Unwrapping Advent of Cyber 4!
Merry Christmas, everyone! As the year nears its end and the festive spirit fills the air, it’s the perfect moment to dive into the world of cybersecurity once more. December brings not only joy and merriment but also the much-anticipated return of TryHackMe’s ‘Advent of Cyber.’ This year’s journey has been nothing short of incredible, with daily challenges that have kept us all on our toes. With our virtual advent calendar in hand, each day’s surprise has been a new lesson, a fresh puzzle, and an opportunity to level up in the world of cyber. So, join me as we venture into the excitement and knowledge of Advent of Cyber 4 2022!
To take part go to https://tryhackme.com/room/adventofcyber4 Goodluck!
The Bandit Yeti
Yes, the bandit yeti is back, trying to ruin Christmas once again.
What is Advent of Cyber?
TryHackMe’s “Advent of Cyber” is an annual event that offers a series of cybersecurity challenges and educational content throughout the month of December. TryHackMe is an online platform that provides a variety of resources for individuals to learn and practice their cybersecurity skills, including capture the flag (CTF) challenges, labs, and more.
The “Advent of Cyber” is typically designed as an Advent calendar, with each day of December offering a new challenge or task related to cybersecurity. Participants can register for this event and receive access to the challenges, which are designed to help learners of all skill levels, from beginners to more experienced cybersecurity enthusiasts. These challenges often cover a wide range of topics, from basic concepts to more advanced skills, and they are a great way to learn and practice hands-on cybersecurity techniques.
Disclaimer: The point of this post is to document my experience. If you are interested in this post and want to take part in Advent of Cyber 4, please try your best with each challenge. Do not just input my answers, the amazing team at tryhackme.com have worked hard on creating these challenges. Do your best and make sure you learn something from the experience.
“Someone’s Coming to Town”
Day 1
Today’s task was about Frameworks. It was a really simple set of puzzles, Jigsaw puzzles to be precise. Just match the jigsaw piece to its corresponding description. This was a nice and easy start to the Advent of Cyber festivities.
“Santa’s Naughty and Nice Log”
Day 2
Today’s task was about Log Analysis. We are given 2 log files to scan through to find answers to the questions.
There are thousands of lines of data but using the grep function makes light reading for this task.
“Nothing Escapes Detective McRed”
Day 3
Today’s task was about OSint. We are given access to the GitHub repository for Santa’s gift shop. Inside are user credentials and passwords and ofc a flag to be found.
“Scanning Through the Snow”
Day 4
Today’s task was about Scanning. Using the Nmap tool we were to scan and find our answers. Nmap is a very powerful tool that gives you the ability to scan targets for network and system information.
“He Knows When Your Awake”
Day 5
Today’s task was about Brute-Forcing. We had to use Hydra and the rockyou.txt wordlist to attack a VNC server. Really simple challenge.
“It’s Beginning to Look a lot Like Phishing”
Day 6
Today’s task was about Email Analysis. We are supplied a phishing email to analyze for the answers. Pretty easy challenge.
“Maldocs Roasting on an Open Fire”
Day 7
Today’s task was about CyberChef. This was the hardest day so far. I needed to watch the walkthrough and follow along.
“Last Christmas I Gave you my ETH”
Day 8
Today’s task was about Smart Contracts. We are supplied 2 smart contracts to compile and attack. Was a pretty simple task but I had no clue what I was doing so I needed the walkthrough again.
“Dock the halls”
Day 9
Today’s task was about Pivoting. This was an extremely educational day for me. Pivoting from one system to another using a socks5 proxy.
“You’re a Mean one Mr. Yeti”
Day 10
Today’s task was about Hacking a Game. This was interesting. Hacking a games memory to make our escape from prison. We had to find or in my case alter the prison guard’s memory to answer his question and then give us a larger HP (hit points) to make it past the prison traps. This was pretty simple but very fun.
“Not all Gifts are Nice”
Day 11
Today’s task was about Memory Forensics. This was pretty simple. Dumping and analyzing information from memory to find the answers.
“Forensic McBlue to the REVscue!”
Day 12
Today’s task was about Malware Analysis. This was a new concept to me and was pretty fun to complete. We even had a new VM to play around in, pretty cool and I’ll definitely be adding Flir to my VM list for further investigation.
“Simple Having a Wonderful pcap Time”
Day 13
Today’s task was about Packet Analysis. I have used Wireshark a lot, so this was pretty simple.
“I’m Dreaming of Secure Web Apps”
Day 14
Today’s task was about web applications. This was extremely easy. Simply looking for IDOR vulnerabilities inputting different values in the web address to find content not meant for the connected user.
“Santa is Looking for a Sidekick”
Day 15
Today’s task was about secure coding. We had to exploit the user upload vulnerability by uploading a malicious payload disguised as a cv, then waiting for it to be opened for review which executes a reverse shell backdoor to gain access to the system.
“SQLi’s the King, the Carolers Sing”
Day 16
Today’s task was again about secure coding. This time we actual had to secure some code to limit user inputs. The first 2 flags were really simple to get as the site walked you through it, then we had to use the techniques learned to find the remaining 2 flags. Pretty simple task but I learnt a lot.
“Filtering for Order Amidst Chaos”
Day 17
Today’s task was again about secure coding. Filtering for username and email information, simple stuff.
“Lumberjack Lenny Learns New Rules”
Day 18
Today’s task was about Sigma. This absolutely broke me. Not because it was too hard just the server connection was so damned slow. I even needed to extend the time limit by an extra hour just to complete the task.
“Wiggles go brr”
Day 19
Today’s task was about Hardware Hacking. This was easy, thanks to my experience with Arduino. I finished all but the flag question without starting the Attack Box.
“Binwalkin’ Round the Christmas Tree”
Day 20
Today’s task was about Firmware. This was a new subject for me. We had to decrypt firmware by finding public and private keys.
“Have Yourself a Merry Little Webcam”
Day 21
Today’s task was about MQTT. This was tough. We had to hack a webcam service. I needed the walkthrough to guide me through the steps.
“Threats Are Falling all Around Me”
Day 22
Today’s task was about Attack Surface Reduction. Really easy task. Needed to match the answers to the descriptions, a lot like day 1 with the jigsaw puzzles.
“Mission ElfPossible: Abominable for a Day”
Day 23
Today’s task was about Defense in Depth. This was another game to play, but this time we had to find passwords for access. The first two stages were easy but the third had me going round in circles for a while. It was good fun though.
“Ho, ho, ho, the surveys short”
Day 24
That’s it, Advent of Cyber 4 2022 is complete. Once again, the Bandit Yeti has been defeated and Christmas was saved!
To take part go to https://tryhackme.com/room/adventofcyber4 Goodluck!
You can read all of our Ethical Hacking guides here: Ethical Hacking
