CyberSec_Blog

  Mayhem is defined as any violent destruction os confusion. Has as synonyms chaos, trouble, violence, disorder, destruction, confusion, havoc, fracas and commotion. All detail in the video Guys :D  Thank you for watching  and I hope you enjoy with this challange !! 

  Scenario overview After months of juggling content calendars and caffeine-fueled brainstorming, co-founder Tom Whiskers finally carved out time to build the company’s first website. It was supposed to be simple: follow a tutorial, install a few packages, and bring the brand to life with lightweight JavaScript magic.   But between sleepless nights and copy-pasted code, Tom started feeling off. Not sick exactly, just off. The terminal scrolled with reassuring green text, the site loaded fine, and everything looked normal.   Then, a strange file appeared on the system. No one could say where it came from. It wasn’t part of the tutorial, didn’t match any known dependencies, and didn’t even run.   It just waited.   Scenario objectives Determine how a threat actor first gained a foothold on the system. Identify suspicious activity that may point to the initial compromise method. Investigate signs of malicious execution following the initial access. Analyse the logs ...

  Let’s dive into Carnage. THM classified it a medium-level challenge. Let’s get started! In the question What are the two IP addresses of the Cobalt Strike servers?  -Use VirusTotal (the Community tab) to confirm if IPs are identified as Cobalt Strike C2 servers. (answer format: enter the IP addresses in sequential order) , I spent some time here :D  All the rest of the information can be found in the video :D Thank you for watching  and I hope you enjoy with this challange !! 

  An Exchange server was compromised with ransomware (CVE-2020-0796, CVE-2018-13374, CVE-2018-13379). Use Splunk to investigate how the attackers compromised the server. Question "What was the command the attacker used to add a new user to the compromised system?"  -if you search on google what event id is for creating new user "Event 4720" . Question  What is the web shell the exploit deployed to the system? Hint : Try looking in the IIS logs for POST requests.  -search with extension .aspx (google : What is ASPX used for? - > Active Server Page Extended (ASPX) is an open-source development framework used by web developers to generate dynamic web pages using the . Net and C# programming languages) On the last question here is the link I hope you enjoy with this challange !!