2024 TryHackMe (THM)Advent of Cyber (AoC) Day 7 Walkthrough | THM Writeup
Today is Day 7 of TryHackMe Advent of Cyber (AoC). It has been one whole week of solving cybersecurity challenges. The topic is AWS Log Analysis. I’m having a blast thinking back to the thrill of discovering AWS for the first time! Also, I wanted to share that I’ve decided to end my Blogmas journey due to some changes in my life. Thank you all for your support! It’s been a wonderful experience.
What is the other activity made by the user glitch aside from the ListObject action?
Flag: PutObject
- Use the AWS CLI command to view the data from the CloudTrail log:
jq -r '["Event_Time", "Event_Source", "Event_Name", "User_Name", "Source_IP"],(.Records[] | select(.userIdentity.userName == "glitch") | [.eventTime, .eventSource, .eventName, .userIdentity.userName // "N/A", .sourceIPAddress // "N/A"]) | @tsv' cloudtrail_log.json | column -t -s $'\t'
- An object, in this case, “PutObject” will appear.
- This log indicates that an attacker is manipulating an object within an Amazon S3 bucket.
What is the source IP related to the S3 bucket activities of the user glitch?
Flag: 53.94.201.69
- On the S3 bucket, locate the section…
