Skip to main content

25 posts tagged with "Introduction"

A gentle start for new learners! This section contains introductory materials, guiding you through the basics of cybersecurity and hacking concepts. Think of it as a "Welcome package" - helpful resources and guides that will get you familiar with the subject matter and set you up for success on your learning journey.

View All Tags

THM | AoC 2025 | Day 06-08

· 12 min read

Advent of Cyber 2025 | Day 06-08 | Summary:

On Day 06 (Malware analysis) – we show how to examine a suspicious Windows executable using static tools (PeStudio) and dynamic sandbox techniques (RegShot, ProcMon) to extract hashes, strings, registry changes, and C2 information. Then on Day 07 (Network discovery), we demonstrate progressive port scanning (Nmap), service enumeration (FTP, custom TCP service, DNS), file retrieval, and post‑exploitation steps (accessing an admin console, enumerating listening ports, and extracting flags from a local MySQL database).

Finally on Day 08 (Prompt injection), we first explain the theory behind autonomous AI agents, then exploit a calendar‑management AI by extracting a hidden token via a log‑reading function and using it to call a privileged "reset_holiday" function, restoring the correct Christmas setting.

THM | AoC 2025 | Day 03-05 + Bonus

· 17 min read

Advent of Cyber 2025 | Day 03-05 + Bonus | Summary:

On Day 03 (Splunk Basics), we write SPL queries to ingest web‑ and firewall‑log data, pinpoint the malicious IP address, and trace the stages of reconnaissance, exploitation, and data exfiltration. On Day 04 (AI in Security), we examine AI applications in cybersecurity—defensive, offensive, and software‑security use cases—and then employ an AI assistant to detect and remediate vulnerabilities. On Day 05 (IDOR), we discover and exploit an IDOR flaw in the TryPresentMe website, using the vulnerable endpoint to retrieve sensitive information.

As for the bonus tasks on Day 05, in the first part we set out to look for the "id_number" of a child born on a specified date. We find it by using two approaches: using Burp's Intruder and by using a custom Python script. Finally, in the second part, we identify a valid voucher code generated between the specified time window using a custom python UUID generation script and verify those UUIDs by another automated script.

THM | AoC 2025 | Day 02

· 12 min read

Advent of Cyber 2025 | Day 02 | Summary:

In this room we join the TBFC red team and launch a Python server that hosts a fake login page to capture credentials. Using SET (Social-Engineer Toolkit) we craft a spoofed email pointing to our fake login page.

The victim clicks, submits credentials, and we log the username‑password pair, then reuse it to access the real TBFC portal as factory. Finally, we terminate the server and clean up.

THM | AoC 2025 | Day 01 + Bonus Challenge

· 19 min read

Advent of Cyber 2025 | Day 01 + Bonus Challenge | Summary:

We start out by investigating a compromised server, collect some hidden flags and uncover some secrets. All this, by using nothing but basic Linux CLI commands.

For the bonus part, we first solve three riddles, then concatenate the fragments and decrypt a note. Once we fixed a glitching server, we capture the ciphertext, decode it, then decrypt the secret archive directory which was left behind. Extracting the archive enables us to retrieve the final side-quest flag.

THM | AoC 2025 | Day 00

· 5 min read

Advent of Cyber 2025 | Prep Track | Summary:

This Prep Track room introduces a ten‑mission beginner series on TryHackMe, covering password creation, malware scanning, basic Linux/Windows file navigation, breach checking, router hardening, app permission revocation, data leakage via chatbots, and HTTP log analysis.

Each mission provides a simple task and a flag to capture. The guide also includes prize info, rules, community links, and a festive storyline set in Wareville.