continued
https://tryhackme.com/room/race-conditions-aoc2025-d7f0g3h6j9
DAY 20
Learning Objectives
- Understand what race conditions are and how they can affect web applications.
- Learn how to identify and exploit race conditions in web requests.
- How concurrent requests can manipulate stock or transaction values.
- Explore simple mitigation techniques to prevent race condition vulnerabilities.
https://tryhackme.com/room/race-conditions-aoc2025-d7f0g3h6j9
DAY 20
Learning Objectives
- Understand what race conditions are and how they can affect web applications.
- Learn how to identify and exploit race conditions in web requests.
- How concurrent requests can manipulate stock or transaction values.
- Explore simple mitigation techniques to prevent race condition vulnerabilities.
TryHackMe
Race Conditions - Toy to The World
Learn how to exploit a race condition attack to oversell the limited-edition SleighToy.
❤3👍1
continued
https://tryhackme.com/room/htapowershell-aoc2025-p2l5k8j1h4
DAY 21:
Learning Objectives
In this task, the TBFC SOC team will investigate one specific file type, the HTA format - a type often used for legitimate purposes, yet just as frequently exploited by attackers. Your mission is to reverse-engineer the HTA and uncover how King Malhare tricked Wareville’s elves. To do this, you will have to look for:
- Application metadata
- Script functions
- Any network calls or encoded data
- Clues about exfiltration
https://tryhackme.com/room/htapowershell-aoc2025-p2l5k8j1h4
DAY 21:
Learning Objectives
In this task, the TBFC SOC team will investigate one specific file type, the HTA format - a type often used for legitimate purposes, yet just as frequently exploited by attackers. Your mission is to reverse-engineer the HTA and uncover how King Malhare tricked Wareville’s elves. To do this, you will have to look for:
- Application metadata
- Script functions
- Any network calls or encoded data
- Clues about exfiltration
TryHackMe
Malware Analysis - Malhare.exe
Learn about malware analysis and forensics.
❤3👍1
continued
https://tryhackme.com/room/detecting-c2-with-rita-aoc2025-m9n2b5v8c1
DAY 22:
Learning Objectives
- Convert a PCAP to Zeek logs
- Use RITA to analyze Zeek logs
- Analyze the output of RITA
https://tryhackme.com/room/detecting-c2-with-rita-aoc2025-m9n2b5v8c1
DAY 22:
Learning Objectives
- Convert a PCAP to Zeek logs
- Use RITA to analyze Zeek logs
- Analyze the output of RITA
TryHackMe
C2 Detection - Command \u0026 Carol
Explore how to analyze a large PCAP and extract valuable information.
❤4👍1
continued
DAY 23:
Learning Objectives
- Learn the basics of AWS accounts.
- Enumerate the privileges granted to an account, from an attacker's perspective.
- Familiarise yourself with the AWS CLI.
https://tryhackme.com/room/cloudenum-aoc2025-y4u7i0o3p6
DAY 23:
Learning Objectives
- Learn the basics of AWS accounts.
- Enumerate the privileges granted to an account, from an attacker's perspective.
- Familiarise yourself with the AWS CLI.
https://tryhackme.com/room/cloudenum-aoc2025-y4u7i0o3p6
TryHackMe
AWS Security - S3cret Santa
Learn the basics of AWS enumeration.
❤4⚡3
the last day
DAY 24:
Learning Objectives
- Understand what HTTP requests and responses are at a high level.
- Use cURL to make basic requests (using GET) and view raw responses in the terminal.
- Send POST requests with cURL to submit data to endpoints.
- Work with cookies and sessions in cURL to maintain login state across requests.
https://tryhackme.com/room/webhackingusingcurl-aoc2025-w8q1a4s7d0
DAY 24:
Learning Objectives
- Understand what HTTP requests and responses are at a high level.
- Use cURL to make basic requests (using GET) and view raw responses in the terminal.
- Send POST requests with cURL to submit data to endpoints.
- Work with cookies and sessions in cURL to maintain login state across requests.
https://tryhackme.com/room/webhackingusingcurl-aoc2025-w8q1a4s7d0
TryHackMe
Exploitation with cURL - Hoperation Eggsploit
The evil Easter bunnies operate a web control panel that holds the wormhole open. Using cURL, identify the endpoints, send the required requests, and shut the wormhole once and for all.
❤4👍1
kid cyber
the last day DAY 24: Learning Objectives - Understand what HTTP requests and responses are at a high level. - Use cURL to make basic requests (using GET) and view raw responses in the terminal. - Send POST requests with cURL to submit data to endpoints.…
i didn't manage to complete it on time but i just finished it anyways and we got our certificate🎉
i have learned so many things from day one onwards as i told u it is best for beginners to have basic understanding of some of the things in the field some of the topics were
- the concept of authentication and authorization
- Insecure Direct Object References (IDORs)
- malware analysis
- the basics of network service discovery with Nmap
- how XSS works
- phishing emails
- encoding/decoding
- race conditions
- HTTP requests and responses are at a high level.
i have learned so many things from day one onwards as i told u it is best for beginners to have basic understanding of some of the things in the field some of the topics were
- the concept of authentication and authorization
- Insecure Direct Object References (IDORs)
- malware analysis
- the basics of network service discovery with Nmap
- how XSS works
- phishing emails
- encoding/decoding
- race conditions
- HTTP requests and responses are at a high level.
🔥11👏3❤1
Rob Stack chat
yah man esp in finals week
Everything is interesting and good during final weeks 😭
😢10