Obsidian Vault
HTB-Sherlock
KnockKnock
questions
18 - SSH password which attacker used to access the server and get full access
zz full url downloaded ransomware
zz tool used to download ransomware
zz UTC time when attacker started the attack against server
zz01 - Open Ports
zz03 - MITRE technique ID
zz04 - valid creds for initial access
zz05 - Attackers' IP for initial access
zz06- file which contained some config data and credentials?
zz07 - PORT running critical service
zz08 - technique used to get that critical service
zz09 -Which ports were required to interact with to reach the critical service
zz10 - Whats the UTC time when interaction with previous question ports ended
zz11-What are set of valid credentials for the critical service
zz12-At what UTC Time attacker got access to the critical server
zz13-Whats the AWS AccountID and Password for the developer "Abdullah"
zz14-Whats the deadline for hiring developers for forela
zz15-When did CEO of forela was scheduled to arrive in pakistan
zz16- Other user with bash shell
zz17 - Full path of the file which lead to access of the server by attack
zz21 - Whats the ransomware name
05 - Enumeration
10 - http-logs
15 - ftp.log
20 - IP's of interest
25 - DNS.log
30 - making changes to local.zeek
35 - Files extracted via ftp.log
40 - creds
45 - time for interaction with critical service
50-port running critical service
Corelight-Zeek-Cheatsheets-3.0.4
output
zz14-Whats the deadline for hiring developers for forela
30/08/2023
35 - Files extracted via ftp.log
Interactive Graph
Table Of Contents