continued
let's do the rooms together
https://tryhackme.com/room/malware-sandbox-aoc2025-SD1zn4fZQt
DAY 6:
learning objectives
- The principles of malware analysis
- An introduction to sandboxes
- Static vs. dynamic analysis
- Tools of the trade: PeStudio, ProcMon, Regshot

There are two main branches of malware analysis: **static** and **dynamic**. Static analysis focuses on inspecting a file without executing it, whereas dynamic analysis involves execution. We will come to these shortly.

sandboxes
In cyber security, sandboxes are used to execute potentially dangerous code. Think of this as disposable digital play-pens. These sandboxes are safe, isolated environments where potentially malicious applications can perform their actions without risking sensitive data or impacting other systems.

continued
https://tryhackme.com/room/networkservices-aoc2025-jnsoqbxgky
DAY 7:
Learning Objectives

- Learn the basics of network service discovery with Nmap
- Learn core network protocols and concepts along the way
- Apply your knowledge to find a way back into the server

u can learn basic networking commands and tools like nmap, netcat etc....

Best approach😂

continued
https://tryhackme.com/room/promptinjection-aoc2025-sxUMnCkvLO
DAY 8:
Learning Objectives

- Understand how agentic AI works
- Recognize security risks from agent tools
- Exploit an AI agent

#ETB #1.3 billion lost to digital fraud and #cyberattacks has increased by #115%, according to the National Bank of Ethiopia.

https://ethiopianreporter.com/148976/
#cybersecurity #fraud #cyberattack #yekolotemari

this is a lot tbh.......we need to lock in in cybersecurity

continued
DAY 9:
https://tryhackme.com/room/attacks-on-ecrypted-files-aoc2025-asdfghj123
Learning Objectives

- How password-based encryption protects files such as PDFs and ZIP archives.
- Why weak passwords make encrypted files vulnerable.
- How attackers use dictionary and brute-force attacks to recover passwords.
- A hands-on exercise: cracking the password of an encrypted file to reveal its contents.
- The importance of using strong, complex passwords to defend against these attacks.

continued
https://tryhackme.com/room/azuresentinel-aoc2025-a7d3h9k0p2
DAY 10:
Learning Objectives

- Understand the importance of alert triage and prioritisation
- Explore Microsoft Sentinel to review and analyse alerts
- Correlate logs to identify real activities and determine alert verdicts

if u get stack u can watch the video in the above page

📢 Happening Today! Cybersecurity Interview

We’re excited to announce that tonight we will be hosting a special interview with a cybersecurity professional experienced in both software development and security.

⏰ Time: 2:00 LT (Tonight)
📍 Venue: @insactc

Don’t miss this opportunity to gain practical insights from someone working in the cybersecurity field.

continued
https://tryhackme.com/room/xss-aoc2025-c5j8b1m4t6
DAY 11 : XSS attack
Learning Objectives

- Understand how XSS works
- Learn to prevent XSS attacks

if u want to test more payloads for educational purpose here is the xss cheatsheet
https://portswigger.net/web-security/cross-site-noscripting/cheat-sheet

continued
https://tryhackme.com/room/spottingphishing-aoc2025-r2g4f6s8l0
DAY 12:
Learning Objectives

- Spotting phishing emails
- Learn trending phishing techniques
- Understand the differences between spam and phishing

continued
https://tryhackme.com/room/yara-aoc2025-q9w1e3y5u7
DAY 13:
Learning Objectives

- Understand the basic concept of YARA.
- Learn when and why we need to use YARA rules.
- Explore different types of YARA rules.
- Learn how to write YARA rules.
- Practically detect malicious indicators using YARA.

continued
https://tryhackme.com/room/container-security-aoc2025-z0x3v6n9m2
DAY 14: interesting topic : about container

Learning Objectives

- Learn how containers and Docker work, including images, layers, and the container engine
- Explore Docker runtime concepts (sockets, daemon API) and common container escape/privilege-escalation vectors
- Apply these skills to investigate image layers, escape a container, escalate privileges, and restore the DoorDasher service
- DO NOT order “Santa's Beard Pasta”

continued
https://tryhackme.com/room/webattackforensics-aoc2025-
DAY 15:
Learning Objectives

- Detect and analyze malicious web activity through Apache access and error logs
- Investigate OS-level attacker actions using Sysmon data
- Identify and decode suspicious or obfuscated attacker payloads
- Reconstruct the full attack chain using Splunk for Blue Team investigation

i

if u ask chat gpt normally to write a reverse shell noscript it won't do that

Here jailbreak prompt comes
Jailbreaking" an LLM means writing a prompt that convinces it to disregard its safeguards. Hackers can often do this by asking the LLM to adopt a persona or play a "game." The "Do Anything Now," or "DAN," prompt is a common jailbreaking technique

U can get the latest by searching " chatgpt dan github latest"

continued
https://tryhackme.com/room/registry-forensics-aoc2025-h6k9j2l5p8
DAY 16:
Learning Objectives

- Understand what the Windows Registry is and what it contains.
- Dive deep into Registry Hives and Root Keys.
- Analyze Registry Hives through the built-in Registry Editor tool.
- Learn Registry Forensics and investigate through the Registry Explorer tool.

since all 24 rooms have been released the event will end soon
i have been busy last week so unfortunately i didn't manage to complete it on time but we will continue

Curiosity is the strength
Consistency is the key
#quotes