MY EXPERIENCE ON ADVENT OF CYBER 2023

 

Tryhackme’s advent of cyber 2023 was a great experience, it was very beginner friendly and they provided well setup labs with a storyline to make the challenge interesting, it was quite interactive and very informative from a beginner point of view, the challenges brushed through many of the concepts used in different areas of cybersecurity job roles. And the attack labs were well setup and I didn’t face much issues, and the discord community was very active in resolving any issues and supporting others. In fact story line with the comics made it very interesting by building a curiosity within the players and at last there was a game where we had to submit the evidence in court, that was fun. After this we received a certificate also. Overall it was a great initiative collaborating with many youtubers in the security field and I felt it was worth the time.

TRYHACKME’S ADVENT OF CYBER 2023 ( DAY 24 )

 

Day 24 - "You Are on the Naughty List, McGreedy"

The learning objectives for day 24 were:

• Static acquisition: A bit-by-bit image of the disk is created while the device is turned off.
• Live acquisition: A bit-by-bit image of the disk is created while the device is turned on.
• Logical acquisition: A select list of files is copied from the seized device.
• Sparse acquisition: Select fragments of unallocated data are copied. The unallocated areas of the disk might contain deleted data; however, this approach is limited compared to static and live acquisition because it doesn’t cover the whole disk.

In this task we learned about acquiring digital forensics evidence to present in court, how to acquire a smartphone image and to use the Autopsy tool.

We had to use autopsy to analyse the smartphone image and find data, confirming his involvement in the crime.

Click here to see the tutorial.

TRYHACKME'S ADVENT OF CYBER 2023 ( DAY 23 )

 

Day 23 - "Relay All the Way"

The learning objectives for day 23 were:

• The basics of network file shares
• Understanding NTLM authentication
• How NTLM authentication coercion attacks work
• How Responder works for authentication coercion attacks
• Forcing authentication coercion using lnk files

In this task we learned about what NTLM authentication is, how the coercion attacks work, and how to perform this attack.

First we created a lnk file and uploaded it, opened up our responder and waited for an interaction , once we received the hash we used john the ripper tool to crack the hash.

Click here to see the tutorial.

TRYHACKME’S ADVENT OF CYBER 2023 ( DAY 22 )

 

Day 22 - "Jingle Your SSRF Bells: A Merry Command & Control Hackventure"

The learning objectives for day 22 were:

• Understanding server-side request forgery (SSRF)
• Which different types of SSRF are used to exploit the vulnerability
• Prerequisites for exploiting the vulnerability
• How the attack works
• How to exploit the vulnerability
• Mitigation measures for protection

In this task we learned what server-side request forgery is, what the different types of ssrf attacks are, how it works and how to hack the c2 server using ssrf and mitigation measures.

we found a link to an endpoint in the login page and used ssrf to gain access.

Click here to see the tutorial.

TRYHACKME'S ADVENT OF CYBER 2023 ( DAY 21 )

 

Day 21 - "Yule be Poisoned: A Pipeline of Insecure Code!"

The learning objectives for day 21 were:

• Understand how a larger CI/CD environment operates.
• Explore indirect poisoned pipeline execution (PPE) and how it can be used to exploit Git.
• Apply CI/CD exploitation knowledge to the larger CI/CD environment.

In this task we poisoned the pipeline and we had to find certain information , we did this by cloning the repository and since the repository containing the source was not write-protected. we modified the pipeline file to execute the commands that gave us the required information.

Click here to see the tutorial.

TRYHACKME'S ADVENT OF CYBER 2023 ( DAY 20 )

Day 20 - "Advent of Frostlings"

 The learning objectives for day 20 were:

• Learn about poisoned pipeline execution.
• Understand how to secure CI/CD pipelines.
• Get an introduction to secure software development lifecycles (SSDLC) & DevSecOps.
• Learn about CI/CD best practices.

In this task we were briefed with topics like gitlab, SDLC concepts, DevSecops, CI/CD, On exploring we found an endpoint that was defaced, then we identified who did this and then we found the original merge for the endpoint and restored it .

Click here to see the tutorial.

TRYHACKME'S ADVENT OF CYBER 2023 ( DAY 19 )

Day 19 — “CrypTOYminers Sing Volala-lala-latility”

The learning objectives for day 19 were:

• Understand what memory forensics is and how to use it in a digital forensics investigation
• Understand what volatile data and memory dumps are
• Learn about Volatility and how it can be used to analyse a memory dump
• Learn about Volatility profiles

In this task we learned to use a forensic command line tool called Volatility, that lets digital forensics and incident response teams analyse a memory dump in order to perform memory analysis. Volatility is written in python. We created a profile and performed memory analysis, in the process we also learned to use some plugins to find the running process, to extract binary for examination of the process and file extraction .

