Skip to main content
HashnodeCyberWithSharon

Command Palette

Search for a command to run...

Advent Of Cyber: Day 1 - OPSEC (TryHackMe)

Updated
2 min read
Advent Of Cyber: Day 1 - OPSEC (TryHackMe)
J
Jebitok

Software Developer | Learning Cybersecurity | Open for roles *

If you're in the early stages of your career in software development (student or still looking for an entry-level role) and in need of mentorship, you can reach out to me.

The Advent of Cyber, 2024 by TryHackMe is finally here. AOC is a yearly event by TryHackMe that drops daily up to Christmas. This year is focused on SOC-mas where we’ll be exploring by learning and solving challenges of various topics.

In this article, I will be writing a Day 1: Maybe SOC-mas music, he thought, doesn't come from a store? writeup

Before answering the questions, follow the instructions by starting the machine and opening the ip_address on the browser which will open The Glitch website. You’ll paste the provided YouTube URL in order to convert it to MP3 and download the zip file. Go to Root’s home folder open it and you’ll extract the download.zip, you can extract it to the download folder or just choose extract here. (Good OPSec, always use the virtual machines as much as possible to keep your system secure)

With the two files song.mp3 and somg.mp3. We’re good to start checking our questions but first you can try follow the commands provided before the questions this will help you navigate the questions.

Above you’ll see the https://raw.githubusercontent.com/MM-WarevilleTHM/IS/refs/heads/main/IS.ps1 which will open up the script

From here we’ll be starting to answer the questions: on GitHub Explorer we’ll search Created by the one and only M.M in order to find the repository and be able to answer some of the questions

Answer the questions below

  1. Looks like the song.mp3 file is not what we expected! Run "exiftool song.mp3" in your terminal to find out the author of the song. Who is the author? Tyler Ramsbey

  2. The malicious PowerShell script sends stolen info to a C2 server. What is the URL of this C2 server? http://papash3ll.thm/data

  3. Who is M.M? Maybe his Github profile page would provide clues? Mayor Malware

  4. What is the number of commits on the GitHub repo where the issue was raised?1

    Based on the time of creation of the challenge, the answer is one since the other issues were created after the challenge dropped

    Thank you for reading, looking forward to the other days of AOC till Christmas Day. You can leave a comment.

#adventofcyber2024#tryhackme#write-up#opsec
139 views

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

C

CyberWithSharon

432 posts