Incident Response Suspicious Email Part 2 last Question
Hello I am getting slowly crazy here. The last question of Suspicious Email Part 2 asks to find the FQDN of the threat actor within the output that in the previous questions we had to deobfuscate after unpacking the vbaProject.bin using Oletools and / or a script. I created a script to convert Decimal to ASCII and the Hash in the end was matching and I solved the 2nd to last question. However afterwards it says the FQDN should be in the file I just created. This is not the case. I checked the file with strings and even read the whole file line by line to find any FQDN. The only sites in there are apache and zeustech which are only in there because ApacheBench got used in the Malware. There is no trace of any further FQDN. So I'm effectively stuck there because I can't find any worthwhile Info. Does anyone have any Idea? Or is this Lab just broken? I redid the whole Lab from scratch 2 times already. Both times I wrote a new Script aswell and everytime the Hash is correct but there is no FQDN to be found anywhere in there.
Ep 7 Post Exploitation With Metasploit
I’m having issues with q9 and don’t know why what I’m currently doing isn’t working. I’ve ran SharpUp.exe and found a vulnerable binary location (C:/Windows/Important-Service/Important-Service.exe). From my original meterpreter session, I have uploaded a new msfvenom payload called Important-Service.exe to the location above, with hope to spawn a new shell on another listener. Nothing is happening when I start the service or execute the exe. Any pointers with this one? I feel that what I am doing is correct and should work.
Incident Response: Suspicious Email – Part 2 -Help Needed.
Hi, I'm currently trying to complete this lab but I'm stuck on step 10. I have tried to use the different tools at hand but I'm struggling to extract the VBA and getting the binaries for it. Any help would be much appreciated. Kind Regards, jjdeno99
Modern Encryption: Demonstrate Your Skills
Hello, I am a little stuck on Q3 for this lab and would really appreciate any help I can get. So I have followed the steps as required by encrypting the file - plaintext_1.txt and set the password as per steps on the actual file itself - plaintext_1.txt. However after setting the password I am not getting token_1.txt appearing in the Lab-Files folder. What am I doing incorrectly?
Modern Encryption: Demonstrate Your Skills
Hi there, I have completed all questions except for Q.10 which involves the decryption of an RSA-encrypted file. To the best of my knowledge, a private key is required to decrypt this asymmetrically encrypted file, but I only see a public "public.pem" key in the "~/Desktop/Lab-Files" directory. Am I missing something? I have completed all the other questions so I believe all necessary files/tokens should have already been generated. Any help would be much appreciated. Many thanks, PeteKusto Query Language: Ep.9 – Parsing Complex Data Types.
Hi all, I am stuck on Question 6 as part of the KQL Parsing Complex Data Types. I have been doing adaptations of the following query to only get a blank AvgTime table each time. Event_CL | where EventData contains "KB2267602" | extend ParsedData = parse_json(EventData) | summarize AvgTime = avg(todatetime(ParsedData["@time"])) I may be missing something obvious or not, but any help would be thankful.
