Hey everyone! I have been stuck in this question for hours.
Navigate to http://[Target IP]:8000, open the “Search & Reporting” application, and find through an SPL search against all data any suspicious loads of clr.dll that could indicate a C# injection/execute-assembly attack. Then, again through SPL searches, find if any of the suspicious processes that were returned in the first place were used to temporarily execute code. Enter its name as your answer. Answer format: _.exe
I am confused because I have applied clr.dll as my filter and could not find any C# code. Please give me a baseline on how to get the exe file involved. Any leads would be greatly appreciated. Thanks!