THM | AoC 2025 | Day 06-08
Advent of Cyber 2025 | Day 06-08 | Summary:
On Day 06 (Malware analysis) – we show how to examine a suspicious Windows executable using static tools (PeStudio) and dynamic sandbox techniques (RegShot, ProcMon) to extract hashes, strings, registry changes, and C2 information. Then on Day 07 (Network discovery), we demonstrate progressive port scanning (Nmap), service enumeration (FTP, custom TCP service, DNS), file retrieval, and post‑exploitation steps (accessing an admin console, enumerating listening ports, and extracting flags from a local MySQL database).
Finally on Day 08 (Prompt injection), we first explain the theory behind autonomous AI agents, then exploit a calendar‑management AI by extracting a hidden token via a log‑reading function and using it to call a privileged "reset_holiday" function, restoring the correct Christmas setting.