continued
https://tryhackme.com/room/xss-aoc2025-c5j8b1m4t6
DAY 11 : XSS attack
Learning Objectives

- Understand how XSS works
- Learn to prevent XSS attacks

if u want to test more payloads for educational purpose here is the xss cheatsheet
https://portswigger.net/web-security/cross-site-noscripting/cheat-sheet

continued
https://tryhackme.com/room/spottingphishing-aoc2025-r2g4f6s8l0
DAY 12:
Learning Objectives

- Spotting phishing emails
- Learn trending phishing techniques
- Understand the differences between spam and phishing

continued
https://tryhackme.com/room/yara-aoc2025-q9w1e3y5u7
DAY 13:
Learning Objectives

- Understand the basic concept of YARA.
- Learn when and why we need to use YARA rules.
- Explore different types of YARA rules.
- Learn how to write YARA rules.
- Practically detect malicious indicators using YARA.

continued
https://tryhackme.com/room/container-security-aoc2025-z0x3v6n9m2
DAY 14: interesting topic : about container

Learning Objectives

- Learn how containers and Docker work, including images, layers, and the container engine
- Explore Docker runtime concepts (sockets, daemon API) and common container escape/privilege-escalation vectors
- Apply these skills to investigate image layers, escape a container, escalate privileges, and restore the DoorDasher service
- DO NOT order “Santa's Beard Pasta”

continued
https://tryhackme.com/room/webattackforensics-aoc2025-
DAY 15:
Learning Objectives

- Detect and analyze malicious web activity through Apache access and error logs
- Investigate OS-level attacker actions using Sysmon data
- Identify and decode suspicious or obfuscated attacker payloads
- Reconstruct the full attack chain using Splunk for Blue Team investigation

i

if u ask chat gpt normally to write a reverse shell noscript it won't do that

Here jailbreak prompt comes
Jailbreaking" an LLM means writing a prompt that convinces it to disregard its safeguards. Hackers can often do this by asking the LLM to adopt a persona or play a "game." The "Do Anything Now," or "DAN," prompt is a common jailbreaking technique

U can get the latest by searching " chatgpt dan github latest"

continued
https://tryhackme.com/room/registry-forensics-aoc2025-h6k9j2l5p8
DAY 16:
Learning Objectives

- Understand what the Windows Registry is and what it contains.
- Dive deep into Registry Hives and Root Keys.
- Analyze Registry Hives through the built-in Registry Editor tool.
- Learn Registry Forensics and investigate through the Registry Explorer tool.

since all 24 rooms have been released the event will end soon
i have been busy last week so unfortunately i didn't manage to complete it on time but we will continue

Curiosity is the strength
Consistency is the key
#quotes

continued
https://tryhackme.com/room/encoding-decoding-aoc2025-s1a4z7x0c3
DAY 17:
Learning Objectives

- Introduction to encoding/decoding
- Learn how to use CyberChef
- Identify useful information in web applications through HTTP headers

🌟 Join Our Tech Club! 🌟
Do you have experience in cybersecurity, web development, or related fields? We invite you to be a part of our vibrant community dedicated to exploring the latest trends, sharing knowledge, and collaborating on exciting projects!

What We’re Looking For:
We are seeking enthusiastic students who are eager to learn, share their expertise, and contribute to our club's activities.

Fields of Interest:
• Cybersecurity: Help us explore the ever-evolving landscape of digital security and share best practices.
• Web Development: Collaborate on projects, learn new frameworks, and enhance your coding skills.
• Other Tech Areas: If you have experience in data science, AI, app development, or any other tech-related field.

Registration Details:
To become a member of our club, please fill out the registration form linked below. Your information will help us tailor our activities to your interests and skills.

👉 [https://forms.gle/f1nuCDL9nQtxz5L49]

Deadline for Registration: [Friday jan 2, 2026]

continued
https://tryhackme.com/room/obfuscation-aoc2025-e5r8t2y6u9
DAY 18:
Learning Objectives

- Learn about obfuscation, why and where it is used.
- Learn the difference between encoding, encryption, and obfuscation.
- Learn about obfuscation and the common techniques.
- Use CyberChef to recover plaintext safely.

continued
https://tryhackme.com/room/ICS-modbus-aoc2025-g3m6n9b1v4
DAY 19:
Learning Objectives

- How **SCADA (Supervisory Control and Data Acquisition)** systems monitor industrial processes
- What **PLCs (Programmable Logic Controllers)** do in automation
- How the **Modbus protocol** enables communication between industrial devices
- How to identify compromised system configurations in industrial systems
- Techniques for safely remediating compromised control systems
- Understanding protection mechanisms and trap logic in ICS environments

This one is a bit hard watch the video guide

MongoDB servers are under active exploitation via CVE-2025-14847, a pre-auth memory leak.

Censys found 87,000 exposed instances. The default zlib compression flaw can leak passwords and API keys over time.

🔗 Read → https://thehackernews.com/2025/12/mongodb-vulnerability-cve-2025-14847.html

continued
https://tryhackme.com/room/race-conditions-aoc2025-d7f0g3h6j9
DAY 20
Learning Objectives

- Understand what race conditions are and how they can affect web applications.
- Learn how to identify and exploit race conditions in web requests.
- How concurrent requests can manipulate stock or transaction values.
- Explore simple mitigation techniques to prevent race condition vulnerabilities.

continued
https://tryhackme.com/room/htapowershell-aoc2025-p2l5k8j1h4
DAY 21:
Learning Objectives

In this task, the TBFC SOC team will investigate one specific file type, the HTA format - a type often used for legitimate purposes, yet just as frequently exploited by attackers. Your mission is to reverse-engineer the HTA and uncover how King Malhare tricked Wareville’s elves. To do this, you will have to look for:

- Application metadata
- Script functions
- Any network calls or encoded data
- Clues about exfiltration

continued
https://tryhackme.com/room/detecting-c2-with-rita-aoc2025-m9n2b5v8c1
DAY 22:
Learning Objectives

- Convert a PCAP to Zeek logs
- Use RITA to analyze Zeek logs
- Analyze the output of RITA

continued
DAY 23:
Learning Objectives

- Learn the basics of AWS accounts.
- Enumerate the privileges granted to an account, from an attacker's perspective.
- Familiarise yourself with the AWS CLI.
https://tryhackme.com/room/cloudenum-aoc2025-y4u7i0o3p6

the last day
DAY 24:
Learning Objectives

- Understand what HTTP requests and responses are at a high level.
- Use cURL to make basic requests (using GET) and view raw responses in the terminal.
- Send POST requests with cURL to submit data to endpoints.
- Work with cookies and sessions in cURL to maintain login state across requests.
https://tryhackme.com/room/webhackingusingcurl-aoc2025-w8q1a4s7d0