Winners of TryHackMe's Advent of Cyber 2022 have been announced:
TryHackMeAdvent of Cyber Prize Winners!It’s finally time to announce our Advent of Cyber 2022 prize winners. Drumroll, please!
#adventofcyber2022
0 posts0 participants0 posts today
Super excited to say I completed the @RealTryHackMe #AdventofCyber2022
I am extremely grateful for all of the hard work that was put into making this challenge fun and enjoyable for all.
I can't wait for next year and if you want to learn some #RedTeaming You should definitely get involved in tryhackme.org and other sites like this.
My favorite out of all of them was the #SigmaRules and #MalwareAnalysis but all of it was fun and I definitely learned a lot.
Finished this years Advent of Cyber!
Good luck to everyone in the prize drawings!
TryHackMeakmartinez1 was awarded a badge!Sharing Your Badge
I was only able to get another day of the #TryHackMe #AdventOfCyber2022 challenge completed today. Day 18 focused on threat detection through log analysis using the generic signature tool for SIEM systems, SIGMA.
You can find SIGMA's github here: https://github.com/SigmaHQ/sigma
The challenge's activities very interesting. I look forward to learning more about #SIGMA in the future.
GitHubGitHub - SigmaHQ/sigma: Main Sigma Rule RepositoryMain Sigma Rule Repository. Contribute to SigmaHQ/sigma development by creating an account on GitHub.
It's been a good day chugging away at the THM Advent of Cyber challenges and the LetsDefend learning modules.
Just like my cyber dolphin here, I think I too will turn in for the night.
#MerryChristmas to me
Even though it’s not until Sunday
2 Books - Practical Malware Analysis & This is how they tell me the world ends (the cyber weapons arms race)
In support of the holiday hack challenges:
#tryhackme hoodie
#tryhackme the bandit yeti #AdventOfCyber2022 tshirt
#sansinstitute holiday hack challenge shirt #kringlecon2022
TryHackMe Advent of Cyber day 15 spoilers
#tryhackme #Tryhackme #AdventOfCyber2022
Todays Topic is again about input filtering, about regex to be exact.
The whole challenge starts with expanations about html5 and regex input filtering.
We get a short explanation on how regex is working and how to construct a regex filter.
THE best regex explanation I have ever read so far I must say. I have tried a couple times to understand regex with no success. TryHackMes explanation is really really good. I finally was able to understand the basics. 
We then get a the challenge to use egrep and reg to filter for 3 things inside a text file.
it takes a bit to construct the regex.
What worked for me is I started to filter for the first part see if its works and then add the next filter part and so on. after some trial and error I managed to solve all questions.
I have to say today where again really really awesome challenges
if you havent done so yet: do consider taking part in the TryHackMe Advent of Cyber event. its absolutely worth it 
TryHackMeAdvent of Cyber 2022Get started with Cyber Security in 24 Days - learn the basics by doing a new, beginner-friendly security challenge every day leading up to Christmas.
Depeche mode is in the playlist, with me singing along like a fool. Timing is perfect to catch up on #TryHackMe and #AdventOfCyber2022
More awesome swag from @RealTryHackMe! #AdventOfCyber2022
Day 14 of the #TryHackMe #AdventOfCyber2022 covered a basic web application security assessment.
Specifically it tasks you with looking for a couple of insecure direct object references (#IDOR).
It was pretty simple and not that challenging, though it did get the point across.
Day 15 doesn't appear to be released yet.
Last night I caught up with the #TryHackMe #AdventOfCyber2022 challenge and completed days 13 and 14.
Day 13 covered analyzing a #PacketCapture (#PCAP) file using #WireShark. I have some familiarity with the tool, so I was able to burn through that challenge. I did enjoy the twist of exporting a captured file data stream and then running its hash through #VirusTotal.
Today's THM Advent of Cyber challenge was a quick one but one that shouldn't be overlooked.
The challenge itself was pretty easy, but it's a good reminder that there are still a lot of websites and web applications that are poorly built and open to vulnerabilities.
I was listening to Darknet Diaries episode 2 on my commute yesterday and that talked about the VTech breach in 2015. The hacker was able to easily gain access because of garbage security.
Day 14 of the
@RealTryHackMe Advent of Cyber is live! I’m doing the walkthrough and it covers IDOR. #adventofcyber2022
Time for another late night hacking session. Nothing but Advent of Cyber tonight! :D
TwitchKiriBloodrose - TwitchTryHackMe - Advent of Cyber 2024: Day 15! [PNGTuber mode due to potato PC] | !discord | !subwheel | !store
I completed Day 12 #TryHackMe #AdventOfCyber2022 challenge one day late.
Day 12 focuses on #MalwareAnalysis using the tools #DetectItEasy, #CAPA, and #Procmon on a #FlareVM.
This was another interesting challenge.
I am postponing today's #TryHackMe #AdventOfCyber2022 #infosec challenge until tomorrow.
It focuses on malware analysis and I've decided that I just want to drink some tea and read some #ttrpg rules, #Vaesen and #SwordsOfTheSerpentine, and my book, #AchingGod by #MikeShel, instead.
It's okay to take a break, right?
Plus, I am tired and I don't think I will get as much out of it in this state.
I'll catch up tomorrow.
TryHackMe #AdventOfCyber2022 had a great lesson today on #MalwareAnalysis
Another way to find #IOCs within files can be done using Process Hacker alone. Using a #Bumblebee sample, a LNK file contains `start rundll32.exe 32de.dll, YTBSBbNTWU`. Filter for `Process Name is rundll32.exe`, view the process properties, go to the memory tab and filter using this #Regex pattern:
`^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$`
More here + visuals:
https://axelarator.github.io/posts/bumblebee/
Axelarator · Bumblebee Bumblebee Sample # Bumblebee (Shindig) has been used by TA579 / BazaISO / Exotic Lily / Stolen Images to collect system information and exfil to a C2. Additional second-stage payloads include Cobalt Strike beacons.
https://bazaar.abuse.ch/sample/70eb84a6bce741ff988116434e4f531a724257185ab92df8fcfa90b3def6568f/
Download zip > .iso file (password protected)> dll/lnk inside
Once the ISO is mounted, the .dll and .lnk are visible.
I finished day 10 this morning and just completed day 11 of the #TryHackMe #AdventOfCyber2022 challenge.
Day 11 focuses on analyzing a memory dump of a compromised machine using the #Python #infosec tool, #Volatility3.
This was a very straightforward challenge, which I enjoyed. I used my extra time to play around with other options that weren't explored in the tasks of the challenge. Very worthwhile and another tool for my tool chain.
I finished day 10 of the #TryHackMe #AdventOfCyber2022 challenge a day late as I spent the day hanging out with my family yesterday and didn't want to hop onto a computer.
Day 10 focused on memory analysis and manipulation in order to beat an unwinnable web game.
If was interesting and I got some familiarity with the #Cetus web assembly memory analysis tool.