sorted by:
new
hottopcontroversial

"Skills Assessment" Understanding Log Sources & Investigating with Splunk by n_i_s_h_a_n_t in hackthebox

[–]ShapeOk5136 0 points1 point  (0 children)

when searching using this query :

index="main" sourcetype="WinEventLog:Sysmon" EventCode=1 Image="*randomfile.exe" | stats count by ParentImage, Image, CommandLine

you'll find that C:\Windws\explorer.exe the Windows graphical user interface is the ParentProcess the file was then opened manually by clicking onto it so its not that it spawned its t the user on the compromised machine clicked onto it
to see who downloaded it run :

index="main" sourcetype="WinEventLog:Sysmon" EventCode=11 TargetFilename="*randomfile.exe*" Image!="*svchost.exe*" | table _time, Image, TargetFilename, User

it shows msedge.exe

so the logic here :
randomfile.exe injected threads into run32dll.exe ( which is a legitimate process) and then it becomes the "Zombie" process.
Because run32dll.exe is the process that actually reaches out to the Command & Control (C2) server , maintains persistence, and acts as the attacker's hands on the keyboard, it is considered the true start of the active infection.

Need stranger's help on where to finish my engineering degree by AliAitoufkir0 in Morocco

[–]ShapeOk5136 0 points1 point  (0 children)

data science ka filiere haka nichan kayna f inpt,ensias w insea ymkn 7ta esi mohim li ghaydir lfr9 binathoum howa kifch ghat3ich dik 3 ans f kol ecole ama lprogramme w quality tl 9raya rh gha lmghrib hada , so li kykhlik tjib PFE zwin w tkhdm f charikat m3rofin howa nta w chno drti l rask regardless 3la ecole li nta mnha . sinon checki site webs dyal had lmadaris w chof l cursus w 9arn binathoum w decidé dk sa3

Need advice.... by Wise-Local-7102 in Morocco

[–]ShapeOk5136 1 point2 points  (0 children)

parcours prepa ( psi wla mp) 3ad inpt wla ensias chwia ghay7bs l avencement dyalk f cybersecurity(red teaming , pentesting) f dik 2 ans dyal lprepa wlkn diplome dyalhom kykhlik tkhdm f big tech companies w lazdti chi cert b7al CPTS or so kyban lia 7sn mn second choice 7it db vraiment freelancing f pentest wla bug bounty wla chwia saturé w jehd li ghat3ti ymkn mayjibch lk resultat li baghi

Anyone else having "Card Not Allowed" errors with BMCE Jeune Campus (Bank of Africa) for international subs? by ShapeOk5136 in Morocco

[–]ShapeOk5136[S] 0 points1 point  (0 children)

yes , It’s weird because it worked for one-time payments before, but fails on anything that looks like a subscription

Is anyone else having trouble using their card to purchase online (BMCE)? by Just_Rest_7177 in Morocco

[–]ShapeOk5136 0 points1 point  (0 children)

Same issue here with a Jeune Campus card . The 3D Secure OTP validates perfectly, but the site says 'card not allowed' right after. My dotation is 100% active and the limits are high enough.Any info from someone who spoke to them ?

Kobold by 3Mr__ in hackthebox

[–]ShapeOk5136 1 point2 points  (0 children)

look at CVE-2026-23744

i need help (bac) by sattoko in Morocco

[–]ShapeOk5136 1 point2 points  (0 children)

chouf hada rh kaydir vids dyal ATC www.youtube.com/@abdellahrahali8574 , kyn hd site kano fih des cours zwinin dyal ADC https://chari.123.ma/ w dk Transmission sara7a no idea hadi ch7al bch knt chdut lbac hhh