Weaponization: Payloads – Obfuscation Using PowerShell
For question 5 to 7 I have completed but I am not able to find the tokens.txt file. Any hint or guidance? how to get that or where to find? Q7: Save the result to a file named shell.txt in the /home/iml-user/Desktop/ directory. If you've done this correctly, a token will be added to token.txt
Modern Encryption: Demonstrate your skills
I am in the final lab of this collection and the step 3 I need to encrypt the file using aes 256 encryption using the following command and similar other commands I am using for setup 4 & 5 however the commands execute succesfully and a encrypted file is generated however a key file is not generated to decrypt the remaining for encrypted file to complete the lab. I need the help to solve this lab and get the badge. step 3- openssl enc -aes-256-cbc -a -pbkdf2 -nosalt -in plaintext_1.txt -out plaintext_1.enc step 4- Encrypt a file using RC4 openssl enc -rc4 -d -pbkdf2 -nosalt -in plaintext_2.txt -out plaintext_2.enc step 5- Encrypt a file using RC4 openssl enc --des-ede3-cbc -d -pbkdf2 -nosalt -in plaintext_3.txt -out plaintext_3.encWhat do you prioritise during team cyber attack simulations?
Are you responsible for creating and/or assigning cyber attack simulations to teams within your organisation? 🚨 These planned and facilitated exercise are designed to test and evaluate an organisation's preparedness and response capabilities in the event of a cyber incident, and we are looking to understand how you prioritise aspects of these team events. Please share your expertise with us by answering 2 questions about what is most important to you when planning and running these exercises. Your feedback will help to shape future Immersive products. https://www.surveymonkey.com/r/drills-priorities Thank you!Thank you, Immersive Labs
For your kindness and genius. And for allowing us to be a little bit wiser every day; thank you for your practical and theoretical labs (I have even smiled with some of them :)). Thank you for making us investigate, for going a little further; and for having an impact on our customers: protecting them better. Thank you for allowing us to work with recent CVEs from various perspectives (attack, defense and post-mortem). Thank you for your effort and for making it possible. Here's to many more years! :).Discussion: How are you and your organization safely (and securely) utilizing AI?
How are you and your organization safely (and securely) utilizing AI? Are users trained and enabled to utilize AI in the best interests of your organization? Does your organization track AI use and what organizational data could be getting sent to AI? Are you for or against AI usage in the workplace?The Importance of Curating a Culture of Upskilling & Career Progression, rather than Mandatory Training.
As cyber professionals, we know how important it is for teams to stay up to date in order to evidence their readiness to respond to the latest threats. But what can we do to curate a culture of upskilling & career progression, rather than mandatory training? ✍️ We want to hear from you! Have you achieved success in these efforts? If so, how? How does the culture surrounding upskilling affect employee morale and retention? What tips would you give to someone just beginning this cultural shift? How can this culture be used in areas other than cyber? Comment below! ⬇️Why I don't like: Find the Flaw
After done almost all "Find the Flaw" labs I'm trying to give a feedback about this mode. On one hand it's quite handy and nice, to see and define flaws and link them to the corresponding CWE. But sometimes it takes time... very long time (for 20 pts!). Here's an example, I want to share which I'm struggling with and which does not makes sense for me - and there are many FtF labs like this which are forcing me to do try and error. Let's take "Find the Flaw: Rust – Identification and Authentication Failures". You'll have a code like (for brevity I've shortend it a little bit): ... #[derive(Deserialize)] struct PasswordForm { token: String, password: String, } #[derive(Deserialize)] struct UserIdQuery { user_id: String, } async fn reset_password( Query(user_id_query): Query<UserIdQuery>, pool: axum::extract::Extension<SqlitePool>, Form(form): Form<PasswordForm>, ) -> Html<String> { let user_id = user_id_query.user_id; let token = form.token; let password = form.password; if password.len() < 8 || !password.chars().any(|c| c.is_lowercase()) { return Html("Password must be at least 8 characters long and contain at least one lowercase letter.".to_string()); } let hashed_password = sha256(password.as_bytes()); let hashed_password_hex = hex::encode(hashed_password); let pool = pool.0; let result = query("SELECT user_id FROM password_resets WHERE token = ?").bind(token) .fetch_optional(&pool) .await; match result { Ok(Some(_)) => { let update_result = query( "UPDATE users SET password = ? WHERE id = ?") .bind(hashed_password_hex) .bind(user_id) .execute(&pool) .await; ... } pub async fn main() -> Result<(), std::io::Error> { ... .route("/reset_password", post(reset_password)) ... so, on the first glimpse you'll notice: let result = query("SELECT user_id FROM password_resets WHERE token = ?").bind(token) .fetch_optional(&pool) .await; and you think: cool, as long as I have a valid token I can reset ANY password, because the UserIdQuery holds the user_id from the query parameters. That must be the error. And it's clearly CWE-640 - Weak Password Recovery Mechanism for Forgotten Password. Boom! But lab says: "Correct Vulnerability but Incorrect Line" Then you say, ok.. something might be missing... or too much. you'll remove lines, 3... 2.. 1.. nothing. maybe I need to add the update password procedure? so let's click the lines on: let result = query("SELECT user_id FROM password_resets WHERE token = ?") .bind(token) .fetch_optional(&pool) .await; and... ? "Correct Vulnerability but Incorrect Line" now you start clicking on 1 up to 7 lines in all different combinations (no .await, but .bind) but: "Correct Vulnerability but Incorrect Line" You add another part of the code, which could make sense like: let user_id = user_id_query.user_id; let token = form.token; let password = form.password; Again here you start shuffling all the options (now you click between 1 up to 10 lines in all different variations) but all you get is this "Correct Vulnerability but Incorrect Line". You read again the hint you've got with the wrong answer: "Consider how the password is being reset". Yes I did, really! All the time! and so on and so on... probably I've clicked now hundreds of different combinations and so on and I start believing there's a bug in the lab (would not be the first one on this collection). So, how is it for you those "Find the flaw" labs? You like them? You struggle with them? greetings -steven ps: If you have the solution or any other hint for this one, ping me :)
