Custom Lab creation AWS EC2 image issue
Hi, I am trying to create a custom lab in AWS EC2 Ubuntu but our works AWS account blocks the security group for inbound rules for SSH 22 and RDP 3389, so get to the point were I can save the EC2 image to an AMI for the lab. The other option for connecting to the lab is to use Web http port 80. Are the any helpful custom lab guides for helping set up an AWS EC2 with a web app? I was thinking a browser as the web app would be OK as the lab would involve looking at static web pages. TIA Rob12Views1like1CommentICS Malware: Triton - unpack trilog.exe
Hi. I get the following error when trying to unpack trilog.exe by: iml-user@ics-malware-triton:~/Desktop/Lab-Files/python_exe_unpacker$ python3 python_exe_unpack.py /Desktop/Lab-Files/trilog.exe Traceback (most recent call last): File "python_exe_unpack.py", line 14, in <module> import pefile ModuleNotFoundError: No module named 'pefile' Thanks.8Views0likes0CommentsFundamental AI Algorithms: Decision Trees Script Detection Question 6
In the Fundamental AI Algorithms: Decision Trees Script Detection for question 6 which full set is the question referring to? I have tried all of the percentage accuracy outputted for the 5 sets provided in the code and briefing but none of them worked.9Views0likes0CommentsNeed help in the lab - APT29 Threat Hunting with Splunk: Ep.11 – Demonstrate Your Skills
I am currently working through the APT29 Threat Hunting with Splunk: Ep.11 – Demonstrate Your Skills lab and would appreciate your assistance in reviewing or clarifying a few specific questions. Despite thorough log analysis and validation via Splunk queries, the following questions are not accepting what I believe to be correct answers: Q10. A PowerShell script was initially executed to extract encoded data from an image file. What is the full ParentCommandLine field value used to execute this? Q11. This PowerShell script was added to a registry key that was used to bypass user access control. What other value was set on the same key to facilitate this? Q15. what was the name of the service created to obtain a means of persistence? Q23. What is the name of the executable that's executed by the persistence mechanism placed in the Windows Startup folder?32Views1like2CommentsModern Encryption: Demonstrate Your Skills
Hi there, I have completed all questions except for Q.10 which involves the decryption of an RSA-encrypted file. To the best of my knowledge, a private key is required to decrypt this asymmetrically encrypted file, but I only see a public "public.pem" key in the "~/Desktop/Lab-Files" directory. Am I missing something? I have completed all the other questions so I believe all necessary files/tokens should have already been generated. Any help would be much appreciated. Many thanks, Pete34Views1like0CommentsPractical Malware Analysis: .NET Encryption and Encoding
I have completed all of the questions except decrypting the configuration string. I have the correct AES key (question 7 is correct - first 5 chars of the AES key) Although it seems that the instructions in part 6 - "Take the first 16 bytes of the hash and add it to the full hash. Your key should be: MD5 hash of password + first 16 bytes of MD5 hash of password" give a different key to the python snippet in the briefing section: import hashlib value = '' key_hash = hashlib.md5(value.encode('utf-8')).hexdigest() aes_key = key_hash[:30] + key_hash + '00' print(aes_key) So I have two differing keys: A = full md5 hash + full md5 hash (as the md5 hash is 16 bytes) B = first 30 chars of md5 hash + full md5 hash + 00 I have tried using both of these AES keys to decrypt the configuration string found in StubAdmin.bin > StubAdmin.bin.exe > Resources > System_Configuration.Resources.resoures > A I have tried both decoding the string from base64 before decrypting and without decoding and CyberChef tells me it is "unable to decrypt input with these parameters" every time.Solved251Views0likes12CommentsHelp Q2 - Tuoni 101: Ep.5 – Demonstrate Your Skills
Looking for some help with the Tuoni 101: Ep.5 Q2. The following method is given to gain initial access: "To gain an initial foothold, you'll need to use the Hosted files page to host an executable. Any file hosted using that method will be run once on the initial target. Once executed, it'll be removed from the hosted files page." I tried this one and wasn't able to get the initial access. I tried originally using the default reverse HTTP listener and generating an x64 .exe file and hosting it on the "Files" tab and waited 5 minutes. As this didn't work I tried an x86 payload. This didn't work so I created a new HTTP listener and tried both approaches. After this didn't work, I generated all payload types for the reverse_HTTP and reverse_TCP listeners and hosted them as files and still didn't have any success. Any ways to get the payload to execute would be greatly appreciated.Solved38Views1like4CommentsWeb App Hacking Lab
I am stuck on the last question of this lab. Question 13 - Return to the /login page and log in as the admin of the site. What is the token you receive? I have been trying to use OWASP ZAP but cant seem to figure it out. Any help would be greatly appreciated. Thanks.365Views1like10CommentsIntroduction to Detection Engineering: Ep.3 – Parent Processes - Kibana says no
Introduction to Detection Engineering: Ep.3 – Parent Processes Team, Trying to complete what should be a straightforward lab, however the elastic search is never ready. Is there any chance someone could take a look at this? I will try on better wifi later but i feel its more a lab issue than connection.13Views0likes0Comments