Advent of Cyber 4: Christmas 2022

Advent of Cyber 2022

Unwrapping Advent of Cyber 4!

Merry Christmas, everyone! As the year nears its end and the festive spirit fills the air, it’s the perfect moment to dive into the world of cybersecurity once more. December brings not only joy and merriment but also the much-anticipated return of TryHackMe’s ‘Advent of Cyber.’ This year’s journey has been nothing short of incredible, with daily challenges that have kept us all on our toes. With our virtual advent calendar in hand, each day’s surprise has been a new lesson, a fresh puzzle, and an opportunity to level up in the world of cyber. So, join me as we venture into the excitement and knowledge of Advent of Cyber 4 2022!

To take part go to https://tryhackme.com/room/adventofcyber4 Goodluck!

Advent of cyber 2022
The Bandit Yeti

Yes, the bandit yeti is back, trying to ruin Christmas once again.

What is Advent of Cyber?

TryHackMe’s “Advent of Cyber” is an annual event that offers a series of cybersecurity challenges and educational content throughout the month of December. TryHackMe is an online platform that provides a variety of resources for individuals to learn and practice their cybersecurity skills, including capture the flag (CTF) challenges, labs, and more.

The “Advent of Cyber” is typically designed as an Advent calendar, with each day of December offering a new challenge or task related to cybersecurity. Participants can register for this event and receive access to the challenges, which are designed to help learners of all skill levels, from beginners to more experienced cybersecurity enthusiasts. These challenges often cover a wide range of topics, from basic concepts to more advanced skills, and they are a great way to learn and practice hands-on cybersecurity techniques.

Disclaimer: The point of this post is to document my experience. If you are interested in this post and want to take part in Advent of Cyber 4, please try your best with each challenge. Do not just input my answers, the amazing team at tryhackme.com have worked hard on creating these challenges. Do your best and make sure you learn something from the experience.

Advent of Cyber 2022

“Someone’s Coming to Town”

Day 1

Today’s task was about Frameworks. It was a really simple set of puzzles, Jigsaw puzzles to be precise. Just match the jigsaw piece to its corresponding description. This was a nice and easy start to the Advent of Cyber festivities.

Advent of Cyber 2022
Advent of Cyber 2022

“Santa’s Naughty and Nice Log”

Day 2

Today’s task was about Log Analysis. We are given 2 log files to scan through to find answers to the questions.
There are thousands of lines of data but using the grep function makes light reading for this task.

Advent of Cyber 2022
Advent of Cyber 2022
Advent of Cyber 2022

“Nothing Escapes Detective McRed”

Day 3

Today’s task was about OSint. We are given access to the GitHub repository for Santa’s gift shop. Inside are user credentials and passwords and ofc a flag to be found.

Advent of Cyber 2022
Advent of Cyber 2022

“Scanning Through the Snow”

Day 4

Today’s task was about Scanning. Using the Nmap tool we were to scan and find our answers. Nmap is a very powerful tool that gives you the ability to scan targets for network and system information.

Advent of Cyber 2022
Advent of Cyber 2022

“He Knows When Your Awake”

Day 5

Today’s task was about Brute-Forcing. We had to use Hydra and the rockyou.txt wordlist to attack a VNC server. Really simple challenge.

Advent of Cyber 2022
Advent of Cyber 2022

“It’s Beginning to Look a lot Like Phishing”

Day 6

Today’s task was about Email Analysis. We are supplied a phishing email to analyze for the answers. Pretty easy challenge.

Advent of Cyber 2022
Advent of Cyber 2022
Advent of Cyber 2022

“Maldocs Roasting on an Open Fire”

Day 7

Today’s task was about CyberChef. This was the hardest day so far. I needed to watch the walkthrough and follow along.

Advent of Cyber 2022
Advent of Cyber 2022

“Last Christmas I Gave you my ETH”

Day 8

Today’s task was about Smart Contracts. We are supplied 2 smart contracts to compile and attack. Was a pretty simple task but I had no clue what I was doing so I needed the walkthrough again.

Advent of Cyber 2022
Advent of Cyber 2022

“Dock the halls”

Day 9

Today’s task was about Pivoting. This was an extremely educational day for me. Pivoting from one system to another using a socks5 proxy.

Advent of Cyber 2022
Advent of Cyber 2022

“You’re a Mean one Mr. Yeti”

Day 10

Today’s task was about Hacking a Game. This was interesting. Hacking a games memory to make our escape from prison. We had to find or in my case alter the prison guard’s memory to answer his question and then give us a larger HP (hit points) to make it past the prison traps. This was pretty simple but very fun.

Advent of Cyber 2022
Advent of Cyber 2022
Advent of Cyber 2022
Advent of Cyber 2022
Advent of Cyber 2022

“Not all Gifts are Nice”

Day 11

Today’s task was about Memory Forensics. This was pretty simple. Dumping and analyzing information from memory to find the answers.

Advent of Cyber 2022
Advent of Cyber 2022

“Forensic McBlue to the REVscue!”

