immersive labs
155 TopicsError in lab in SVMs Behavior Detection
Ref: /v2/labs/fundamental-ai-algorithms-ep-7-svms-behavior-detection/category/ai/series/fundamental-ai-algorithms In Cell-2 of the lab, I used the code below: # connect to elasticsearch using the username python and password pythonisawesome #es = Elasticsearch( 'ELASTICSEARCH_URI', basic_auth=( 'USERNAME', 'PASSWORD' ) ) #es = Elasticsearch( 'http://elasticsearch:9200', basic_auth=( 'python', 'pythonisawesome' ) ) #es = Elasticsearch( 'http://127.0.0.1:9200', basic_auth=( 'python', 'pythonisawesome' ) ) es = Elasticsearch( 'http://172.17.0.1:9200', basic_auth=( 'python', 'pythonisawesome' ), verify_certs=False, ssl_show_warn=False ) # get the process tree for a process #ptree = getPtree( es, 'PROCESS_COMMANDLINE_FOR_INITIAL_PROCESS' ) ptree = getPtree( es, '"C:\\Users\\Administrator\\Downloads\\python-3.10.4-amd64.exe"' ) While running, I got the following error: --------------------------------------------------------------------------- ConnectionError Traceback (most recent call last) <ipython-input-18-724dfb6e6522> in <module> 107 # get the process tree for a process 108 #ptree = getPtree( es, 'PROCESS_COMMANDLINE_FOR_INITIAL_PROCESS' ) --> 109 ptree = getPtree( es, '"C:\\Users\\Administrator\\Downloads\\python-3.10.4-amd64.exe"' ) 110 111 # graph the structure of the process tree <ipython-input-9-ceca3d8599dc> in getPtree(elasticsearch, initial_process) 101 102 # get the initial process id from its commandline --> 103 initial_pid = getProcessFromCmdline( elasticsearch, initial_process ) 104 if initial_pid == None: 105 return <ipython-input-9-ceca3d8599dc> in getProcessFromCmdline(elasticsearch, process) 31 # set it return the process entity id as the unique ID and the commandline and run the query 32 fields = [ 'process.entity_id', 'process.command_line' ] ---> 33 results = esSearch( elasticsearch, query, fields ) 34 35 # check it only returned one value <ipython-input-9-ceca3d8599dc> in esSearch(elasticsearch, fields_values, fields) 18 19 # query elasticsearch specifying what fields you want it to return ---> 20 response = elasticsearch.search( index = 'winlogbeat-*', size='10000', query=query, fields=fields ) 21 22 # return the query hits /usr/local/lib/python3.8/dist-packages/elasticsearch/_sync/client/utils.py in wrapped(*args, **kwargs) 412 pass 413 --> 414 return api(*args, **kwargs) 415 416 return wrapped # type: ignore[return-value] /usr/local/lib/python3.8/dist-packages/elasticsearch/_sync/client/__init__.py in search(self, index, aggregations, aggs, allow_no_indices, allow_partial_search_results, analyze_wildcard, analyzer, batched_reduce_size, ccs_minimize_roundtrips, collapse, default_operator, df, docvalue_fields, error_trace, expand_wildcards, explain, fields, filter_path, from_, highlight, human, ignore_throttled, ignore_unavailable, indices_boost, lenient, max_concurrent_shard_requests, min_compatible_shard_node, min_score, pit, post_filter, pre_filter_shard_size, preference, pretty, profile, q, query, request_cache, rescore, rest_total_hits_as_int, routing, runtime_mappings, script_fields, scroll, search_after, search_type, seq_no_primary_term, size, slice, sort, source, source_excludes, source_includes, stats, stored_fields, suggest, suggest_field, suggest_mode, suggest_size, suggest_text, terminate_after, timeout, track_scores, track_total_hits, typed_keys, version) 3745 if __body is not None: 3746 __headers["content-type"] = "application/json" -> 3747 return self.perform_request( # type: ignore[return-value] 3748 "POST", __path, params=__query, headers=__headers, body=__body 3749 ) /usr/local/lib/python3.8/dist-packages/elasticsearch/_sync/client/_base.py in perform_request(self, method, path, params, headers, body) 284 target = path 285 --> 286 meta, resp_body = self.transport.perform_request( 287 method, 288 target, /usr/local/lib/python3.8/dist-packages/elastic_transport/_transport.py in perform_request(self, method, target, body, headers, max_retries, retry_on_status, retry_on_timeout, request_timeout, client_meta) 327 start_time = time.time() 328 try: --> 329 meta, raw_data = node.perform_request( 330 method, 331 target, /usr/local/lib/python3.8/dist-packages/elastic_transport/_node/_http_urllib3.py in perform_request(self, method, target, body, headers, request_timeout) 197 exception=err, 198 ) --> 199 raise err from None 200 201 meta = ApiResponseMeta( ConnectionError: Connection error caused by: ConnectionError(Connection error caused by: NewConnectionError(<urllib3.connection.HTTPConnection object at 0x7f4e74162700>: Failed to establish a new connection: [Errno 111] Connection refused))38Views0likes2CommentsRansomware: TeslaCrypt - Stuck at Last Question
Has anyone figured out the final question of the Ransomware: TeslaCrypt lab? "What is the domain of the first DNS request made after executing the malware?" No correct answers via Ghidra No answers via ProcMon (suggested in the briefing) I checked the activity in x32dbg - nothing Any ideas? Is the lab broken? As always I might be looking too far...9Views0likes1CommentPowershell Deobsfuscation Ep.7
I first collected the .ps1 script and noticed that it is from hex after decoding from hex I noticed that it converts from decimals This led me to use the from the from decimal recipe from Cyberchef However, this led me towards only the decoded eding of the script itself. with the main obfuscated payload being empty. I am wondering about where I am going wrong in my thought process.Solved19Views0likes1CommentMicrosoft Sentinel SOAR: Demonstrate Your Skills
I am currently working on the Microsoft Sentinel SOAR lab, which involves the use of logic app for automation. From task 4 of the lab, which requires me to do the below and the lab will automatically detect when I complete the task but this hasn't been marking it as complete for me; Has anyone experienced similar issue because I am certain my logic app designer is correct and the run history has been successful ? Attached are screenshots320Views0likes12CommentsHealthcare Compliance
I keep getting an in correct response when answering a question on the Healthcare Compliance Lab. The HIPAA Framework. Question is Your hospital hires an IT consultant to audit your network security. Before giving them access to patient data, what must you do? My response is Have them sign a business associate agreement but its wrong any ideas what the correct response is to this question?Solved45Views1like3Comments