Web Activity Logs challenge exercise (soc analyst path)

I found the 3rd solution to the challenge exercise. Not by wazuh, but by going into the logs and using ol’ fashioned grep until i came across an odd domain.

Looking back at this, I don’t feel like this exercise really guides people towards the answer. The domain in question is very vague, and barely appears in the logs. I know it’s meant as an exercise to find it for the students, but honestly… I can’t really see HOW you get there with the explanation you’re given.

2 Likes

What is the Pastebin URL (pastebin.com/somepath) that our compromised endpoint successfully connected to?
From the Guided Exercise

  1. What is the Pastebin URL (pastebin.com/somepath) that our compromised endpoint successfully connected to?
    Nonsense - Pastebin.com
    Hint:./***
    you can try it , i m kind of sure that s the good answer ,however it s does not work

Working on 1.2 Guided exercise in Web Activity logs. Stymied by Task queston # 4 ( Based on correlating your DNS and proxy logs, what malicious URL was likely contacted using a non-HTTP/HTTPS protocol?) Found the ftp.rekt.systems alert and then the ensuing pastebin.com alert indicating compromise. I can’t see in the record where the malicious URL is indicated. Any help would be appreciated.

Hii, did you find the answer for web activity log questions? I am not able to find the answers for question number 3 and 5

1 Like

I cant find the answers either.

I cant find 3 and 5 either

This lab is taking for ever, not even worth it. I think I will do Hack the Box SOC course and TCM SOC-101 instead.

/forums (Question 3)

I can’t find % yet

I just found the answer to Question 5. You have to filter on 192.168.0.4 not 203.0.113.200. then you should see two alerts ( 403 & 200), you should see the URL under the status code 200

I just found the answer to Question 5. You have to filter on 192.168.0.4 not 203.0.113.200. then you should see two alerts ( 403 & 200), you should see the URL under the status code 200

Question #3 is /Forums