Hafnium: Detection of IoCs - Question 5
For the Which web shell in the auth folder matches those detected in the Microsoft report? What does the question mean by Microsoft Report? is it talking about the PowerShell ISE output? even then, based on the output I cant seem to find the files that was referenced in the auth folder. Summary: I am wondering about what the question means by Microsoft Report and where I can find it. Or if I am simply looking in the wrong direction
Kerberos: Active Directory Certificate Services lab - getting KRB-ERROR (16): KDC_ERR_PADATA_TYPE_NOSUPP
Lab: Kerberos: Active Directory Certificate Services - Labs - Immersive I am not able to get tgt ticket using this command .\Rubeus.exe asktgt /certificate:cert.pfx /user:Administrator /ptt It throws error: KRB-ERROR (16) : KDC_ERR_PADATA_TYPE_NOSUPP I have tried all the steps in same order: 1. .\Certify.exe find /vulnerable 2. .\Certify.exe request /ca:DC01.krbtown.local\krbtown-DC01-CA /template:VulnTemplate /altname:Administrator 3. generate cert.pfx and running rubeus. Searched for this error and it says - "In order to login using a certificate through a valid Kerberos TGT, Public Key Cryptography for Initial Authentication (PKINIT) must be supported in AD." Can someone plz help me to solve the lab.Ransomware: Darkside - Question 9
In terms of determining the name of the service that is installed after the ransomware was executed, there doesn't seem to be any service installation activities observed from the endpoint. Wondering if I should be focusing on a different code, slightly irrelevant towards service creation activities. when searching for file creation for possible service names "api-ms-win-service-management-l1-1-0.dll" is also showcased to not work. Wondering about what different area should I be looking into insteadInvestigating IAM Incidents in AWS: Preparation - Question 7
For the question: The ‘MetrolioQA’ IAM role in your account grants write access to a ‘metrolio’ role from another account. What is the full name of the external principle? I can't seem to find insight onto the role. I am wondering about what is the location of the GUI I should be looking into more of. I have mostly been digging throughout the csv download for any possible insights as well as the IAM access analyzer but I cant seem to get any good leads. Done through the MetrolioIAMAnalyst AWS role account. Summary: I am wondering if there is any direction that can be provided in which I can look into more for finding external principles.
