC2 image issue
Hi, I am trying to create a custom lab in AWS EC2 Ubuntu but our works AWS account blocks the security group for inbound rules for SSH 22 and RDP 3389, so get to the point were I can save the EC2 image to an AMI for the lab. The other option for connecting to the lab is to use Web http port 80. Are the any helpful custom lab guides for helping set up an AWS EC2 with a web app? I was thinking a browser as the web app would be OK as the lab would involve looking at static web pages. TIA Rob
ICS Malware: Triton - unpack trilog.exe
Hi. I get the following error when trying to unpack trilog.exe by: iml-user@ics-malware-triton:~/Desktop/Lab-Files/python_exe_unpacker$ python3 python_exe_unpack.py /Desktop/Lab-Files/trilog.exe Traceback (most recent call last): File "python_exe_unpack.py", line 14, in <module> import pefile ModuleNotFoundError: No module named 'pefile' Thanks.
Fundamental AI Algorithms: Decision Trees Script Detection Question 6
In the Fundamental AI Algorithms: Decision Trees Script Detection for question 6 which full set is the question referring to? I have tried all of the percentage accuracy outputted for the 5 sets provided in the code and briefing but none of them worked.
Need help in the lab - APT29 Threat Hunting with Splunk: Ep.11 – Demonstrate Your Skills
I am currently working through the APT29 Threat Hunting with Splunk: Ep.11 – Demonstrate Your Skills lab and would appreciate your assistance in reviewing or clarifying a few specific questions. Despite thorough log analysis and validation via Splunk queries, the following questions are not accepting what I believe to be correct answers: Q10. A PowerShell script was initially executed to extract encoded data from an image file. What is the full ParentCommandLine field value used to execute this? Q11. This PowerShell script was added to a registry key that was used to bypass user access control. What other value was set on the same key to facilitate this? Q15. what was the name of the service created to obtain a means of persistence? Q23. What is the name of the executable that's executed by the persistence mechanism placed in the Windows Startup folder?
Modern Encryption: Demonstrate Your Skills
Hi there, I have completed all questions except for Q.10 which involves the decryption of an RSA-encrypted file. To the best of my knowledge, a private key is required to decrypt this asymmetrically encrypted file, but I only see a public "public.pem" key in the "~/Desktop/Lab-Files" directory. Am I missing something? I have completed all the other questions so I believe all necessary files/tokens should have already been generated. Any help would be much appreciated. Many thanks, Pete
Introduction to Detection Engineering: Ep.3 – Parent Processes - Kibana says no
Introduction to Detection Engineering: Ep.3 – Parent Processes Team, Trying to complete what should be a straightforward lab, however the elastic search is never ready. Is there any chance someone could take a look at this? I will try on better wifi later but i feel its more a lab issue than connection.
