Windows Basics: Demonstrate your knowledge Q11.
Hello, I'm stuck on this question. Though cmd returns the change as being successful, the lab isn't marking the task as complete. I've tried using both Task Scheduler and cmd to change the task action. I've also tried to create the script itself in case it didn't exist and that's what's causing the issue. It says the parameters have been changed, but I'd really appreciate any pointers. Thank you
Wizard Spider DFIR: Ep.9 – Sigma
The question I'm stuck on is : Modify the rule file "file_event_win_macro_file.yml" to also include ".docm" file types. Convert this rule using Sigmac and use the output within Elastic. How many potentially malicious Microsoft Word files are discovered? I have done everything modified the rule and I have converted this rule using sigmac and have this output file.name.keyword:(*.dotm OR *.xlsm OR *.xltm OR *.potm OR *.pptm OR *.pptx OR *.docm) but I just cannot find elastic anywhere to use the output within elastic ? its not in the notes as a link, its not an app. ive even tried putting in the port number and ip address to get it up and that not working has anyone else completed this and no how to open elastic I feel like this should be the easy bit. Please help even Chatgpt has given up.
CSP Hash Incorrect Despite Correct Script and Hash (CSP Lab Issue?)
Hello all! I'm working on Introduction to Content Security Policy (CSP) Lab: Content Security Policy: Hashes exercise that requires generating the correct hash for an inline script like: <script>document.body.style.backgroundColor = "#ADDADE";</script> I’ve used both CyberChef and the SHA-256 JavaScript snippet to generate hashes like: sha256-+BWzTX+GJrse8ifajvHg6QFPdmE+JjXYmrYBn+kLITo= sha256-Msn/9dD1zBN7LGZyQyglKL9JMVyCsVqvZ7MAkmm/BpU= I've accounted for trailing newlines and whitespaces (CRLF, LF), used View Source (not dev tools), and verified that I'm hashing the exact script content. However, the lab continues to mark the answer as “incorrect.” Is this likely a glitch in the lab setup, or is there a common mistake I might be overlooking? Would appreciate any help or confirmation from someone who’s completed this lab or run into a similar problem
NHS Offensive Cyber Range: Armsdon Hospital
Hi all, Just wanted some advice on this as I am stuck. I managed to get into the intranet using SQL injection/union and extract all the usernames and passwords. I am not sure if I am on the wrong path or doing things in the wrong order for the next part. The FTP server seems to only be active on RDP. The DC has no samba vulnerabilities. So... I assume I try to use the credentials from the intranet to RDP to the DC/FTP (then after this elevate access using other techniques) but so far that has failed for the Armsdon users I have tried their users/passwords (from the intranet). Any tips welcome!The Cyber Readiness Outlook: 2025 Threat Reflection and 2026 Forecast
Register to receive the webinar link. Clicking Attend on this page won't give you the link. Cybersecurity, from threat actors to the defensive strategies deployed against them, is undergoing a radical shift, forcing leaders to aggressively realign their strategy to meet escalating and evolving tactics. As we pivot from reflecting on the key challenges of 2025 to prioritizing our defensive posture for 2026, the need for proven capability over mere prevention has become an organizational imperative. Join us for this forward-looking discussion with Immersive’s Container 7 as they reflect on the year’s most significant developments and share the actionable intelligence required to fortify your defenses in the coming year. Cyber leaders will come away with: Key Lessons from 2025: Look back at the shift in adversary tactics, from the decrease in complex zero-day exploits toward supply chain compromises and chaotic threat actor behaviors, leading to the increase in pressure for ransom payments. The AI-Driven Development Risk: Take an uncompromising look at how the rush to deploy AI functionality is compromising security, while threat actors leverage AI for massive-scale noise generation and volume-based attacks. The Mandate for Proven Preparation: See the data-backed case for why security budgets must shift from focusing solely on prevention to practicing and proving response capabilities. Strategic Outlook for 2026: Learn about strategies for securing connected supply chains and complex infrastructure and understand the increasing demand for hyperspecific, tailored exercises.
Trick or Treat on Specter Street: Widow's Web
I am very stucked in Trick or Treat on Specter Street: Widow's Web I can't do none of the questions, but in any case I start by 4th that is the first answerable one Your first task is to simulate the loyal Crawlers. Run legitimate-crawler and inspect the output in Lab-Files to observe their behavior. To simulate the rogue Crawlers, you must discover the hidden paths on the website. Read the blog posts – they contain clues. Disallow these in Website-Files/robots.txt and run malicious-crawler. Inspect the output in Lab-Files. What is the token? I have created the robots.txt file since I understand that malicious-crawler goes expressedly there. My robots.txt contains all url's I can imagin Disallow: /secret Disallow: /treat Disallow: /hidden Disallow: /crypt Disallow: /warden Disallow: /rituals Disallow: /witch-secrets Disallow: /admin Disallow: /vault Disallow: /uncover Disallow: /post1 Disallow: /post2 Disallow: /post3 Disallow: /post4 Disallow: /contact Disallow: /drafts/rituals But the result of malicious-crawler.txt doesn't give me either a token nor a hint I have curl-ed all pages looking for words as token and nothing. I have found some key words in http://127.0.0.1:3000/witch-secrets as intercepted-incantations, decoded them and nothing. I have searched in spider-sigthings.log what hapened at 3.00 am but nothing Can someone gime me a hint?
