TryHackMe Advent of Cyber 2024 Full Walkthrough
In this post, I will be solving and providing walkthrough and answers for Advent of Cyber 2024 questions and challenges. Stay tuned as I will be adding the answers for all tasks and days in this post.
To follow the updates on the answers for the upcomings days in TryHackMe advent of cyber, make sure to check out the original post below
What is TryHackMe Advent of Cyber 2024
TryHackMe Advent of Cyber 2024 is open to all TryHackMe users, and the best part? It’s completely free to join. Plus, you’ll have the opportunity to win a share of this year’s massive $100,000 prize pool. The more challenges you complete, the greater your chances of scoring big prizes!
It’s like an advent calendar, but instead of chocolates, you’ll enjoy festive and engaging security challenges.
Day 1: Maybe SOC-mas music, he thought, doesn’t come from a store?
Day 1 Storyline:
McSkidy’s fingers flew across the keyboard, her eyes narrowing at the suspicious website on her screen. She had seen dozens of malware campaigns like this. This time, the trail led straight to someone who went by the name “Glitch.”
“Too easy,” she muttered with a smirk.
“I still have time,” she said, leaning closer to the screen. “Maybe there’s more.”
Little did she know, beneath the surface lay something far more complex than a simple hacker’s handle. This was just the beginning of a tangled web unravelling everything she thought she knew.
Learning Objectives
Learn how to investigate malicious link files.
Learn about OPSEC and OPSEC mistakes.
Understand how to track and attribute digital identities in cyber investigations.
Day 3: One man’s false positive is another man’s potpourri.
Day 3 Storyline
It’s the most wonderful time of the year again, and it’s also the most stressful day for Wareville’s Security Operations Center (SOC) team. Despite the overwhelming alerts generated by the new and noisy rules deployed, Wareville’s SOC analysts have been processing them nonstop to ensure the safety of the town.
However, the SOC analysts are now burning out of all the workload needed before Christmas. Numerous open cases are still pending, and similar alerts are still firing repeatedly, making them think of the possibility of false positives out of all this mess.
Now, help the awesome Wareville’s SOC team analyse the alerts to determine whether the rumour is true — that Mayor Malware is instigating chaos within the town.
Day 3: Even if I wanted to go, their vulnerabilities wouldn’t allow it.
Day 3 Storyline
In this task, we will cover how the SOC team and their expert were able to find out what had happened (Operation Blue) and how the Glitch was able to gain access to the website in the first place (Operation Red). Let’s get started, shall we?
Day 4: I’m all atomic inside!
Day 4 Storyline
SOC-mas is approaching! And the town of Warewille started preparations for the grand event.
Glitch, a quiet, talented security SOC-mas engineer, had a hunch that these year’s celebrations would be different. With looming threats, he decided to revamp the town’s security defences. Glitch began to fortify the town’s security defences quietly and meticulously. He started by implementing a protective firewall, patching vulnerabilities, and accessing endpoints to patch for security vulnerabilities. As he worked tirelessly, he left “breadcrumbs,” small traces of his activity.
Unaware of Glitch’s good intentions, the SOC team spotted anomalies: Logs showing admin access, escalation of privileges, patched systems behaving differently, and security tools triggering alerts. The SOC team misinterpreted the system modifications as a sign of an insider threat or rogue attacker and decided to launch an investigation using the Atomic Red Team framework.
Learning Objectives
Learn how to identify malicious techniques using the MITRE ATT&CK framework.
Learn about how to use Atomic Red Team tests to conduct attack simulations.
Understand how to create alerting and detection rules from the attack tests.