Part 2 of 2 of a series of walkthroughs for the BreakICT CTF at OzSec 2022. Here I post the remaining challenges walkthroughs, including the ones I did not complete during the CTF itself, but were available after the CTF ended.
Part 1 of a series of walkthroughs for the BreakICT CTF at OzSec 2022. Today we take on four of the challenges ranging from web discovery to identifying and decoding messages.
Today's LetsDefend walkthrough will be investigating Event ID 114 - Suspicious MSHTA Behavior. Where an alert is raised due to mshta.exe executing a .hta script file that is considered low reputation.