Click here to see the tutorial.

TRYHACKME'S ADVENT OF CYBER 2023 ( DAY 18 )

 

Day 18 - "A Gift That Keeps on Giving"

The learning objectives for day 18 were:

• Identify the CPU and memory usage of processes in Linux.
• Kill unwanted processes in Linux.
• Find ways a process can persist beyond termination.
• Remove persistent processes permanently.

We were provided with a machine that had a malicious process running, our task was to identify and kill this process.

We used the top commands to check the system processes and noticed there was one process which used 100% of the CPU then we killed the mallicious process but it somehow managed to respawn on a different PID, Then we checked the cronjobs of the user and the root user but we couldn't find anything there. So, we used the systemctl command to see all the running services here we found a suspicious process and on further investigation we confirmed it was the mallicious process , we then stopped the service using the sytemctl command , then we disabled the service and deleted it from the file system.

Click here to see the tutorial.

TRYHACKME'S ADVENT OF CYBER 2023 (Day 17)

 

Day 17 — “I Tawt I Taw A C2 Tat!”

The learning objectives for day 17 were:

•Gain knowledge of the network traffic data format

•Understand the differences between full packet captures and network flows

•Learn how to process network flow data

•Discover the SiLK tool suite

•Gain hands-on experience in network flow analysis with SiLK

In this task we had to find the attacker’s ip address by analysing the network traffic using the SiLK Suite tool. While analysing we noticed that there is high traffic volume on port 53, we found out from where the majority of the traffic was from using the stats, then we filtered all that use port 53 and found that 99% of the traffic was coming from just 2 ip’s. Then we saw there was over 10 DNS requests in less than a second. On further investigation we found that the ip was sending a series of SYN packets but doesn’t respond back with a ACK packet when a SYN-ACK packet is send. So we concluded this was a DOS attack.

Click here to see the walkthrough.

TRYHACKME'S ADVENT OF CYBER 2023 (Day 16)

 Day 16 — “Cant CAPTCHA this Machine!”

The learning objectives for day 16 were:

•Complex neural network structures

•How does a convolutional neural networks function?

•Using neural networks for optical character recognition

•Integrating neural networks into red team tooling

In this task we learned to build a custom brute force script that will make use of ML to solve the CAPTCHA and continue a brute force attack. we were provided with a script to perform the bruteforce and a trained CNN model.

Convolutional Neural Networks are incredible ML structures that have the ability to extract features that can be used to train a neural network. In the previous task, we used the garbage-in, garbage-out principle to explain the importance of our inputs having good features. This ensures that the output from the neural network is accurate. But what if we could actually have the neural network select the important features itself? This is where CNN comes into play!

In essence, CNNs are normal neural networks that simply have the feature-extraction process as part of the network itself. This time, we’re not just using maths but combining it with linear algebra. Again, we won’t dive too deep into the maths here to keep things simple.

We can divide our CNN into three main components:

Feature extraction

Fully connected layers

Classification

In order to crack CAPTCHAs, we will have to go through the following steps:

Gather CAPTCHAs so we can create labelled data

Label the CAPTCHAs to use in a supervised learning model

Train our CAPTCHA-cracking CNN

Verify and test our CAPTCHA-cracking CNN

Export and host the trained model so we can feed it CAPTCHAs to solve

Create and execute a brute force script that will receive the CAPTCHA, pass it on to be solved, and then run the brute force attack

Click here to see the walkthrough.

TRYHACKME'S ADVENT OF CYBER 2023 (Day 15)

                         

Day 15 - "Jingle Bell SPAM: Machine Learning Saves the Day!"

The learning objectives for day 15 were:

•Different steps in a generic Machine Learning pipeline

•Machine Learning classification and training models

•How to split the dataset into training and testing data

•How to prepare the Machine Learning model

•How to evaluate the model’s effectiveness

In this task we are tasked with using a spam email detector using machine learning and we are provided with a dataset .We used jupyter notebook, first we started by importing the required libraries and the reading our dataset as a dataframe using the pandas library. Since ML models understand numbers, not text so we using CountVectorizer class from the skikit-learn library in python, then we splitted the testing and training data from the given dataset. After training our model we used the naive bayes classification to evaluate our model.

Click here to see the walkthrough