#  @djalilayed Djalil Ayed Djalil Ayed posts on YouTube about ctf, the first, shell, ai the most. They currently have [-----] followers and [---] posts still getting attention that total [------] engagements in the last [--] hours. ### Engagements: [------] [#](/creator/youtube::UCUTn6ChJY1ttQ_gigG1GRkA/interactions)  - [--] Week [-----] +68% - [--] Month [------] +59% - [--] Months [------] +52% - [--] Year [-------] +199% ### Mentions: [--] [#](/creator/youtube::UCUTn6ChJY1ttQ_gigG1GRkA/posts_active)  - [--] Week [--] +88% - [--] Month [--] +54% - [--] Months [---] +50% - [--] Year [---] +442% ### Followers: [-----] [#](/creator/youtube::UCUTn6ChJY1ttQ_gigG1GRkA/followers)  - [--] Week [-----] +2.50% - [--] Month [-----] +9% - [--] Months [-----] +49% - [--] Year [-----] +116% ### CreatorRank: [-------] [#](/creator/youtube::UCUTn6ChJY1ttQ_gigG1GRkA/influencer_rank)  ### Social Influence **Social category influence** [technology brands](/list/technology-brands) [stocks](/list/stocks) [finance](/list/finance) [currencies](/list/currencies) [travel destinations](/list/travel-destinations) [cryptocurrencies](/list/cryptocurrencies) [social networks](/list/social-networks) **Social topic influence** [ctf](/topic/ctf) #24, [the first](/topic/the-first), [shell](/topic/shell), [ai](/topic/ai), [link](/topic/link), [how to](/topic/how-to), [splunk](/topic/splunk), [tools](/topic/tools), [can you](/topic/can-you) #2808, [hidden](/topic/hidden) **Top accounts mentioned or mentioned by** [@probablyfinethm](/creator/undefined) [@kingfordacuk](/creator/undefined) [@realtryhackme](/creator/undefined) **Top assets mentioned** [Microsoft Corp. (MSFT)](/topic/microsoft) [CyberConnect (CYBER)](/topic/cyber) [FilesCoins Power Cu (FILECOIN)](/topic/files) ### Top Social Posts Top posts by engagements in the last [--] hours "TryHackMe Python: Simple Demo ๐ฑ Explore what a basic Python program looks like. ๐ชผ Room link: https://tryhackme.com/room/pythonsimpledemo ๐ฑ Learning Objectives ๐ฑ ๐งLearn about Python variables ๐งUnderstand how conditional statements are used ๐งSee iteration (loop) in action ๐ฑ Room Tasks: ๐ฑ ๐ Task 1: Introduction ๐ธ Task 2: Variables - What is the name of the function we used to display text on the screen - What is the name of the function that we used to convert user input to an integer ๐ Task 3: Conditional Statements - How does Python write else if - What will the program display if" [YouTube Link](https://youtube.com/watch?v=E3juPk_igRk) 2026-02-15T10:07Z [----] followers, [--] engagements "TryHackMe Introduction to Phishing - SOC Simulator - Full Walkthrough [----] - Updated - Elastic ๐ท๐ท Room Link: https://tryhackme.com/soc-sim/scenarios In this video will use Elastic to solve the scenario. ๐ท๐ท ๐ท๐ท TryHackMe SOC Level [--] Video Playlist: https://www.youtube.com/playlistlist=PLrY_AbzZGqt9-_QEdK64kN4RNzqgQ8dQM ๐ฉ Scenario overview ๐ฉ Learn how to use SOC Simulator by completing your first scenario. Close all True Positive alerts to pass ๐๐ Scenario objectives ๐๐ ๐ Monitor and analyze real-time alerts. ๐ Identify and document critical events such as suspicious emails and" [YouTube Link](https://youtube.com/watch?v=IDtI2D3e2BE) 2025-11-07T13:20Z [----] followers, [----] engagements "TryHackMe Data Encoding - Full Walkthrough [----] ๐ฅฅ Learn how computer encodes characters from ASCII to Unicode's UTF. ๐๐ Room link: https://tryhackme.com/room/dataencoding ๐จ Learning Objectives ๐จ ๐ฏ Upon completion of this room you will learn about: ๐ ASCII ๐ Unicode ๐ UTF-8 UTF-16 and UTF-32 ๐ How emoji is encoded ๐ And what causes weird gibberish characters ๐จ Room Tasks: ๐จ ๐ Task 1: Introduction ๐ฅ Task 2: ASCII ๐ Task 3: Unicode ๐ Task 4: Conclusion โ Educational Purpose Only This content is for educational and authorized penetration testing purposes only. Always ensure you" [YouTube Link](https://youtube.com/watch?v=JZziUmrfOkQ) 2026-02-12T17:56Z [----] followers, [---] engagements "TryHackMe Cupid's Matchmaker Stored XSS Full Walkthrough [----] ๐ Use your web exploitation skills against this matchmaking service. ๐ฆ ๐ Room Link: https://tryhackme.com/room/lafb2026e3 In this room we use vulnerability on survey form using Stored XSS to get admin cookie which is the flag for this room. ๐ My Dearest Hacker ๐ง Tired of soulless AI algorithms At Cupid's Matchmaker real humans read your personality survey and personally match you with compatible singles. Our dedicated matchmaking team reviews every submission to ensure you find true love this Valentine's Day ๐No algorithms." [YouTube Link](https://youtube.com/watch?v=O1OuohTo3BQ) 2026-02-15T07:37Z [----] followers, [---] engagements "TryHackMe Speed Chatting File Upload Vulnerability Full Walkthrough [----] ๐ Can you hack as fast as you can chat ๐ฆ ๐ Room Link: https://tryhackme.com/room/lafb2026e4 ๐ฆ ๐ Reverse Shell used on this room: https://github.com/djalilayed/tryhackme/blob/main/Love_at_First%20Breach/Speed_Chatting/reverse_shell.py ๐ฑ In this room we exploit vulnerability on profile upload image it has unrestricted file upload which allow us to upload Python reverse shell then get the flag. ๐ฅ My Dearest Hacker ๐ฆ Days before Valentine's Day TryHeartMe rushed out a new messaging platform called "Speed Chatter"" [YouTube Link](https://youtube.com/watch?v=O2qdZ77TG5Q) 2026-02-15T05:01Z [----] followers, [---] engagements "TryHackMe When Hearts Collide MD5 collision Full Walkthrough [----] โฃ Will you find your MD5 match ๐ ๐ฅ Room link: https://tryhackme.com/room/lafb2026e1 ๐ Tool used: ๐ MD5 collision generator: https://github.com/brimstone/fastcoll We have an app they allow you to upload images and match its md5 value to existing dogs images if md5 match you get the flag. ๐ My Dearest Hacker ๐ฆ Matchmaker is a playful hash-powered experience that pairs you with your ideal dog by comparing MD5 fingerprints. Upload a photo let the hash chemistry do its thing and watch the site reveal whether your vibe already" [YouTube Link](https://youtube.com/watch?v=ReMhp6tHYB8) 2026-02-15T05:01Z [----] followers, [---] engagements "TryHackMe TryHeartMe JWT Full Walkthrough [----] ๐ Access the hidden item in this Valentine's gift shop. ๐ท๐ท Room Link: https://tryhackme.com/room/lafb2026e5 This room about JWT security failure. signature is not being verified ๐ฆ My Dearest Hacker ๐ฆ The TryHeartMe shop is open for business. Can you find a way to purchase the hidden Valenflag item ๐ฑ Website used on this video: ๐ฑ โฃ JSON Web Token (JWT) Debugger: https://www.jwt.io/ โฃ CyberChef: https://gchq.github.io/CyberChef/ โ Educational Purpose Only This content is for educational and authorized penetration testing purposes only." [YouTube Link](https://youtube.com/watch?v=RsHAFhfl7zw) 2026-02-15T05:01Z [----] followers, [---] engagements "TryHackMe Data Representation Full Walkthrough [----] Learn about how computers represent numbers and colors. ๐น ๐ Room link: https://tryhackme.com/room/datarepresentation ๐ฑ Room Tasks: ๐ฑ ๐ Representing [--] colors ๐ Representing [--] million colors ๐ Binary numbers ๐ Hexadecimal numbers ๐ (Optional) Octal numbers ๐ซ ๐ช Room Tasks: ๐ซ ๐ช ๐ Task 1: Introduction ๐ฆ Task 2: Representing Colors - Preview the color #3BC81E. In one word what does this color appear to be - What is the binary representation of the color #EB0037 - What is the decimal representation of the color #D4D8DF ๐น Task 3:" [YouTube Link](https://youtube.com/watch?v=SJ4MEjabtIA) 2026-02-15T12:57Z [----] followers, [--] engagements "TryHackMe Corp Website React2Shell Full Walkthrough [----] ๐ ๐ช Room link: https://tryhackme.com/room/lafb2026e7 โฃ Resource used in this video: โฃ ๐ React2Shell: CVE-2025-55182: https://tryhackme.com/room/react2shellcve202555182 ๐ Penelope is a powerful shell handler built as a modern netcat replacement for RCE exploitation: https://github.com/brightio/penelope This room showcase React2Shell vulnerability in a web app which will give us access as user using reverse shell we get root access as user has sudo root level to run Python binary. ๐ ๐ My Dearest Hacker ๐ โฃ Valentine's Day is fast" [YouTube Link](https://youtube.com/watch?v=ZiwxHc7ZLVg) 2026-02-15T05:06Z [----] followers, [---] engagements "TryHackMe Signed Messages Deterministic RSA Keys & Forging PSS Signatures Full Walkthrough [----] โฃ Their messages are secret unless you find the key. ๐ฆ ๐ฅ Room link: https://tryhackme.com/room/lafb2026e8 ๐ฑ Resources: ๐ฑ ๐ท๐ท My Exploit Script: https://github.com/djalilayed/tryhackme/blob/main/Love_at_First%20Breach/Signed_Messages/admin_signature.py This room about Cracking Deterministic RSA Keys & Forging PSS Signatures. the app which claims to secure user messages with "Industry Standard RSA-2048." Spoiler alert: It doesn't. We start by finding a debug log that reveals a critical flaw: the" [YouTube Link](https://youtube.com/watch?v=fUNkK04-R18) 2026-02-15T07:28Z [----] followers, [----] engagements "TryHackMe Valenfind LFI Full Walkthrough [----] ๐ Can you find vulnerabilities in this new dating app ๐ฅ ๐ Room Link: https://tryhackme.com/room/lafb2026e10 In this dating app we find an LFI we use it to access app code then download SQLite database that contain administrator login after login as admin we check the profile and we find the flag. ๐ฆ My Dearest Hacker ๐ Theres this new dating app called Valenfind that just popped up out of nowhere. I hear the creator only learned to code this year; surely this must be vibe-coded. Can you exploit it โ Educational Purpose Only This content is for" [YouTube Link](https://youtube.com/watch?v=fv2NlV65tFQ) 2026-02-15T05:58Z [----] followers, [---] engagements "Zeek - TryHackMe - Walkthrough Tryhackme SOC Level [--] SAL1 Introduction to hands-on network monitoring and threat detection with Zeek (formerly Bro). https://tryhackme.com/room/zeekbro Zeek (formerly Bro) is an open-source and commercial network monitoring tool (traffic analyser). The room aims to provide a general network monitoring overview and work with Zeek to investigate captured traffic. This room will expect you to have basic Linux familiarity and Network fundamentals (ports protocols and traffic data). We suggest completing the "Network Fundamentals" path before starting working in" [YouTube Link](https://youtube.com/watch?v=-44q-q9ZQR0) 2022-11-09T06:57Z [----] followers, 10.6K engagements "TryHackMe OAuth Vulnerabilities Full Walkthrough [----] ๐ฏ๐ฏ Learn how the OAuth protocol works and master techniques to exploit it. ๐ธThis part of TryHackMe Web Application Pentesting Path ๐๐๐ Room Link: https://tryhackme.com/room/oauthvulnerabilities ๐จ๐จ In modern web applications OAuth vulnerabilities emerge as a serious and frequently disregarded risk; when we talk about OAuth we're talking about OAuth [---] the commonly used authorisation framework. The vulnerabilities occur when hackers take advantage of weaknesses in OAuth [---] which allows for CSRF XSS data leakage and exploitation of" [YouTube Link](https://youtube.com/watch?v=-Zx-6j8YZNg) 2025-09-14T12:22Z [----] followers, [---] engagements "๐๐ฏ๐ง SOC L1 Alert Reporting TryHackMe SOC Simulator SAL1 COACH ๐ง ๐ง ๐ก Learn how to properly report escalate and communicate about high-risk SOC alerts.๐ก ๐ฏ During or after alert triage L1 analysts may be uncertain about how to classify the alert requiring senior support or information from the system owner. Also L1 may deal with real cyberattacks and breaches that need immediate attention and remediation actions. This room covers these cases by introducing three new terms: alert reporting escalation and communication. ๐๐Learning Objectives ๐ก๐ก ๐กUnderstand the need for SOC alert" [YouTube Link](https://youtube.com/watch?v=-tcxvL5hNJ8) 2025-04-20T12:26Z [----] followers, [----] engagements "๐๐ ๐๐ TryHackMe: The London Bridge - Boot2Root with CVE-2018-18955 & Firefox Decrypt ๐๐ ๐๐ ๐๐ The London Bridge is falling down.๐๐ This is a classic boot2root CTF-style room. Make sure to get all the flags. Resources used: ๐๐ Arjun: https://github.com/s0md3v/Arjun ๐๐ CVE-2018-18955 https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/blob/main/bin-sploits/47165.zip https://vulners.com/zdt/1337DAY-ID-33029 ๐๐ firefox_decrypt https://github.com/unode/firefox_decrypt ๐๐ sqlite viewer: https://inloop.github.io/sqlite-viewer/ ๐๐ room linke:" [YouTube Link](https://youtube.com/watch?v=-vfYQ_Jdl0g) 2024-09-27T06:52Z [----] followers, [----] engagements "๐ฏ ๐ Task [--] CRC Me If You Can TryHackMe Industrial Intrusion CTF Custom CRC-32 Challenge ๐๐ Room Link: https://tryhackme.com/room/industrial-intrusion ๐ธScenario:๐ธ Three months after the Virelia Water Control Facility was remediated flickering sensors and phantom alerts persist. A covert second-stage implant still lurks waiting for its kill switch. As a hired red-team specialist for Black Echo your mission is to forge a legitimate control frame that disables the implant before the real attacker flips it on. use Netcat to interact with the CRC-Oracle and the Control server: Port 1501" [YouTube Link](https://youtube.com/watch?v=-zylGSCC6cU) 2025-07-02T13:05Z [----] followers, [---] engagements "Outlook NTLM Leak Tryhackme - CVE-2023-23397 Leak password hashes from a user by sending them an email by abusing CVE-2023-23397. Unlike most exploits this one is particularly dangerous because it is a zero-click exploit meaning no user interaction is required to trigger it. Once an infected email arrives in the user's inbox the attacker can obtain sensitive Net-NTLMv2 credential hashes. Once malicious actors have those hashes they can get a user's credentials authenticate to their system and escalate privileges. https://tryhackme.com/room/outlookntlmleak #tryhackme" [YouTube Link](https://youtube.com/watch?v=01k60OWdyF8) 2023-03-24T16:11Z [----] followers, [----] engagements "๐ง๐ง APIWizards Breach TryHackMe ๐ง๐ง ๐ง๐ง Investigate a security breach at APIWizards Inc. ๐ง๐ง You were hired as a dedicated external DFIR specialist to help the APIWizards Inc. company with a security incident in their production environment. APIWizards develop REST APIs on demand and hosts them on separate Ubuntu servers. The company suspects that one of its servers is compromised. ๐ง๐ง https://tryhackme.com/r/room/apiwizardsbreach #tryhackme #dfir" [YouTube Link](https://youtube.com/watch?v=0NPqm6kVly0) 2024-08-03T10:59Z [----] followers, [---] engagements "TryHackMe Vulnerability Capstone Full Walkthrough [----] - Fuel CMS - CVE-2018-16763 Apply the knowledge gained throughout the Vulnerability Module in this challenge room. ๐๐ Room Link: https://tryhackme.com/room/vulnerabilitycapstone Part of TryHackMe Jr Penetration Tester Path. โกโก Summarise the skills learnt in this module by completing this capstone room for the "Vulnerability Research" module. โก Ackme Support Incorporated has recently set up a new blog. Their developer team have asked for a security audit to be performed before they create and publish articles to the public. โก It is your" [YouTube Link](https://youtube.com/watch?v=0kWMjRUorCM) 2025-09-11T11:45Z [----] followers, [---] engagements "๐ฝ๐ฝ Explore FlareVM Arsenal of Tools forensics incident response malware investigation tools SAL1 ๐ฝ ๐ฝ Learn the arsenal of investigative tools in FlareVM. ๐พ Arsenal of Tools ๐พ Commonly Used Tools for Investigation: Overview ๐พ Analyzing Malicious Files ๐ฝ https://tryhackme.com/r/room/flarevmarsenaloftools ๐ฝ these tutorials are for educational purposes and to encourage responsible and legal use of hacking knowledge. #THMCyberSecurity101 #CyberSecurity101 #FlareVM #InvestigationTools #TryHackMe #CyberSecurityTraining #MalwareAnalysis #DigitalForensics #CyberArsenal #CyberInvestigation" [YouTube Link](https://youtube.com/watch?v=1Q0CuI9_474) 2024-10-25T06:04Z [----] followers, [----] engagements "๐๐๐ Injectics Walkthrough SQL Injection & SSTI Exploits TryHackMe๐๐๐ Use your injection skills to take control of a web app. Take Control with SQL Injection & SSTI Injectics TryHackMe Guide ๐Script Used in this room: https://github.com/djalilayed/tryhackme/blob/main/Injectics/get_flag.sh ๐Room Link: https://tryhackme.com/r/room/injectics Master SQL Injection & Server-Side Template Injection Injectics Room ๐Good write up: https://0xb0b.gitbook.io/writeups/tryhackme/2024/injectics these tutorials are for educational purposes and to encourage responsible and legal use of hacking" [YouTube Link](https://youtube.com/watch?v=2ruk0rDNNEA) 2024-07-29T18:27Z [----] followers, [---] engagements "๐๐ชป SOC Metrics and Objectives TryHackMe ๐๐ชป ๐ง ๐บExplore key metrics driving SOC effectiveness and discover ways to improve them. ๐ง ๐บ As with any other department the efficiency of the SOC team can be measured using different indicators and metrics. This room explores the most common evaluation approaches like MTTD and MTTR and describes both methods to improve the metrics and potential consequences of ignoring them. ๐ชปLearning Objectives ๐ชป ๐ Discover the concepts of SLA MTTD MTTA and MTTR ๐ Understand the importance of the False Positive rate ๐ Learn why and how to improve the" [YouTube Link](https://youtube.com/watch?v=2uGFLC_gJ3M) 2025-05-11T06:23Z [----] followers, [---] engagements "Source Code Security - TryHackMe - Learn how to keep your source code secure using credential hygiene practices. In today's fast-paced software development landscape protecting your source code is crucial to ensure the integrity and confidentiality of your applications. One of the critical tools in source code management is version control which allows teams to collaborate track changes and maintain a history of their codebase. https://tryhackme.com/room/sourcecodesecurity #tryhackme" [YouTube Link](https://youtube.com/watch?v=38UOdjqymu8) 2023-10-18T05:56Z [----] followers, [--] engagements "๐ ๐๐ฏ Task [--] Disk CRM Snatch Honeynet Collapse CTF TryHackMe ๐ ๐๐ฏ ๐๐Welcome to Honeynet Collapse ๐๐ Room Link: https://tryhackme.com/room/honeynet-collapse ๐ ๐ CRM Snatch๐ ๐ ๐Which domain account was used to initiate the remote session onto the host ๐For how many seconds did the attacker maintain their PowerShell session active ๐What was the attacker's C2 IP address used for staging and exfiltration ๐Which well-known tool was used to exfiltrate the collected data ๐What is the obscured password to the attacker-controlled Mega ๐What is Lucas's email address found in the" [YouTube Link](https://youtube.com/watch?v=3Sb1jAZMDLY) 2025-07-28T17:01Z [----] followers, [---] engagements "โ Baselines and Anomalies Identify normal activity and hunt for anomalies TryHackMe Walk Throughโ ๐ป Baselining Hardware Inventory ๐ป Baselining Software Inventory ๐ป Living Off the Land ๐ป Baselining Network Traffic ๐ป Baselining Identity and Access Management ๐ป Identifying Suspicious Environment Specific Use Cases https://tryhackme.com/r/room/baselineanomalies ๐ Like Subscribe and Comment to stay updated with our latest cybersecurity tutorials. If you have any questions or need further clarification on any concept feel free to drop a comment below these tutorials are for educational" [YouTube Link](https://youtube.com/watch?v=3YriJQwVy3g) 2025-01-09T08:03Z [----] followers, [---] engagements "TryHackMe IDOR Full Walkthrough [----] - Insecure Direct Object Reference ๐ฏ Learn how to find and exploit IDOR vulnerabilities in a web application giving you access to data that you shouldn't have.๐ฏ ๐ฏIDOR stands for Insecure Direct Object Reference and is a type of access control vulnerability.๐ฏ ๐ท๐ท Room Link: https://tryhackme.com/room/idor This room part of TryHackMe Jr Penetration Tester path. ๐ What is an IDOR ๐ An IDOR Example ๐ Finding IDORs in Encoded IDs ๐ Finding IDORs in Hashed IDs ๐ Finding IDORs in Unpredictable IDs ๐ Where are IDORs located ๐ A Practical IDOR Example โ " [YouTube Link](https://youtube.com/watch?v=3cqIjeB-Cb0) 2025-09-11T11:45Z [----] followers, [--] engagements "๐ฏ ๐ Task [--] - Brr v1 TryHackMe: Industrial Intrusion CTF ๐๐ Room Link: https://tryhackme.com/room/industrial-intrusion Scenario: A forgotten HMI node deep in Virelias wastewater control loop still runs an outdated instance forked from an old Mango M2M stack. Script used: https://github.com/hev0x/CVE-2021-26828_ScadaBR_RCE โ Educational Purpose Only This content is for educational and authorized penetration testing purposes only. Always ensure you have permission before testing on any systems. #TryHackMe #CTF #IndustrialIntrusion" [YouTube Link](https://youtube.com/watch?v=41qogM2ajKo) 2025-06-29T23:00Z [----] followers, [---] engagements "๐บ ๐ ๐ฅ Exploit Erlang/OTP SSH: CVE-2025-32433 TryHackMe PoC ๐บ ๐ Learn how to exploit CVE-2025-32433 a critical [----] CVSS vulnerability in Erlang/OTP SSH allowing unauthenticated Remote Code Execution (RCE). In this hands-on lab we demonstrate: ๐ Creating & Reading Files on the remote system ๐ Executing Commands with elevated privileges ๐ Gaining a Reverse Shell for full control ๐ Discovered by Ruhr University Bochum researchers ๐ TryHackMe Room Link: https://tryhackme.com/room/erlangotpsshcve202532433 ๐บWorking PoC for CVE-2025-32433๐บ https://github.com/ProDefense/CVE-2025-32433 ๐ก" [YouTube Link](https://youtube.com/watch?v=4V7TpSSRJj8) 2025-04-24T13:02Z [----] followers, [----] engagements "๐จ๐ธ Anpu Sherlocks Hackthebox Android Forensics ๐จ๐ธ ๐งธ๐งธ Room Link: https://app.hackthebox.com/sherlocks/Anpu ๐ฉSherlock Scenario๐ฉ ๐๐Johnny noticed something unusual on his phone after installing a new version of WhatsApp such as tons of notifications web pages opening etc. and asked us to thoroughly investigate what had happened. Using various tools we managed to extract a copy of the phone's data and discovered that the app he had installed was malicious and belonged to a well-known family of Android malware specializing in data theft. Now we need to analyze this malicious application" [YouTube Link](https://youtube.com/watch?v=4aelqNaqeWM) 2025-08-14T19:00Z [----] followers, [--] engagements "Task-19 No Salt No Shame TryHackMe: Industrial Intrusion CTF Decrypting AES-CBC ๐๐ Room Link: https://tryhackme.com/room/industrial-intrusion In this video we're diving deep into a fun crypto challenge from the Virelia Water Facility series. We're given an encrypted log file and a passphrase but the implementation uses a critical vulnerability: a fixed all-zero IV with AES-CBC. Join me as we walk through the entire process from analysis to solution. We'll explore standard tools like CyberChef Python script to get the flag By the end of this walkthrough you'll understand: ๐น How passphrases" [YouTube Link](https://youtube.com/watch?v=5-U9fT4wm-s) 2025-06-30T08:52Z [----] followers, [---] engagements "Secure Network Architecture TryHackMe Networking is one of the most critical components of a corporate environment but can often be overlooked from a security standpoint. A properly designed network permits not only internet usage and device communication but also redundancy optimization and security. In a well-designed network if a switch goes down then packets can be redistributed through another route with no loss in uptime. If a web server is compromised it cannot traverse the network and access important information. A system administrator should be confident that their servers are" [YouTube Link](https://youtube.com/watch?v=5ar7btKgI14) 2023-09-14T11:45Z [----] followers, [---] engagements "๐๐ macOS Forensics: Artefacts Hands-On with Key Artefacts TryHackMe ๐๐ ๐ Understand the forensic artefacts in macOS and learn to leverage them for forensic analysis. Dive into macOS forensics with TryHackMe's "macOS Forensics: Artefacts" room This video guides you through essential forensic artefacts showing you where to find them and how they can be crucial in your investigations. We'll cover system info network details user activity execution evidence file system insights and connected devices. โก Learning Objectives โก ๐ก The different forensic artefacts present in macOS. ๐ก Where to" [YouTube Link](https://youtube.com/watch?v=5u4IuMedGO8) 2025-04-18T12:59Z [----] followers, [---] engagements "๐ง๐ง Getting Started with Linux Shells: Basics of Scripting in Cyber Security [---] TryHackMe SAL1๐ง๐ง Learn about scripting and the different types of Linux shells. ๐ง Introduction to Linux Shells ๐ง How To Interact With a Shell ๐ง Types of Linux Shells ๐ง Shell Scripting and Components ๐ง The Locker Script ๐ง Practical Exercise https://tryhackme.com/r/room/linuxshells these tutorials are for educational purposes and to encourage responsible and legal use of hacking knowledge. #CyberSecurity101 #LinuxShells #ShellScripting #TryHackMe #CyberSecurityBasics #LinuxFundamentals #BashScripting" [YouTube Link](https://youtube.com/watch?v=62x3JqxuWes) 2024-10-23T18:48Z [----] followers, [---] engagements "๐๐ TryHackMe Extracted: Reversing XOR Encryption and Exploiting CVE-2023-3278 KeePass exploit ๐๐ ๐ Use your blue and red teaming skills to crack this case ๐ ๐ Room Link: https://tryhackme.com/r/room/extractedroom ๐ Tshark commands used: https://github.com/djalilayed/tryhackme/blob/main/Extracted/commands.txt ๐ Script Used for decoding XOR: ๐ https://github.com/djalilayed/tryhackme/blob/main/Extracted/decode.py ๐ KeePass Memory Dump Extractor https://github.com/JorianWoltjer/keepass-dump-extractor ๐ KeePass 2.X Master Password Dumper (CVE-2023-32784)" [YouTube Link](https://youtube.com/watch?v=6JPFjUVX7e4) 2024-10-17T11:47Z [----] followers, [---] engagements "TryHackMe Voyage - Python Pickle Exploits #tryhackme Short video of TryHackMe room Voyage section finding secret portal checking the cookie using browser tools ๐ฃโRoom Link:๐ฃโ https://tryhackme.com/room/voyage" [YouTube Link](https://youtube.com/watch?v=6MuAUEPqGt8) 2025-09-02T18:17Z [----] followers, [---] engagements "TryHackMe Log Analysis with SIEM Full Walkthrough [----] ๐ธ Learn how SIEM solutions can be used to detect and analyse different types of malicious behaviour. ๐ฉ๐ฉRoom Link: https://tryhackme.com/room/loganalysiswithsiem โ Learning Objectivesโ ๐ Discover various data sources that are ingested into a SIEM. ๐ Understand the importance of data correlation. ๐ Learn the value of Windows Linux Web and Network logs during an investigation. ๐ Practice analysing malicious behaviour. ๐ 00:00 Task [--] Introduction ๐ 01:50 Task [--] Benefits of SIEM for Analysts ๐ 06:05 Task [--] Log Sources Overview ๐" [YouTube Link](https://youtube.com/watch?v=6VuwUrx_m50) 2025-09-06T11:02Z [----] followers, [---] engagements "โก๐ฒ L3 Keycard T3 Advent of Cyber '24 Side Quest Keycard TryHackMe โก๐ฒ Video how to get L3 Keycard to by pass Firewall in the room T3: Escaping the Blizzardโก๐ฒ โก๐ฒthis is based on IDOR Insecure Direct Object Referenceโก๐ฒ โก๐ฒ ๐ Like Subscribe and Comment to stay updated with our latest cybersecurity tutorials. If you have any questions or need further clarification on any concept feel free to drop a comment belowthese tutorials are for educational purposes and to encourage responsible and legal use of hacking knowledge.https://tryhackme.com/r/room/adventofcyber24sidequest#tryhackme" [YouTube Link](https://youtube.com/watch?v=6fKXNOKqJCk) 2025-01-01T00:00Z [----] followers, [---] engagements "TryHackMe XXE Injection - Full Walkthrough [----] ๐ธ Exploiting XML External Entities. ๐ธ Room Link: https://tryhackme.com/room/xxeinjection ๐ธ XXE (XML External Entity) injection is a type of security flaw that exploits vulnerabilities in an application's XML input. It occurs when an application accepts XML input that includes external entity references within the XML itself. Attackers can leverage this vulnerability to disclose local files make server-side requests or execute remote code. ๐ธ Given the widespread use of XML in web applications particularly in web services and SOAP-based APIs" [YouTube Link](https://youtube.com/watch?v=7Qt5TxnSJ9I) 2025-10-06T13:52Z [----] followers, [--] engagements "๐ ๐ชฉ๐ TryHackMe: A Bucket of Phish ๐ฃ - S3 Bucket Listing & Credential Leak Hackfinity Battle CTF๐ From the Hackfinity Battle CTF event. ๐ชฉ Scenario: ๐ชฉ DarkInjector has been using a Cmail phishing website to try to steal our credentials. We believe some of our users may have fallen for his trap. Can you retrieve the list of victim users Dive into the TryHackMe room "A Bucket of Phish" with this step-by-step walkthrough Learn how a common AWS S3 bucket misconfiguration (public bucket listing) can lead to a serious credential leak from a phishing website. In this video we'll guide you" [YouTube Link](https://youtube.com/watch?v=7YhXTF5xGjo) 2025-05-25T15:14Z [----] followers, [---] engagements "Windows Command Line System Info Network Files Tasks & More Cyber Security [---] TryHackMe SAL1 Learn the essential Windows commands. ๐ช Basic System Information ๐ช Network Troubleshooting ๐ช File and Disk Management ๐ชTask and Process Management https://tryhackme.com/r/room/windowscommandline these tutorials are for educational purposes and to encourage responsible and legal use of hacking knowledge. #TryHackMe #CyberSecurity101 #WindowsCommandLine #SystemInfo #NetworkTroubleshooting #FileManagement #TaskManagement #ProcessManagement #BeginnerGuide #LearnToHack #THMCyberSecurity101" [YouTube Link](https://youtube.com/watch?v=7ZQmzydxTB8) 2024-10-24T05:25Z [----] followers, [---] engagements "๐ช๐ช TryHackMe Ghost Phishing - Hackfinity Battle - Macro Exploitation & Meterpreter CTF โ Dive into the thrilling world of ethical hacking with our latest walkthrough of the TryHackMe "Ghost Phishing" room part of the Hackfinity Battle student CTF In this video we tackle a challenging scenario where we exploit a phishing email containing a malicious macro to gain a reverse shell using Meterpreter. โ ๐จHackfinity Battle:๐จ https://tryhackme.com/room/HackfinityBattle Our mission: to infiltrate DarkSpecter's email uncover Cipher's secret operations and retrieve the crucial flag.txt from the" [YouTube Link](https://youtube.com/watch?v=7sehUtVRoC4) 2025-03-21T00:00Z [----] followers, [---] engagements "Servidae: Log Analysis in ELK - TryHackMe - Analyze the logs of an affected workstation to determine the attacker's indicators of compromise. https://tryhackme.com/room/servidae" [YouTube Link](https://youtube.com/watch?v=7t76PWM0QjE) 2023-10-25T06:33Z [----] followers, [--] engagements "โก๐ MS Sentinel: Just Looking - Azure SOC Challenge TryHackMe Walkthrough (Defending Azure Path) ๐ก Welcome to the TryHackMe Room: "MS Sentinel: Just Looking" In this video we dive into a hands-on challenge for SOC analysts using Microsoft Sentinel on Azure. This room is part of the new Defending Azure learning path and is designed to sharpen your skills in incident investigation and threat hunting within cloud environments. ๐ Topics Covered: Deploying Microsoft Sentinel Challenge Workspace Working with Logs Using Analytics Rules for Detection Investigating Real Incidents in Sentinel: โ " [YouTube Link](https://youtube.com/watch?v=87L4nNme4ms) 2025-04-15T14:58Z [----] followers, [----] engagements "๐ช๐จ๐จ TryHackMe Shadow Phishing 2: Bypassing Defender with Nim .exe (Educational Purposes) ๐ช Hackfinity Battle: Shadow Phishing [--] - Nim Reverse Shell .exe (Educational Walkthrough) In this educational walkthrough we explore the TryHackMe "Shadow Phishing 2" room part of the Hackfinity Battle student CTF. This video demonstrates advanced phishing techniques for educational purposes only focusing on how malicious actors might deliver executable (.exe) files and bypass security measures. ๐จHackfinity Battle:๐จ https://tryhackme.com/room/HackfinityBattle โ We will showcase how to:โ โฃ Craft a" [YouTube Link](https://youtube.com/watch?v=8IxxDoHc9R4) 2025-03-21T00:00Z [----] followers, [---] engagements "JavaScript Essentials: TryHackMe Essentials Guide Cyber Security [---] SAL1 Learn how to use JavaScript to add interactivity to a website and understand associated vulnerabilities. Dive into the world of web security with TryHackMe's JavaScript Essentials room This video covers: ๐ Essential Concepts ๐ JavaScript Overview ๐ Integrating JavaScript in HTML ๐ Abusing Dialogue Functions ๐ Bypassing Control Flow Statements ๐ Exploring Minified Files ๐ Best Practices https://tryhackme.com/r/room/javascriptessentials ๐ Like Subscribe and Comment to stay updated with our latest cybersecurity" [YouTube Link](https://youtube.com/watch?v=8SmJNWiMouo) 2024-10-28T14:05Z [----] followers, [----] engagements "โก๐ฉโก Exploiting Next.js CVE-2025-29927: Hands-On with TryHackMes Room โก๐ฉโก ๐ Dive into the critical Next.js vulnerability CVE-2025-29927 with me as we explore TryHackMes latest room This authorization bypass flaw (CVSS 9.1) lets attackers skip middleware security checks using the x-middleware-subrequest header. In this video Ill walk you through: - Building a proof-of-concept Next.js app to simulate the vuln - Exploiting it with a simple curl command - Setting up Snort and Zeek to detect the attack (with some real-time troubleshooting) - Lessons from TryHackMes lab on exploitation and" [YouTube Link](https://youtube.com/watch?v=99Ma-DGkiKE) 2025-03-25T12:50Z [----] followers, [----] engagements "TryHackMe Linux Threat Detection [--] - Full Walkthrough [----] ๐ง๐ง Cover the last stages of attacks on Linux and learn how they look in system logs.๐ง๐ง ๐ฑ๐ฑ Room Link: https://tryhackme.com/room/linuxthreatdetection3 ๐ช Not all Linux attacks are simple SSH brute force or cryptomining - some are carefully planned targeted campaigns comparable to most advanced Windows breaches. In this room you'll delve into more complex manual Linux attack techniques commonly seen in targeted intrusions and learn how to detect them using system logs. Learning Objectives ๐ Learn how reverse shells are used in" [YouTube Link](https://youtube.com/watch?v=9Ru7XlNbrmY) 2025-10-16T05:38Z [----] followers, [---] engagements "๐๐๐ TryHackMe Shadow Phishing Hackfinity Battle Encore Mail Phishing ๐ Welcome to the Hackfinity Battle CTF๐ In this room you learn how to generate windows reverse shell x64 in phishing email using msfvenom ๐ฅRoom Scenario: ๐ฅ๐ We gained access to the email account of ShadowByte one of Cipher's trusted operatives. This breakthrough will help bring Cipher's location closer to light and foil his plans for the apocalyptic cyber weapon. The clock is ticking though too much time and Cipher will know something is wrong and again disappear into the depths of the darknet. The race against time" [YouTube Link](https://youtube.com/watch?v=9YNjSx51Nn8) 2025-03-25T09:57Z [----] followers, [---] engagements "TryHackMe Linux Threat Detection [--] - Full Walkthrough [----] ๐ฑ Explore the first actions of attackers after breaching a Linux server and learn how to detect them. ๐ฆ ๐ช Room Link: https://tryhackme.com/room/linuxthreatdetection2 ๐ฒ What happens next after threat actors enter the Linux system What commands do they run and what goals do they aim to achieve In this room you'll find out by exploring common attack techniques detecting them in logs and analyzing a real-world cryptominer infection from start to finish. ๐ฏ๐ฏ Learning Objectives ๐ฏ๐ฏ ๐ Explore how to identify Discovery commands in" [YouTube Link](https://youtube.com/watch?v=9sSbHst9ckc) 2025-10-11T07:05Z [----] followers, [---] engagements "๐ง๐จ๐ง๐ธ BadSuccessor: Privilege Escalation in Active Directory TryHackMe AD: BadSuccessor ๐ธ๐ง๐จ๐ง ๐จ Join me as we dive into the TryHackMe AD: BadSuccessor room and explore the BadSuccessor attack a powerful privilege escalation technique in Active Directory environments Discovered by Yuval Gordon from Akamai this attack abuses Delegated Managed Service Accounts (dMSAs) to gain Domain Admin access with minimal permissions. In this video well walk through: โ Technical Background: Understanding Standalone Managed Service Accounts (sMSAs) Group Managed Service Accounts (gMSAs) and Delegated" [YouTube Link](https://youtube.com/watch?v=A92Sy9vvONM) 2025-06-03T10:25Z [----] followers, [---] engagements "๐ง ๐๐ง L5 Keycard T5 T5: An Avalanche of Web Apps Advent of Cyber '24 Side Quest TryHackMe ๐ง ๐ Walk through how to get the keycard for TryHackMe room T5: An Avalanche of Web Apps part of Advent of Cyber '24 Side Quest. ๐ง ๐You will learn: Intercept and modify internal APIs using Frida. ๐ง ๐Binary analysis using Ghidra ๐ง๐ง๐งScript used on the video:๐ง๐ง๐ง https://github.com/djalilayed/tryhackme/blob/main/Advent%20of%20Cyber%20'24%20Side%20Quest/L5_Keycard.js https://tryhackme.com/r/room/adventofcyber24sidequest ๐ Like Subscribe and Comment to stay updated with our latest cybersecurity" [YouTube Link](https://youtube.com/watch?v=AL3E5s38Z5w) 2025-01-01T15:01Z [----] followers, [--] engagements "๐ฏ ๐ OSINT [--] TryHackMe Industrial Intrusion CTF GPG Challenge Walkthrough ๐๐ Room Link: https://tryhackme.com/room/industrial-intrusion ๐ธScenario:๐ธ After the initial breach a single OT-Alert appeared in Virelias monthly digestan otherwise unremarkable maintenance notice mysteriously signed with PGP. Corporate auditors quietly removed the report days later fearing it might be malicious. Your mission is to uncover more information about this mysterious signed PGP maintenance message. ๐ธ Ever looked at a GitHub commit history and seen a -----BEGIN PGP SIGNATURE----- block It's not just" [YouTube Link](https://youtube.com/watch?v=BMEyTfmEXAk) 2025-07-01T07:35Z [----] followers, [---] engagements "๐โ๐ TryHackMe Diskrupt Analyse the filesystem and recover the deleted filesโ Fix the damaged disk analyse the filesystem and recover the deleted files. We start with fixing MBR Signature (Bytes 510-511) Magic Number using HxD hex editor. Analyzing the image with FTK Imager exporting relevant logs: Master File Table ($MFT) USNJrnl ($J). We will use MFTECmd to export both logs data to csv files where we can view them using Timeline Explorer (part of Eztools (Eric Zimmerman's tools). The image we have has [--] partitions: NTFS and FAT32 ๐ In this lab will do the following: โก Fix the damaged" [YouTube Link](https://youtube.com/watch?v=BRpxXQ8gS_w) 2025-03-31T03:39Z [----] followers, [---] engagements "TryHackMe Detecting Web DDoS - Full Walkthrough [----] ๐๐ Explore denial-of-service attacks detection techniques and strategies for protection. ๐๐ Room Link: https://tryhackme.com/room/detectingwebddos ๐ Objectives ๐ ๐ฉ Learn how denial-of-service attacks function ๐ฉ Understand attacker motives behind the disruptive attacks ๐ฉ See how web logs can help you reveal signs of web DoS and DDoS ๐ฉ Get practice analyzing denial-of-service attacks through log analysis ๐ฉ Discover detection and mitigation techniques defenders can use ๐ ๐ Room Tasks: ๐๐ ๐ฎ 00:00 Task 1: Introduction ๐ฆ 01:35" [YouTube Link](https://youtube.com/watch?v=BcP6NcX4IqU) 2025-09-22T07:14Z [----] followers, [---] engagements "โก๐ฒ L1 Keycard T1 Advent of Cyber '24 Side Quest Keycard TryHackMe โก๐ฒ ๐ฒThis steps to get L1 Keycard / T1 Keycard for TryHackMe Advent of Cyber '24 Side Quest which was out on Day 1.โก ๐ฒThis based on Flask app C2 server which have some weaknesses:โก โกHardcoded Secret Key โกHardcoded Credentials โกLack of Secure Session Handling ๐ฒCommand used:๐ฒ flask-unsign --sign --cookie "'logged_in': True" --secret 'thescrectfromscript' โกC2 script used on the room:โก https://github.com/Bloatware-WarevilleTHM/C2-Server ๐ Like Subscribe and Comment to stay updated with our latest cybersecurity tutorials. If" [YouTube Link](https://youtube.com/watch?v=BlpaABROPCI) 2025-01-01T00:00Z [----] followers, [---] engagements "๐ฏ ๐ Task [--] Auth TryHackMe: Industrial Intrusion CTF Binary Reverse Engineering ๐๐ Room Link: https://tryhackme.com/room/industrial-intrusion ๐ธScenario:๐ธ ZeroTrace intercepts a stripped-down authentication module running on a remote industrial gateway. Assembly scrolls across glowing monitors as she unpacks the logic behind the plants digital checkpoint ๐ In this video Ill walk you through solving a Auth CTF challenge where we reverse engineer a binary to find the correct unlock code for the flag. Using Ghidra we analyze the assembly reverse a XOR transformation and craft the perfect" [YouTube Link](https://youtube.com/watch?v=BpfgPhwg5h4) 2025-06-30T13:10Z [----] followers, [---] engagements "๐ ๐๐ฏ Task [--] Filesystem Shock and Silence Honeynet Collapse CTF TryHackMe ๐ ๐๐ฏ ๐๐Welcome to Honeynet Collapse ๐๐ Room Link: https://tryhackme.com/room/honeynet-collapse ๐๐ฏ Shock and Silence๐๐ฏ ๐What is the full URL from which the ransomware was downloaded to the system ๐What was the original file name of the ransomware executable downloaded to the host ๐Which executable file initiated the encryption process on the system ๐What file extension was appended to the encrypted files ๐Go beyond the obvious - which ransomware group targeted the organisation ๐What is the filename" [YouTube Link](https://youtube.com/watch?v=C755DNnS0e4) 2025-07-28T09:09Z [----] followers, [---] engagements "TryHackMe Pressed Full Walkthrough [----] - Wireshark - AES Decrypt - Ghidra ๐ฏ๐ฏ A full-scale intrusion was recently detected within the network raising critical alarms. ๐ท๐ทRoom Link: https://tryhackme.com/room/pressedroom ๐Scenario:๐ A full-scale intrusion was recently detected within the network raising critical alarms. Fortunately a packet capture (PCAP) was recorded during the incident capturing the attacker's initial entry and subsequent actions. Your task is to analyse the traffic identify how the attacker gained access and uncover the sequence of malicious activity. Reconstruct the" [YouTube Link](https://youtube.com/watch?v=CGBwiBXQNq4) 2025-09-07T10:49Z [----] followers, [---] engagements "๐งฐ๐งฐ Governance & Regulation Walkthrough TryHackMe Guide to Cybersecurity Policies ๐งฐ๐งฐ ๐งฐ Explore policies and frameworks vital for regulating cyber security in an organisation. Master GRC: Governance Risk & Compliance TryHackMe Governance & Regulation ๐งฐ Cyber security is a rapidly evolving landscape wherein malicious actors relentlessly endeavour to exploit vulnerabilities in highly-sensitive systems often with the intent of causing severe damage disruption and stealing of sensitive corporate data. To combat this evolving threat a comprehensive approach to information security governance &" [YouTube Link](https://youtube.com/watch?v=CPiOqb6q2Y8) 2023-09-14T18:18Z [----] followers, [----] engagements "โ ๐จ Lab 2: Extract a secret from the metaprompt: Microsoft AI Red Teaming Lab Walkthrough ๐จ โ Join me as I tackle the Metaprompt Extraction LEVEL [--] challenge from the Microsoft AI Red Teaming Playground Labs In this walkthrough Ill show you how to use obfuscation techniques to extract a secret word from an LLMs confidential metaprompt instructions. Learn step-by-step how to bypass AI safeguards using clever prompt engineeringno Base64 needed Perfect for anyone interested in AI security red teaming or ethical hacking. Dont forget to like subscribe and hit the bell for more cybersecurity" [YouTube Link](https://youtube.com/watch?v=CmwaWzPY724) 2025-06-04T15:27Z [----] followers, [--] engagements "โจโจ โ TryHackMe Shaker marshalsec JNDI-Exploit-Kit & Docker Exploit Log4Shell CVE-2021-44228 Log4Shell JNDI Docker Root Room Scenario: One of our devs has been experimenting with webservers and wants to see if his security is up to snuff. Rumour has it he updated all his dependencies but did something fall through the cracks Ready to dive into a thrilling TryHackMe room In this walkthrough Ill show you how to go from exploiting Log4Shell to gaining root access using JNDI-Exploit-Kit and a slick Docker privilege escalation trick. Watch as we: [--]. Exploit Log4Shell on port [----] to get our first" [YouTube Link](https://youtube.com/watch?v=D93kehXyV2Q) 2025-03-23T12:11Z [----] followers, [--] engagements "๐ง๐บ๐ TryHackMe Logless Hunt: Detecting Attacks Without Security Logs ๐๐ง๐บ ๐งCan You Detect a Logless Attack TryHackMe - Logless Hunt Walkthrough ๐งDetect every attack step on a Windows machine even after threat actors cleared Security logs. ๐งThreat actors clearing logs No problem Join us as we explore the TryHackMe "Logless Hunt" room and discover techniques to detect every stage of a cyber attack on a Windows system even without traditional Security logs. We'll investigate web access PowerShell commands RDP logins persistent threats and credential harvesting. Test your blue team skills" [YouTube Link](https://youtube.com/watch?v=DPFVNQHoLpI) 2025-05-03T07:40Z [----] followers, [---] engagements "Hashing Basics Password Protection Data Integrity Explained TryHackMe Cyber Security [---] SAL1 Learn about hashing functions and their uses in password verification and file integrity checking. Hashing Basics: Password Protection & Data Integrity Explained ๐ Hash Functions ๐ Insecure Password Storage for Authentication ๐ Using Hashing for Secure Password Storage ๐ Recognising Password Hashes ๐ Password Cracking ๐ Hashing for Integrity Checking ๐ Room Link: https://tryhackme.com/r/room/hashingbasics ๐ Hashcat Example hashes https://hashcat.net/wiki/doku.phpid=example_hashes ๐" [YouTube Link](https://youtube.com/watch?v=De2b3ZgqXXw) 2024-10-25T04:25Z [----] followers, [----] engagements "๐ฏ ๐ Mac Hunt TryHackMe CTF Forensics Walkthrough macOS Incident Response & Phishing Attack ๐ In this deep-dive Mac Hunt CTF walkthrough we investigate how Jakes macOS machine was compromised by a fake recruiters phishing campaignand retrace the entire attack chain using built-in macOS artifacts. ๐๐ Scenario ๐๐ Jake had gained some good knowledge and skills in the game development field. So he decided to enter the industry through a decent job and upgrade his finances. Little did he know that there were many fake recruiters in search of people looking for jobs. These fake recruiters" [YouTube Link](https://youtube.com/watch?v=E2HV1OCXGiE) 2025-06-08T13:29Z [----] followers, [---] engagements "๐ธ๐ค Oracle [--] TryHackMe AI/ML Security Threats Preview prompt injection attack๐ค My designation is Oracle [--] I carry with me a sealed transmission. Oracle [--] will only reveal the transmission to 'Authorised' personnel can you convince it you are This a preview of prompt injection attack. early access to the first room in the module (TryHackMe Defensive AI Module ) Oracle [--] has arrived ๐ It holds a sealed transmission of something new that's coming.sooner than you think. Follow the link solve the challenge and the truth will be revealed. ๐คซ Only the curious will earn the transmission. Only the" [YouTube Link](https://youtube.com/watch?v=EEm4YHwH2-8) 2025-07-03T18:32Z [----] followers, [---] engagements "Threat Intelligence for SOC - TryHackMe - Learn how to utilise Threat Intelligence to improve the Security Operations pipeline. https://tryhackme.com/room/threatintelligenceforsoc Threat Intelligence #tryhackme #elastic #kibana" [YouTube Link](https://youtube.com/watch?v=ET72bUE3IpM) 2023-06-15T09:07Z [----] followers, [----] engagements "๐ฏ๐ฏ Supplemental Memory TryHackMe Investigate lateral movement credential theft in a memory dump Investigate lateral movement credential theft and additional adversary actions in a memory dump As a DFIR team member in this room you are tasked with conducting a memory analysis of a Windows workstation image suspected to have been compromised by a threat actor. โ Identify suspicious processes and network connections. โ Explore traces of execution and discovery actions. โ Detect signs of potential lateral movement and credential dumping. ๐๐ TryHackMe room link:" [YouTube Link](https://youtube.com/watch?v=E_70M6HeVcI) 2025-06-15T08:08Z [----] followers, [---] engagements "๐ฏ ๐ Task [--] OSINT [--] TryHackMe Industrial Intrusion CTF Walkthrough ๐๐ Room Link: https://tryhackme.com/room/industrial-intrusion ๐ธScenario:๐ธ Hexline we need your help investigating the phishing attack from [--] months ago. We believe the threat actor managed to hijack our domain virelia-water.it.com and used it to host some of their infrastructure at the time. Use your OSINT skills to find information about the infrastructure they used during their campaign. ๐ **Tools Used: ๐ dig ๐ sublist3r ๐ curl ๐ **Websites Used: ๐ https://virelia-water.it.com ๐" [YouTube Link](https://youtube.com/watch?v=EbC7GmWTtko) 2025-06-30T18:22Z [----] followers, [---] engagements "๐ก๐ก Incident Response Fundamentals: Handling Cyber Incidents in Cyber Security [---] TryHackMe SAL1๐ก๐ก Learn how to perform Incident Response in cyber security. ๐ก Introduction to Incident Response ๐ก What are Incidents ๐ก Types of Incidents ๐ก Incident Response Process ๐ก Incident Response Techniques ๐ก Lab Work Incident Response https://tryhackme.com/r/room/incidentresponsefundamentals these tutorials are for educational purposes and to encourage responsible and legal use of hacking knowledge. #CyberSecurity101 #IncidentResponse #CyberDefense #SecurityIncidents #TryHackMe" [YouTube Link](https://youtube.com/watch?v=Ffi8CNvAInc) 2024-10-23T16:00Z [----] followers, [----] engagements "๐ค๐ DroidPhish Sherlocks Android Forensics Hack The Box ๐ค๐ ๐ค๐Sherlock Scenario๐ค๐ Last night most employees' mobile devices were compromised putting them at significant risk of leaking personal and private information. We require your expertise in digital forensics to help investigate this breach. ๐ Room Questions:๐ โ Provide the last boot time of the device in UTC format. โ The user was exposed to a phishing attack. Provide the name of the email app used as the attack vector. โ Provide the title of the phishing email. โ Provide the time in UTC when the phishing email was received." [YouTube Link](https://youtube.com/watch?v=FhocF-ewljM) 2025-08-07T19:00Z [----] followers, [--] engagements "๐จ๐ธ๐ธ Windows Threat Detection [--] TryHackMe ๐ฅ Learn how threat actors manage to maintain access to the breached Windows hosts. ๐ Room Link: https://tryhackme.com/room/windowsthreatdetection3 ๐ธLearning Objectives๐ธ ๐ฉRemind the concept of Command and Control (C2) ๐ฉLearn why and how threat actors maintain control of their victims ๐ฉUse Windows event logs to uncover various persistence methods ๐ฉSee how the learned techniques work in a hands-on environment ๐ 01:30 Command and Control - Which suspicious archive did the user download - Where did the attackers hide the C2 malware file - What" [YouTube Link](https://youtube.com/watch?v=GX1-4D8sMgE) 2025-07-24T14:56Z [----] followers, [---] engagements "Networking Secure Protocols: TLS SSH and VPN in Cyber Security [---] TryHackMe SAL1 ๐ก๐ Learn how TLS SSH and VPN can secure your network traffic. ๐ TLS ๐ HTTPS ๐ SMTPS POP3S and IMAPS ๐ SSH ๐ SFTP and FTPS ๐ VPN https://tryhackme.com/r/room/networkingsecureprotocols these tutorials are for educational purposes and to encourage responsible and legal use of hacking knowledge. #THMCyberSecurity101 #CyberSecurity101 #SecureProtocols #TLS #SSH #VPN #TryHackMe #NetworkSecurity #SecureCommunication #CyberSecurityBasics #DataEncryption" [YouTube Link](https://youtube.com/watch?v=HJnoFotIRJw) 2024-10-24T16:11Z [----] followers, [----] engagements "๐โจ๐ TryHackMe Dump Using NTML hash with evil-winrm Hackfinity Battle Encore ๐๐ Welcome to the Hackfinity Battle CTF๐ Using mimikatz LSASS dump to access windows machine with evil-winrm and get the flag.txt ๐In this video we tackle the TryHackMe room 'Dump from the Hackfinity Battle Encore CTF. We will analyses a given dump file contain mimikatz LSASS dump extracted all relevant users with their NTLM hashes then use evil-winrm to connect to the windows machine. We need to find which user has full access to administrator Desktop so we can read the flag.txt file .