TryHackMe - HuntMe I: Payment Collectors
This a is a video walk-through of TryHackMe's HuntMe I: Payment Collectors. If you prefer a written walk-through, you can find it here: https://readysetexploit.gitlab.io/hom...
Buy Me A Coffee :)
https://www.buymeacoffee.com/hadrian3689
0:00 Intro and reviewing case
1:20 Setting up Elastic
1:55 Using Visualize Library
3:00 Finding files of interest
4:45 Looking at interesting processes
5:35 Finding suspicious ZIP file
8:00 Looking into ZIP file and following the chain
9:00 Finding a suspicious PDF file
10:15 Finding a suspicious PowerShell script
11:40 Filtering out to eliminate noise
13:55 Finding first enumeration step
14:55 Following the chain and filtering out more noise
18:20 Finding the PowerView download
19:40 Following the PowerView chain and looking at Event ID 1
20:20 Finding a interesting file share and folder copy
21:30 Found the two files that were copied
22:50 Found the saved ZIP file and suspicious domain
23:30 Looking into the exfiltration technique
25:40 Decoding the encoded contents
27:40 Extracted files but couldn't open them
29:05 Showing how to get our flag
