✅ Completed Day 7 of #AdventOfCyber 2022 from
@RealTryHackMe

Learnt to use CyberChef tool

#adventofcyber2022 #cybersecurity #hacking #infosec #tryhackme

✅ Completed Day 6 of #AdventOfCyber 2022 from @RealTryHackMe

Learnt about different ways to analyze an email

#adventofcyber2022 #cybersecurity #hacking #infosec #tryhackme

✅ Completed Day 5 of #AdventOfCyber 2022 from @RealTryHackMe

Learnt about:
• Brute-Forcing
• Different remote access services: SSH, RDP, VNC
• Connecting to a VNC server

#adventofcyber2022 #cybersecurity #hacking #infosec #tryhackme

✅ Completed Day 4 of #AdventOfCyber 2022 from @RealTryHackMe

Learnt about different Scanning techniques and tools:
• Network Scanning
• Port Scanning
• Vulnerability Scanning
• Nmap
• Nikto

#adventofcyber2022 #cybersecurity #hacking #infosec #tryhackme

I wasn't expecting to win anything from the #tryhackme #adventofcyber2022 event. I'm just happy that I got a certificate and the feeling of accomplishment in doing the tasks for 24 days straight.

Congrats to the winners!

Winners of TryHackMe's Advent of Cyber 2022 have been announced:

https://tryhackme.com/resources/blog/advent-of-cyber-winners?utm_campaign=Advent%20of%20Cyber%202022&utm_content=233063551&utm_medium=social&utm_source=twitter&hss_channel=tw-1059140424625991680

#TryHackMe
#AdventOfCyber2022

Days 022 + 023 of #100DaysOfHacking

Tryhackme's Advent of Cyber

- [Day 19] Hardware Hacking
- [Day 20] Firmware Reverse Engineering
- [Day 21] Hacking IoT Devices
- [Day 22] Attack Surface Reduction
- [Day 23] Defence in Depth

Finished the #AdventOfCyber2022 last minute.

Niccesss. Just finally had some time to do the last handful of challenges of #AdventOfCyber2022

Fingers crossed on maybe winning something, but I learnt so much anyway which is the real prize..

Super excited to say I completed the @RealTryHackMe #AdventofCyber2022
I am extremely grateful for all of the hard work that was put into making this challenge fun and enjoyable for all.
I can't wait for next year and if you want to learn some #RedTeaming You should definitely get involved in tryhackme.org and other sites like this.
My favorite out of all of them was the #SigmaRules and #MalwareAnalysis but all of it was fun and I definitely learned a lot.

For any of y'all who are interested, I published an #infosec writeup on TryHackMe's #AdventOfCyber2022 https://infosecwriteups.com/advent-of-cyber-4-writeup-a-case-study-in-digital-forensics-and-incident-response-4988aae9f48b specifically, I discuss their #DFIR challenges which include email analysis, physmem #forensics and more! #100DaysOfHacking #100DaysOfHomeLab #CyberAttack #tryhackme #cybersecurity #tryhackme #ctf #malware

Somehow I don’t like that this one site publishes a day 1-24 write-up for #AdventOfCyber2022 with all flags in plain text, when the challenge isn’t even over yet.

Day 021 of #100DaysOfHacking

Tryhackme's Advent of Cyber

- [Day 17] Secure Coding - Input Validation and Regex
- [Day 18] Sigma - Threat Detection

Final sprint in the #AdventOfCyber2022.

#day29 (12/24) and #day30 (12/25) of my #cybersecurity journey:

Finally finished the #adventofcyber2022 event from #tryhackme and got my certificate. Also resumed my progress in the Web Fundamentals path. Finished up on File Inclusion and now diving into SSRF.

Happy Holidays and Merry Christmas to those who celebrate :)

Finished #AdventOfCyber2022 by #tryhackme. Very broad range of topics. Was really good.

That's it, no more rooms of #AdventOfCyber2022 from #tryhackme
It's been a fun month. I explored some recommended rooms and I will continue to learn more in these rooms.
Now to just wait and see if I maybe won a prize.

Finished this up this morning. You still have until December 28th to work through this room to be entered into the raffle for the prize pool.

https://tryhackme.com/jrcastine/badges/adventofcyber4

#TryHackMe #adventofcyber2022

[ #AdventOfCyber2022 #tryhackme] Day 4

In Day 4 Tasks, we learn on how to do #scanning

Scanning is procedure to identify living hosts, ports, and services running on specify target.

There are 2 types of scan based on their intrusiveness:
1. #passivescan
Passive scan is scanning without touching/interacting directly with the target device. The scan usually done being capturing packages using #wireshark. However, the information you can get are fairly limited.

2. #activescanning
Active scan is scanning that interacting directly with the target service, usually by sending pocket to specific asset. The scanning will immediately do a deep scan to get a lot of information from the target.

Several #scanning techniques:
1. #networkscanning
The scan that aimed to map the entire network of the target. When an attacker has mapped the entire network of their target, they can launch #exploit through the weakness of enemy network.

2. #portscanning
The scan that aimed to look for any open port that capable of sending and retrieving request/data.

3. #vulnerabilityscanning
The scan that aimed to identify what kind of #vulnerability existed on the network that may threaten the system.

Tools to do scanning:
1. #nmap
NMAP is one of the most popular tool used for scanning a network. It can be used to scan open ports, open #networkprotocols , open #services, running #operatingsystem, etc.

2. #nikto
Nikto is a open source that can be used to identify #website for #vulnerability. It allows to search a #website for their subdomains, outdated servers, #debug messages, and many more.

[#AdventOfCyber2022 ] Day 3

Yes, I try to speedrun AdventOfCyber2022 in Christmas

Anyway... in Day 3 we learn about #OSINT

OSINT (Open Source Intelligence) is gathering and analyzing gathered data from public spaces to conduct intelligence operation.

In Day 3 Task, there were several OSINT techniques being teach:

1. Google Dorking
As the name suggests, we gather public data using specialized search terms on Google Search to obtain data we want.

2. WHOIS Lookup
We can extract information on who create or registering the website using whois website (who.is/whois/websitename)

3. Robots.txt
By looking at robots.txt of a website we can see which index were allowed or not allowed to be accessed of a website URL

4. Breached Database Search
We can verify if an email has been compromised using publicly accessible checker. For example website (haveibeenpwned.com) made by @troyhunt

5. Searching #github Repos
We could search up public repos using github search functionality. The problem is, usually developers forgot that they set their repo as public and save some sensitive information such as passwords, access tokens, etc.

Finished this up this morning. You still have until December 28th to work through this room to be entered into the raffle for the prize pool.

https://tryhackme.com/jrcastine/badges/adventofcyber4

#TryHackMe #adventofcyber2022

Geschafft! #adventofcyber2022