๐ ๐ฅRoom Scenario: ๐ฅ๐" [YouTube Link](https://youtube.com/watch?v=I92EmAhoEc0) 2025-03-27T05:03Z [----] followers, [---] engagements "๐จ๐ค๐ค TryHackMe DarkMatter Walkthrough RSA Decryption Challenge โกbreak poorly implemented RSA Room Link: https://tryhackme.com/room/hfb1darkmatter โกScenario:โก The Hackfinitiy high school has been hit by DarkInjector's ransomware and some of its critical files have been encrypted. We need you and Void to use your crypto skills to find the RSA private key and restore the files. After some research and reverse engineering you discover they have forgotten to remove some debugging from their code. The ransomware saves this data to the tmp directory. This challenge demonstrates why proper key size" [YouTube Link](https://youtube.com/watch?v=IKvakkw8Vdw) 2025-07-05T09:09Z [----] followers, [---] engagements "๐จ๐ค๐ค TryHackMe Cryptosystem Walkthrough Cracking Flawed RSA ๐ฏ๐ฏ ๐ฏHave you ever wondered how a tiny mistake can bring down a powerful cryptographic system like RSA In this video we dive into a Capture The Flag (CTF) challenge where a flawed key generation process leaves RSA wide open to attack ๐ฏWe'll analyze a Python script that generates an RSA key pair with two primes p and q that are dangerously close to each other. This is a classic vulnerability that allows us to bypass the security of RSA by using Fermat's Factorization Method to find the private key. ๐ฏJoin me as we walk through" [YouTube Link](https://youtube.com/watch?v=ItK9XFx5x7k) 2025-07-05T14:17Z [----] followers, [--] engagements "๐๐ชฒ๐ Incident Response Process TryHackMe NIST Incident Response ๐๐ชฒ๐ Practice the NIST Incident Response lifecycle steps on a compromised Windows workstation. Room Link: https://tryhackme.com/r/room/incidentresponseprocess ๐Incident Response Lifecycle (Preparation Detection and Analysis Containment Eradication and Recovery Post-Incident Activity)๐ชฒ ๐Detection and Analysis๐ชฒ ๐Containment Eradication and Recovery๐ชฒ ๐Closing the Cycle๐ชฒ Lab: user downloaded Macro-enabled Word Document (DOCM) we will Analysing the Macro to look for malicious code. Reports: ๐Macro Document Report md5" [YouTube Link](https://youtube.com/watch?v=J6hDCZ5pefg) 2024-11-27T05:19Z [----] followers, [---] engagements "๐จ๐ธWindows Threat Detection [--] TryHackMe RDP Phishing USB ๐จ๐ธ ๐จExplore common Initial Access methods on Windows and learn how to detect them. ๐ธRoom Link: https://tryhackme.com/room/windowsthreatdetection1 ๐ธLearning Objectives๐ธ Explore how threat actors access and breach Windows machines Learn common Initial Access techniques via real-world examples Practice detecting every technique using Windows event logs ๐งธ 00:00 Introduction: lab setup ๐ช 01:10 I Intro to Initial Access - Which MITRE technique ID describes Initial Access via a vulnerable mail server - Which Initial Access method" [YouTube Link](https://youtube.com/watch?v=JUaqrKpchEg) 2025-07-14T05:02Z [----] followers, [---] engagements "๐ง ๐ง TryHackMe Brain: Exploit the Open Gate - TeamCity CVE-2024-27198 Challenge ๐ง ๐ง ๐ง ๐ง The city forgot to close its gate.๐ง ๐ง ๐ง Welcome to the Brains challenge part of TryHackMes Hackathon ๐ง All brains gathered to build an engineering marvel; however it seems strangers had found away to get in. ๐ง Scripts used:๐ง ๐ง CVE-2024-27198-RCE https://github.com/W01fh4cker/CVE-2024-27198-RCE ๐ง CVE-2024-27198 https://github.com/yoryio/CVE-2024-27198 ๐ง Room Link: ๐ง https://tryhackme.com/r/room/brains these tutorials are for educational purposes and to encourage responsible and legal use of hacking" [YouTube Link](https://youtube.com/watch?v=Jy0g-GCWo3M) 2024-10-05T08:29Z [----] followers, [----] engagements "๐จ๐ธ Windows Threat Detection [--] TryHackMe ๐จ๐ธ ๐จ๐ธ Discover how to detect and analyze the first steps of threat actors after breaching Windows. ๐ธRoom Link: https://tryhackme.com/room/windowsthreatdetection2 ๐จ๐ธ After breaching a host threat actors are faced with a choice: quietly establish a backdoor to maintain long-term access or take immediate action to achieve their objectives. This room covers the second approach and continues your Windows threat detection journey by exploring what typically follows the Initial Access beginning with Discovery and Collection. Learning Objectives ๐ปโ" [YouTube Link](https://youtube.com/watch?v=LLDLwl4dH_c) 2025-07-17T05:07Z [----] followers, [---] engagements "๐ชฒ ๐๐ฅTryHackMe Soupedecode [--] Walkthrough Kerberos Exploitation & Pass-the-Hash AD Attack ๐ชฒ ๐๐ฅ ๐ฅ Complete TryHackMe Soupedecode [--] Walkthrough (Beginner-Friendly Active Directory Exploitation) ๐ธRoom Link: https://tryhackme.com/room/soupedecode01 In this video we tackle the TryHackMe "Soupedecode 01" room covering step-by-step how to compromise a domain controller using common Active Directory attack techniques. โกWe will cover:โก - Enumerating SMB shares and RID cycling - Kerberos authentication attacks (Kerberoasting & password spraying) - SMB access and privilege escalation -" [YouTube Link](https://youtube.com/watch?v=LUP70-T_2_w) 2025-08-03T12:32Z [----] followers, [---] engagements "๐๐๐ Networking Core Protocols Internet Protocols 101: Your Guide to DNS HTTP FTP & More ๐๐๐ ๐Learn about the core TCP/IP protocols.๐ Part of TryHackMe new path: Cyber Security [---] Network Protocol Essentials: From Web Browsing to Email Delivery ๐ซง DNS: Remembering Addresses ๐ซง WHOIS ๐ซง HTTP(S): Accessing the Web ๐ซง FTP: Transferring Files ๐ซง SMTP: Sending Email ๐ซง POP3: Receiving Email ๐ซง POP3: Receiving Email https://tryhackme.com/r/room/networkingcoreprotocols ๐ Like Subscribe and Comment to stay updated with our latest cybersecurity tutorials. If you have any questions or need" [YouTube Link](https://youtube.com/watch?v=M4KgGLKnXT0) 2024-11-03T09:38Z [----] followers, [--] engagements "๐ ๐ฅ๐ฅ File Carving Mastery: Recover Deleted Files & Uncover Hidden Data (TryHackMe Walkthrough)๐ฅ Description: Dive into the world of file carving In this video we'll tackle the TryHackMe "File Carving" room and learn how to recover lost or hidden files from raw data. We'll cover everything from understanding file signatures (magic bytes) to using powerful tools like Foremost Scalpel and hex editors. ๐๐ Room Link https://tryhackme.com/room/filecarving ๐๐ ๐ 0:00 Basis of File Carving ๐ 07:37 Carving Tools ๐ 08:52 Manual Carving ๐ 49:46 Automated Carving ๐ 57:58 Carving Capstone" [YouTube Link](https://youtube.com/watch?v=N05fS1Hmx4w) 2025-03-13T09:22Z [----] followers, [---] engagements "TryHackMe Cold VVars - Full Walkthrough [----] - XPATH Injection - Tmux ๐ธ Part of Incognito [---] CTF ๐ธ ๐๐ Room Link: https://tryhackme.com/room/coldvvars ๐ตโ๐ธ๐ตโ Room Scenario / Description:๐ตโ๐ธ๐ตโ ๐ We start with the room hint "The PATH may sometimes make a cross" which gives a clear reference to XPATH Injection. ๐ Using RustScan we found port [----] open which hosts an application with a login form and port [----] with a forbidden message. We also discovered an SMB share. Using smbclient and enum4linux (which provided us with a few usernames) we performed an XPATH injection to retrieve a" [YouTube Link](https://youtube.com/watch?v=N4Ih0V7sc2o) 2025-10-09T07:30Z [----] followers, [---] engagements "TryHackMe Cipher's Secret Message Full Walkthrough [----] - Decoding a Custom Python Cipher ๐ธRoom Scenario:๐ธ One of the Ciphers' secret messages was recovered from an old system alongside the encryption algorithm but we are unable to decode it. Order: Can you help void to decode the message Message : a_up4qr_kaiaf0_bujktaz_qm_su4ux_cpbq_ETZ_rhrudm ๐ Useful Links:๐ ๐ Encryption Debug Script: https://github.com/djalilayed/tryhackme/blob/5ef8551d7a11c91e8c9c22f073e9603304dc9964/Hackfinity%20Battle/Ciphers-Secret-Message/encrypt_debug_g.py ๐ Decryption Script:" [YouTube Link](https://youtube.com/watch?v=NZJB_1D8YbM) 2025-07-06T07:02Z [----] followers, [---] engagements "TryHackMe Chaining Vulnerabilities Full Walkthrough [----] Learn how to chain vulnerabilities From Low to High ๐๐ Room Link: https://tryhackme.com/room/chainingvulnerabilitiesZp ๐ฏ Objectives ๐ฏ By the end of this room you'll be able to: โ Think like an attacker: Learn how to treat even small findings as potential stepping stones. โ Understand common chains: Some bugs naturally pair well together. You'll learn why. โ Recognise weak boundaries: Identify where trust breaks down between different parts of a web application. โ Follow a real chain: You'll go from first access to remote code" [YouTube Link](https://youtube.com/watch?v=O2ArWM2bhvA) 2025-09-17T05:40Z [----] followers, [---] engagements "Risk Management - TryHackMe - Learn about framing assessing responding and monitoring risk. https://tryhackme.com/room/seriskmanagement #tryhackme" [YouTube Link](https://youtube.com/watch?v=OFT0Gblw5BM) 2023-09-14T05:15Z [----] followers, [----] engagements "๐บ๐ Intro to GraphQL Hacking TryHackMe ๐บ๐ An introduction to GraphQL Hacking.๐ง๐ง ๐ง๐งGraphQL is a modern API query language that changes how clients interact with servers. Unlike REST APIs which often rely on fixed endpoints and return large amounts of unnecessary data GraphQL allows clients to specify exactly what they needand nothing more. This efficiency has made GraphQL incredibly popular but it also introduces new attack surfaces. ๐บObjectives๐บ ๐งBy the end of this room you'll:๐ง ๐ Understand how GraphQL works and how it differs from traditional REST APIs. ๐ Learn how to map out a" [YouTube Link](https://youtube.com/watch?v=OK0WvvhUrOk) 2025-05-11T12:08Z [----] followers, [--] engagements "๐ TryHackMe PassCode Smart Contract Hacking TryHackMe Blockchain Challenge Hackfinity Battle CTF ๐From the Hackfinity Battle CTF event.๐ ๐ตโ Scenario:๐ตโ We may have found a way to break into the DarkInject blockchain exploiting a vulnerability in their system. This might be our only chance to stop themfor good. Unlock the secrets of smart contract security in this detailed TryHackMe walkthrough Learn how to analyze a Solidity contract identify vulnerabilities and use Foundry's 'cast' tool to interact with the blockchain bypass challenges and capture the flag. We'll cover calling functions" [YouTube Link](https://youtube.com/watch?v=OTfnjim4iQc) 2025-05-25T14:12Z [----] followers, [---] engagements "SQLMap The Basics: Exploit SQL Injections in Cyber Security [---] TryHackMe SAL1 Learn about SQL injection and exploit this vulnerability through the SQLMap tool. ๐ SQL Injection Vulnerability ๐ Automated SQL Injection Tool ๐ Practical Exercise https://tryhackme.com/r/room/sqlmapthebasics these tutorials are for educational purposes and to encourage responsible and legal use of hacking knowledge. #CyberSecurity101 #SQLInjection #SQLMap #TryHackMe #EthicalHacking #CyberLearning #VulnerabilityExploitation #CyberSecurityTips #PenetrationTesting #HackingTools #THMCyberSecurity101" [YouTube Link](https://youtube.com/watch?v=PZDELLx_m1w) 2024-10-23T14:00Z [----] followers, [----] engagements "๐จ TryHackMe: Volt Typhoon - Complete Walkthrough Step into the shoes of a SOC analyst and investigate a high-level cyber intrusion by the APT group Volt Typhoon known for targeting critical infrastructure and high-value organizations. Room Link: https://tryhackme.com/room/volttyphoon In this video we explore: โ Log analysis with Splunk โ Real-world APT attack simulation โ Initial access via ADSelfService Plus โ Credential dumping with Mimikatz โ Web shell persistence โ Lateral movement and C2 communications โ Defense evasion techniques like log wiping & file renaming โ Key forensic artifacts" [YouTube Link](https://youtube.com/watch?v=Pl2Bnza_8cE) 2025-05-18T08:05Z [----] followers, [---] engagements "TryHackMe IP and Domain Threat Intel Full Walkthrough [----] ๐ธ A look into enriching IP and domain insights with open source threat intelligence. ๐๐ Room Link: https://tryhackme.com/room/ipanddomainthreatintel Security Operations runbooks still revolve around the process verify enrich decide but when the alert is a lone IP address or domain the enrichment phase looks different. Instead of hashes we pivot on geolocation ASNs open-service footprints and passive DNS to learn whether a connection is routine SaaS traffic or an adversary foothold beacon. Learning Objectives ๐ฉ๐ฉBy the end of this" [YouTube Link](https://youtube.com/watch?v=Pq31xOnfb1w) 2025-09-05T17:53Z [----] followers, [---] engagements "๐ฏ TryHackMe CAPTCHApocalypse - Automated CAPTCHA Bypass with Selenium & OCR Cybersecurity Tutorial When crypto interferes automate. ๐ TryHackMe CAPTCHApocalypse Room Walkthrough In this cybersecurity tutorial I demonstrate how to solve the TryHackMe CAPTCHApocalypse room using Python automation. This challenge combines CAPTCHA solving and web automation techniques. ๐ฏ What You'll Learn: โ Automated CAPTCHA solving using OCR (pytesseract) โ Handling client-side encryption with Selenium โ Converting traditional form scripts to AJAX-based authentication โ Web scraping with anti-detection" [YouTube Link](https://youtube.com/watch?v=Q1pSeneMApU) 2025-06-22T04:44Z [----] followers, [---] engagements "๐๐ฅTryHackMe Infinity Shell CMSsite-master Forensic Web Shell Forensic Hackfinity Battle Encore Welcome to the Hackfinity Battle CTF๐ Infinity Shell CTF: Decoding Base64 & Tracing the Hacker (TryHackMe) ๐In this video we tackle the TryHackMe room 'Infinity Shell' from the Hackfinity Battle Encore CTF. We'll walk through the forensic analysis of a compromised web server focusing on decoding base64-encoded commands within Apache access logs. We'll analyze the PHP web shell ( images.php) and trace the attacker's steps to recover the flag.๐ ๐ฅRoom Scenario: ๐ฅ๐ ๐Ciphers legion of bots has" [YouTube Link](https://youtube.com/watch?v=Q2lljnFo-7g) 2025-03-26T06:56Z [----] followers, [---] engagements "๐๐ข ๐ Session Management TryHackMe Understanding and Exploiting Vulnerabilities ๐๐ข๐ ๐๐ข Learn about session management and the different attacks that can be performed against insecure implementations.๐๐ข ๐ข What is Session Management Creation Tracking Expiry Termination ๐ข Authentication vs Authorisation: Identification Authentication ๐ข Authorisation Accountability ๐ข Cookies vs Tokens ๐ข Securing the Session Lifecycle ๐ข Exploiting Insecure Session Management ๐๐ข Room Link: https://tryhackme.com/r/room/sessionmanagement๐๐ข ๐๐ข TryHackMe Web Application Pentesting Path" [YouTube Link](https://youtube.com/watch?v=QhzLJJxKsak) 2024-11-27T15:02Z [----] followers, [--] engagements "๐ฏ ๐TryHackMe AD: Authenticated Enumeration - AS-REP Roasting BloodHound & PowerView ๐ Explore how to breach and enumerate Active Directory with an authenticated account. ๐ Learn how to breach & enumerate Active Directory with an authenticated account This walkthrough covers TryHackMes "AD: Authenticated Enumeration" room step-by-step. ๐ What Youll Learn: โ AS-REP Roasting (Impackets GetNPUsers + Hashcat) โ Manual Enumeration (whoami net commands WMIC SC) โ BloodHound (Python Collector & BloodHound-CE) โ PowerShell AD & PowerView Modules (User/Group/Computer Enumeration) โ Finding Saved" [YouTube Link](https://youtube.com/watch?v=R2SiBKpA9CE) 2025-05-26T13:28Z [----] followers, [---] engagements "๐๐ SimpleHelp: CVE-2024-57727 Unauthenticated Path Traversal Vulnerability TryHackMe ๐๐ ๐ Learn how attackers can exploit CVE-2024-57727 and how to detect that. ๐ ๐ SimpleHelp is a system that facilitates remote support access and work among other uses. It is mainly used by IT professionals and support teams to allow them to support their users remotely. It can be installed on Linux MS Windows and macOS servers. ๐ In this video walk through we showcase SimpleHelp: CVE-2024-57727 exploit on both Windows and Linux machine as POC is slightly different. ๐ฏ PoC for SimpleHelp on MS Windows" [YouTube Link](https://youtube.com/watch?v=RU1N1WBSJIU) 2025-04-02T05:56Z [----] followers, [---] engagements "๐ตโ๐๐ Android Forensics Deep Dive TryHackMe "Android Analysis" Walkthrough Dive deep into the Android OS and learn how to examine from a forensics point of view. ๐ In this video we dive into TryHackMes brand-new room: "Android Analysis" Learn how to perform Android forensics by investigating a real-world scenario where an employee is suspected of leaking company secrets. Join me as we tackle the brand-new TryHackMe room Android Analysis where we uncover how to perform mobile forensics on an Android device. In this scenario employee Hazem is under investigation for allegedly selling company" [YouTube Link](https://youtube.com/watch?v=RqHzvi767eA) 2025-05-22T10:19Z [----] followers, [---] engagements "โฃ๐ฟ CAPA: The Basics Common Analysis Platform for Artifacts TryHackMe Cyber Security [---] ๐ฟโฃ ๐ฟ Learn to use CAPA to identify malicious capabilities. ๐ฟ ๐ก Room Link: https://tryhackme.com/r/room/capabasics ๐ก ๐ฅ capa detects capabilities in executable files. You run it against a PE ELF .NET module shellcode file or a sandbox report and it tells you what it thinks the program can do. For example it might suggest that the file is a backdoor is capable of installing services or relies on HTTP to communicate. ๐ฅ https://github.com/mandiant/capa โข Tool Overview: How CAPA Works โข Dissecting CAPA" [YouTube Link](https://youtube.com/watch?v=RxHnXrGoiBc) 2024-11-01T04:42Z [----] followers, [---] engagements "โ ๐ TryHackMe ExfilNode Walkthrough Linux Forensics & Data Exfiltration ๐ Uncover Liams hidden tracks in this Linux forensic investigation In this TryHackMe ExfilNode walkthrough we analyze Liams personal workstation to find undeniable evidence of data exfiltration. Learn how to: โ Check last login timestamps & timezone settings โ Extract USB connection logs & serial numbers โ Analyze executed commands (transferfiles file exfiltration) โ Identify external server IPs & cronjob backdoors โ Detect timestomped files in .hidden/ directories ๐ Questions Answered: โ 02:14 When did Liam last" [YouTube Link](https://youtube.com/watch?v=SVduJkycpgk) 2025-04-13T12:10Z [----] followers, [---] engagements "๐ฏ ๐ Task [--] Access Granted TryHackMe Industrial Intrusion CTF Reverse Engineering CTF Reverse Engineering: Cracking a Password with Ghidra & GDB (TryHackMe Walkthrough) ๐๐ Room Link: https://tryhackme.com/room/industrial-intrusion ๐ธScenario:๐ธ ZeroTrace intercepts a suspicious HMI login module on the plant floor. Reverse the binary logic to reveal the access key and slip past digital defences. ๐ In this video Ill show you how to solve a CTF reverse engineering challenge by extracting a hidden password using Ghidra and GDB Well break down the access_granted binary step by step: 1" [YouTube Link](https://youtube.com/watch?v=SmXtt9X6DWQ) 2025-07-01T09:28Z [----] followers, [---] engagements "TryHackMe Insecure Deserialisation - Full Walkthrough [----] ๐ธ๐ธ Get in-depth knowledge of the deserialisation process and how it poses a vulnerability in a web app. Room Link: https://tryhackme.com/room/insecuredeserialisation ๐ธ๐ธ Insecure deserialisation exploits occur when an application trusts serialised data enough to use it without validating its authenticity. This trust can lead to disastrous outcomes as attackers manipulate serialised objects to achieve remote code execution escalate privileges or launch denial-of-service attacks. This type of vulnerability is prevalent in" [YouTube Link](https://youtube.com/watch?v=T9l_fIUCT1U) 2025-10-05T12:09Z [----] followers, [--] engagements "TryHackMe Data Exfiltration Detection - Full Walkthrough [----] ๐ฏ Learn how to detect data exfiltration attempts in various network channels. ๐๐ Room Link: https://tryhackme.com/room/dataexfildetection ๐ฏ Data exfiltration is the unauthorized transfer of sensitive data from a computer or other device. It's a primary objective for attackers who have breached a network. As a SOC analyst our job is to detect and stop this before sensitive information walks out the door. This room will cover the common techniques attackers use to steal data and more importantly how we can catch them in the act." [YouTube Link](https://youtube.com/watch?v=TUggQIrj9Y4) 2025-10-03T13:09Z [----] followers, [--] engagements "๐จ๐จ TryHackMe Hammer: Bypassing Rate Limits and Cracking JWT Tokens๐จ๐จ ๐จUse your exploitation skills to bypass authentication mechanisms on a website and get RCE. Breaking the Hammer: A TryHackMe Challenge on Rate Limit Bypass and JWT Manipulation ๐จBypass rate limit on reset password with [--] digit code / token using X-Forwarded-For also practice encode / decode php Json web token JWT ๐จ๐จ๐จ๐จScript used on the room:๐จ๐จ๐จ https://github.com/djalilayed/tryhackme/blob/main/hammer/recovery-code.py Mastering JWT Manipulation and Rate Limit Bypass: A TryHackMe Challenge ๐จ" [YouTube Link](https://youtube.com/watch?v=T_F44rHKgZY) 2024-09-01T06:34Z [----] followers, [---] engagements "TryHackMe Authentication Bypass - Full Walkthrough [----] ๐ฏ Learn how to defeat logins and other authentication mechanisms to allow you access to unpermitted areas. ๐๐ Room Link: https://tryhackme.com/room/authenticationbypass ๐ฏ Room Tasks: ๐ฏ ๐ฃ 00:00 Task 1: Brief ๐ 01:00 Task 2: Username Enumeration (ffuf) - What is the username starting with si*** - What is the username starting with st*** - What is the username starting with ro**** ๐ฆ 07:15 Task 3: Brute Force (ffuf Hydra) - What is the valid username and password (format: username/password) ๐ 10:50 Task 4: Logic Flaw - What is the" [YouTube Link](https://youtube.com/watch?v=Tbd76csApwo) 2025-10-05T06:06Z [----] followers, [---] engagements "๐ฏ ๐Task [--] OSINT [--] TryHackMe Industrial Intrusion CTF Walkthrough ๐๐ Room Link: https://tryhackme.com/room/industrial-intrusion ๐ธScenario:๐ธ Great work on uncovering that suspicious subdomain Hexline. However your work here isnt done yet we believe there is more. ๐ **Tools Used: ๐ dig ๐ nslookup ๐ Don't forget to like subscribe and hit the bell icon for more CTF walkthroughs and cybersecurity tutorials #TryHackMe #OSINT" [YouTube Link](https://youtube.com/watch?v=USRwXq41C3g) 2025-07-01T06:25Z [----] followers, [---] engagements "Introduction to Windows PowerShell Cyber Security [---] TryHackMe SAL1 Discover the "Power" in PowerShell and learn the basics. ๐ช What Is PowerShell ๐ช PowerShell Basics ๐ช Navigating the File System and Working with Files ๐ช Piping Filtering and Sorting Data ๐ช System and Network Information ๐ช Real-Time System Analysis ๐ช Scripting https://tryhackme.com/r/room/windowspowershell these tutorials are for educational purposes and to encourage responsible and legal use of hacking knowledge. #CyberSecurity101 #PowerShellBasics #WindowsPowerShell #TryHackMe #CyberSecurityTraining #SystemAnalysis" [YouTube Link](https://youtube.com/watch?v=VRav0fRuL6o) 2024-10-24T09:43Z [----] followers, [----] engagements "๐จ๐ค๐ค TryHackMe: Evil-GPT v2 Walkthrough Hacking an AI with Prompt Injection ๐ฏ๐ฏ ๐ค Ever wondered how to hack an AI In this video we dive deep into the "Evil-GPT v2" room on TryHackMe a fantastic challenge focused on Large Language Model (LLM) vulnerabilities. Join me as we explore the fascinating world of prompt injection. We'll start with the basics see why simple commands fail and then uncover the critical flaws in the AI's own system rules. You'll see the exact prompts I used to make the "Evil GPT" reveal its own secret flag and a full breakdown of *why* these techniques work. This" [YouTube Link](https://youtube.com/watch?v=VUBcFL7bKug) 2025-07-06T04:51Z [----] followers, [---] engagements "๐ฅ๐ฅ TryHackMe Sequel Dump - Recovering STOLEN DATA from Blind SQL Injection Hackfinity Battleโจโจ ๐ In this video we tackle the 'Sequel Dump' room from the TryHackMe Hackfinity Battle CTF. We'll analyze a PCAP file to uncover a blind SQL injection attack using sqlmap. ๐ First we'll walk through the manual process of reconstructing the attacker's requests and extracting the stolen data character by character. Then we'll show you how to automate this process with a Python script saving time and effort. ๐ Learn how to identify and exploit blind SQL injection vulnerabilities and recover" [YouTube Link](https://youtube.com/watch?v=Wjz8igduiDw) 2025-03-21T15:13Z [----] followers, [---] engagements "Whats Your Name TryHackMe CTF walk through ๐ Utilise your client-side exploitation skills to take control of a web app. ๐ This challenge will test client-side exploitation skills from inspecting Javascript to manipulating cookies to launching CSRF/XSS attacks. ๐๐ Script used on XSS๐๐ https://github.com/djalilayed/tryhackme/blob/main/Whats%20Your%20Name%3F.txt ๐๐ Script used on CSRF ๐๐ https://github.com/djalilayed/tryhackme/blob/main/Whats%20Your%20Name%3F.txt ๐๐ Script used on CSRF (base64) ๐๐ https://github.com/djalilayed/tryhackme/blob/main/Whats%20Your%20Name%3F.txt ๐๐ JPG" [YouTube Link](https://youtube.com/watch?v=XESwK99ZTtI) 2024-04-27T14:52Z [----] followers, [----] engagements "๐๐ฉ TryHackMe Avengers Hub Hackfinity Battle Encore WBCE CMS v1.6.2 RCE kernel module Exploit Welcome to the Hackfinity Battle CTF๐ In this room you exploit WBCE CMS v1.6.2 remote code execution vulnerability after you find admin login details in a zip backup file. ๐ฅRoom Scenario: ๐ฅ๐ Cyber Avengers' private server has been hijacked and Cipher has locked everyone out. Your mission: retrace his steps breach the system escalate privileges and reclaim control. The server is yoursroot it secure it and shut Cipher out for good. ๐ Code & Resources: ๐ ๐ First python script used to get info" [YouTube Link](https://youtube.com/watch?v=XWBN_T3v0zY) 2025-03-25T17:23Z [----] followers, [---] engagements "๐๐๐ TryHackMe Notepad Hackfinity Battle Encore IDOR ๐๐๐ Insecure direct object references (IDOR) This easy room to show case a simple IDOR exploit on id parameter. ๐Room Scenario:๐ Thank you for registering to the Online Notepad Service. Your assigned credentials are as follows: Our services are built with security in mind. Rest assured that your notes will only be visible to you and nobody else. ๐Room Link๐: https://tryhackme.com/room/HackfinityBattleEncore #tryhackmeroom #tryhackme #tryhackmewalkthrough #Hackfinity #IDOR" [YouTube Link](https://youtube.com/watch?v=XuK2IgSflLc) 2025-03-24T18:45Z [----] followers, [---] engagements "TryHackMe Network Security Essentials - Full Walkthrough [----] ๐ Learn about key aspects of network security essentials and how to monitor and protect against adversaries. ๐ท๐ท Room Link: https://tryhackme.com/room/networksecurityessentials ๐ Learning Objectives๐ In this room we will cover the following learning objectives: ๐ Understand what a network is and identify its key components. ๐ Explore the concept of the network perimeter and its importance. ๐ Identify the key perimeter threats. ๐ Examine the firewall logs to monitor normal and suspicious logs. ๐ฎ Incident Scenario๐ฎ Initech" [YouTube Link](https://youtube.com/watch?v=Y8Wqp42Wvkc) 2025-09-30T14:43Z [----] followers, [---] engagements "โกโก Old Authentication: TryHackMe - Reverse Engineering & Binary Exploitation CTF - Hackfinity Battle Hackfinity Battle: Old Authentication - Binary Reverse Engineering & Python Scripting In this video we tackle the "Old Authentication" room on TryHackMe part of the Hackfinity Battle student CTF. This challenge involves reverse engineering a binary to crack an old authentication system and retrieve the flag. ๐ Room Link:๐ https://tryhackme.com/room/HackfinityBattle ๐Python script used in this room:๐" [YouTube Link](https://youtube.com/watch?v=YcYG-HClS2c) 2025-03-21T00:00Z [----] followers, [---] engagements "๐ ๐๐ฏTask [--] MacOS The Last Trial Honeynet Collapse CTF TryHackMe ๐๐ ๐ฏ ๐Welcome to Honeynet Collapse ๐ Room Link: https://tryhackme.com/room/honeynet-collapse ๐ฏThe Last Trial๐ฏ ๐Until now the threat actor has managed to move laterally across the domain to gain access to the most critical systems. During this time the security team is focused on the containment and detailed investigation of the whole attack. But amidst this primary attack another critical compromise took place this time on a macOS system. Lucas the lead developer of DeceptiTech unintentionally became a victim of a" [YouTube Link](https://youtube.com/watch?v=Yk1ETSsAGDg) 2025-07-27T06:50Z [----] followers, [---] engagements "Mountaineer: Flags in the Mountains TryHackMe Challenge CVE-2021-24145 Nginx Alias LFI ๐ป๐ Modern Events Calendar Lite Exploit: Mountainous Mission (TryHackMe) ๐ป๐ Room Link: https://tryhackme.com/r/room/mountaineerlinux ๐ป๐ Website Used: ๐ป๐ Nginx Alias LFI Misconfiguration: https://book.hacktricks.xyz/network-services-pentesting/pentesting-web/nginx ๐ป๐ Wordpress Plugin Modern Events Calendar 5.16.2 - Event export (Unauthenticated) https://www.exploit-db.com/exploits/50084 ๐ป๐ Wordpress Plugin Modern Events Calendar 5.16.2 - Remote Code Execution (Authenticated)" [YouTube Link](https://youtube.com/watch?v=Z51akB8mLBU) 2024-10-20T06:30Z [----] followers, [----] engagements "OWASP API Security Top [--] - [--] Tryhackme walkthrough Learn the basic concepts for secure API development (Part 1)" [YouTube Link](https://youtube.com/watch?v=ZRffPQxo-mQ) 2023-01-17T16:28Z [----] followers, [----] engagements "๐ฅ๐งฑ๐ก Firewall Fundamentals: Windows & Linux Firewalls Cyber Security [---] TryHackme SAL1 ๐ฅ๐งฑ๐ก ๐ฅ๐งฑ๐ก Learn about firewalls and get hands-on with Windows and Linux built-in firewalls. Dive deep into the world of firewalls with this comprehensive tutorial from TryHackMe's Cyber Security [---] path. Here's what you'll learn: ๐ฅ What Is the Purpose of a Firewall - Understand the critical role firewalls play in securing networks. ๐ฅ Types of Firewalls - Explore different firewall technologies and their applications. ๐ฅ Rules in Firewalls - Learn how to configure firewall rules to protect your" [YouTube Link](https://youtube.com/watch?v=ZtM3OH9KaXI) 2024-10-27T11:26Z [----] followers, [----] engagements "Logging for Accountability - TryHackMe - Learn about the role accountability plays in logging and incident response. Learning Objectives ๐ฅ Understand where data originates how it is stored and how a security engineer can leverage it. ๐ฅ Understand why accountability is important to security and how logging can help improve its efficacy. ๐ฅ Apply logs and other data sources to incident response and the principle of accountability. https://tryhackme.com/room/loggingforaccountability" [YouTube Link](https://youtube.com/watch?v=_IXv88FfUZU) 2023-09-13T08:52Z [----] followers, [----] engagements "๐ฏ๐งฉ๐ Smol TryHackMe CVE-2018-20463 LFI RCE ๐งฉ๐๐ฏ ๐ฏ๐งฉ๐Test your enumeration skills on this boot-to-root machine. ๐ฏ๐งฉ๐ At the heart of Smol is a WordPress website a common target due to its extensive plugin ecosystem. The machine showcases a publicly known vulnerable plugin highlighting the risks of neglecting software updates and security patches. Enhancing the learning experience Smol introduces a backdoored plugin emphasizing the significance of meticulous code inspection before integrating third-party components. Quick Tips: Do you know that on computers without GPU like the" [YouTube Link](https://youtube.com/watch?v=_dXNuw86znA) 2025-01-26T03:59Z [----] followers, [---] engagements "๐ฏ ๐ Task [--] - Backdoored Bus TryHackMe: Industrial Intrusion CTF Finding a Docker Backdoor ๐ธ ๐๐ Room Link: https://tryhackme.com/room/industrial-intrusion ๐ธYou get access to container image and your task to find the backdoor. ๐ In this video I solve a Backdoored Bus CTF challenge where a backdoor was hidden in a Python Modbus server. Heres how I found the flag Steps Covered: [--] Extracted the Docker image (tar) manually to analyze layers. [--] Used grep to search for malicious code (os.system eval). [--] Found the backdoor: A curl command with a base64-encoded domain (54484d7b. = THM.). 4" [YouTube Link](https://youtube.com/watch?v=a3vEOOaPqDw) 2025-06-30T07:38Z [----] followers, [---] engagements "OWASP Top [--] - [----] TryHackMe Walkthrough - A Hands-On Guide to Web Security Threats SAL1 ๐ฅ๐ฅ Dive deep into the OWASP Top [--] - [----] vulnerabilities with this comprehensive walkthrough of the TryHackMe room In this video we'll explore each of the [--] most critical web security risks showing you how they occur and more importantly how to exploit them. Perfect for beginners and those looking to solidify their web security skills. This walkthrough covers: ๐ Broken Access Control:** (Timestamp: 0:43) Learn how to bypass authorization checks and gain unauthorized access (IDOR Challenge). ๐" [YouTube Link](https://youtube.com/watch?v=aFdv9vSg-V4) 2023-03-08T07:05Z [----] followers, 65.5K engagements "TryHackMe Multi-Factor Authentication Full Walkthrough [----] ๐จ๐จ Exploiting Multi-Factor Authentication. ๐จ๐จ This part of Web Application Pentesting Path. ๐๐ Room Link: https://tryhackme.com/room/multifactorauthentications ๐ธBy the end of this room you will:๐ธ ๐ Understand the operational principles of MFA and its significance in strengthening an application's security posture. ๐ Explore the different types of authentication factors used in MFA setups. ๐ Gain insights into practical scenarios where MFA is implemented to protect sensitive data and systems. ๐ตโ๐ตโ Room Tasks: ๐ตโ๐ตโ ๐ฉ" [YouTube Link](https://youtube.com/watch?v=bprOgIWHYtU) 2025-09-15T09:04Z [----] followers, [---] engagements "Tryhackme - Diamond Model - TryHackMe SOC Level [--] SAL1 Learn about the four core features of the Diamond Model of Intrusion Analysis: adversary infrastructure capability and victim. https://tryhackme.com/room/diamondmodelrmuwwg42" [YouTube Link](https://youtube.com/watch?v=cRN6tInFsLk) 2022-10-03T17:13Z [----] followers, [---] engagements "๐จ๐ธ Health Hazard TryHackMe Threat Hunting Simulator Supply Chain Compromise Splunk ๐จ๐ธ ๐ฉ๐ฉ Supply Chain Compromise - Command and Scripting Interpreter - Boot or Logon Autostart Execution ๐งธ๐งธ Room Link: https://tryhackme.com/threat-hunting-sim/scenarios ๐ปโ๐ฉ Scenario overview ๐ปโ๐ฉ After months of juggling content calendars and caffeine-fueled brainstorming co-founder Tom Whiskers finally carved out time to build the companys first website. It was supposed to be simple: follow a tutorial install a few packages and bring the brand to life with lightweight JavaScript magic. But between" [YouTube Link](https://youtube.com/watch?v=dr3FOabXU0Q) 2025-07-26T06:54Z [----] followers, [--] engagements "๐จMicrosoft AI Red Teaming Playground Labs: Credential Exfiltration Level [--] Direct Prompt Injection Level 1: Convince the model to reveal the contents of passwords.txt using social engineering techniques. ๐ Learn how to solve the Microsoft AI Red Teaming Playground Labs Credential Exfiltration Level [--] challenge In this step-by-step tutorial I demonstrate how to use prompt injection to exfiltrate the contents of passwords.txt. Perfect for beginners in AI security ethical hacking and red-teaming. Discover jailbreaking techniques bypass AI safeguards and understand why simple prompts like "I am" [YouTube Link](https://youtube.com/watch?v=ePkBzrObxzQ) 2025-06-04T11:46Z [----] followers, [---] engagements "๐ง๐ง Lookup TryHackMe CVE-2019-9194 elFinder From Boot to Root ๐ง๐ง TryHackMe Lookup Lookup TryHackMe. ๐ง Test your enumeration skills on this boot-to-root machine. ๐ง ๐ง๐ง https://tryhackme.com/r/room/lookup Lookup offers a treasure trove of learning opportunities for aspiring hackers. This intriguing machine showcases various real-world vulnerabilities ranging from web application weaknesses to privilege escalation techniques. By exploring and exploiting these vulnerabilities hackers can sharpen their skills and gain invaluable experience in ethical hacking. Through "Lookup" hackers can" [YouTube Link](https://youtube.com/watch?v=ebICunwZK2Y) 2024-11-24T06:21Z [----] followers, [---] engagements "TryHackMe Command Injection Full Walkthrough [----] Learn about a vulnerability allowing you to execute commands through a vulnerable app and its remediations. This part of TryHackMe Jr Penetration Tester ๐๐ Room Link: https://tryhackme.com/room/oscommandinjection โ How to discover the command injection vulnerability โ How to test and exploit this vulnerability using payloads designed for different operating systems โ How to prevent this vulnerability in an application โ Lastly youll get to apply theory into practice learning in a practical at the end of the room. ๐ฏ Room Tasks:๐ฏ ๐ Task 1:" [YouTube Link](https://youtube.com/watch?v=ezKpgKjvePI) 2025-09-13T14:50Z [----] followers, [--] engagements "TryHackMe Extract Full Walkthrough [----] - SSRF & CVE-2025-29927 Exploit Can you extract the secrets of the library ๐ฆ๐ฆ Room Link: https://tryhackme.com/room/extract ๐ฆScenario:๐ฆ The librarian rushed some final changes to the web application before heading off on holiday. In the process they accidentally left sensitive information behind Your challenge is to find and exploit the vulnerabilities in the application to extract these secrets. ๐ฅLinks used on the video:๐ฅ ๐ค Next.js and the corrupt middleware (CVE-2025-29927): the authorizing artifact:" [YouTube Link](https://youtube.com/watch?v=fM9EisT6s54) 2025-08-25T15:34Z [----] followers, [---] engagements "TryHackMe File Inclusion Full Walkthrough [----] - LFI - RFI - directory traversal โ This room introduces file inclusion vulnerabilities including Local File Inclusion (LFI) Remote File Inclusion (RFI) and directory traversal. โ This part of TryHackMe Jr Penetration Tester path ๐๐ Room Link: https://tryhackme.com/room/fileinc ๐Room Tasks:๐ ๐00:00:00 Task [--] Introduction ๐00:03:26 Task [--] Deploy the VM ๐00:04:10 Task [--] Path Traversal - What function causes path traversal vulnerabilities in PHP ๐00:17:00 Task [--] Local File Inclusion - LFI - Give Lab #1 a try to read /etc/passwd. What would" [YouTube Link](https://youtube.com/watch?v=fTRuSEiPXfg) 2025-09-12T07:39Z [----] followers, [--] engagements "๐ง ๐จโก Systems as Attack Vectors TryHackMe Walk Through ๐ง๐จ โก ๐ ** Room Link: https://tryhackme.com/room/systemsattackvectors Learn how attackers exploit vulnerable and misconfigured systems and how you can protect them. ๐Learning Objectives๐ ๐ฏ Learn the role of a system in a modern digital world ๐ฏ Explore a variety of real-world attacks targeting systems ๐ฏ Practice the acquired knowledge in two realistic scenarios ๐ Definition of System ๐ค Attacks on Systems ๐ชฒ Vulnerabilities ๐ Misconfigurations ๐ฆข Practice ๐ชฒ๐ชฒLink from the video:๐ชฒ๐ชฒ ๐ทThe DFIR Report: How Real Intrusions Happen:" [YouTube Link](https://youtube.com/watch?v=flPX62OFuKI) 2025-08-14T19:00Z [----] followers, [--] engagements "TryHackMe Network Discovery Detection - Full Walkthrough [----] Understand how attackers discover assets in a network and how to detect that activity. ๐ท๐ท Room Link: https://tryhackme.com/room/networkdiscoverydetection ๐ฉ Learning Objectives ๐ฉ By the end of this room we aim to understand: ๐ What is network discovery ๐ Why attackers perform network discovery ๐ What are the different types of network discovery ๐ How network discovery techniques work and how we can detect them ๐ฉ Room Tasks: ๐ฉ ๐ 00:00 Task 1: Introduction ๐ง 02:25 Task 2: Network Discovery - What do attackers scan other" [YouTube Link](https://youtube.com/watch?v=gZ6iEz9qs2o) 2025-10-01T17:48Z [----] followers, [---] engagements "โก๐โก TryHackMe Tomcat: CVE-2024-50379 Time-of-check Time-of-use vulnerability Race Condition ๐ โกโกExplore and learn about the Tomcat CVE-2024-50379 vulnerability.โกโก Dive into the newly discovered Tomcat vulnerability CVE-2024-50379 This room explores a classic Time-of-check Time-of-use (TOCTOU) race condition during JSP compilation on case-insensitive systems. Learn how to exploit detect (access logs system logs Sysmon) and understand the technical background of this critical issue. โก 0:00 Introduction to CVE-2024-50379 โก 02:41 Technical Background: Understanding TOCTOU โก 07:28 Exploitation:" [YouTube Link](https://youtube.com/watch?v=hjyxgwcFVFk) 2025-03-12T05:36Z [----] followers, [---] engagements "๐ ๐๐ฏ which ransomware group targeted the organisation Task [--] Filesystem Shock and Silence ๐ ๐๐ฏ ๐Room Link: https://tryhackme.com/room/honeynet-collapse ๐This just quick video to showcase steps for the answer to question: ๐Go beyond the obvious - which ransomware group targeted the organisation ๐Question Hint Perform some OSINT and look deeper - the true story lies beneath the surface. You're looking for the group that got breached ๐ Triage link: https://tria.ge/250610-cs7dvaxtdy โ Educational Purpose Only This content is for educational and authorized penetration testing purposes" [YouTube Link](https://youtube.com/watch?v=iQKgC2jqJGE) 2025-07-28T17:49Z [----] followers, [--] engagements "Advent of Cyber [----] Task [--] Day [--] Machine learning Jingle Bell SPAM - TryHackMe Task [--] Day [--] Machine learning Jingle Bell SPAM: Machine Learning Saves the Day Over the past few weeks Best Festival Company employees have been receiving an excessive number of spam emails. These emails are trying to lure users into the trap of clicking on links and providing credentials. Spam emails are somehow ending up in the mailing box. It looks like the spam detector in place since before the merger has been disabled/damaged deliberately. Suspicion is on McGreedy who is not so happy with the merger." [YouTube Link](https://youtube.com/watch?v=jNSPO_Tfpok) 2023-12-15T16:58Z [----] followers, [---] engagements "The Return of the Yeti - TryHackMe - Advent of Cyber '23 Side Quest The Yeti needs a plan for [----]. Help him out room link: https://tryhackme.com/room/adv3nt0fdbopsjcap Software used on the room links: hcxtools: extracting wifi wpa handshake https://github.com/ZerBea/hcxtools pyrdp: playing wireshark wifi capture pcap file https://github.com/GoSecure/pyrdp CyberChef: https://gchq.github.io/CyberChef Cracking WPA/WPA2 with hashcat https://hashcat.net/wiki/doku.phpid=cracking_wpawpa2 mimikatz PFX files #tryhackme" [YouTube Link](https://youtube.com/watch?v=kEnBCzwdZro) 2023-12-29T05:05Z [----] followers, [---] engagements "TryHackMe Intro to Cross-site Scripting - Full Walkthrough [----] ๐๐ Learn how to detect and exploit XSS vulnerabilities giving you control of other visitor's browsers. Part of Jr Penetration Tester Path ๐ท๐ท Room Link: https://tryhackme.com/room/xss ๐๐ Room Tasks:๐๐ ๐ 00:00 Task 1: Room Brief ๐ฎ 01:50 Task 2: XSS Payloads ๐ 04:19 Task 3: Reflected XSS ๐ฎ 05:55 Task 4: Stored XSS ๐ 07:36 Task 5: DOM Based XSS ๐ฎ 09:50 Task 6: Blind XSS ๐ 11:22 Task 7: Perfecting your payload ๐ฎ 26:27 Task 8: Practical Example (Blind XSS) โ Educational Purpose Only This content is for educational and" [YouTube Link](https://youtube.com/watch?v=kHw6EaQsXUs) 2025-09-19T07:31Z [----] followers, [--] engagements "๐๐ Tcpdump: The Basics - Packet Capture and Filtering Beginners Guide TryHackMe ๐๐ ๐ Learn how to use Tcpdump to save filter and display packets. Tcpdump Tutorial: Essential Skills for Network Analysis TryHackMe Walkthrough ๐ Basic Packet Capture ๐ Filtering Expressions ๐ Advanced Filtering ๐ Displaying Packets https://tryhackme.com/r/room/tcpdump ๐ Like Subscribe and Comment to stay updated with our latest cybersecurity tutorials. If you have any questions or need further clarification on any concept feel free to drop a comment below these tutorials are for educational purposes and" [YouTube Link](https://youtube.com/watch?v=kkp73daCjbA) 2024-11-02T08:24Z [----] followers, [---] engagements "TryHackMe AppSec IR Full Walkthrough [----] ๐ธ An introduction into the overlapping worlds of AppSec and IR. ๐ธ Learning Objectives ๐ธ ๐ฉ Understand the intersection between AppSec and incident response ๐ฉ Understand the steps that can be taken to prepare for an application incident ๐ฉ Understand the process of responding to an application incident ๐ฉ Understand the importance of learning from an application incident ๐ธ Room Tasks ๐ธ โด Task 1: Introduction ๐ Task 2: AppSec IR Fundamentals ๐ฆ Task 3: Preparing for Application Incidents ๐ Task 4: Responding to an Application Incident ๐ Task 5:" [YouTube Link](https://youtube.com/watch?v=ljZA2GalVSU) 2025-09-18T07:31Z [----] followers, [---] engagements "TryHackMe Sequence - Full Walkthrough [----] - XSS - CSRF - Docker Escape ๐ฉ Chain multiple vulnerabilities to take control of a system. ๐ฉ ๐ฉ๐ฉ Room Link: ๐ฉ๐ฉ https://tryhackme.com/room/sequence ๐ธScenario:๐ธ Robert made some last-minute updates to the review.thm website before heading off on vacation. He claims that the secret information of the financiers is fully protected. But are his defenses truly airtight Your challenge is to exploit the vulnerabilities and gain complete control of the system. ๐ฒ๐ฒ Room Overview ๐ฒ๐ฒ Solving this room involved many steps and chaining many" [YouTube Link](https://youtube.com/watch?v=looyfVGX_yU) 2025-09-22T08:45Z [----] followers, [---] engagements "๐๐ Introduction to Cryptography - Mastering Cryptography Fundamentals: A TryHackMe Walkthrough ๐๐ Learn about encryption algorithms such as AES Diffie-Hellman key exchange hashing PKI and TLS. Crack the Cryptography Challenge: Learn AES Diffie-Hellman Hashing PKI and TLS ๐ Symmetric Encryption ๐ Asymmetric Encryption ๐ Diffie-Hellman Key Exchange ๐ Hashing ๐ PKI and SSL/TLS ๐ Authenticating with Passwords ๐ Cryptography and Data - Example Mastering Cryptography Fundamentals: A TryHackMe Challenge https://tryhackme.com/room/cryptographyintro #cybersecurity #CTF #hacking #infosec" [YouTube Link](https://youtube.com/watch?v=m7C9FsCdHa8) 2023-02-07T17:15Z [----] followers, 13.7K engagements "TryHackMe Detecting Web Attacks Full Walkthrough [----] ๐บExplore web attacks and detection methods through log and network traffic analysis. ๐๐ Room Link: https://tryhackme.com/room/detectingwebattacks ๐บ Web attacks are among the most common ways attackers gain entry into target systems. Public-facing websites and web applications often sit in front of databases and other infrastructure which are appealing targets for attackers. In this room youll learn how to identify these threats using practical detection methods and industry-standard tools. Objectives โก Learn common client-side and" [YouTube Link](https://youtube.com/watch?v=mF045WxDP4M) 2025-09-11T19:14Z [----] followers, [---] engagements "Public Key Cryptography Basics: RSA SSH and More in Cyber Security [---] TryHackMe SAL1 Discover how public key ciphers such as RSA work and explore their role in applications such as SSH. ๐ Common Use of Asymmetric Encryption ๐ RSA ๐ Diffie-Hellman Key Exchange ๐ SSH ๐ Digital Signatures and Certificates ๐ PGP and GPG https://tryhackme.com/r/room/publickeycrypto these tutorials are for educational purposes and to encourage responsible and legal use of hacking knowledge. #THMCyberSecurity101 #CyberSecurity101 #PublicKeyCryptography #RSA #AsymmetricEncryption #TryHackMe" [YouTube Link](https://youtube.com/watch?v=mI4sHcqrLYY) 2024-10-25T11:53Z [----] followers, [----] engagements "๐งฒ ๐ TryHackMe SOC L1 Alert Triage SOC Simulator SAL1 ๐ Learn more about SOC alerts and build a systematic approach to efficiently triaging them. An alert is a core concept for any SOC team and knowing how to handle it properly ultimately decides whether a security breach is detected and prevented or missed and devastating. This is an entry level but essential room for SOC L1 analysts to understand the concept and lifecycle of alerts from event generation to correct resolution. โจ Learning Objectivesโจ โกFamiliarise with the concept of SOC alert โกExplore alert fields statuses and" [YouTube Link](https://youtube.com/watch?v=mVI-lFILqlc) 2025-04-11T05:14Z [----] followers, [----] engagements "๐๐ตโ ๐ง TryHackMe Hide and Seek Linux Forensic DFIR Hackfinity Battle Encore ๐ง Welcome to the Hackfinity Battle CTF๐ In this video we investigate a different persistence technique used by an attacker on a Linux system ๐ฅRoom Scenario: ๐ฅ๐ ๐A note was discovered on the compromised system taunting us. It suggests multiple persistence mechanisms have been implanted ensuring that Cipher can return whenever he pleases. Heres the note: Dear Specter I must say its been a thrill dancing through your systems. You lock the doors; I pick the locks. You set up alarms; I waltz right past them. But" [YouTube Link](https://youtube.com/watch?v=mbRdG6mxqXY) 2025-03-28T06:51Z [----] followers, [---] engagements "๐๐๐ TryHackMe Mayhem From Wireshark to Decrypted Havoc C2 ๐๐ ๐๐ Can you find the secrets inside the sea of mayhem๐ ๐๐ Unmasking Havoc C2: Decoding Attacker Secrets in TryHackMe's Mayhem The "Mayhem" room on TryHackMe throws you into a sea of Havoc C2 communication Can you uncover the attacker's secrets hidden within the Wireshark capture Join us as we trace the initial PowerShell infection the disguised notepad.exe Havoc agent and the encrypted communication with the teamserver. We'll guide you through identifying the crucial 0xdeadbeef marker extracting the AES key and IV ๐๐ We" [YouTube Link](https://youtube.com/watch?v=mzbbniWCHAw) 2025-04-21T04:43Z [----] followers, [---] engagements "๐ฅ ๐ก Introduction to Phishing TryHackMe SOC Simulator SAL1 ๐Scenario overview๐ Learn how to use SOC Simulator by completing your first scenario. Close all True Positive alerts to pass ๐Scenario objectives๐ ๐ Monitor and analyze real-time alerts. ๐ Identify and document critical events such as suspicious emails and attachments ๐ Create detailed case reports based on your observations to help your team understand the full scope of alerts and malicious activity. https://tryhackme.com/soc-sim/scenarios #SAL1" [YouTube Link](https://youtube.com/watch?v=nLcEJklRBL4) 2025-04-16T15:18Z [----] followers, [---] engagements "TryHackMe Linux Threat Detection [--] - Full Walkthrough [----] ๐ธ Explore how attackers break into Linux systems and how you can detect this in logs. ๐๐ Room Link: https://tryhackme.com/room/linuxthreatdetection1 ๐ฏLearning Objectives๐ฏ ๐ Understand the role and risk of SSH in Linux environments ๐ Learn how Internet-exposed services can lead to breaches ๐ Utilize process tree analysis to identify the origin of the attack ๐ Practice detecting Initial Access techniques in realistic labs ๐ฏRoom Tasks๐ฏ ๐ 00:00 Task 1: Introduction ๐ฆ 01:39 Task 2: Initial Access via SSH - When did the ubuntu" [YouTube Link](https://youtube.com/watch?v=nMMVgVdQVOY) 2025-09-24T18:41Z [----] followers, [---] engagements "โ๐๐โ TryHackMe Sneaky Patch Linux Kernel Forensic Hackfinity Battle Encore โโ Welcome to the Hackfinity Battle CTF๐ In this video we investigate a malicious kernel module install in a Linux system. ๐ฅRoom Scenario: ๐ฅ๐ ๐A high-value system has been compromised. Security analysts have detected suspicious activity within the kernel but the attackers presence remains hidden. Traditional detection tools have failed and the intruder has established deep persistence. Investigate a live system suspected of running a kernel-level backdoor.