capture the flag, hacking

@RealTryHackMe #AdventOfCyber Series: Challenge 22 – How It Happened #TisTheSeasonForHacking

Another day, another challenge…

In this post, we’re starting a new series the Advent of Cyber series that is hosted by TryHackMe. This is the third year of the Advent of Cyber where a challenge is released everyday leading to Christmas. In total there will be 25 challenges. In these challenges, we’re McSkidy an elf trying to save Christmas.

In our twenty-second challenge, we’re presented with a scenario where McSkidy has identified the first trace of Grinch Enterprises in their network. Now, McSkidy needs to find out what they did when they entered the network. Hmm… I wonder what that could be.

The topic(s) explored in this challenge are the encoding, ciphers, and oledump tool. In particular, we read about base64 encoding and how it’s still used to evade Antivirus detection even though it’s not super effective. The next topic was ciphers. In particular, we read about XOR ciphers which is used as an either-or option. Meaning, you can pick one option, but not both. The final topic is the oledump tool. This tool is used to analyze OLE files which you can think of as mini file systems. These files can hide macros which is executable code in Word and Excel documents. Bad actors can use macros to add malicious code. <— this will be helpful in this challenge.

Can McSkidy figure out what the Grinch did after gaining initial access to the system? Find out below!

If you enjoy my content, buy me a coffee. Link –>