Web Activity Logs challenge exercise (soc analyst path)

I found the 3rd solution to the challenge exercise. Not by wazuh, but by going into the logs and using ol’ fashioned grep until i came across an odd domain.

Looking back at this, I don’t feel like this exercise really guides people towards the answer. The domain in question is very vague, and barely appears in the logs. I know it’s meant as an exercise to find it for the students, but honestly… I can’t really see HOW you get there with the explanation you’re given.

2 Likes

What is the Pastebin URL (pastebin.com/somepath) that our compromised endpoint successfully connected to?
From the Guided Exercise

  1. What is the Pastebin URL (pastebin.com/somepath) that our compromised endpoint successfully connected to?
    Nonsense - Pastebin.com
    Hint:./***
    you can try it , i m kind of sure that s the good answer ,however it s does not work