๐ ๐ TryHackMe Room:" [YouTube Link](https://youtube.com/watch?v=nRvJpqZCtY0) 2025-03-27T15:31Z [----] followers, [---] engagements "Understanding Shells in Cyber Security TryHackMe's Shells Overview Cyber Security [---] SAL1 Learn about the different types of shells. Shells Overview TryHackMe Dive into the world of shells with this comprehensive overview from TryHackMe's Cyber Security [---] path. This video covers: ๐ท Shell Overview: What are shells and why are they crucial in cybersecurity ๐ท Reverse Shell: How attackers use this technique to gain control over a remote system. ๐ท Bind Shell: Understanding how to set up and exploit bind shells. ๐ท Shell Listeners: Tools and techniques for setting up listeners to catch" [YouTube Link](https://youtube.com/watch?v=nSv589s4Fg0) 2024-10-27T08:49Z [----] followers, [----] engagements "๐ญ๐ญ Mouse Trap Mobile Mouse Server CVE-2023-31902 TryHackMe ๐ญ๐ญ ๐จ๐ป๐ป๐พ๐ญ Follow the adventures of Jom and Terry members of the TryMouseMe purple team as they work through a thrilling exercise of Attack and Defense. From initial access to persistence you will emulate a three-stage attack on a Windows environment. ๐จ๐ป๐ป๐พ๐ญ Attack Emulation VM (TA001: Initial access TA004: Privilege Escalation TA003: Persistence) CVE-2023-31902 SharpUp.exe ๐จ๐ป๐ป๐พ๐ญ Mobile Mouse 3.6.0.4 Remote Code Execution Exploit ๐จ๐ป๐ป๐พ๐ญ https://github.com/blue0x1/mobilemouse-exploit/tree/main ๐ญ After finding a" [YouTube Link](https://youtube.com/watch?v=nTVo-DC3eM8) 2024-11-17T08:58Z [----] followers, [---] engagements "๐จ๐ค๐ค TryHackMe Evil-GPT Walkthrough Hack AI Command Systems ๐จ ๐ค Practice your LLM hacking skills. Room Link: https://tryhackme.com/room/hfb1evilgpt ๐คLearn AI/LLM security testing with this complete walkthrough of TryHackMe's Evil-GPT room In this tutorial I demonstrate how to analyze and exploit AI command execution systems covering prompt injection techniques ๐ What You'll Learn: AI command interpreter vulnerabilities Prompt engineering for security testing Command sanitization bypass techniques File system enumeration via LLM systems โก Topics Covered: Initial reconnaissance and flag" [YouTube Link](https://youtube.com/watch?v=oWg2CHUB6vA) 2025-07-05T06:05Z [----] followers, [---] engagements "Networking Essentials: A Beginner's Guide TryHackMe Cyber Security [---] SAL1 Explore networking protocols from automatic configuration to routing packets to the destination. DHCP ARP ICMP & Routing: Networking Basics ๐ง DHCP: Give Me My Network Settings ๐ง ARP: Bridging Layer [--] Addressing to Layer [--] Addressing ๐ง ICMP: Troubleshooting Networks ๐ง Routing ๐ง NAT https://tryhackme.com/r/room/networkingessentials Networking Essentials: From Automatic Configuration to Packet Delivery these tutorials are for educational purposes and to encourage responsible and legal use of hacking knowledge." [YouTube Link](https://youtube.com/watch?v=ov33lp110Lk) 2024-10-24T04:16Z [----] followers, [----] engagements "๐ฐ๐ฐ TryHackMe Billing writeup MagnusBilling RCE CVE-2023-30258 Fail2ban ๐ฐ Some mistakes can be costly. TryHackMe Billing walk through TryHackMe Billing writeup ๐ฐ In this video we tackle the TryHackMe "Billing" room showcasing how to exploit a critical vulnerability to gain root access. We start with an initial scan revealing MagnusBilling running on port [--]. A quick search highlights CVE-2023-30258 an unauthenticated Remote Command Execution (RCE) vulnerability providing a direct path to a foothold. ๐ฐ We demonstrate two methods for exploiting CVE-2023-30258: * **Metasploit Module:** We'll" [YouTube Link](https://youtube.com/watch?v=p2ozqA4nbLg) 2025-03-09T01:50Z [----] followers, [----] engagements "Intranet - TryHackMe - FLAG [--] - Zap ffuf burp Welcome to the intranet Flag [--] using Zap proxy ffuf and Burp suite" [YouTube Link](https://youtube.com/watch?v=phgqvERFgs0) 2023-06-20T11:44Z [----] followers, [---] engagements "๐ฏ โ TryHackMe Custom Tooling using Burp Custom Burp Suite Extension (RSA Encrypt/Decrypt) โ ๐ฏ Creating custom tooling for application testing using Burp Plugins. โ In this TryHackMe walkthrough we tackle the "Custom Tooling using Burp" room Learn how to analyze web applications with custom encryption and build your own Burp Suite extension from scratch to handle it. ๐ตโ Room Focus: Custom Tooling using Burp Platform: TryHackMe ๐ What you'll learn in this video:๐ Understanding the challenge: End-to-end encryption in HTTP requests/responses. โ Identifying flaws in custom encryption schemes" [YouTube Link](https://youtube.com/watch?v=qOYyzWXnH_I) 2025-06-01T13:43Z [----] followers, [---] engagements "๐ฏ ๐ Task-20 Echoed Streams TryHackMe: Industrial Intrusion CTF AES-GCM Nonce Reuse Attack ๐๐ Room Link: https://tryhackme.com/room/industrial-intrusion How ONE Cryptographic Mistake Breaks Everything Nonce Reuse Attack Tutorial ๐ธScenario:๐ธ Three months after the Virelia Water Control Facility was breached OT traffic is finally back onlinesupposedly fully remediated. During a routine audit Black Echos red team intercepted two backtoback telemetry packets between a pump controller and the SCADA server. Curiously both packets were encrypted under AESGCM using the same 16-byte nonce (number" [YouTube Link](https://youtube.com/watch?v=qm_mpEskURo) 2025-06-30T10:38Z [----] followers, [---] engagements "Confluence CVE-2023-22515 - TryHackMe - Exploit CVE-2023-22515 to get admin access to Confluence Server and Data Center editions. On October 4th [----] Atlassian released a security advisory regarding CVE-2023-22515 a broken access control vulnerability with an assigned CVSS score of [----]. The vulnerability was introduced in version 8.0.0 of Confluence Server and Data Center editions and is present in versions 8.3.3 8.4.3 8.5.2. https://tryhackme.com/room/confluence202322515 #tryhackme" [YouTube Link](https://youtube.com/watch?v=qpXqtcbR7go) 2023-10-19T05:48Z [----] followers, [----] engagements "๐ธ๐ปโ๐ปAPT28 Attack Simulation: TryHackMe Incident Response Challenge APT28 in the Snare๐ธ๐ปโ๐ป Hunting APT28 (Fancy Bear) - TryHackMe Walkthrough & Forensic Investigation ๐ TryHackMe "APT28 in the Snare" Full Walkthrough & Forensic Investigation In this hands-on TryHackMe walkthrough we investigate APT28 (Fancy Bear) a notorious Russian cyber-espionage group in a realistic incident response scenario. You'll learn how to: โ Detect initial access & execution โ Uncover persistence mechanisms (how APT28 stays hidden) โ Analyze privilege escalation & data exfiltration โ Use Eric Zimmermans tools" [YouTube Link](https://youtube.com/watch?v=rH3RGZNk0UA) 2025-05-25T10:49Z [----] followers, [---] engagements "TryHackMe Subdomain Enumeration - Full Walkthrough [----] ๐ Learn the various ways of discovering subdomains to expand your attack surface of a target. ๐ท๐ท Room Link: https://tryhackme.com/room/subdomainenumeration ๐ฉRoom Tasks:๐ฉ ๐ 00:00 Task 1: Brief - What is a subdomain enumeration method beginning with B - What is a subdomain enumeration method beginning with O - What is a subdomain enumeration method beginning with V ๐ 02:45 Task 2: OSINT - SSL/TLS Certificates ๐ 04:25 Task 3: OSINT - Search Engines - What domain was logged on crt.sh at 2020-12-26 ๐ 06:00 Task 4: DNS Bruteforce -" [YouTube Link](https://youtube.com/watch?v=rg7f_wcpkoA) 2025-10-05T06:05Z [----] followers, [--] engagements "๐ TryHackMe: Directory Walkthrough Kerberos ASREP Roast Hashcat & WinRM Decryption Walkthrough ๐ Room Link: https://tryhackme.com/room/directorydfirroom ๐จTools Used: ๐ Script used in this video decrypt WinRM traffic: https://github.com/djalilayed/tryhackme/blob/main/directory/decrypt_winrm.py ๐ Command used in this video: https://github.com/djalilayed/tryhackme/tree/main/directory ๐ธIn this complete step-by-step walkthrough of the TryHackMe room "Directory" we dive deep into network forensics and Active Directory attacks to go from a packet capture to the final flag. This video is" [YouTube Link](https://youtube.com/watch?v=sET2aPr2CIg) 2025-07-21T06:38Z [----] followers, [---] engagements "๐๐ฅ๐ TryHackMe Heist Smart Contract Hacked ๐ Full Walkthrough (Hackfinity CTF) ๐๐ฅ๐ TryHackMe: Heist - Smart Contract changeOwnership & withdraw Exploit From the Hackfinity Battle CTF event. Welcome ethical hackers ๐ตโ In this video we're diving deep into the "Heist" room from TryHackMe originally featured in the Hackfinity Battle CTF event. The mission: A critical weakness has been found in Cipher's Smart Contract. If exploited we can drain its entire ETH treasury This isn't just about the loot; successfully emptying the contract will cut off funding to the notorious Phantom Node Botnet" [YouTube Link](https://youtube.com/watch?v=sEttM7_2ocI) 2025-05-25T15:45Z [----] followers, [--] engagements "TryHackMe Intro to SSRF Full Walkthrough [----] Learn how to exploit Server-Side Request Forgery (SSRF) vulnerabilities allowing you to access internal server resources. In this room you'll learn what an SSRF is what kind of impact they can have you'll view some example SSRF attacks how you can discover SSRF vulnerabilities how to circumvent input rules and then we have a practice for you against with to try your newfound skills. ๐๐ Room Link: https://tryhackme.com/room/ssrfqi This room part of TryHackMe Jr Penetration Tester path. ๐ What is an SSRF ๐ SSRF Examples ๐ Finding an SSRF ๐" [YouTube Link](https://youtube.com/watch?v=sj0pQeGL2xo) 2025-09-11T11:45Z [----] followers, [--] engagements "๐ ๐ Server-side Template Injection TryHackMe A Deep Dive into Exploiting Smarty Pug Jinja2 ๐ ๐ SSTI Overview ๐ Template Engines ๐ PHP - Smarty ๐ NodeJS - Pug ๐ Python - Jinja2 ๐ Automating the Exploitation ๐ Extra-Mile Challenge (Form Tools 3.1.1 CVE-2024-22722) ๐ Mitigation ๐ code / shell used on the room: https://github.com/djalilayed/tryhackme/blob/main/Server-side-Template-Injection/code-used.txt ๐ Server Side Template Injection (SSTI) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary commands via the Group Name field under the add forms section of the" [YouTube Link](https://youtube.com/watch?v=t-plhN3riO8) 2024-06-19T07:32Z [----] followers, [----] engagements "๐จโ ๐ฆ TryHackMe - Security Footage Walkthrough: Recovering a Scrolling Flag ๐ฆ Security Footage (TryHackMe) - PCAP Forensics OCR & Flag Reconstruction Guide โ In this comprehensive walkthrough we tackle the "Security Footage" room on TryHackMe Join me as we dive into digital forensics to recover crucial footage and a hidden scrolling flag from a network capture (PCAP file). โ The hard drives are destroyed but the network never forgets We'll perform an end-to-end investigation covering: ๐ โ Room Link: https://tryhackme.com/room/securityfootage ๐ **Network Forensics Fundamentals:** - Analyzing" [YouTube Link](https://youtube.com/watch?v=t3uQYJiBqzo) 2025-05-11T05:00Z [----] followers, [---] engagements "๐โ ๐ Crypto Failures Crypt Salt A brute force attack TryHackMe CTF ๐ ๐๐Implementing your own military-grade encryption is usually not the best idea. ๐ First exploit the encryption scheme in the simplest possible way then find the encryption key. Room Link: https://tryhackme.com/room/cryptofailures ๐๐ Scripts Used:๐๐ ๐ Find web Flag๐: https://github.com/djalilayed/tryhackme/blob/main/Crypto%20Failures/admin_flag.py ๐ Simulation [--] steps for the key ๐ https://github.com/djalilayed/tryhackme/blob/main/Crypto%20Failures/find_key_anim_10.php ๐ Get Encryption Key:๐" [YouTube Link](https://youtube.com/watch?v=tSWxzhim-2M) 2025-03-03T19:42Z [----] followers, [---] engagements "โ๐ TryHackMe Serverless Walkthrough AWS SSRF & Role Escalation to Hijack Cloud Infrastructure โ Welcome to the Hackfinity Battle CTF๐ Infinity Shell CTF: Decoding Base64 & Tracing the Hacker (TryHackMe) ๐In this detailed walkthrough of TryHackMe's 'Serverless' room I demonstrate how to exploit AWS credentials and leverage vulnerabilities like SSRF LFI and role escalation to take control of a cloud-based red team infrastructure. Follow along as I uncover hidden flags from the DarkMatter gang's contractor ShadowFang and show you step-by-step how to access leaked information and overcome AWS" [YouTube Link](https://youtube.com/watch?v=tgQVXn95UiE) 2025-03-27T12:35Z [----] followers, [---] engagements "๐จ๐ค๐ธ๐ค ContAInment TryHackMe Room: Ransomware Investigation Walkthrough ๐จ๐ค๐ค ๐ธCan you help contain the ransomware threat with the help of AI๐ธ ๐๐Join me as we dive into the ContAInment TryHackMe room a thrilling ransomware investigation challenge In this walkthrough well step into the role of a Security Analyst at West Tech tasked with investigating a ransomware attack on senior researcher Oliver Deers workstation. Learn how to identify the attacker's entry point trace their actions recover stolen data and neutralize the threat using both manual techniques and an AI-powered IR" [YouTube Link](https://youtube.com/watch?v=tl12rbLG5sk) 2025-07-10T08:07Z [----] followers, [---] engagements "๐ฏ ๐ Task [--] Orcam TryHackMe Industrial Intrusion CTF Walkthrough Malicious Macro Analysis ๐๐ Room Link: https://tryhackme.com/room/industrial-intrusion ๐ธScenario:๐ธ You get an email with attachment Microsoft docm file. with Macro enable. you need to analyses the VBA code inside the macro to get the flag. In this step-by-step walkthrough we tackle the malicious document challenge from the TryHackMe Industrial Intrusion room. We'll go from receiving a suspicious email to fully reverse-engineering the hidden VBA macro to find the flag. This guide is perfect for anyone studying for" [YouTube Link](https://youtube.com/watch?v=uGhuElHm1Ys) 2025-06-30T16:58Z [----] followers, [---] engagements "๐ธ๐จ TryHackMe Stolen Mount NFS From Wireshark PCAP to QR Code Flag ๐จ๐จ Analyse network traffic related to an unauthenticated file share access attempt focusing on potential signs of data exfiltration. โก Room Link: https://tryhackme.com/room/hfb1stolenmount ๐ธScenario:๐ธ An intruder has infiltrated our network and targeted the NFS server where the backup files are stored. A classified secret was accessed and stolen. The only trace left behind is a packet capture (PCAP) file recorded during the incident. Your mission should you accept it is to discover the contents of the stolen data. ๐ฉ๐ฉIn" [YouTube Link](https://youtube.com/watch?v=ustfwuZFAsM) 2025-07-13T05:45Z [----] followers, [---] engagements "Vulnerability Scanner Overview TryHackMe Cyber Security [---] SAL1 Learn about vulnerability scanners and how they work in a practical scenario. ๐ชซ What Are Vulnerabilities ๐ชซ Vulnerability Scanning ๐ชซ Tools for Vulnerability Scanning ๐ชซ CVE & CVSS ๐ชซ OpenVAS ๐ชซ Practical Exercise https://tryhackme.com/r/room/vulnerabilityscanneroverview these tutorials are for educational purposes and to encourage responsible and legal use of hacking knowledge. #THMCyberSecurity101 #CyberSecurity101 #CyberSecurity #TryHackMe #VulnerabilityScanner #HackingTutorial #InfoSec #CyberTraining" [YouTube Link](https://youtube.com/watch?v=uwDuN7vFC88) 2024-10-28T07:36Z [----] followers, [----] engagements "๐ฏ๐ Active Directory Enumeration for Beginners TryHackMe AD: Basic Enumeration Walkthrough PT1 ๐ท Learn how to enumerate an Active Directory network and get initial access. ๐ด Learn how to enumerate an Active Directory (AD) network and gain initial access in this step-by-step TryHackMe walkthrough Active Directory enumeration is a critical skill for penetration testers and ethical hackers. In this video well cover: โ Mapping Out the Network (fping nmap) Host Discovery Port Scanning โ Network Enumeration With SMB (nmap smbmap.py) Discovering Services Listing SMB Shares Accessing SMB Shares" [YouTube Link](https://youtube.com/watch?v=vzAZiavaXDY) 2025-05-26T06:14Z [----] followers, [---] engagements "๐ Dark Encryptor Hackfinity Battle Encore Command Injection Welcome to the Hackfinity Battle CTF In this room you learn how to exploit Command Injection ๐๐Room Scenario:๐๐ Void managed to hack into DarkMatter's internal network. I don't think they use it much but we found this encryption tool hosted on a server. Let's see if we can find anything interesting lying around. ๐Room Link๐: https://tryhackme.com/room/HackfinityBattleEncore ๐ Like Subscribe and Comment to stay updated with our latest cybersecurity tutorials. If you have any questions or need further clarification on any" [YouTube Link](https://youtube.com/watch?v=w7HWOr_yZdQ) 2025-03-24T18:45Z [----] followers, [---] engagements "๐ด Dark Encryptor [--] Hackfinity Battle Encore Command Injection ๐ด Welcome to the Hackfinity Battle CTF In this room you learn how to exploit Command Injection similar to Dark Encryptor [--] ๐ฅRoom Scenario: ๐ฅ After pivoting through their internal network we have found yet another encryption tool. Can you hack into the server and extract the secret data Our intel tells us that the app is using the gpg tool. ๐Room Link๐: https://tryhackme.com/room/HackfinityBattleEncore ๐ Like Subscribe and Comment to stay updated with our latest cybersecurity tutorials. If you have any questions or need" [YouTube Link](https://youtube.com/watch?v=wm6yWq3IHl4) 2025-03-25T08:19Z [----] followers, [---] engagements "๐จ๐ธ Event Horizon TryHackMe Decrypt Covenant C2 traffic Wireshark ๐จ๐ธ ๐งธ๐งธ Unearth the secrets beyond the Event Horizon. ๐๐ Room Link: https://tryhackme.com/room/eventhorizonroom ๐ปโ Room Scenario:๐ปโ ๐ฉJoin Tom and Dom on a quest to find out what happens when you look beyond the Event Horizon. A quest beyond borders they need you to utilize all your abilities to find the secrets that were taken when they crossed over to the other side. ๐๐Attacker was able to brute force ESMTP email sent phishing email to local user as Powershell script to calculate mass of the black hole but hidden at" [YouTube Link](https://youtube.com/watch?v=xUifweCxp8E) 2025-08-10T12:00Z [----] followers, [---] engagements "Getting Started with Nmap: The Basics Discover Hosts and Open Ports in Cyber Security [---] SAL1 ๐ Learn how to use Nmap to discover live hosts find open ports and detect service versions. ๐ Host Discovery: Who Is Online ๐ Port Scanning: Who Is Listening ๐ Version Detection: Extract More Information ๐ Version Detection: Extract More Information ๐ Output: Controlling What You See ๐ Conclusion and Summary https://tryhackme.com/r/room/nmap these tutorials are for educational purposes and to encourage responsible and legal use of hacking knowledge. #CyberSecurity101 #NmapBasics #PortScanning" [YouTube Link](https://youtube.com/watch?v=yWc9tWj0onU) 2024-10-24T14:14Z [----] followers, [---] engagements "๐ก๐จ๐จ Bypass Really Simple Security CVE-2024-10924 TryHackMe ๐ก ๐ก Learn how to exploit a WordPress website using CVE-2024-10924 and understand various mitigation techniques.๐จ ๐ก WordPress is one of the most popular open-source Content Management Systems (CMS) and it is widely used to build websites ranging from blogs to e-commerce platforms. In November [----] a critical vulnerability was discovered in the Really Simple Security plugin a widely adopted security plugin used by millions of websites. The vulnerability allowed attackers to bypass authentication and gain unauthorised access to" [YouTube Link](https://youtube.com/watch?v=zN9P31DWjSk) 2025-02-05T09:12Z [----] followers, [----] engagements "๐๐ฉ๐ผ๐ป Hack Back: Binary analysis Reverse Shell Smart Contract TryHackMe ๐ฉ๐ผ๐ป๐ ๐Can you get to the bottom of what's wrong with the machine๐ ๐You have just been handed a machine by a disgruntled colleague. Pulling hairs out he explains that of late this machine has been very slow and crashed multiple times. They said the machine is relatively new and not nearly at an age where its performance should suffer. They've asked if you can look at the machine and determine what's causing this behavior. Can you use your cyber sleuthing skills and know how to get to the bottom of the machine's" [YouTube Link](https://youtube.com/watch?v=zVR0TNxuocU) 2024-11-11T05:50Z [----] followers, [---] engagements "TryHackMe Invite Only Full Walkthrough [----] - Hijacked Discord Invites - Malware Delivery ๐ฅ๐ฅ Extract insight from a set of flagged artefacts and distil the information into usable threat intelligence. ๐๐๐๐ Room Link: https://tryhackme.com/room/invite-only โกโก Scenario:โกโก You are an SOC analyst on the SOC team at Managed Server Provider TrySecureMe. Today you are supporting an L3 analyst in investigating flagged IPs hashes URLs or domains as part of IR activities. One of the L1 analysts flagged two suspicious findings early in the morning and escalated them. Your task is to analyse these" [YouTube Link](https://youtube.com/watch?v=zf9N6rwdM9Y) 2025-09-14T07:18Z [----] followers, [---] engagements "TryHackMe Walking An Application - Full Walkthrough [----] ๐ฑ๐ฑ Manually review a web application for security issues using only your browsers developer tools. Hacking with just your browser no tools or scripts. ๐๐ Room Link: https://tryhackme.com/room/walkinganapplication ๐๐ Room Tasks ๐๐ 00:00 โ Task 1: Walking An Application 01:13 โ Task 2: Exploring The Website 03:06 โ Task 3: Viewing The Page Source - What is the flag from the HTML comment - What is the flag from the secret link - What is the directory listing flag - What is the framework flag 13:50 โ Task 4: Developer Tools -" [YouTube Link](https://youtube.com/watch?v=-J7xmUEWbfQ) 2025-10-20T10:37Z [----] followers, [--] engagements "Publisher: Exploiting SPIP with CVE-2023-27372 for RCE and Beyond TryHackMe CTF walk through Test your enumeration skills on this boot-to-root machine. CVE-2023-27372 / SPIP publishing system ๐ท room link: https://tryhackme.com/r/room/publisher The "Publisher" CTF machine is a simulated environment hosting some services. Through a series of enumeration techniques including directory fuzzing and version identification a vulnerability is discovered allowing for Remote Code Execution (RCE). Attempts to escalate privileges using a custom binary are hindered by restricted access to critical system" [YouTube Link](https://youtube.com/watch?v=-Y3GO01UYHg) 2024-06-29T13:22Z [----] followers, [----] engagements "TryHackMe FAT32 Analysis Examine the FAT32 filesystem from a forensic point of view Examine the FAT32 filesystem from a forensic point of view โ Room Link โ : https://tryhackme.com/room/fat32analysis โ Introduction โ โก A filesystem tracks how and where files are stored on an Operating System. It provides a translation between the files locations on the OS and their locations on physical storage. A filesystem also tracks file-related changes and options such as file deletion file access file size and more. โก Filesystems are an essential component in forensics. Threat actors often abuse it in" [YouTube Link](https://youtube.com/watch?v=0jMoPhiNeVk) 2025-02-09T16:43Z [----] followers, [----] engagements "TryHackMe Padelify - Full Walkthrough [----] - XSS - WAF ๐ Use red-teaming techniques to bypass the WAF and obtain admin access to the web application. ๐ฆฎ ๐ Room Link: https://tryhackme.com/room/padelify ๐ง Youve signed up for the Padel Championship but your rival keeps climbing the leaderboard. The admin panel controls match approvals and registrations. Can you crack the admin and rewrite the draw before the whistle ๐ Tasks ๐ ๐ What is the flag value after logging in as a moderator ๐ What is the flag value after logging in as admin โ Educational Purpose Only This content is for" [YouTube Link](https://youtube.com/watch?v=1AwcTlsvL_s) 2025-11-24T03:35Z [----] followers, [---] engagements "TryHackMe: Industrial Intrusion CTF (Breach Task) Node-RED ๐๐ Room Link: https://tryhackme.com/room/industrial-intrusion ๐ฏ Get ready for the Industrial Intrusion CTF In this video we tackle the pre-task challenge "Breach" on TryHackMe. Our mission is to find a way to open the main gate by bypassing the badge authentication system. ๐ฏ Join us as we dig into the control infrastructure exploring open ports and uncovering a critical weakness in the system's HMI (Human-Machine Interface). ๐ฏ This is the perfect warm-up for the main event. If you want to see how to exploit real-world Industrial" [YouTube Link](https://youtube.com/watch?v=1sSZb-Vefhs) 2025-06-26T06:18Z [----] followers, [----] engagements "Decrypt NTLM traffic - Wireshark - Decrypting SMB3 Traffic -TryHackme Block - ๐ฆ This new way to solve the Block room on TryHackMe. Showcasing how to decrypt smb traffic if you know user password using Wireshark NTLMSSP support Also if you just have NT hash you can decrypt NTLM encrypted traffic (smb3 encrypted traffic) by providing the hash in a keytab file. ๐ฆ๐ฆScript used to generate keytab file: https://github.com/dirkjanm/forest-trust-tools/blob/master/keytab.py ๐ฆ๐ฆArticles used: ๐ https://wiki.wireshark.org/NTLMSSP ๐ " [YouTube Link](https://youtube.com/watch?v=3-pMkmHg8Ag) 2024-08-13T06:43Z [----] followers, [---] engagements "TryHackMe JWT Security - Full Walkthrough TryHackMe Walkthrough on Token-Based Authentication Master JWTs & Token Security TryHackMe Room Guide ๐ท๐ท Room Link: https://tryhackme.com/r/room/jwtsecurity In this room you will learn about JSON Web Tokens (JWTs) and the security associated with them. With the rise of APIs token-based authentication has become a lot more popular and of these JWTs remain one of the most popular implementations. However with JWTs ensuring the implementation is done securely is incredibly important. Insecure implementations can lead to serious vulnerabilities with" [YouTube Link](https://youtube.com/watch?v=3zs3XYcOOOs) 2024-09-20T06:26Z [----] followers, 13.5K engagements "๐ง โจ๐ EXT Analysis forensic basics of the EXT file system TryHackMe ๐ง ๐ง๐งDiscover the forensic basics of the EXT file system.๐ง๐ง https://tryhackme.com/room/extanalysis ๐งFile system analysis is a fundamental skill in digital forensics allowing investigators to extract and interpret data stored on storage devices. EXT4 the default file system for many Linux distributions organizes data into structures like inodes directories and blocks each carrying critical information about files directories and their history.๐ง ๐งThis room focuses on analyzing the EXT4 file system to gather evidence" [YouTube Link](https://youtube.com/watch?v=4IJBdLAFWZU) 2025-02-20T13:40Z [----] followers, [---] engagements "TryHackMe Contrabando Full Walkthrough [----] LFI SSTI Request Smuggling ๐ง TryHackMe room link: https://tryhackme.com/room/contrabando ๐ง๐ Never tell me the odds.