Kusto Query Language: Ep.9 – Parsing Complex Data Types.
Hi all, I am stuck on Question 6 as part of the KQL Parsing Complex Data Types. I have been doing adaptations of the following query to only get a blank AvgTime table each time. Event_CL | where EventData contains "KB2267602" | extend ParsedData = parse_json(EventData) | summarize AvgTime = avg(todatetime(ParsedData["@time"])) I may be missing something obvious or not, but any help would be thankful.
PowerShell Deobfuscation: Ep 8 help
I have been stuck on this EP for a week and haven't been able to progress. I am hoping someone can give me a hint to help me get through this one. Here is what I have done so far. I take the original encoded message and apply "FromBase64" and then "Raw Inflate" and I get the following data: You can see it outputs another command that also needs to decoded using the same steps above. That output gives you this... It outputs a string of characters but no obvious way to get this readable. I have tried bit-shifting, rotating characters, and a bunch of other tests and nothing has shown me anything that is remotely readable. I assume I am missing something simple but every time I read it back through, I don't see what I missed. Any help you can provide would be greatly appreciated.Windows Exploitation: Bypassing AppLocker Allowed Paths
Hello, I need a assistance with a lab on Windows Exploitation: Bypassing AppLocker Allowed Paths . I have tried to clear this lab but I'm unable to run powershell.exe. I have tried to locate other installations of Powershell on the Windows Machine but even those executables within C:\Windows\WinSxS are getting blocked. Please help me on this to crack down.
Hack Your First Web App: Ep.6 - Hydra
I am stuck on Question 7 which instructs you to use hydra to brute force a password. I was able to use it correctly on Ep. 5. I have tried using the same cmd and changing to the login page but it returns 16 incorrect matches rather than one. hydra -l test -P /usr/share/wordlists/custom/ozone-wordlist.txt ozone-energy.bitnet http-form-post"/login:username=^USER^&password=^PASS^&Login=Login:Invalid Password"
Snort Rules: Ep.9 – Exploit Kits
I am pulling my hair with question number 8 Create a Snort rule to detect the third GET request in the second PCAP file, then submit the token. This one should do it but it is not working. alert tcp any any -> any any (msg:"detect the third GET request"; content:"e31e6edb08bf0ae9fbb32210b24540b6fl"; sid:1000001) I tried so many rules base on the first GET header and still unable to get the token. Any tips?
