Looking to break into cyber security to switch up your previous career? Or just looking to have fun solving security challenges? Well, Tryhackme has created a room perfect for that. It’s called Advent of Cyber 2.
It’s a room designed for people that wants to get into cyber security in 25 days. This is done by solving basic, new and beginner friendly security challenges everyday leading up to Christmas.
This room covers all sorts of topic in Cyber Security.
It starts of with Web exploitation, you learn how to use various tools and methods to exploit a website such as Local File Inclusion, XSS, SQLi and much more.
Moving on, we get to Networking. In this part you will learn how to scan a given IP and learn how to use opens port to exploit them such as samba, telnet and ftp.
After that, you get a test for all that you have learned before moving on to learning Python to make simple scripts.
Next, we get to a harder part (in my opinion) , which is reverse engineering.Basically reverse engineering is understanding how a program or device work with little detail given. In this part, we learn how to radare2 to reverse engineer an assembly program to get our flag. We also used ILSpy to reverse engineer a .NET application to obtain a password.
In the final part, after learning all the offensive parts, we learn how to be defensive or so called ‘blue teaming’. This part covers how to use Powershell to find specific file in Windows and also gets into a little bit of forensics by finding an original executable file hidden by the attacker. We also learn how to save ourselves on Windows with shadowcopy incase our machine gets infected with Ransomware.
Finally the last test, we have to put all our learnings into good use. This challenge involves bypassing an upload filter by using Burpsuite and obtaining a reverse shell with a script. Further on, we have to find credentials by analyzing the attacker’s machine before dumping credentials from a SQL DB using information we gathered and finally escalating our privileges to gain root access to the system.
With all that said, this room will be a great resource for people that want to get into cyber security or just to have fun playing CTF events.