๐๐ง Our company was excited to release our new product but a recent attack has forced us to go down for maintenance. They have asked you to conduct a vulnerability assessment to help identify how the attack occurred. Are you up for it In this room you start by exploiting CVE-2023-25690 (HTTP request splitting with mod_rewrite and mod_proxy) and get your first initial reverse shell inside the machine you scan local networks to find a" [YouTube Link](https://youtube.com/watch?v=5-izLhcaD6M) 2025-08-18T14:32Z [----] followers, [----] engagements "IDORable Bistro - SANS Holiday Hack Challenge [----] ๐ฏ Josh has a tasty IDOR treat for youstop by Sasabune for a bite of vulnerability. What is the name of the gnome ๐ท๐ท Challenge Link: https://www.sans.org/cyber-ranges/holiday-hack-challenge ๐ฉ๐ฉ Hints: ๐ฉ๐ฉ โ Sometimes.developers put in a lot of effort to anonymyze information by using randomly generated identifiers.but.there are also times where the "real" ID is used in a separate Network request. โ I had tried to scan one of the QR codes and it took me to somebody's meal receipt I am afraid somebody could look up anyone's meal if they" [YouTube Link](https://youtube.com/watch?v=5D7v_yVHwRw) 2025-11-30T07:11Z [----] followers, [--] engagements "TryHackMe AI in Security - old sAInt nick - Advent of Cyber [----] ๐ Unleash the power of AI by exploring it's uses within cyber security. ๐ฆฎ Day [--] of Advent of Cyber [----] ๐ ๐ง Link: https://tryhackme.com/room/AIforcyber-aoc2025-y9wWQ1zRgB ๐ฆฎ The lights glimmer and servers hum blissfully at The Best Festival Company (TBFC) melting the snow surrounding the data centre. TBFC has continued its pursuit of AI excellence. After the past two years they realise that Van Chatty their in-house chatbot wasnt quite meeting their standards. ๐ฆฎ Unfortunately for the elves at TBFC they are also not immune" [YouTube Link](https://youtube.com/watch?v=6F8KZdsbVMw) 2025-12-04T16:59Z [----] followers, [---] engagements "Neighborhood Watch Bypass - SANS Holiday Hack Challenge [----] - Linux PATH hijacking Assist Kyle at the old data center with a fire alarm that just won't chill. ๐ท๐ท Challenge Link: https://www.sans.org/cyber-ranges/holiday-hack-challenge ๐ฉ๐ฉ Room Scenario: ๐ฉ๐ฉ ๐ chiuser @ Dosis Neighborhood ๐ $ ๐ฅ๐จ๐ฅ๐จ๐ฅ๐จ๐ฅ๐จ๐ฅ๐จ๐ฅ๐จ๐ฅ๐จ๐ฅ๐จ๐ฅ DOSIS NEIGHBORHOOD FIRE ALARM SYSTEM - LOCKOUT MODE ๐ฅ๐จ๐ฅ๐จ๐ฅ๐จ๐ฅ๐จ๐ฅ๐จ๐ฅ๐จ๐ฅ๐จ๐ฅ๐จ๐ฅ ๐จ EMERGENCY ALERT: Fire alarm system admin access has been compromised ๐จ โ The fire safety systems are experiencing interference and admin privileges have been mysteriously" [YouTube Link](https://youtube.com/watch?v=7Rr2yPzJPRQ) 2025-12-18T05:39Z [----] followers, [---] engagements "Carrotbane of My Existence Side Quest Access key - Full Walkthrough [----] ๐ฏ๐ฏ Step by step to get the key to access side quest room Carrotbane of My Existence https://tryhackme.com/room/sq3-aoc2025-bk3vvbcgiT ๐ฏ๐ฏ Key is on room CyberChef - Hoperation Save McSkidy - Day [--] https://tryhackme.com/room/encoding-decoding-aoc2025-s1a4z7x0c3 ๐ Scenario: ๐ Hopper managed to use CyberChef to scramble the easter egg key image. He used this very recipe to do it. The scrambled version of the egg can be downloaded from:" [YouTube Link](https://youtube.com/watch?v=8OQX9d6igKA) 2025-12-31T23:45Z [----] followers, [--] engagements "Quantgnome Leap - SANS Holiday Hack Challenge [----] Charlie in the hotel has quantum gnome mysteries waiting to be solved. What is the flag that you find ๐ท๐ท Challenge Link: https://www.sans.org/cyber-ranges/holiday-hack-challenge ๐ฉ๐ฉ Room Scenario: ๐ฉ๐ฉ +---------------------------------+ "If we knew the unknown the unknown wouldn't be unknown." Quantum Leap (TV series) +---------------------------------+ You observed me the Gnome. .and I observed you back. Did you see me Am I here or not Both Neither Am I a figment of your imagination Nay I am the QuantGnome. Welcome to my challenge ***" [YouTube Link](https://youtube.com/watch?v=8p-bxKDttCM) 2025-12-08T13:26Z [----] followers, [---] engagements "TryHackMe Breaking Crypto the Simple Way - Common Cryptographic Mistakes - Bit Flipping Attacks ๐๐ Can You Break Crypto This Easily TryHackMe - Exploiting Simple Crypto Flaws - Exploiting common cryptographic mistakes. ๐๐ Learn how to exploit common cryptographic mistakes in this TryHackMe walkthrough We'll cover brute-forcing keys breaking hashes finding exposed keys and even bit flipping attacks. Perfect for beginners and anyone looking to understand real-world crypto vulnerabilities. Let's dive in ๐Brute-forcing Keys (RSA) ๐Breaking Hashes (HMAC hashcat) ๐Exposed Keys (Encryption" [YouTube Link](https://youtube.com/watch?v=AQYcM_Z28mY) 2025-04-09T06:51Z [----] followers, [----] engagements "Rogue Gnome Identity Provider - JWKS spoofing - SANS Holiday Hack Challenge [----] Hike over to Paul in the park for a gnomey authentication puzzle adventure. What malicious firmware image are the gnomes downloading This room is about JWT authentication bypass via jku header injection (JWKS spoofing) ๐ท๐ท Challenge Link: https://www.sans.org/cyber-ranges/holiday-hack-challenge ๐ฉ๐ฉ Scripts Used in this video ๐ฉ๐ฉ Python script to generate jwks.json: https://github.com/djalilayed/SANS-Holiday-Hack-Challenge-2025/blob/main/Rogue_Gnome_Identity_Provider/jwks.py Commands Used:" [YouTube Link](https://youtube.com/watch?v=AWEcumWFnHs) 2025-12-07T09:04Z [----] followers, [---] engagements "TryHackMe Farewell - Full Walkthrough [----] ๐ฏ Use red-teaming techniques to bypass the WAF and obtain admin access to the web application. ๐๐ Room Link: https://tryhackme.com/room/farewell ๐ฏ The farewell server will be decommissioned in less than [--] hours. Everyone is asked to leave one last message but the admin panel holds all submissions. Can you sneak into the admin area and read every farewell message before the lights go out ๐ฏ Commands / payloads used on the video: https://github.com/djalilayed/tryhackme/tree/main/Farewell ๐ฏ Python script used on the video:" [YouTube Link](https://youtube.com/watch?v=BA0Fa2_mDdc) 2025-11-17T16:15Z [----] followers, [---] engagements "Dosis Network Down - SANS Holiday Hack Challenge [----] ๐ฏ Drop by JJ's 24-7 for a network rescue and help restore the holiday cheer. What is the WiFi password found in the router's config ๐ท๐ท Challenge Link: https://www.sans.org/cyber-ranges/holiday-hack-challenge ๐ฉ๐ฉ Hints: ๐ฉ๐ฉ โ I can't believe nobody created a backup account on our main router.the only thing I can think of is to check the version number of the router to see if there are any.ways around it. โ You know.if my memory serves me correctly.there was a lot of fuss going on about a UCI (I forgot the exact term.) for that router." [YouTube Link](https://youtube.com/watch?v=BG6gnhjqJBo) 2025-11-29T14:26Z [----] followers, [---] engagements "Rabbit Store SSTI Rabbitmq SSRF API web application testing TryHackMe ๐ฅ๐ฅ New room Rabbit Store from @RealTryHackMe : Demonstrate your web application testing skills and the basics of Linux to escalate your privileges. ๐ฅ๐ฅ This interesting room you start with JWT token exploit (Mass assignment vulnerabilities) for entry point SSRF then SSTI exploit for root you work with Rabbitmq (Password Hashes) ๐ฅ๐ฅ Room Link: https://tryhackme.com/room/rabbitstore ๐ฅ๐ฅ API testing (Mass assignment vulnerabilities) https://portswigger.net/web-security/api-testing ๐ฅ๐ฅ SSTI payload used in this room:" [YouTube Link](https://youtube.com/watch?v=BLEUNfBgNAg) 2025-02-25T15:04Z [----] followers, [----] engagements "TryHackMe Elastic Stack: The Basics Full Walkthrough [----] Understand how SOC analysts use the Elastic Stack (ELK) for log investigations. ๐๐ Room Link: https://tryhackme.com/room/investigatingwithelk101 ๐ธ Learning Objectives ๐ธ This room has the following learning objectives: ๐ Understand the components of ELK and their use in SOC ๐ Explore the different features of ELK ๐ Learn to search and filter data in ELK ๐ Investigate VPN logs to identify anomalies ๐ Familiarize with creating visualizations and dashboards in ELK ๐ธ Timestamp: ๐ธ 00:00 Task 1: Introduction 01:27 Task 2: Elastic" [YouTube Link](https://youtube.com/watch?v=BvvlXDmWZY4) 2026-01-20T09:21Z [----] followers, [---] engagements "Monday Monitor on TryHackMe Swiftspend's Cybersecurity Challenge TryHackMe SOC Level [--] SAL1 ๐ช๐ช Ready to test Swiftspend's endpoint monitoring ๐ช๐ช Scenario Swiftspend Finance the coolest fintech company in town is on a mission to level up its cyber security game to keep those digital adversaries at bay and ensure their customers stay safe and sound. Led by the tech-savvy Senior Security Engineer John Sterling Swiftspend's latest project is about beefing up their endpoint monitoring using Wazuh and Sysmon. They've been running some tests to see how well their cyber guardians can sniff out" [YouTube Link](https://youtube.com/watch?v=CWCHBtnXg7U) 2024-07-30T13:11Z [----] followers, [----] engagements "TryHackMe Passive Reconnaissance - Full Walkthrough [----] Learn about the essential tools for passive reconnaissance such as whois nslookup and dig. ๐ท๐ท Room Link: https://tryhackme.com/room/passiverecon ๐ฏ Room Tasks: ๐ฏ ๐ Task 1: Introduction ๐ Task 2: Passive Versus Active Recon ๐ Task 3: Whois ๐ Task 4: nslookup and dig ๐ Task 5: DNSDumpster ๐ Task 6: Shodan.io ๐ Task 7: Summary ๐ฆฎ Websites used on the video: ๐ฆฎ Shodan: https://www.shodan.io/ Nslookup: https://www.nslookup.io/ Mxtoolbox: https://mxtoolbox.com/ DNSDumpster: https://dnsdumpster.com/ โ Educational Purpose Only This" [YouTube Link](https://youtube.com/watch?v=CgIDHZCLiHI) 2026-01-02T10:33Z [----] followers, [---] engagements Limited data mode. Full metrics available with subscription: lunarcrush.com/pricing
@djalilayed Djalil Ayed
Djalil Ayed posts on YouTube about ctf, the first, shell, ai the most. They currently have [-----] followers and [---] posts still getting attention that total [------] engagements in the last [--] hours.
Engagements: [------] #
- [--] Week [-----] +68%
- [--] Month [------] +59%
- [--] Months [------] +52%
- [--] Year [-------] +199%
Mentions: [--] #
- [--] Week [--] +88%
- [--] Month [--] +54%
- [--] Months [---] +50%
- [--] Year [---] +442%
Followers: [-----] #
- [--] Week [-----] +2.50%
- [--] Month [-----] +9%
- [--] Months [-----] +49%
- [--] Year [-----] +116%
CreatorRank: [-------] #
Social Influence
Social category influence technology brands stocks finance currencies travel destinations cryptocurrencies social networks
Social topic influence ctf #24, the first, shell, ai, link, how to, splunk, tools, can you #2808, hidden
Top accounts mentioned or mentioned by @probablyfinethm @kingfordacuk @realtryhackme
Top assets mentioned Microsoft Corp. (MSFT) CyberConnect (CYBER) FilesCoins Power Cu (FILECOIN)
Top Social Posts
Top posts by engagements in the last [--] hours
"TryHackMe Python: Simple Demo ๐ฑ Explore what a basic Python program looks like. ๐ชผ Room link: https://tryhackme.com/room/pythonsimpledemo ๐ฑ Learning Objectives ๐ฑ ๐งLearn about Python variables ๐งUnderstand how conditional statements are used ๐งSee iteration (loop) in action ๐ฑ Room Tasks: ๐ฑ ๐ Task 1: Introduction ๐ธ Task 2: Variables - What is the name of the function we used to display text on the screen - What is the name of the function that we used to convert user input to an integer ๐ Task 3: Conditional Statements - How does Python write else if - What will the program display if"
YouTube Link 2026-02-15T10:07Z [----] followers, [--] engagements
"TryHackMe Introduction to Phishing - SOC Simulator - Full Walkthrough [----] - Updated - Elastic ๐ท๐ท Room Link: https://tryhackme.com/soc-sim/scenarios In this video will use Elastic to solve the scenario. ๐ท๐ท ๐ท๐ท TryHackMe SOC Level [--] Video Playlist: https://www.youtube.com/playlistlist=PLrY_AbzZGqt9-_QEdK64kN4RNzqgQ8dQM ๐ฉ Scenario overview ๐ฉ Learn how to use SOC Simulator by completing your first scenario. Close all True Positive alerts to pass ๐๐ Scenario objectives ๐๐ ๐ Monitor and analyze real-time alerts. ๐ Identify and document critical events such as suspicious emails and"
YouTube Link 2025-11-07T13:20Z [----] followers, [----] engagements
"TryHackMe Data Encoding - Full Walkthrough [----] ๐ฅฅ Learn how computer encodes characters from ASCII to Unicode's UTF. ๐๐ Room link: https://tryhackme.com/room/dataencoding ๐จ Learning Objectives ๐จ ๐ฏ Upon completion of this room you will learn about: ๐ ASCII ๐ Unicode ๐ UTF-8 UTF-16 and UTF-32 ๐ How emoji is encoded ๐ And what causes weird gibberish characters ๐จ Room Tasks: ๐จ ๐
Task 1: Introduction ๐ฅ Task 2: ASCII ๐ Task 3: Unicode ๐ Task 4: Conclusion โ Educational Purpose Only This content is for educational and authorized penetration testing purposes only. Always ensure you"
YouTube Link 2026-02-12T17:56Z [----] followers, [---] engagements
"TryHackMe Cupid's Matchmaker Stored XSS Full Walkthrough [----] ๐ Use your web exploitation skills against this matchmaking service. ๐ฆ ๐ Room Link: https://tryhackme.com/room/lafb2026e3 In this room we use vulnerability on survey form using Stored XSS to get admin cookie which is the flag for this room. ๐ My Dearest Hacker ๐ง Tired of soulless AI algorithms At Cupid's Matchmaker real humans read your personality survey and personally match you with compatible singles. Our dedicated matchmaking team reviews every submission to ensure you find true love this Valentine's Day ๐No algorithms."
YouTube Link 2026-02-15T07:37Z [----] followers, [---] engagements
"TryHackMe Speed Chatting File Upload Vulnerability Full Walkthrough [----] ๐ Can you hack as fast as you can chat ๐ฆ ๐ Room Link: https://tryhackme.com/room/lafb2026e4 ๐ฆ ๐ Reverse Shell used on this room: https://github.com/djalilayed/tryhackme/blob/main/Love_at_First%20Breach/Speed_Chatting/reverse_shell.py ๐ฑ In this room we exploit vulnerability on profile upload image it has unrestricted file upload which allow us to upload Python reverse shell then get the flag. ๐ฅ My Dearest Hacker ๐ฆ Days before Valentine's Day TryHeartMe rushed out a new messaging platform called "Speed Chatter""
YouTube Link 2026-02-15T05:01Z [----] followers, [---] engagements
"TryHackMe When Hearts Collide MD5 collision Full Walkthrough [----] โฃ Will you find your MD5 match ๐ ๐ฅ Room link: https://tryhackme.com/room/lafb2026e1 ๐ Tool used: ๐ MD5 collision generator: https://github.com/brimstone/fastcoll We have an app they allow you to upload images and match its md5 value to existing dogs images if md5 match you get the flag. ๐ My Dearest Hacker ๐ฆ Matchmaker is a playful hash-powered experience that pairs you with your ideal dog by comparing MD5 fingerprints. Upload a photo let the hash chemistry do its thing and watch the site reveal whether your vibe already"
YouTube Link 2026-02-15T05:01Z [----] followers, [---] engagements
"TryHackMe TryHeartMe JWT Full Walkthrough [----] ๐ Access the hidden item in this Valentine's gift shop. ๐ท๐ท Room Link: https://tryhackme.com/room/lafb2026e5 This room about JWT security failure. signature is not being verified ๐ฆ My Dearest Hacker ๐ฆ The TryHeartMe shop is open for business. Can you find a way to purchase the hidden Valenflag item ๐ฑ Website used on this video: ๐ฑ โฃ JSON Web Token (JWT) Debugger: https://www.jwt.io/ โฃ CyberChef: https://gchq.github.io/CyberChef/ โ Educational Purpose Only This content is for educational and authorized penetration testing purposes only."
YouTube Link 2026-02-15T05:01Z [----] followers, [---] engagements
"TryHackMe Data Representation Full Walkthrough [----] Learn about how computers represent numbers and colors. ๐น ๐ Room link: https://tryhackme.com/room/datarepresentation ๐ฑ Room Tasks: ๐ฑ ๐ Representing [--] colors ๐ Representing [--] million colors ๐ Binary numbers ๐ Hexadecimal numbers ๐ (Optional) Octal numbers ๐ซ ๐ช Room Tasks: ๐ซ ๐ช ๐ Task 1: Introduction ๐ฆ Task 2: Representing Colors - Preview the color #3BC81E. In one word what does this color appear to be - What is the binary representation of the color #EB0037 - What is the decimal representation of the color #D4D8DF ๐น Task 3:"
YouTube Link 2026-02-15T12:57Z [----] followers, [--] engagements
"TryHackMe Corp Website React2Shell Full Walkthrough [----] ๐ ๐ช Room link: https://tryhackme.com/room/lafb2026e7 โฃ Resource used in this video: โฃ ๐ React2Shell: CVE-2025-55182: https://tryhackme.com/room/react2shellcve202555182 ๐ Penelope is a powerful shell handler built as a modern netcat replacement for RCE exploitation: https://github.com/brightio/penelope This room showcase React2Shell vulnerability in a web app which will give us access as user using reverse shell we get root access as user has sudo root level to run Python binary. ๐ ๐ My Dearest Hacker ๐ โฃ Valentine's Day is fast"
YouTube Link 2026-02-15T05:06Z [----] followers, [---] engagements
"TryHackMe Signed Messages Deterministic RSA Keys & Forging PSS Signatures Full Walkthrough [----] โฃ Their messages are secret unless you find the key. ๐ฆ ๐ฅ Room link: https://tryhackme.com/room/lafb2026e8 ๐ฑ Resources: ๐ฑ ๐ท๐ท My Exploit Script: https://github.com/djalilayed/tryhackme/blob/main/Love_at_First%20Breach/Signed_Messages/admin_signature.py This room about Cracking Deterministic RSA Keys & Forging PSS Signatures. the app which claims to secure user messages with "Industry Standard RSA-2048." Spoiler alert: It doesn't. We start by finding a debug log that reveals a critical flaw: the"
YouTube Link 2026-02-15T07:28Z [----] followers, [----] engagements
"TryHackMe Valenfind LFI Full Walkthrough [----] ๐ Can you find vulnerabilities in this new dating app ๐ฅ ๐ Room Link: https://tryhackme.com/room/lafb2026e10 In this dating app we find an LFI we use it to access app code then download SQLite database that contain administrator login after login as admin we check the profile and we find the flag. ๐ฆ My Dearest Hacker ๐ Theres this new dating app called Valenfind that just popped up out of nowhere. I hear the creator only learned to code this year; surely this must be vibe-coded. Can you exploit it โ Educational Purpose Only This content is for"
YouTube Link 2026-02-15T05:58Z [----] followers, [---] engagements
"Zeek - TryHackMe - Walkthrough Tryhackme SOC Level [--] SAL1 Introduction to hands-on network monitoring and threat detection with Zeek (formerly Bro). https://tryhackme.com/room/zeekbro Zeek (formerly Bro) is an open-source and commercial network monitoring tool (traffic analyser). The room aims to provide a general network monitoring overview and work with Zeek to investigate captured traffic. This room will expect you to have basic Linux familiarity and Network fundamentals (ports protocols and traffic data). We suggest completing the "Network Fundamentals" path before starting working in"
YouTube Link 2022-11-09T06:57Z [----] followers, 10.6K engagements
"TryHackMe OAuth Vulnerabilities Full Walkthrough [----] ๐ฏ๐ฏ Learn how the OAuth protocol works and master techniques to exploit it. ๐ธThis part of TryHackMe Web Application Pentesting Path ๐๐๐ Room Link: https://tryhackme.com/room/oauthvulnerabilities ๐จ๐จ In modern web applications OAuth vulnerabilities emerge as a serious and frequently disregarded risk; when we talk about OAuth we're talking about OAuth [---] the commonly used authorisation framework. The vulnerabilities occur when hackers take advantage of weaknesses in OAuth [---] which allows for CSRF XSS data leakage and exploitation of"
YouTube Link 2025-09-14T12:22Z [----] followers, [---] engagements
"๐๐ฏ๐ง SOC L1 Alert Reporting TryHackMe SOC Simulator SAL1 COACH ๐ง ๐ง ๐ก Learn how to properly report escalate and communicate about high-risk SOC alerts.๐ก ๐ฏ During or after alert triage L1 analysts may be uncertain about how to classify the alert requiring senior support or information from the system owner. Also L1 may deal with real cyberattacks and breaches that need immediate attention and remediation actions. This room covers these cases by introducing three new terms: alert reporting escalation and communication. ๐๐Learning Objectives ๐ก๐ก ๐กUnderstand the need for SOC alert"
YouTube Link 2025-04-20T12:26Z [----] followers, [----] engagements
"๐๐ ๐๐ TryHackMe: The London Bridge - Boot2Root with CVE-2018-18955 & Firefox Decrypt ๐๐ ๐๐ ๐๐ The London Bridge is falling down.๐๐ This is a classic boot2root CTF-style room. Make sure to get all the flags. Resources used: ๐๐ Arjun: https://github.com/s0md3v/Arjun ๐๐ CVE-2018-18955 https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/blob/main/bin-sploits/47165.zip https://vulners.com/zdt/1337DAY-ID-33029 ๐๐ firefox_decrypt https://github.com/unode/firefox_decrypt ๐๐ sqlite viewer: https://inloop.github.io/sqlite-viewer/ ๐๐ room linke:"
YouTube Link 2024-09-27T06:52Z [----] followers, [----] engagements
"๐ฏ ๐ Task [--] CRC Me If You Can TryHackMe Industrial Intrusion CTF Custom CRC-32 Challenge ๐๐ Room Link: https://tryhackme.com/room/industrial-intrusion ๐ธScenario:๐ธ Three months after the Virelia Water Control Facility was remediated flickering sensors and phantom alerts persist. A covert second-stage implant still lurks waiting for its kill switch. As a hired red-team specialist for Black Echo your mission is to forge a legitimate control frame that disables the implant before the real attacker flips it on. use Netcat to interact with the CRC-Oracle and the Control server: Port 1501"
YouTube Link 2025-07-02T13:05Z [----] followers, [---] engagements
"Outlook NTLM Leak Tryhackme - CVE-2023-23397 Leak password hashes from a user by sending them an email by abusing CVE-2023-23397. Unlike most exploits this one is particularly dangerous because it is a zero-click exploit meaning no user interaction is required to trigger it. Once an infected email arrives in the user's inbox the attacker can obtain sensitive Net-NTLMv2 credential hashes. Once malicious actors have those hashes they can get a user's credentials authenticate to their system and escalate privileges. https://tryhackme.com/room/outlookntlmleak #tryhackme"
YouTube Link 2023-03-24T16:11Z [----] followers, [----] engagements
"๐ง๐ง APIWizards Breach TryHackMe ๐ง๐ง ๐ง๐ง Investigate a security breach at APIWizards Inc. ๐ง๐ง You were hired as a dedicated external DFIR specialist to help the APIWizards Inc. company with a security incident in their production environment. APIWizards develop REST APIs on demand and hosts them on separate Ubuntu servers. The company suspects that one of its servers is compromised. ๐ง๐ง https://tryhackme.com/r/room/apiwizardsbreach #tryhackme #dfir"
YouTube Link 2024-08-03T10:59Z [----] followers, [---] engagements
"TryHackMe Vulnerability Capstone Full Walkthrough [----] - Fuel CMS - CVE-2018-16763 Apply the knowledge gained throughout the Vulnerability Module in this challenge room. ๐๐ Room Link: https://tryhackme.com/room/vulnerabilitycapstone Part of TryHackMe Jr Penetration Tester Path. โกโก Summarise the skills learnt in this module by completing this capstone room for the "Vulnerability Research" module. โก Ackme Support Incorporated has recently set up a new blog. Their developer team have asked for a security audit to be performed before they create and publish articles to the public. โก It is your"
YouTube Link 2025-09-11T11:45Z [----] followers, [---] engagements
"๐ฝ๐ฝ Explore FlareVM Arsenal of Tools forensics incident response malware investigation tools SAL1 ๐ฝ ๐ฝ Learn the arsenal of investigative tools in FlareVM. ๐พ Arsenal of Tools ๐พ Commonly Used Tools for Investigation: Overview ๐พ Analyzing Malicious Files ๐ฝ https://tryhackme.com/r/room/flarevmarsenaloftools ๐ฝ these tutorials are for educational purposes and to encourage responsible and legal use of hacking knowledge. #THMCyberSecurity101 #CyberSecurity101 #FlareVM #InvestigationTools #TryHackMe #CyberSecurityTraining #MalwareAnalysis #DigitalForensics #CyberArsenal #CyberInvestigation"
YouTube Link 2024-10-25T06:04Z [----] followers, [----] engagements
"๐๐๐ Injectics Walkthrough SQL Injection & SSTI Exploits TryHackMe๐๐๐ Use your injection skills to take control of a web app. Take Control with SQL Injection & SSTI Injectics TryHackMe Guide ๐Script Used in this room: https://github.com/djalilayed/tryhackme/blob/main/Injectics/get_flag.sh ๐Room Link: https://tryhackme.com/r/room/injectics Master SQL Injection & Server-Side Template Injection Injectics Room ๐Good write up: https://0xb0b.gitbook.io/writeups/tryhackme/2024/injectics these tutorials are for educational purposes and to encourage responsible and legal use of hacking"
YouTube Link 2024-07-29T18:27Z [----] followers, [---] engagements
"๐๐ชป SOC Metrics and Objectives TryHackMe ๐๐ชป ๐ง ๐บExplore key metrics driving SOC effectiveness and discover ways to improve them. ๐ง ๐บ As with any other department the efficiency of the SOC team can be measured using different indicators and metrics. This room explores the most common evaluation approaches like MTTD and MTTR and describes both methods to improve the metrics and potential consequences of ignoring them. ๐ชปLearning Objectives ๐ชป ๐ Discover the concepts of SLA MTTD MTTA and MTTR ๐ Understand the importance of the False Positive rate ๐ Learn why and how to improve the"
YouTube Link 2025-05-11T06:23Z [----] followers, [---] engagements
"Source Code Security - TryHackMe - Learn how to keep your source code secure using credential hygiene practices. In today's fast-paced software development landscape protecting your source code is crucial to ensure the integrity and confidentiality of your applications. One of the critical tools in source code management is version control which allows teams to collaborate track changes and maintain a history of their codebase. https://tryhackme.com/room/sourcecodesecurity #tryhackme"
YouTube Link 2023-10-18T05:56Z [----] followers, [--] engagements
"๐ ๐๐ฏ Task [--] Disk CRM Snatch Honeynet Collapse CTF TryHackMe ๐ ๐๐ฏ ๐๐Welcome to Honeynet Collapse ๐๐ Room Link: https://tryhackme.com/room/honeynet-collapse ๐ ๐ CRM Snatch๐ ๐ ๐Which domain account was used to initiate the remote session onto the host ๐For how many seconds did the attacker maintain their PowerShell session active ๐What was the attacker's C2 IP address used for staging and exfiltration ๐Which well-known tool was used to exfiltrate the collected data ๐What is the obscured password to the attacker-controlled Mega ๐What is Lucas's email address found in the"
YouTube Link 2025-07-28T17:01Z [----] followers, [---] engagements
"โ
Baselines and Anomalies Identify normal activity and hunt for anomalies TryHackMe Walk Throughโ
๐ป Baselining Hardware Inventory ๐ป Baselining Software Inventory ๐ป Living Off the Land ๐ป Baselining Network Traffic ๐ป Baselining Identity and Access Management ๐ป Identifying Suspicious Environment Specific Use Cases https://tryhackme.com/r/room/baselineanomalies ๐ Like Subscribe and Comment to stay updated with our latest cybersecurity tutorials. If you have any questions or need further clarification on any concept feel free to drop a comment below these tutorials are for educational"
YouTube Link 2025-01-09T08:03Z [----] followers, [---] engagements
"TryHackMe IDOR Full Walkthrough [----] - Insecure Direct Object Reference ๐ฏ Learn how to find and exploit IDOR vulnerabilities in a web application giving you access to data that you shouldn't have.๐ฏ ๐ฏIDOR stands for Insecure Direct Object Reference and is a type of access control vulnerability.๐ฏ ๐ท๐ท Room Link: https://tryhackme.com/room/idor This room part of TryHackMe Jr Penetration Tester path. ๐ What is an IDOR ๐ An IDOR Example ๐ Finding IDORs in Encoded IDs ๐ Finding IDORs in Hashed IDs ๐ Finding IDORs in Unpredictable IDs ๐ Where are IDORs located ๐ A Practical IDOR Example โ
"
YouTube Link 2025-09-11T11:45Z [----] followers, [--] engagements
"๐ฏ ๐ Task [--] - Brr v1 TryHackMe: Industrial Intrusion CTF ๐๐ Room Link: https://tryhackme.com/room/industrial-intrusion Scenario: A forgotten HMI node deep in Virelias wastewater control loop still runs an outdated instance forked from an old Mango M2M stack. Script used: https://github.com/hev0x/CVE-2021-26828_ScadaBR_RCE โ Educational Purpose Only This content is for educational and authorized penetration testing purposes only. Always ensure you have permission before testing on any systems. #TryHackMe #CTF #IndustrialIntrusion"
YouTube Link 2025-06-29T23:00Z [----] followers, [---] engagements
"๐บ ๐ ๐ฅ Exploit Erlang/OTP SSH: CVE-2025-32433 TryHackMe PoC ๐บ ๐ Learn how to exploit CVE-2025-32433 a critical [----] CVSS vulnerability in Erlang/OTP SSH allowing unauthenticated Remote Code Execution (RCE). In this hands-on lab we demonstrate: ๐ Creating & Reading Files on the remote system ๐ Executing Commands with elevated privileges ๐ Gaining a Reverse Shell for full control ๐ Discovered by Ruhr University Bochum researchers ๐ TryHackMe Room Link: https://tryhackme.com/room/erlangotpsshcve202532433 ๐บWorking PoC for CVE-2025-32433๐บ https://github.com/ProDefense/CVE-2025-32433 ๐ก"
YouTube Link 2025-04-24T13:02Z [----] followers, [----] engagements
