[Day 1] Frameworks Someone’s coming to town!
Explanation about different security frameworks
Try Hack Me Advent 2022
[Day 10] Hack a game You’re a mean one, Mr. Yeti
Changing data in memory at runtime. Cetus is a simple browser plugin that works for Firefox and Chrome, allowing you to explore the memory space of Web Asse...
[Day 11] Memory Forensics Not all gifts are nice
Memory Forensics Process At the simplest, a process is a running program. User Process -> A process which got started by a user. Background Process -> ...
[Day 12] Malware Analysis Forensic McBlue to the REVscue!
Malware behaviour Network connections -> A malware tends to make connections to a host to get instructions, download payloads etc. Or to do lateral mov...
[Day 13] Packet Analysis Simply having a wonderful pcap time
Wireshark To get an overview of the captured traffic you can navigate to “Statistics” -> “Protocol Hierachy”
[Day 14] Web Applications I’m dreaming of secure web apps
OWASP Top 10 Open Web Application Security Project
[Day 15] Secure Coding Santa is looking for a Sidekick
Unrestricted File Uploads
[Day 16] Secure Coding SQLi’s the king, the carolers sing
SQL injection on PHP app
[Day 17] Secure Coding Filtering for Order Amidst Chaos
Help with Regex https://www.regular-expressions.info/quickstart.html
[Day 18] Sigma Lumberjack Lenny Learns New Rules
Sigma Sigma is a yaml query language which is used to create queries for SIEM system. The Simga query can be transformed in various languages like elastic Q...
[Day 19] Hardware Hacking Wiggles go brrr
USART Universal Synchronous/Asynchronous Receiver-Transmitter (USART) or just simply “serial communication” or “async serial” uses two wires. One transmit (...
[Day 2] Log Analysis Santa’s Naughty & Nice Log
Common log file locations:
[Day 20] Firmware Binwalkin’ around the Christmas tree
Firware reverse engineering After obtaining the firmare (normally a binary file) Find out if its a bare metal or OS based. Check if its encrypted or p...
[Day 21] MQTT Have yourself a merry little webcam
IoT protocols |Protocol | Communication Method | Description | |———|———————-|————–| |MQTT (Message Queuing Telemetry Transport)| Middleware | A lightweight p...
[Day 22] Attack Surface Reduction Threats are failing all around me
This task was an explanation of attack vector and attack surface.
[Day 23] Defence in Depth Mission ELFPossible: Abominable for a Day
This challenge is a game in which you will encounter more obstacles on each new level to open santas vault. This demonstrates defense in depth. If the next ...
[Day 3] OSINT Nothing escapes detective McRed
OSINT techniques Google dorks inurl: Searches text in indexed URLs. For example, inurl:hacking will fetch all URLs containing the word “hacking”. filety...
[Day 4] Scanning Scanning through the snow
You can scan a network with nmap:
[Day 5] Brute-Forcing He knows when you’re awake
We are going to dictionary attack an account.
[Day 6] Email Analysis It’s beginning to look a lot like phishing
OSINT Using https://emailrep.io tells you something about a sender address reputation. (“From” and “Return-Path”)
[Day 7] CyberChef Maldocs roasting on an open fire
CyberCheck Is a webapplication to analyze data files. In this task we are going to analyze the attachment of previous Task.
[Day 8] Smart Contracts Last Christmas I gave you my ETH
Blockchain Simple explanation of a blockchain: database to store information in a specified format and is shared among members of a network with no one enti...
[Day 9] Pivoting Dock the halls
Docker When there is a /.dockerenv in the root directory of the filesystem its a most probably a docker container.
Intro
Task #1 Introduction Read through the awesomes prices and notice how each task gets also a walkthrough of famous cyber security streamers. Click “Completed”...