Protected: HackTheBox.eu – Illumination (Forensics 20 points)
There is no excerpt because this is a protected post.
There is no excerpt because this is a protected post.
There is no excerpt because this is a protected post.
There is no excerpt because this is a protected post.
There is no excerpt because this is a protected post.
Carbon Black query that can be use to detect if any MSHTML RCE happened (probably need to be refined more): Search if any assets making connections towards IOCs (known IOCs…
Recently I’ve read about this data leak; COMB: largest breach of all time leaked online with 3.2 billion records. According to the article, it was known as “Compilation of Many…
Previously, I’ve encountered a problem where I’m unable to copy the .vmem file for further analysis. So, the next alternative way that we can do is to use .vmss file…
Question: Let’s try connect to the domain & port given via netcat Hmm. There’s mathematic question that we need to solve. But we’re too slow on solving it.. What if…
Question: Download & extract the file. You’ll see named “nm01.pcapng“ Open the pcap file using Wireshark. Usually, I sort frame with large “Length” number and view the content. On Frame…
Recently, we have an incident where suspicious traffic was observed related to external C2. Initial finding found that this IP 172.241.27.17 (172.241.24.0/21) resolved to atakaitechnologieshost; according to pDNS in Virustotal…