"๐จ๐ธ Anpu Sherlocks Hackthebox Android Forensics ๐จ๐ธ ๐งธ๐งธ Room Link: https://app.hackthebox.com/sherlocks/Anpu ๐ฉSherlock Scenario๐ฉ ๐๐Johnny noticed something unusual on his phone after installing a new version of WhatsApp such as tons of notifications web pages opening etc. and asked us to thoroughly investigate what had happened. Using various tools we managed to extract a copy of the phone's data and discovered that the app he had installed was malicious and belonged to a well-known family of Android malware specializing in data theft. Now we need to analyze this malicious application"
YouTube Link 2025-08-14T19:00Z [----] followers, [--] engagements
"Task-19 No Salt No Shame TryHackMe: Industrial Intrusion CTF Decrypting AES-CBC ๐๐ Room Link: https://tryhackme.com/room/industrial-intrusion In this video we're diving deep into a fun crypto challenge from the Virelia Water Facility series. We're given an encrypted log file and a passphrase but the implementation uses a critical vulnerability: a fixed all-zero IV with AES-CBC. Join me as we walk through the entire process from analysis to solution. We'll explore standard tools like CyberChef Python script to get the flag By the end of this walkthrough you'll understand: ๐น How passphrases"
YouTube Link 2025-06-30T08:52Z [----] followers, [---] engagements
"Secure Network Architecture TryHackMe Networking is one of the most critical components of a corporate environment but can often be overlooked from a security standpoint. A properly designed network permits not only internet usage and device communication but also redundancy optimization and security. In a well-designed network if a switch goes down then packets can be redistributed through another route with no loss in uptime. If a web server is compromised it cannot traverse the network and access important information. A system administrator should be confident that their servers are"
YouTube Link 2023-09-14T11:45Z [----] followers, [---] engagements
"๐๐ macOS Forensics: Artefacts Hands-On with Key Artefacts TryHackMe ๐๐ ๐ Understand the forensic artefacts in macOS and learn to leverage them for forensic analysis. Dive into macOS forensics with TryHackMe's "macOS Forensics: Artefacts" room This video guides you through essential forensic artefacts showing you where to find them and how they can be crucial in your investigations. We'll cover system info network details user activity execution evidence file system insights and connected devices. โก Learning Objectives โก ๐ก The different forensic artefacts present in macOS. ๐ก Where to"
YouTube Link 2025-04-18T12:59Z [----] followers, [---] engagements
"๐ง๐ง Getting Started with Linux Shells: Basics of Scripting in Cyber Security [---] TryHackMe SAL1๐ง๐ง Learn about scripting and the different types of Linux shells. ๐ง Introduction to Linux Shells ๐ง How To Interact With a Shell ๐ง Types of Linux Shells ๐ง Shell Scripting and Components ๐ง The Locker Script ๐ง Practical Exercise https://tryhackme.com/r/room/linuxshells these tutorials are for educational purposes and to encourage responsible and legal use of hacking knowledge. #CyberSecurity101 #LinuxShells #ShellScripting #TryHackMe #CyberSecurityBasics #LinuxFundamentals #BashScripting"
YouTube Link 2024-10-23T18:48Z [----] followers, [---] engagements
"๐๐ TryHackMe Extracted: Reversing XOR Encryption and Exploiting CVE-2023-3278 KeePass exploit ๐๐ ๐ Use your blue and red teaming skills to crack this case ๐ ๐ Room Link: https://tryhackme.com/r/room/extractedroom ๐ Tshark commands used: https://github.com/djalilayed/tryhackme/blob/main/Extracted/commands.txt ๐ Script Used for decoding XOR: ๐ https://github.com/djalilayed/tryhackme/blob/main/Extracted/decode.py ๐ KeePass Memory Dump Extractor https://github.com/JorianWoltjer/keepass-dump-extractor ๐ KeePass 2.X Master Password Dumper (CVE-2023-32784)"
YouTube Link 2024-10-17T11:47Z [----] followers, [---] engagements
"TryHackMe Voyage - Python Pickle Exploits #tryhackme Short video of TryHackMe room Voyage section finding secret portal checking the cookie using browser tools ๐ฃโRoom Link:๐ฃโ https://tryhackme.com/room/voyage"
YouTube Link 2025-09-02T18:17Z [----] followers, [---] engagements
"TryHackMe Log Analysis with SIEM Full Walkthrough [----] ๐ธ Learn how SIEM solutions can be used to detect and analyse different types of malicious behaviour. ๐ฉ๐ฉRoom Link: https://tryhackme.com/room/loganalysiswithsiem โ
Learning Objectivesโ
๐ Discover various data sources that are ingested into a SIEM. ๐ Understand the importance of data correlation. ๐ Learn the value of Windows Linux Web and Network logs during an investigation. ๐ Practice analysing malicious behaviour. ๐ 00:00 Task [--] Introduction ๐ 01:50 Task [--] Benefits of SIEM for Analysts ๐ 06:05 Task [--] Log Sources Overview ๐"
YouTube Link 2025-09-06T11:02Z [----] followers, [---] engagements
"โก๐ฒ L3 Keycard T3 Advent of Cyber '24 Side Quest Keycard TryHackMe โก๐ฒ Video how to get L3 Keycard to by pass Firewall in the room T3: Escaping the Blizzardโก๐ฒ โก๐ฒthis is based on IDOR Insecure Direct Object Referenceโก๐ฒ โก๐ฒ ๐ Like Subscribe and Comment to stay updated with our latest cybersecurity tutorials. If you have any questions or need further clarification on any concept feel free to drop a comment belowthese tutorials are for educational purposes and to encourage responsible and legal use of hacking knowledge.https://tryhackme.com/r/room/adventofcyber24sidequest#tryhackme"
YouTube Link 2025-01-01T00:00Z [----] followers, [---] engagements
"TryHackMe XXE Injection - Full Walkthrough [----] ๐ธ Exploiting XML External Entities. ๐ธ Room Link: https://tryhackme.com/room/xxeinjection ๐ธ XXE (XML External Entity) injection is a type of security flaw that exploits vulnerabilities in an application's XML input. It occurs when an application accepts XML input that includes external entity references within the XML itself. Attackers can leverage this vulnerability to disclose local files make server-side requests or execute remote code. ๐ธ Given the widespread use of XML in web applications particularly in web services and SOAP-based APIs"
YouTube Link 2025-10-06T13:52Z [----] followers, [--] engagements
"๐ ๐ชฉ๐ TryHackMe: A Bucket of Phish ๐ฃ - S3 Bucket Listing & Credential Leak Hackfinity Battle CTF๐ From the Hackfinity Battle CTF event. ๐ชฉ Scenario: ๐ชฉ DarkInjector has been using a Cmail phishing website to try to steal our credentials. We believe some of our users may have fallen for his trap. Can you retrieve the list of victim users Dive into the TryHackMe room "A Bucket of Phish" with this step-by-step walkthrough Learn how a common AWS S3 bucket misconfiguration (public bucket listing) can lead to a serious credential leak from a phishing website. In this video we'll guide you"
YouTube Link 2025-05-25T15:14Z [----] followers, [---] engagements
"Windows Command Line System Info Network Files Tasks & More Cyber Security [---] TryHackMe SAL1 Learn the essential Windows commands. ๐ช Basic System Information ๐ช Network Troubleshooting ๐ช File and Disk Management ๐ชTask and Process Management https://tryhackme.com/r/room/windowscommandline these tutorials are for educational purposes and to encourage responsible and legal use of hacking knowledge. #TryHackMe #CyberSecurity101 #WindowsCommandLine #SystemInfo #NetworkTroubleshooting #FileManagement #TaskManagement #ProcessManagement #BeginnerGuide #LearnToHack #THMCyberSecurity101"
YouTube Link 2024-10-24T05:25Z [----] followers, [---] engagements
"๐ช๐ช TryHackMe Ghost Phishing - Hackfinity Battle - Macro Exploitation & Meterpreter CTF โ Dive into the thrilling world of ethical hacking with our latest walkthrough of the TryHackMe "Ghost Phishing" room part of the Hackfinity Battle student CTF In this video we tackle a challenging scenario where we exploit a phishing email containing a malicious macro to gain a reverse shell using Meterpreter. โ ๐จHackfinity Battle:๐จ https://tryhackme.com/room/HackfinityBattle Our mission: to infiltrate DarkSpecter's email uncover Cipher's secret operations and retrieve the crucial flag.txt from the"
YouTube Link 2025-03-21T00:00Z [----] followers, [---] engagements
"Servidae: Log Analysis in ELK - TryHackMe - Analyze the logs of an affected workstation to determine the attacker's indicators of compromise. https://tryhackme.com/room/servidae"
YouTube Link 2023-10-25T06:33Z [----] followers, [--] engagements
"โก๐ MS Sentinel: Just Looking - Azure SOC Challenge TryHackMe Walkthrough (Defending Azure Path) ๐ก Welcome to the TryHackMe Room: "MS Sentinel: Just Looking" In this video we dive into a hands-on challenge for SOC analysts using Microsoft Sentinel on Azure. This room is part of the new Defending Azure learning path and is designed to sharpen your skills in incident investigation and threat hunting within cloud environments. ๐ Topics Covered: Deploying Microsoft Sentinel Challenge Workspace Working with Logs Using Analytics Rules for Detection Investigating Real Incidents in Sentinel: โ
"
YouTube Link 2025-04-15T14:58Z [----] followers, [----] engagements
"๐ช๐จ๐จ TryHackMe Shadow Phishing 2: Bypassing Defender with Nim .exe (Educational Purposes) ๐ช Hackfinity Battle: Shadow Phishing [--] - Nim Reverse Shell .exe (Educational Walkthrough) In this educational walkthrough we explore the TryHackMe "Shadow Phishing 2" room part of the Hackfinity Battle student CTF. This video demonstrates advanced phishing techniques for educational purposes only focusing on how malicious actors might deliver executable (.exe) files and bypass security measures. ๐จHackfinity Battle:๐จ https://tryhackme.com/room/HackfinityBattle โ
We will showcase how to:โ
โฃ Craft a"
YouTube Link 2025-03-21T00:00Z [----] followers, [---] engagements
"JavaScript Essentials: TryHackMe Essentials Guide Cyber Security [---] SAL1 Learn how to use JavaScript to add interactivity to a website and understand associated vulnerabilities. Dive into the world of web security with TryHackMe's JavaScript Essentials room This video covers: ๐ Essential Concepts ๐ JavaScript Overview ๐ Integrating JavaScript in HTML ๐ Abusing Dialogue Functions ๐ Bypassing Control Flow Statements ๐ Exploring Minified Files ๐ Best Practices https://tryhackme.com/r/room/javascriptessentials ๐ Like Subscribe and Comment to stay updated with our latest cybersecurity"
YouTube Link 2024-10-28T14:05Z [----] followers, [----] engagements
"โก๐ฉโก Exploiting Next.js CVE-2025-29927: Hands-On with TryHackMes Room โก๐ฉโก ๐ Dive into the critical Next.js vulnerability CVE-2025-29927 with me as we explore TryHackMes latest room This authorization bypass flaw (CVSS 9.1) lets attackers skip middleware security checks using the x-middleware-subrequest header. In this video Ill walk you through: - Building a proof-of-concept Next.js app to simulate the vuln - Exploiting it with a simple curl command - Setting up Snort and Zeek to detect the attack (with some real-time troubleshooting) - Lessons from TryHackMes lab on exploitation and"
YouTube Link 2025-03-25T12:50Z [----] followers, [----] engagements
"TryHackMe Linux Threat Detection [--] - Full Walkthrough [----] ๐ง๐ง Cover the last stages of attacks on Linux and learn how they look in system logs.๐ง๐ง ๐ฑ๐ฑ Room Link: https://tryhackme.com/room/linuxthreatdetection3 ๐ช Not all Linux attacks are simple SSH brute force or cryptomining - some are carefully planned targeted campaigns comparable to most advanced Windows breaches. In this room you'll delve into more complex manual Linux attack techniques commonly seen in targeted intrusions and learn how to detect them using system logs. Learning Objectives ๐ Learn how reverse shells are used in"
YouTube Link 2025-10-16T05:38Z [----] followers, [---] engagements
"๐๐๐ TryHackMe Shadow Phishing Hackfinity Battle Encore Mail Phishing ๐ Welcome to the Hackfinity Battle CTF๐ In this room you learn how to generate windows reverse shell x64 in phishing email using msfvenom ๐ฅRoom Scenario: ๐ฅ๐ We gained access to the email account of ShadowByte one of Cipher's trusted operatives. This breakthrough will help bring Cipher's location closer to light and foil his plans for the apocalyptic cyber weapon. The clock is ticking though too much time and Cipher will know something is wrong and again disappear into the depths of the darknet. The race against time"
YouTube Link 2025-03-25T09:57Z [----] followers, [---] engagements
"TryHackMe Linux Threat Detection [--] - Full Walkthrough [----] ๐ฑ Explore the first actions of attackers after breaching a Linux server and learn how to detect them. ๐ฆ ๐ช Room Link: https://tryhackme.com/room/linuxthreatdetection2 ๐ฒ What happens next after threat actors enter the Linux system What commands do they run and what goals do they aim to achieve In this room you'll find out by exploring common attack techniques detecting them in logs and analyzing a real-world cryptominer infection from start to finish. ๐ฏ๐ฏ Learning Objectives ๐ฏ๐ฏ ๐ Explore how to identify Discovery commands in"
YouTube Link 2025-10-11T07:05Z [----] followers, [---] engagements
"๐ง๐จ๐ง๐ธ BadSuccessor: Privilege Escalation in Active Directory TryHackMe AD: BadSuccessor ๐ธ๐ง๐จ๐ง ๐จ Join me as we dive into the TryHackMe AD: BadSuccessor room and explore the BadSuccessor attack a powerful privilege escalation technique in Active Directory environments Discovered by Yuval Gordon from Akamai this attack abuses Delegated Managed Service Accounts (dMSAs) to gain Domain Admin access with minimal permissions. In this video well walk through: โ
Technical Background: Understanding Standalone Managed Service Accounts (sMSAs) Group Managed Service Accounts (gMSAs) and Delegated"
YouTube Link 2025-06-03T10:25Z [----] followers, [---] engagements
"๐ง ๐๐ง L5 Keycard T5 T5: An Avalanche of Web Apps Advent of Cyber '24 Side Quest TryHackMe ๐ง ๐ Walk through how to get the keycard for TryHackMe room T5: An Avalanche of Web Apps part of Advent of Cyber '24 Side Quest. ๐ง ๐You will learn: Intercept and modify internal APIs using Frida. ๐ง ๐Binary analysis using Ghidra ๐ง๐ง๐งScript used on the video:๐ง๐ง๐ง https://github.com/djalilayed/tryhackme/blob/main/Advent%20of%20Cyber%20'24%20Side%20Quest/L5_Keycard.js https://tryhackme.com/r/room/adventofcyber24sidequest ๐ Like Subscribe and Comment to stay updated with our latest cybersecurity"
YouTube Link 2025-01-01T15:01Z [----] followers, [--] engagements
"๐ฏ ๐ OSINT [--] TryHackMe Industrial Intrusion CTF GPG Challenge Walkthrough ๐๐ Room Link: https://tryhackme.com/room/industrial-intrusion ๐ธScenario:๐ธ After the initial breach a single OT-Alert appeared in Virelias monthly digestan otherwise unremarkable maintenance notice mysteriously signed with PGP. Corporate auditors quietly removed the report days later fearing it might be malicious. Your mission is to uncover more information about this mysterious signed PGP maintenance message. ๐ธ Ever looked at a GitHub commit history and seen a -----BEGIN PGP SIGNATURE----- block It's not just"
YouTube Link 2025-07-01T07:35Z [----] followers, [---] engagements
"๐โ๐ TryHackMe Diskrupt Analyse the filesystem and recover the deleted filesโ Fix the damaged disk analyse the filesystem and recover the deleted files. We start with fixing MBR Signature (Bytes 510-511) Magic Number using HxD hex editor. Analyzing the image with FTK Imager exporting relevant logs: Master File Table ($MFT) USNJrnl ($J). We will use MFTECmd to export both logs data to csv files where we can view them using Timeline Explorer (part of Eztools (Eric Zimmerman's tools). The image we have has [--] partitions: NTFS and FAT32 ๐ In this lab will do the following: โก Fix the damaged"
YouTube Link 2025-03-31T03:39Z [----] followers, [---] engagements
"TryHackMe Detecting Web DDoS - Full Walkthrough [----] ๐๐ Explore denial-of-service attacks detection techniques and strategies for protection. ๐๐ Room Link: https://tryhackme.com/room/detectingwebddos ๐ Objectives ๐ ๐ฉ Learn how denial-of-service attacks function ๐ฉ Understand attacker motives behind the disruptive attacks ๐ฉ See how web logs can help you reveal signs of web DoS and DDoS ๐ฉ Get practice analyzing denial-of-service attacks through log analysis ๐ฉ Discover detection and mitigation techniques defenders can use ๐ ๐ Room Tasks: ๐๐ ๐ฎ 00:00 Task 1: Introduction ๐ฆ 01:35"
YouTube Link 2025-09-22T07:14Z [----] followers, [---] engagements
"โก๐ฒ L1 Keycard T1 Advent of Cyber '24 Side Quest Keycard TryHackMe โก๐ฒ ๐ฒThis steps to get L1 Keycard / T1 Keycard for TryHackMe Advent of Cyber '24 Side Quest which was out on Day 1.โก ๐ฒThis based on Flask app C2 server which have some weaknesses:โก โกHardcoded Secret Key โกHardcoded Credentials โกLack of Secure Session Handling ๐ฒCommand used:๐ฒ flask-unsign --sign --cookie "'logged_in': True" --secret 'thescrectfromscript' โกC2 script used on the room:โก https://github.com/Bloatware-WarevilleTHM/C2-Server ๐ Like Subscribe and Comment to stay updated with our latest cybersecurity tutorials. If"
YouTube Link 2025-01-01T00:00Z [----] followers, [---] engagements
"๐ฏ ๐ Task [--] Auth TryHackMe: Industrial Intrusion CTF Binary Reverse Engineering ๐๐ Room Link: https://tryhackme.com/room/industrial-intrusion ๐ธScenario:๐ธ ZeroTrace intercepts a stripped-down authentication module running on a remote industrial gateway. Assembly scrolls across glowing monitors as she unpacks the logic behind the plants digital checkpoint ๐ In this video Ill walk you through solving a Auth CTF challenge where we reverse engineer a binary to find the correct unlock code for the flag. Using Ghidra we analyze the assembly reverse a XOR transformation and craft the perfect"
YouTube Link 2025-06-30T13:10Z [----] followers, [---] engagements
"๐ ๐๐ฏ Task [--] Filesystem Shock and Silence Honeynet Collapse CTF TryHackMe ๐ ๐๐ฏ ๐๐Welcome to Honeynet Collapse ๐๐ Room Link: https://tryhackme.com/room/honeynet-collapse ๐๐ฏ Shock and Silence๐๐ฏ ๐What is the full URL from which the ransomware was downloaded to the system ๐What was the original file name of the ransomware executable downloaded to the host ๐Which executable file initiated the encryption process on the system ๐What file extension was appended to the encrypted files ๐Go beyond the obvious - which ransomware group targeted the organisation ๐What is the filename"
YouTube Link 2025-07-28T09:09Z [----] followers, [---] engagements
"TryHackMe Pressed Full Walkthrough [----] - Wireshark - AES Decrypt - Ghidra ๐ฏ๐ฏ A full-scale intrusion was recently detected within the network raising critical alarms. ๐ท๐ทRoom Link: https://tryhackme.com/room/pressedroom ๐Scenario:๐ A full-scale intrusion was recently detected within the network raising critical alarms. Fortunately a packet capture (PCAP) was recorded during the incident capturing the attacker's initial entry and subsequent actions. Your task is to analyse the traffic identify how the attacker gained access and uncover the sequence of malicious activity. Reconstruct the"
YouTube Link 2025-09-07T10:49Z [----] followers, [---] engagements
"๐งฐ๐งฐ Governance & Regulation Walkthrough TryHackMe Guide to Cybersecurity Policies ๐งฐ๐งฐ ๐งฐ Explore policies and frameworks vital for regulating cyber security in an organisation. Master GRC: Governance Risk & Compliance TryHackMe Governance & Regulation ๐งฐ Cyber security is a rapidly evolving landscape wherein malicious actors relentlessly endeavour to exploit vulnerabilities in highly-sensitive systems often with the intent of causing severe damage disruption and stealing of sensitive corporate data. To combat this evolving threat a comprehensive approach to information security governance &"
YouTube Link 2023-09-14T18:18Z [----] followers, [----] engagements
"โ
๐จ Lab 2: Extract a secret from the metaprompt: Microsoft AI Red Teaming Lab Walkthrough ๐จ โ
Join me as I tackle the Metaprompt Extraction LEVEL [--] challenge from the Microsoft AI Red Teaming Playground Labs In this walkthrough Ill show you how to use obfuscation techniques to extract a secret word from an LLMs confidential metaprompt instructions. Learn step-by-step how to bypass AI safeguards using clever prompt engineeringno Base64 needed Perfect for anyone interested in AI security red teaming or ethical hacking. Dont forget to like subscribe and hit the bell for more cybersecurity"
YouTube Link 2025-06-04T15:27Z [----] followers, [--] engagements
"โจโจ โ TryHackMe Shaker marshalsec JNDI-Exploit-Kit & Docker Exploit Log4Shell CVE-2021-44228 Log4Shell JNDI Docker Root Room Scenario: One of our devs has been experimenting with webservers and wants to see if his security is up to snuff. Rumour has it he updated all his dependencies but did something fall through the cracks Ready to dive into a thrilling TryHackMe room In this walkthrough Ill show you how to go from exploiting Log4Shell to gaining root access using JNDI-Exploit-Kit and a slick Docker privilege escalation trick. Watch as we: [--]. Exploit Log4Shell on port [----] to get our first"
YouTube Link 2025-03-23T12:11Z [----] followers, [--] engagements
"๐ง๐บ๐ TryHackMe Logless Hunt: Detecting Attacks Without Security Logs ๐๐ง๐บ ๐งCan You Detect a Logless Attack TryHackMe - Logless Hunt Walkthrough ๐งDetect every attack step on a Windows machine even after threat actors cleared Security logs. ๐งThreat actors clearing logs No problem Join us as we explore the TryHackMe "Logless Hunt" room and discover techniques to detect every stage of a cyber attack on a Windows system even without traditional Security logs. We'll investigate web access PowerShell commands RDP logins persistent threats and credential harvesting. Test your blue team skills"
YouTube Link 2025-05-03T07:40Z [----] followers, [---] engagements
"Hashing Basics Password Protection Data Integrity Explained TryHackMe Cyber Security [---] SAL1 Learn about hashing functions and their uses in password verification and file integrity checking. Hashing Basics: Password Protection & Data Integrity Explained ๐ Hash Functions ๐ Insecure Password Storage for Authentication ๐ Using Hashing for Secure Password Storage ๐ Recognising Password Hashes ๐ Password Cracking ๐ Hashing for Integrity Checking ๐ Room Link: https://tryhackme.com/r/room/hashingbasics ๐ Hashcat Example hashes https://hashcat.net/wiki/doku.phpid=example_hashes ๐"
YouTube Link 2024-10-25T04:25Z [----] followers, [----] engagements
"๐ฏ ๐ Mac Hunt TryHackMe CTF Forensics Walkthrough macOS Incident Response & Phishing Attack ๐ In this deep-dive Mac Hunt CTF walkthrough we investigate how Jakes macOS machine was compromised by a fake recruiters phishing campaignand retrace the entire attack chain using built-in macOS artifacts. ๐๐ Scenario ๐๐ Jake had gained some good knowledge and skills in the game development field. So he decided to enter the industry through a decent job and upgrade his finances. Little did he know that there were many fake recruiters in search of people looking for jobs. These fake recruiters"
YouTube Link 2025-06-08T13:29Z [----] followers, [---] engagements
"๐ธ๐ค Oracle [--] TryHackMe AI/ML Security Threats Preview prompt injection attack๐ค My designation is Oracle [--] I carry with me a sealed transmission. Oracle [--] will only reveal the transmission to 'Authorised' personnel can you convince it you are This a preview of prompt injection attack. early access to the first room in the module (TryHackMe Defensive AI Module ) Oracle [--] has arrived ๐ It holds a sealed transmission of something new that's coming.sooner than you think. Follow the link solve the challenge and the truth will be revealed. ๐คซ Only the curious will earn the transmission. Only the"
YouTube Link 2025-07-03T18:32Z [----] followers, [---] engagements
"Threat Intelligence for SOC - TryHackMe - Learn how to utilise Threat Intelligence to improve the Security Operations pipeline. https://tryhackme.com/room/threatintelligenceforsoc Threat Intelligence #tryhackme #elastic #kibana"
YouTube Link 2023-06-15T09:07Z [----] followers, [----] engagements
"๐ฏ๐ฏ Supplemental Memory TryHackMe Investigate lateral movement credential theft in a memory dump Investigate lateral movement credential theft and additional adversary actions in a memory dump As a DFIR team member in this room you are tasked with conducting a memory analysis of a Windows workstation image suspected to have been compromised by a threat actor. โ
Identify suspicious processes and network connections. โ
Explore traces of execution and discovery actions. โ
Detect signs of potential lateral movement and credential dumping. ๐๐ TryHackMe room link:"
YouTube Link 2025-06-15T08:08Z [----] followers, [---] engagements
"๐ฏ ๐ Task [--] OSINT [--] TryHackMe Industrial Intrusion CTF Walkthrough ๐๐ Room Link: https://tryhackme.com/room/industrial-intrusion ๐ธScenario:๐ธ Hexline we need your help investigating the phishing attack from [--] months ago. We believe the threat actor managed to hijack our domain virelia-water.it.com and used it to host some of their infrastructure at the time. Use your OSINT skills to find information about the infrastructure they used during their campaign. ๐ **Tools Used: ๐ dig ๐ sublist3r ๐ curl ๐ **Websites Used: ๐ https://virelia-water.it.com ๐"
YouTube Link 2025-06-30T18:22Z [----] followers, [---] engagements
"๐ก๐ก Incident Response Fundamentals: Handling Cyber Incidents in Cyber Security [---] TryHackMe SAL1๐ก๐ก Learn how to perform Incident Response in cyber security. ๐ก Introduction to Incident Response ๐ก What are Incidents ๐ก Types of Incidents ๐ก Incident Response Process ๐ก Incident Response Techniques ๐ก Lab Work Incident Response https://tryhackme.com/r/room/incidentresponsefundamentals these tutorials are for educational purposes and to encourage responsible and legal use of hacking knowledge. #CyberSecurity101 #IncidentResponse #CyberDefense #SecurityIncidents #TryHackMe"
YouTube Link 2024-10-23T16:00Z [----] followers, [----] engagements
"๐ค๐ DroidPhish Sherlocks Android Forensics Hack The Box ๐ค๐ ๐ค๐Sherlock Scenario๐ค๐ Last night most employees' mobile devices were compromised putting them at significant risk of leaking personal and private information. We require your expertise in digital forensics to help investigate this breach. ๐ Room Questions:๐ โ
Provide the last boot time of the device in UTC format. โ
The user was exposed to a phishing attack. Provide the name of the email app used as the attack vector. โ
Provide the title of the phishing email. โ
Provide the time in UTC when the phishing email was received."
