Advent of Cyber 3 (2021) Part -1

Refresh skills or get started in Cyber Security by spending a few hours a day for 25 days to do some awesome capture the flag exercises.

Get started with Cyber Security in 25 days, by learning the basics and completing a new, beginner-friendly security exercise every day leading up until Christmas; an advent calendar but with security challenges and not chocolate.

In this 24- Day challenge one can learn about various topics starting with Web Exploitation, Network Exploitation, OSINT, Cloud Hacking and Defensive Blue Teaming.

There are some prizes for completing the challenges and by entering into the raffle, check out TryHackMe for more information. Also, gain a special certificate of completion for participation.

TryHackMe also have a 20% off that expires in 9 hours

reference: tryhackme.com

Cost: Free

As of 12/6/2021, there are 6 challenges released covering various type of attacks based on Web Exploitation. Make sure to register for the event and read the rules and story to help elf McSkidy hack back and undo the malicious activities done by Grinch.

Link to challenge: https://tryhackme.com/room/adventofcyber3

First time to TryHackMe? Watch this video by Simply Cyber for setting up TryHackMe environment: Youtube Link

Day 1 —Insecure Direct Object Reference vulnerability (IDOR)

Learn about What is IDOR, How to find IDOR vulnerabilities, and do a challenge.

Day 2 — Web Servers and Technologies

Learn about what are the underlying technologies of web servers, how the web works? what are cookies? components of cookies? use developer tools to manipulate cookies and more.

Day 3 — Content Discovery and Authentication Bypass

Learn to discover configuration files, passwords, secrets, backups, and many more. Learn about dirbuster or refresh your memory about the tool in this room. On Day 4 we will learn more about authentication and where it is used.

TryHackMe also has separate rooms covering Content Discovery and Authentication Bypass in detail

Day 4 — Authentication and Fuzzing

Learn to understand authentication and where it is used, what is fuzzing? Using Burpsuite to fuzz against the site to find the flags. Password cracking using intruder in Burpsuite and many more.

TryHackMe also has a separate room covering Burp Suite in detail.

Day 5 — Cross-Site Scripting (XSS)

Learn about XSS and various types of Cross-Site Scripting vulnerabilities — DOM, Reflected, Stored, and Blind XSS

TryHackMe also has a separate room covering Cross-site Scripting in detail.

Day 6 —Local File Inclusion (LFI)

Learn about LFI vulnerability in detail and how to identify and test for LFI using PHP. Learn how to use ZAP proxy or refresh your memory on this tool from this room.

All these challenges also have walkthroughs in case if anyone got stuck with the challenges from amazing and highly talented creators, including: CyberSecMeg, John Hammond, Tib3rius, Neal Bridges, HuskyHacks, InsiderPhD, and NahamSec!

Happy Holidays !!!

Next blogposts currently in works:

1. Advent of Cyber 3 (2021) Part -2
2. Setting up a home lab
3. CyberDefenders writeups
4. Review of other CTF subscriptions— RangeForce, MetaCTF

References:

TryHackMe | Advent of Cyber 3 (2021)