2024 TryHackMe (THM)Advent of Cyber (AoC) Day 1 Walkthrough | THM Writeup

Day 1: Maybe SOC-mas music, he thought, doesn’t come from a store?

Angie
3 min readDec 3, 2024

The TryHackMe Advent of Cyber (AoC) 2024 version has arrived! I am looking forward to the first day of Advent of Cyber. Today’s topic is OPSEC, also known as Operational Security. OPSEC helps prevent sensitive information from being compromised by attackers.

Looks like the song.mp3 file is not what we expected! Run “exiftool song.mp3” in your terminal to find out the author of the song. Who is the author?

Flag: Tyler Ramsbey

  • On the terminal, run the exiftool command above to see the song's Author.
  • By running exiftool, an attacker can easily view metadata information such as the name and use it for nefarious purposes.

The malicious PowerShell script sends stolen info to a C2 server. What is the URL of this C2 server?

Flag: http://papash3ll.thm/data

  • From M.M.’s IS GitHub folder, go to the Powershell script, PS.1, and scroll down to the stolen C2 server comment on line 49.
  • After data is sent to the C2 server, it becomes compromised, including valuable information such as stolen credentials.

--

--

Angie
Angie

Written by Angie

Lifelong Learner. Blogger. Polyglot (ENG/KOR/ESP). Lifestyle + Tech. Also the Creator of #Infosecversity.

No responses yet