Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the ultimate-blocks domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/margheri/public_html/wp-includes/functions.php on line 6121

Notice: _load_textdomain_just_in_time işlevi yanlış çağrıldı. Translation loading for the perfect-portfolio domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Ayrıntılı bilgi almak için lütfen WordPress hata ayıklama bölümüne bakın. (Bu ileti 6.7.0 sürümünde eklendi.) in /home/margheri/public_html/wp-includes/functions.php on line 6121
Advent of Cyber 2024 Day 15: Be it ever so heinous, there's no place like Domain Controller. - Aleyna Doğan

Aleyna

Advent of Cyber 2024

Advent of Cyber 2024 Day 15: Be it ever so heinous, there’s no place like Domain Controller.

on

Lab link.

Questions

1. On what day was Glitch_Malware last logged in?

Answer format: DD/MM/YYYY

07/11/2024

2. What event ID shows the login of the Glitch_Malware user?

4624

3. Read the PowerShell history of the Administrator account. What was the command that was used to enumerate Active Directory users?

notepad “$env:APPDATA\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt”

Get-ADUser -Filter * -Properties MemberOf | Select-Object Name

4. Look in the PowerShell log file located in Application and Services Logs -> Windows PowerShell. What was Glitch_Malware’s set password?

SuperSecretP@ssw0rd!

5. Review the Group Policy Objects present on the machine. What is the name of the installed GPO?

Get-GPO -All

Tags :

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir