Advent of Cyber 2024 Day 5: SOC-mas XX-what-ee?
Lab link. Questions 1. What is the flag discovered after navigating through the wishes? 2. What is the flag seen on the possible proof of sabotage?
Showing 144 Result(s)
Advent of Cyber 2024 Day 4: I’m all atomic inside!
Lab link. McSkidy suspects that an attacker simulated an intrusion using the T1566.001 Spearphishing with an attachment technique defined in the MITRE ATT&CK framework. We will recreate this attack and analyze the artifacts left behind. PowerShell Usage 1. Running the Help Command in PowerShell First, the Get-Help Invoke-AtomicTest command is run to get information about …
Advent of Cyber 2024 Day 3: Even if I wanted to go, their vulnerabilities wouldn’t allow it.
Lab link. Questions 1. BLUE: Where was the web shell uploaded to? Answer format: /directory/directory/directory/filename.php /media/images/rooms/shell.php 2. BLUE: What IP address accessed the web shell? 10.11.83.34 3. RED: What is the contents of the flag.txt? This command adds a line to the system’s /etc/hosts file. The added line associates the name frostypines.thm with the IP address …
Advent of Cyber 2024 Day 2: One man’s false positive is another man’s potpourri
Lab link. Questions 1. What is the name of the account causing all the failed login attempts? service_admin 2. How many failed logon attempts were observed? 6791 3. What is the IP address of Glitch? 10.0.255.1 4. When did Glitch successfully logon to ADM-01? Format: MMM D, YYYY HH:MM:SS.SSS Dec 1, 2024 08:54:39.000 5. What …
Advent of Cyber 2024 Day 1: Maybe SOC-mas music, he thought, doesn’t come from a store?
Lab link. McSkidy tapped keys with a confident grin,A suspicious website, now where to begin?She’d seen sites like this, full of code and of grime,Shady domains, and breadcrumbs easy to find. We can visit the target IP address website through the browser. The site appears to be one that converts YouTube videos to MP3 or …
Tryhackme: Red Team Threat Intel
Apply threat intelligence to red team engagements and adversary emulation. Task 5: TTP Mapping 5.2. How many Command and Control techniques are employed by Carbanak? https://mitre-attack.github.io/attack-navigator//#layerURL=https%3A%2F%2Fattack.mitre.org%2Fgroups%2FG0008%2FG0008-enterprise-layer.json 2 5.3. What signed binary did Carbanak use for defense evasion? Rundll32 5.4. What Initial Access technique is employed by Carbanak? Valid Accounts Task 7: Creating a Threat Intel Driven Campaign …
Tryhackme: ParrotPost: Phishing Analysis
Reveal how attackers can craft client-side credential-stealing webpages that evade detection by security tools. Lab link. Task 3: Email Headers 3.1. According to the IP address, what country is the sending email server associated with? We upload the .eml file to the Message Header Analyzer and find the Received IP address. Since the IP address location …
Portswigger: Username enumeration via subtly different responses Writeup
When we try to login with test:test on the login page, we see the message “Invalid username or password.” in the response to the request. We can see if this message will appear for all usernames in the responses to the requests. We send the request to the intruder. We choose sniper attack type. In …
Portswigger: Username enumeration via different responses Writeup
We create a request on the login page. First, we will try to detect the username. We choose sniper attack. The username is our target. We select a simple list and load our list as the username list specified at the beginning of the lab. We start attack. As a result of the attack, there …
Tryhackme: Critical Writeup
Lab link. Task 2: Memory Forensics 2.1. What type of memory is analyzed during a forensic memory task? RAM 2.2. In which phase will you create a memory dump of the target system? Memory Acquisition Task 3: Environment & Setup 3.1. Which plugin can help us to get information about the OS running on the target machine? …