Flag Submission Page Text

What PowerShell cmdlet, that is part of a common open source post-exploitation toolkit, was used to gather plain-text passwords from a computer?

You’ve signed up for the workshop, you've studied to the data, and you've even gotten your hands dirty. Now is the time to put your knowledge to the ultimate test!

The data you've been provided during the workshop contains several credential access mechanisms that you have had a chance to observe and hunt for. However, there also exists ANOTHER form of credential access that your instructor touched on. It is up to you to take what you have learnt throughout this workshop and apply it to discover the other credential access mechanism, as well as answer some questions.

For those that successfully answer the questions, you will be awarded the Cyborg Security Threat Hunting badge for Credential Access (Level 1).

How Do You Claim Your Badge?

The data is already imported into your Elastic instance during set up - all you have to do is begin your hunt!


HINT: Remember, whether you attended LIVE or RECORDED sessions, your instructor gave you a hint during the course. Use that hint to begin your hunt!

REMEMBER: You can submit as many times as you like!

Your Threat Hunting Instructor

Webinar Picture New - Lee Archinal

Lee Archinal

Senior Threat Hunter and Content Developer, Cyborg Security

Lee is a U.S. Army veteran. While enlisted he worked as a network administrator in a wide variety of conditions. Since leaving the military he has been working in the private sector as a threat hunter and incident responder. At Cyborg Security, Lee is responsible for developing cutting edge hunting and detection content for the HUNTER platform.
Cyborg-Logo-Reverse-RGB