Sharon Jebitok
Advent Of Cyber: Day 1 - OPSEC (TryHackMe)

Advent Of Cyber: Day 1 - OPSEC (TryHackMe)

J3bitok's photo
J3bitok
·

2 min read

The Advent of Cyber, 2024 by TryHackMe is finally here. AOC is a yearly event by TryHackMe that drops daily up to Christmas. This year is focused on SOC-mas where we’ll be exploring by learning and solving challenges of various topics.

In this article, I will be writing a Day 1: Maybe SOC-mas music, he thought, doesn't come from a store? writeup

Before answering the questions, follow the instructions by starting the machine and opening the ip_address on the browser which will open The Glitch website. You’ll paste the provided YouTube URL in order to convert it to MP3 and download the zip file. Go to Root’s home folder open it and you’ll extract the download.zip, you can extract it to the download folder or just choose extract here. (Good OPSec, always use the virtual machines as much as possible to keep your system secure)

With the two files song.mp3 and somg.mp3. We’re good to start checking our questions but first you can try follow the commands provided before the questions this will help you navigate the questions.

Above you’ll see the raw.githubusercontent.com/MM-WarevilleTHM/I.. which will open up the script

From here we’ll be starting to answer the questions: on GitHub Explorer we’ll search Created by the one and only M.M in order to find the repository and be able to answer some of the questions

Answer the questions below

  1. Looks like the song.mp3 file is not what we expected! Run "exiftool song.mp3" in your terminal to find out the author of the song. Who is the author? Tyler Ramsbey

  2. The malicious PowerShell script sends stolen info to a C2 server. What is the URL of this C2 server? http://papash3ll.thm/data

  3. Who is M.M? Maybe his Github profile page would provide clues? Mayor Malware

  4. What is the number of commits on the GitHub repo where the issue was raised?1

    Based on the time of creation of the challenge, the answer is one since the other issues were created after the challenge dropped

    Thank you for reading, looking forward to the other days of AOC till Christmas day. You can leave a comment or we can connect more on LinkedIn.

Did you find this article valuable?

Support Sharon Jebitok by becoming a sponsor. Any amount is appreciated!

AdventOfCyber2024tryhackmeWrite Upopsec