Day 12

Today’s task was about Malware Analysis. This was a new concept to me and was pretty fun to complete. We even had a new VM to play around in, pretty cool and I’ll definitely be adding Flir to my VM list for further investigation.

Advent of Cyber 2022
Advent of Cyber 2022

“Simple Having a Wonderful pcap Time”

Day 13

Today’s task was about Packet Analysis. I have used Wireshark a lot, so this was pretty simple.

Advent of Cyber 2022
Advent of Cyber 2022
Advent of Cyber 2022
Advent of Cyber 2022

“I’m Dreaming of Secure Web Apps”

Day 14

Today’s task was about web applications. This was extremely easy. Simply looking for IDOR vulnerabilities inputting different values in the web address to find content not meant for the connected user.

Advent of Cyber 2022
Advent of Cyber 2022

“Santa is Looking for a Sidekick”

Day 15

Today’s task was about secure coding. We had to exploit the user upload vulnerability by uploading a malicious payload disguised as a cv, then waiting for it to be opened for review which executes a reverse shell backdoor to gain access to the system.

Advent of Cyber 2022
Advent of Cyber 2022

“SQLi’s the King, the Carolers Sing”

Day 16

Today’s task was again about secure coding. This time we actual had to secure some code to limit user inputs. The first 2 flags were really simple to get as the site walked you through it, then we had to use the techniques learned to find the remaining 2 flags. Pretty simple task but I learnt a lot.

Advent of Cyber 2022
Advent of Cyber 2022

“Filtering for Order Amidst Chaos”

Day 17

Today’s task was again about secure coding. Filtering for username and email information, simple stuff.

Advent of Cyber 2022
Advent of Cyber 2022
Advent of Cyber 2022

“Lumberjack Lenny Learns New Rules”

Day 18

Today’s task was about Sigma. This absolutely broke me. Not because it was too hard just the server connection was so damned slow. I even needed to extend the time limit by an extra hour just to complete the task.

Advent of Cyber 2022
Advent of Cyber 2022

“Wiggles go brr”

Day 19

Today’s task was about Hardware Hacking. This was easy, thanks to my experience with Arduino. I finished all but the flag question without starting the Attack Box.

Advent of Cyber 2022
Advent of Cyber 2022
Advent of Cyber 2022
Advent of Cyber 2022

“Binwalkin’ Round the Christmas Tree”

Day 20

Today’s task was about Firmware. This was a new subject for me. We had to decrypt firmware by finding public and private keys.

Advent of Cyber 2022
Advent of Cyber 2022

“Have Yourself a Merry Little Webcam”

Day 21

Today’s task was about MQTT. This was tough. We had to hack a webcam service. I needed the walkthrough to guide me through the steps.

Advent of Cyber 2022
Advent of Cyber 2022

“Threats Are Falling all Around Me”

Day 22

Today’s task was about Attack Surface Reduction. Really easy task. Needed to match the answers to the descriptions, a lot like day 1 with the jigsaw puzzles.

Advent of Cyber 2022
Advent of Cyber 2022

“Mission ElfPossible: Abominable for a Day”

Day 23

Today’s task was about Defense in Depth. This was another game to play, but this time we had to find passwords for access. The first two stages were easy but the third had me going round in circles for a while. It was good fun though.

Advent of Cyber 2022
Advent of Cyber 2022
Advent of Cyber 2022
Advent of Cyber 2022

“Ho, ho, ho, the surveys short”

Day 24

That’s it, Advent of Cyber 4 2022 is complete. Once again, the Bandit Yeti has been defeated and Christmas was saved!

To take part go to https://tryhackme.com/room/adventofcyber4 Goodluck!

Advent of Cyber 2022
Advent of Cyber 2022
Advent of Cyber 2022
Advent of Cyber 2022
Advent of Cyber 2022
Advent of Cyber 2022
Advent of Cyber 2022
Advent of Cyber 2022
Advent of Cyber 2022
Advent of Cyber 2022

You can read all of our Ethical Hacking guides here: Ethical Hacking

Luke Barber

Hello, fellow tech enthusiasts! I'm Luke, a passionate learner and explorer in the vast realms of technology. Welcome to my digital space where I share the insights and adventures gained from my journey into the fascinating worlds of Arduino, Python, Linux, Ethical Hacking, and beyond. Armed with qualifications including CompTIA A+, Sec+, Cisco CCNA, Unix/Linux and Bash Shell Scripting, JavaScript Application Programming, Python Programming and Ethical Hacking, I thrive in the ever-evolving landscape of coding, computers, and networks. As a tech enthusiast, I'm on a mission to simplify the complexities of technology through my blogs, offering a glimpse into the marvels of Arduino, Python, Linux, and Ethical Hacking techniques. Whether you're a fellow coder or a curious mind, I invite you to join me on this journey of continuous learning and discovery.

Leave a Reply

Your email address will not be published. Required fields are marked *

Verified by MonsterInsights