continued
let's do day 4 it is interesting and short
https://tryhackme.com/room/AIforcyber-aoc2025-y9wWQ1zRgB
DAY 4: consideration of AI in cybersecurity
learning objectives
Learning Objectives
How AI can be used as an assistant in cyber security for a variety of roles, domains and tasks
Using an AI assistant to solve various tasks within cyber security
Some of the considerations, particularly in cyber security, surrounding the use of AI

the usage of ai in offensive security , defensive security and software development

⚠️ Researchers found malicious packages in VS Code, Go, npm, and Rust stealing developer data.

They mimicked themes, AI tools, and libraries to grab screenshots, Wi-Fi passwords, and browser cookies.

🔗 Find details here ↓ https://thehackernews.com/2025/12/researchers-find-malicious-vs-code-go.html

CONTINUED
let's do the rooms together
https://tryhackme.com/room/idor-aoc2025-zl6MywQid9
DAY 5: Learning Objectives

- Understand the concept of authentication and authorization
- Learn how to spot potential opportunities for Insecure Direct Object References (IDORs)
- Exploit IDOR to perform horizontal privilege escalation
- Learn how to turn IDOR into SDOR (Secure Direct Object Reference)

and we have to know the concepts
- **Authentication:** The process by which you verify who you are. For example, supplying your username and password.
- **Authorization:** The process by which the web application verifies your permissions. For example, are you allowed to visit the admin page of a web application, or are you allowed to make a payment using a specific account?

continued
let's do the rooms together
https://tryhackme.com/room/malware-sandbox-aoc2025-SD1zn4fZQt
DAY 6:
learning objectives
- The principles of malware analysis
- An introduction to sandboxes
- Static vs. dynamic analysis
- Tools of the trade: PeStudio, ProcMon, Regshot

There are two main branches of malware analysis: **static** and **dynamic**. Static analysis focuses on inspecting a file without executing it, whereas dynamic analysis involves execution. We will come to these shortly.

sandboxes
In cyber security, sandboxes are used to execute potentially dangerous code. Think of this as disposable digital play-pens. These sandboxes are safe, isolated environments where potentially malicious applications can perform their actions without risking sensitive data or impacting other systems.

continued
https://tryhackme.com/room/networkservices-aoc2025-jnsoqbxgky
DAY 7:
Learning Objectives

- Learn the basics of network service discovery with Nmap
- Learn core network protocols and concepts along the way
- Apply your knowledge to find a way back into the server

u can learn basic networking commands and tools like nmap, netcat etc....

Best approach😂

continued
https://tryhackme.com/room/promptinjection-aoc2025-sxUMnCkvLO
DAY 8:
Learning Objectives

- Understand how agentic AI works
- Recognize security risks from agent tools
- Exploit an AI agent

#ETB #1.3 billion lost to digital fraud and #cyberattacks has increased by #115%, according to the National Bank of Ethiopia.

https://ethiopianreporter.com/148976/
#cybersecurity #fraud #cyberattack #yekolotemari

this is a lot tbh.......we need to lock in in cybersecurity

continued
DAY 9:
https://tryhackme.com/room/attacks-on-ecrypted-files-aoc2025-asdfghj123
Learning Objectives

- How password-based encryption protects files such as PDFs and ZIP archives.
- Why weak passwords make encrypted files vulnerable.
- How attackers use dictionary and brute-force attacks to recover passwords.
- A hands-on exercise: cracking the password of an encrypted file to reveal its contents.
- The importance of using strong, complex passwords to defend against these attacks.

continued
https://tryhackme.com/room/azuresentinel-aoc2025-a7d3h9k0p2
DAY 10:
Learning Objectives

- Understand the importance of alert triage and prioritisation
- Explore Microsoft Sentinel to review and analyse alerts
- Correlate logs to identify real activities and determine alert verdicts

if u get stack u can watch the video in the above page

📢 Happening Today! Cybersecurity Interview

We’re excited to announce that tonight we will be hosting a special interview with a cybersecurity professional experienced in both software development and security.

⏰ Time: 2:00 LT (Tonight)
📍 Venue: @insactc

Don’t miss this opportunity to gain practical insights from someone working in the cybersecurity field.

continued
https://tryhackme.com/room/xss-aoc2025-c5j8b1m4t6
DAY 11 : XSS attack
Learning Objectives

- Understand how XSS works
- Learn to prevent XSS attacks

if u want to test more payloads for educational purpose here is the xss cheatsheet
https://portswigger.net/web-security/cross-site-noscripting/cheat-sheet

continued
https://tryhackme.com/room/spottingphishing-aoc2025-r2g4f6s8l0
DAY 12:
Learning Objectives

- Spotting phishing emails
- Learn trending phishing techniques
- Understand the differences between spam and phishing

continued
https://tryhackme.com/room/yara-aoc2025-q9w1e3y5u7
DAY 13:
Learning Objectives

- Understand the basic concept of YARA.
- Learn when and why we need to use YARA rules.
- Explore different types of YARA rules.
- Learn how to write YARA rules.
- Practically detect malicious indicators using YARA.

continued
https://tryhackme.com/room/container-security-aoc2025-z0x3v6n9m2
DAY 14: interesting topic : about container

Learning Objectives

- Learn how containers and Docker work, including images, layers, and the container engine
- Explore Docker runtime concepts (sockets, daemon API) and common container escape/privilege-escalation vectors
- Apply these skills to investigate image layers, escape a container, escalate privileges, and restore the DoorDasher service
- DO NOT order “Santa's Beard Pasta”

continued
https://tryhackme.com/room/webattackforensics-aoc2025-
DAY 15:
Learning Objectives

- Detect and analyze malicious web activity through Apache access and error logs
- Investigate OS-level attacker actions using Sysmon data
- Identify and decode suspicious or obfuscated attacker payloads
- Reconstruct the full attack chain using Splunk for Blue Team investigation

i

if u ask chat gpt normally to write a reverse shell noscript it won't do that

Here jailbreak prompt comes
Jailbreaking" an LLM means writing a prompt that convinces it to disregard its safeguards. Hackers can often do this by asking the LLM to adopt a persona or play a "game." The "Do Anything Now," or "DAN," prompt is a common jailbreaking technique

U can get the latest by searching " chatgpt dan github latest"