Kusto Query Language: Ep.7 – String Processing Q4
I am stuck in Q4, and it seems that the query matches the requirements of the question and generates exactly what it is asking for. However, the lab does not accept the full substring command used in the query as the correct answer. Please let me know if I am missing anything. Thank you.
Snort Rules: Ep.9 – Exploit Kits
I am pulling my hair with question number 8 Create a Snort rule to detect the third GET request in the second PCAP file, then submit the token. This one should do it but it is not working. alert tcp any any -> any any (msg:"detect the third GET request"; content:"e31e6edb08bf0ae9fbb32210b24540b6fl"; sid:1000001) I tried so many rules base on the first GET header and still unable to get the token. Any tips?
Modern Encryption: Demonstrate your skills
I am in the final lab of this collection and the step 3 I need to encrypt the file using aes 256 encryption using the following command and similar other commands I am using for setup 4 & 5 however the commands execute succesfully and a encrypted file is generated however a key file is not generated to decrypt the remaining for encrypted file to complete the lab. I need the help to solve this lab and get the badge. step 3- openssl enc -aes-256-cbc -a -pbkdf2 -nosalt -in plaintext_1.txt -out plaintext_1.enc step 4- Encrypt a file using RC4 openssl enc -rc4 -d -pbkdf2 -nosalt -in plaintext_2.txt -out plaintext_2.enc step 5- Encrypt a file using RC4 openssl enc --des-ede3-cbc -d -pbkdf2 -nosalt -in plaintext_3.txt -out plaintext_3.encFoundational Static Analysis: API Analysis
Hi all, I'm stuck in this part, where using Ghidra, I have to find where the Windows API GetModuleHandleA is used, in the binary called exercise_two.exe, and once located, find the parameter of this function. Taking a look about GetModuleHandleA, there's no references or calls to API in any part of the code. Also tried to look for references to GetProcAddress or LoadLibrary and nothing. Am doing something wrong? Any idea to find the "parameter" of the function that calls to the API?. Is the only question from this part remaining... Thanks and regards.
Viewing combined Pioneer info??
Hola, Random idle thought, as I've just got the Pioneer badge for completing the new Typelib: COM Persistence lab. Is there way to easily view a list of who has which Pioneer badges? I'd be very curious to see a local leaderboard of who has how many, and for which labs/sections... Does it show up in data explorer or the other logging stuff anywhere? Cheers, Steve.