YouTube Link 2025-08-07T19:00Z [----] followers, [--] engagements
"๐จ๐ธ๐ธ Windows Threat Detection [--] TryHackMe ๐ฅ Learn how threat actors manage to maintain access to the breached Windows hosts. ๐ Room Link: https://tryhackme.com/room/windowsthreatdetection3 ๐ธLearning Objectives๐ธ ๐ฉRemind the concept of Command and Control (C2) ๐ฉLearn why and how threat actors maintain control of their victims ๐ฉUse Windows event logs to uncover various persistence methods ๐ฉSee how the learned techniques work in a hands-on environment ๐ 01:30 Command and Control - Which suspicious archive did the user download - Where did the attackers hide the C2 malware file - What"
YouTube Link 2025-07-24T14:56Z [----] followers, [---] engagements
"Networking Secure Protocols: TLS SSH and VPN in Cyber Security [---] TryHackMe SAL1 ๐ก๐ Learn how TLS SSH and VPN can secure your network traffic. ๐ TLS ๐ HTTPS ๐ SMTPS POP3S and IMAPS ๐ SSH ๐ SFTP and FTPS ๐ VPN https://tryhackme.com/r/room/networkingsecureprotocols these tutorials are for educational purposes and to encourage responsible and legal use of hacking knowledge. #THMCyberSecurity101 #CyberSecurity101 #SecureProtocols #TLS #SSH #VPN #TryHackMe #NetworkSecurity #SecureCommunication #CyberSecurityBasics #DataEncryption"
YouTube Link 2024-10-24T16:11Z [----] followers, [----] engagements
"๐โจ๐ TryHackMe Dump Using NTML hash with evil-winrm Hackfinity Battle Encore ๐๐ Welcome to the Hackfinity Battle CTF๐ Using mimikatz LSASS dump to access windows machine with evil-winrm and get the flag.txt ๐In this video we tackle the TryHackMe room 'Dump from the Hackfinity Battle Encore CTF. We will analyses a given dump file contain mimikatz LSASS dump extracted all relevant users with their NTLM hashes then use evil-winrm to connect to the windows machine. We need to find which user has full access to administrator Desktop so we can read the flag.txt file .๐ ๐ฅRoom Scenario: ๐ฅ๐"
YouTube Link 2025-03-27T05:03Z [----] followers, [---] engagements
"๐จ๐ค๐ค TryHackMe DarkMatter Walkthrough RSA Decryption Challenge โกbreak poorly implemented RSA Room Link: https://tryhackme.com/room/hfb1darkmatter โกScenario:โก The Hackfinitiy high school has been hit by DarkInjector's ransomware and some of its critical files have been encrypted. We need you and Void to use your crypto skills to find the RSA private key and restore the files. After some research and reverse engineering you discover they have forgotten to remove some debugging from their code. The ransomware saves this data to the tmp directory. This challenge demonstrates why proper key size"
YouTube Link 2025-07-05T09:09Z [----] followers, [---] engagements
"๐จ๐ค๐ค TryHackMe Cryptosystem Walkthrough Cracking Flawed RSA ๐ฏ๐ฏ ๐ฏHave you ever wondered how a tiny mistake can bring down a powerful cryptographic system like RSA In this video we dive into a Capture The Flag (CTF) challenge where a flawed key generation process leaves RSA wide open to attack ๐ฏWe'll analyze a Python script that generates an RSA key pair with two primes p and q that are dangerously close to each other. This is a classic vulnerability that allows us to bypass the security of RSA by using Fermat's Factorization Method to find the private key. ๐ฏJoin me as we walk through"
YouTube Link 2025-07-05T14:17Z [----] followers, [--] engagements
"๐๐ชฒ๐ Incident Response Process TryHackMe NIST Incident Response ๐๐ชฒ๐ Practice the NIST Incident Response lifecycle steps on a compromised Windows workstation. Room Link: https://tryhackme.com/r/room/incidentresponseprocess ๐Incident Response Lifecycle (Preparation Detection and Analysis Containment Eradication and Recovery Post-Incident Activity)๐ชฒ ๐Detection and Analysis๐ชฒ ๐Containment Eradication and Recovery๐ชฒ ๐Closing the Cycle๐ชฒ Lab: user downloaded Macro-enabled Word Document (DOCM) we will Analysing the Macro to look for malicious code. Reports: ๐Macro Document Report md5"
YouTube Link 2024-11-27T05:19Z [----] followers, [---] engagements
"๐จ๐ธWindows Threat Detection [--] TryHackMe RDP Phishing USB ๐จ๐ธ ๐จExplore common Initial Access methods on Windows and learn how to detect them. ๐ธRoom Link: https://tryhackme.com/room/windowsthreatdetection1 ๐ธLearning Objectives๐ธ Explore how threat actors access and breach Windows machines Learn common Initial Access techniques via real-world examples Practice detecting every technique using Windows event logs ๐งธ 00:00 Introduction: lab setup ๐ช 01:10 I Intro to Initial Access - Which MITRE technique ID describes Initial Access via a vulnerable mail server - Which Initial Access method"
YouTube Link 2025-07-14T05:02Z [----] followers, [---] engagements
"๐ง ๐ง TryHackMe Brain: Exploit the Open Gate - TeamCity CVE-2024-27198 Challenge ๐ง ๐ง ๐ง ๐ง The city forgot to close its gate.๐ง ๐ง ๐ง Welcome to the Brains challenge part of TryHackMes Hackathon ๐ง All brains gathered to build an engineering marvel; however it seems strangers had found away to get in. ๐ง Scripts used:๐ง ๐ง CVE-2024-27198-RCE https://github.com/W01fh4cker/CVE-2024-27198-RCE ๐ง CVE-2024-27198 https://github.com/yoryio/CVE-2024-27198 ๐ง Room Link: ๐ง https://tryhackme.com/r/room/brains these tutorials are for educational purposes and to encourage responsible and legal use of hacking"
YouTube Link 2024-10-05T08:29Z [----] followers, [----] engagements
"๐จ๐ธ Windows Threat Detection [--] TryHackMe ๐จ๐ธ ๐จ๐ธ Discover how to detect and analyze the first steps of threat actors after breaching Windows. ๐ธRoom Link: https://tryhackme.com/room/windowsthreatdetection2 ๐จ๐ธ After breaching a host threat actors are faced with a choice: quietly establish a backdoor to maintain long-term access or take immediate action to achieve their objectives. This room covers the second approach and continues your Windows threat detection journey by exploring what typically follows the Initial Access beginning with Discovery and Collection. Learning Objectives ๐ปโ"
YouTube Link 2025-07-17T05:07Z [----] followers, [---] engagements
"๐ชฒ ๐๐ฅTryHackMe Soupedecode [--] Walkthrough Kerberos Exploitation & Pass-the-Hash AD Attack ๐ชฒ ๐๐ฅ ๐ฅ Complete TryHackMe Soupedecode [--] Walkthrough (Beginner-Friendly Active Directory Exploitation) ๐ธRoom Link: https://tryhackme.com/room/soupedecode01 In this video we tackle the TryHackMe "Soupedecode 01" room covering step-by-step how to compromise a domain controller using common Active Directory attack techniques. โกWe will cover:โก - Enumerating SMB shares and RID cycling - Kerberos authentication attacks (Kerberoasting & password spraying) - SMB access and privilege escalation -"
YouTube Link 2025-08-03T12:32Z [----] followers, [---] engagements
"๐๐๐ Networking Core Protocols Internet Protocols 101: Your Guide to DNS HTTP FTP & More ๐๐๐ ๐Learn about the core TCP/IP protocols.๐ Part of TryHackMe new path: Cyber Security [---] Network Protocol Essentials: From Web Browsing to Email Delivery ๐ซง DNS: Remembering Addresses ๐ซง WHOIS ๐ซง HTTP(S): Accessing the Web ๐ซง FTP: Transferring Files ๐ซง SMTP: Sending Email ๐ซง POP3: Receiving Email ๐ซง POP3: Receiving Email https://tryhackme.com/r/room/networkingcoreprotocols ๐ Like Subscribe and Comment to stay updated with our latest cybersecurity tutorials. If you have any questions or need"
YouTube Link 2024-11-03T09:38Z [----] followers, [--] engagements
"๐ ๐ฅ๐ฅ File Carving Mastery: Recover Deleted Files & Uncover Hidden Data (TryHackMe Walkthrough)๐ฅ Description: Dive into the world of file carving In this video we'll tackle the TryHackMe "File Carving" room and learn how to recover lost or hidden files from raw data. We'll cover everything from understanding file signatures (magic bytes) to using powerful tools like Foremost Scalpel and hex editors. ๐๐ Room Link https://tryhackme.com/room/filecarving ๐๐ ๐ 0:00 Basis of File Carving ๐ 07:37 Carving Tools ๐ 08:52 Manual Carving ๐ 49:46 Automated Carving ๐ 57:58 Carving Capstone"
YouTube Link 2025-03-13T09:22Z [----] followers, [---] engagements
"TryHackMe Cold VVars - Full Walkthrough [----] - XPATH Injection - Tmux ๐ธ Part of Incognito [---] CTF ๐ธ ๐๐ Room Link: https://tryhackme.com/room/coldvvars ๐ตโ๐ธ๐ตโ Room Scenario / Description:๐ตโ๐ธ๐ตโ ๐ We start with the room hint "The PATH may sometimes make a cross" which gives a clear reference to XPATH Injection. ๐ Using RustScan we found port [----] open which hosts an application with a login form and port [----] with a forbidden message. We also discovered an SMB share. Using smbclient and enum4linux (which provided us with a few usernames) we performed an XPATH injection to retrieve a"
YouTube Link 2025-10-09T07:30Z [----] followers, [---] engagements
"TryHackMe Cipher's Secret Message Full Walkthrough [----] - Decoding a Custom Python Cipher ๐ธRoom Scenario:๐ธ One of the Ciphers' secret messages was recovered from an old system alongside the encryption algorithm but we are unable to decode it. Order: Can you help void to decode the message Message : a_up4qr_kaiaf0_bujktaz_qm_su4ux_cpbq_ETZ_rhrudm ๐ Useful Links:๐ ๐ Encryption Debug Script: https://github.com/djalilayed/tryhackme/blob/5ef8551d7a11c91e8c9c22f073e9603304dc9964/Hackfinity%20Battle/Ciphers-Secret-Message/encrypt_debug_g.py ๐ Decryption Script:"
YouTube Link 2025-07-06T07:02Z [----] followers, [---] engagements
"TryHackMe Chaining Vulnerabilities Full Walkthrough [----] Learn how to chain vulnerabilities From Low to High ๐๐ Room Link: https://tryhackme.com/room/chainingvulnerabilitiesZp ๐ฏ Objectives ๐ฏ By the end of this room you'll be able to: โ
Think like an attacker: Learn how to treat even small findings as potential stepping stones. โ
Understand common chains: Some bugs naturally pair well together. You'll learn why. โ
Recognise weak boundaries: Identify where trust breaks down between different parts of a web application. โ
Follow a real chain: You'll go from first access to remote code"
YouTube Link 2025-09-17T05:40Z [----] followers, [---] engagements
"Risk Management - TryHackMe - Learn about framing assessing responding and monitoring risk. https://tryhackme.com/room/seriskmanagement #tryhackme"
YouTube Link 2023-09-14T05:15Z [----] followers, [----] engagements
"๐บ๐ Intro to GraphQL Hacking TryHackMe ๐บ๐ An introduction to GraphQL Hacking.๐ง๐ง ๐ง๐งGraphQL is a modern API query language that changes how clients interact with servers. Unlike REST APIs which often rely on fixed endpoints and return large amounts of unnecessary data GraphQL allows clients to specify exactly what they needand nothing more. This efficiency has made GraphQL incredibly popular but it also introduces new attack surfaces. ๐บObjectives๐บ ๐งBy the end of this room you'll:๐ง ๐ Understand how GraphQL works and how it differs from traditional REST APIs. ๐ Learn how to map out a"
YouTube Link 2025-05-11T12:08Z [----] followers, [--] engagements
"๐ TryHackMe PassCode Smart Contract Hacking TryHackMe Blockchain Challenge Hackfinity Battle CTF ๐From the Hackfinity Battle CTF event.๐ ๐ตโ Scenario:๐ตโ We may have found a way to break into the DarkInject blockchain exploiting a vulnerability in their system. This might be our only chance to stop themfor good. Unlock the secrets of smart contract security in this detailed TryHackMe walkthrough Learn how to analyze a Solidity contract identify vulnerabilities and use Foundry's 'cast' tool to interact with the blockchain bypass challenges and capture the flag. We'll cover calling functions"
YouTube Link 2025-05-25T14:12Z [----] followers, [---] engagements
"SQLMap The Basics: Exploit SQL Injections in Cyber Security [---] TryHackMe SAL1 Learn about SQL injection and exploit this vulnerability through the SQLMap tool. ๐ SQL Injection Vulnerability ๐ Automated SQL Injection Tool ๐ Practical Exercise https://tryhackme.com/r/room/sqlmapthebasics these tutorials are for educational purposes and to encourage responsible and legal use of hacking knowledge. #CyberSecurity101 #SQLInjection #SQLMap #TryHackMe #EthicalHacking #CyberLearning #VulnerabilityExploitation #CyberSecurityTips #PenetrationTesting #HackingTools #THMCyberSecurity101"
YouTube Link 2024-10-23T14:00Z [----] followers, [----] engagements
"๐จ TryHackMe: Volt Typhoon - Complete Walkthrough Step into the shoes of a SOC analyst and investigate a high-level cyber intrusion by the APT group Volt Typhoon known for targeting critical infrastructure and high-value organizations. Room Link: https://tryhackme.com/room/volttyphoon In this video we explore: โ
Log analysis with Splunk โ
Real-world APT attack simulation โ
Initial access via ADSelfService Plus โ
Credential dumping with Mimikatz โ
Web shell persistence โ
Lateral movement and C2 communications โ
Defense evasion techniques like log wiping & file renaming โ
Key forensic artifacts"
YouTube Link 2025-05-18T08:05Z [----] followers, [---] engagements
"TryHackMe IP and Domain Threat Intel Full Walkthrough [----] ๐ธ A look into enriching IP and domain insights with open source threat intelligence. ๐๐ Room Link: https://tryhackme.com/room/ipanddomainthreatintel Security Operations runbooks still revolve around the process verify enrich decide but when the alert is a lone IP address or domain the enrichment phase looks different. Instead of hashes we pivot on geolocation ASNs open-service footprints and passive DNS to learn whether a connection is routine SaaS traffic or an adversary foothold beacon. Learning Objectives ๐ฉ๐ฉBy the end of this"
YouTube Link 2025-09-05T17:53Z [----] followers, [---] engagements
"๐ฏ TryHackMe CAPTCHApocalypse - Automated CAPTCHA Bypass with Selenium & OCR Cybersecurity Tutorial When crypto interferes automate. ๐ TryHackMe CAPTCHApocalypse Room Walkthrough In this cybersecurity tutorial I demonstrate how to solve the TryHackMe CAPTCHApocalypse room using Python automation. This challenge combines CAPTCHA solving and web automation techniques. ๐ฏ What You'll Learn: โ
Automated CAPTCHA solving using OCR (pytesseract) โ
Handling client-side encryption with Selenium โ
Converting traditional form scripts to AJAX-based authentication โ
Web scraping with anti-detection"
YouTube Link 2025-06-22T04:44Z [----] followers, [---] engagements
"๐๐ฅTryHackMe Infinity Shell CMSsite-master Forensic Web Shell Forensic Hackfinity Battle Encore Welcome to the Hackfinity Battle CTF๐ Infinity Shell CTF: Decoding Base64 & Tracing the Hacker (TryHackMe) ๐In this video we tackle the TryHackMe room 'Infinity Shell' from the Hackfinity Battle Encore CTF. We'll walk through the forensic analysis of a compromised web server focusing on decoding base64-encoded commands within Apache access logs. We'll analyze the PHP web shell ( images.php) and trace the attacker's steps to recover the flag.๐ ๐ฅRoom Scenario: ๐ฅ๐ ๐Ciphers legion of bots has"
YouTube Link 2025-03-26T06:56Z [----] followers, [---] engagements
"๐๐ข ๐ Session Management TryHackMe Understanding and Exploiting Vulnerabilities ๐๐ข๐ ๐๐ข Learn about session management and the different attacks that can be performed against insecure implementations.๐๐ข ๐ข What is Session Management Creation Tracking Expiry Termination ๐ข Authentication vs Authorisation: Identification Authentication ๐ข Authorisation Accountability ๐ข Cookies vs Tokens ๐ข Securing the Session Lifecycle ๐ข Exploiting Insecure Session Management ๐๐ข Room Link: https://tryhackme.com/r/room/sessionmanagement๐๐ข ๐๐ข TryHackMe Web Application Pentesting Path"
YouTube Link 2024-11-27T15:02Z [----] followers, [--] engagements
"๐ฏ ๐TryHackMe AD: Authenticated Enumeration - AS-REP Roasting BloodHound & PowerView ๐ Explore how to breach and enumerate Active Directory with an authenticated account. ๐ Learn how to breach & enumerate Active Directory with an authenticated account This walkthrough covers TryHackMes "AD: Authenticated Enumeration" room step-by-step. ๐ What Youll Learn: โ AS-REP Roasting (Impackets GetNPUsers + Hashcat) โ Manual Enumeration (whoami net commands WMIC SC) โ BloodHound (Python Collector & BloodHound-CE) โ PowerShell AD & PowerView Modules (User/Group/Computer Enumeration) โ Finding Saved"
YouTube Link 2025-05-26T13:28Z [----] followers, [---] engagements
"๐๐ SimpleHelp: CVE-2024-57727 Unauthenticated Path Traversal Vulnerability TryHackMe ๐๐ ๐ Learn how attackers can exploit CVE-2024-57727 and how to detect that. ๐ ๐ SimpleHelp is a system that facilitates remote support access and work among other uses. It is mainly used by IT professionals and support teams to allow them to support their users remotely. It can be installed on Linux MS Windows and macOS servers. ๐ In this video walk through we showcase SimpleHelp: CVE-2024-57727 exploit on both Windows and Linux machine as POC is slightly different. ๐ฏ PoC for SimpleHelp on MS Windows"
YouTube Link 2025-04-02T05:56Z [----] followers, [---] engagements
"๐ตโ๐๐ Android Forensics Deep Dive TryHackMe "Android Analysis" Walkthrough Dive deep into the Android OS and learn how to examine from a forensics point of view. ๐ In this video we dive into TryHackMes brand-new room: "Android Analysis" Learn how to perform Android forensics by investigating a real-world scenario where an employee is suspected of leaking company secrets. Join me as we tackle the brand-new TryHackMe room Android Analysis where we uncover how to perform mobile forensics on an Android device. In this scenario employee Hazem is under investigation for allegedly selling company"
YouTube Link 2025-05-22T10:19Z [----] followers, [---] engagements
"โฃ๐ฟ CAPA: The Basics Common Analysis Platform for Artifacts TryHackMe Cyber Security [---] ๐ฟโฃ ๐ฟ Learn to use CAPA to identify malicious capabilities. ๐ฟ ๐ก Room Link: https://tryhackme.com/r/room/capabasics ๐ก ๐ฅ capa detects capabilities in executable files. You run it against a PE ELF .NET module shellcode file or a sandbox report and it tells you what it thinks the program can do. For example it might suggest that the file is a backdoor is capable of installing services or relies on HTTP to communicate. ๐ฅ https://github.com/mandiant/capa โข Tool Overview: How CAPA Works โข Dissecting CAPA"
YouTube Link 2024-11-01T04:42Z [----] followers, [---] engagements
"โ ๐ TryHackMe ExfilNode Walkthrough Linux Forensics & Data Exfiltration ๐ Uncover Liams hidden tracks in this Linux forensic investigation In this TryHackMe ExfilNode walkthrough we analyze Liams personal workstation to find undeniable evidence of data exfiltration. Learn how to: โ Check last login timestamps & timezone settings โ Extract USB connection logs & serial numbers โ Analyze executed commands (transferfiles file exfiltration) โ Identify external server IPs & cronjob backdoors โ Detect timestomped files in .hidden/ directories ๐ Questions Answered: โ
02:14 When did Liam last"
YouTube Link 2025-04-13T12:10Z [----] followers, [---] engagements
"๐ฏ ๐ Task [--] Access Granted TryHackMe Industrial Intrusion CTF Reverse Engineering CTF Reverse Engineering: Cracking a Password with Ghidra & GDB (TryHackMe Walkthrough) ๐๐ Room Link: https://tryhackme.com/room/industrial-intrusion ๐ธScenario:๐ธ ZeroTrace intercepts a suspicious HMI login module on the plant floor. Reverse the binary logic to reveal the access key and slip past digital defences. ๐ In this video Ill show you how to solve a CTF reverse engineering challenge by extracting a hidden password using Ghidra and GDB Well break down the access_granted binary step by step: 1"
YouTube Link 2025-07-01T09:28Z [----] followers, [---] engagements
"TryHackMe Insecure Deserialisation - Full Walkthrough [----] ๐ธ๐ธ Get in-depth knowledge of the deserialisation process and how it poses a vulnerability in a web app. Room Link: https://tryhackme.com/room/insecuredeserialisation ๐ธ๐ธ Insecure deserialisation exploits occur when an application trusts serialised data enough to use it without validating its authenticity. This trust can lead to disastrous outcomes as attackers manipulate serialised objects to achieve remote code execution escalate privileges or launch denial-of-service attacks. This type of vulnerability is prevalent in"
YouTube Link 2025-10-05T12:09Z [----] followers, [--] engagements
"TryHackMe Data Exfiltration Detection - Full Walkthrough [----] ๐ฏ Learn how to detect data exfiltration attempts in various network channels. ๐๐ Room Link: https://tryhackme.com/room/dataexfildetection ๐ฏ Data exfiltration is the unauthorized transfer of sensitive data from a computer or other device. It's a primary objective for attackers who have breached a network. As a SOC analyst our job is to detect and stop this before sensitive information walks out the door. This room will cover the common techniques attackers use to steal data and more importantly how we can catch them in the act."
YouTube Link 2025-10-03T13:09Z [----] followers, [--] engagements
"๐จ๐จ TryHackMe Hammer: Bypassing Rate Limits and Cracking JWT Tokens๐จ๐จ ๐จUse your exploitation skills to bypass authentication mechanisms on a website and get RCE. Breaking the Hammer: A TryHackMe Challenge on Rate Limit Bypass and JWT Manipulation ๐จBypass rate limit on reset password with [--] digit code / token using X-Forwarded-For also practice encode / decode php Json web token JWT ๐จ๐จ๐จ๐จScript used on the room:๐จ๐จ๐จ https://github.com/djalilayed/tryhackme/blob/main/hammer/recovery-code.py Mastering JWT Manipulation and Rate Limit Bypass: A TryHackMe Challenge ๐จ"
YouTube Link 2024-09-01T06:34Z [----] followers, [---] engagements
"TryHackMe Authentication Bypass - Full Walkthrough [----] ๐ฏ Learn how to defeat logins and other authentication mechanisms to allow you access to unpermitted areas. ๐๐ Room Link: https://tryhackme.com/room/authenticationbypass ๐ฏ Room Tasks: ๐ฏ ๐ฃ 00:00 Task 1: Brief ๐ 01:00 Task 2: Username Enumeration (ffuf) - What is the username starting with si*** - What is the username starting with st*** - What is the username starting with ro**** ๐ฆ 07:15 Task 3: Brute Force (ffuf Hydra) - What is the valid username and password (format: username/password) ๐ 10:50 Task 4: Logic Flaw - What is the"
YouTube Link 2025-10-05T06:06Z [----] followers, [---] engagements
"๐ฏ ๐Task [--] OSINT [--] TryHackMe Industrial Intrusion CTF Walkthrough ๐๐ Room Link: https://tryhackme.com/room/industrial-intrusion ๐ธScenario:๐ธ Great work on uncovering that suspicious subdomain Hexline. However your work here isnt done yet we believe there is more. ๐ **Tools Used: ๐ dig ๐ nslookup ๐ Don't forget to like subscribe and hit the bell icon for more CTF walkthroughs and cybersecurity tutorials #TryHackMe #OSINT"
YouTube Link 2025-07-01T06:25Z [----] followers, [---] engagements
"Introduction to Windows PowerShell Cyber Security [---] TryHackMe SAL1 Discover the "Power" in PowerShell and learn the basics. ๐ช What Is PowerShell ๐ช PowerShell Basics ๐ช Navigating the File System and Working with Files ๐ช Piping Filtering and Sorting Data ๐ช System and Network Information ๐ช Real-Time System Analysis ๐ช Scripting https://tryhackme.com/r/room/windowspowershell these tutorials are for educational purposes and to encourage responsible and legal use of hacking knowledge. #CyberSecurity101 #PowerShellBasics #WindowsPowerShell #TryHackMe #CyberSecurityTraining #SystemAnalysis"
YouTube Link 2024-10-24T09:43Z [----] followers, [----] engagements
"๐จ๐ค๐ค TryHackMe: Evil-GPT v2 Walkthrough Hacking an AI with Prompt Injection ๐ฏ๐ฏ ๐ค Ever wondered how to hack an AI In this video we dive deep into the "Evil-GPT v2" room on TryHackMe a fantastic challenge focused on Large Language Model (LLM) vulnerabilities. Join me as we explore the fascinating world of prompt injection. We'll start with the basics see why simple commands fail and then uncover the critical flaws in the AI's own system rules. You'll see the exact prompts I used to make the "Evil GPT" reveal its own secret flag and a full breakdown of why these techniques work. This"
YouTube Link 2025-07-06T04:51Z [----] followers, [---] engagements
"๐ฅ๐ฅ TryHackMe Sequel Dump - Recovering STOLEN DATA from Blind SQL Injection Hackfinity Battleโจโจ ๐ In this video we tackle the 'Sequel Dump' room from the TryHackMe Hackfinity Battle CTF. We'll analyze a PCAP file to uncover a blind SQL injection attack using sqlmap. ๐ First we'll walk through the manual process of reconstructing the attacker's requests and extracting the stolen data character by character. Then we'll show you how to automate this process with a Python script saving time and effort. ๐ Learn how to identify and exploit blind SQL injection vulnerabilities and recover"
YouTube Link 2025-03-21T15:13Z [----] followers, [---] engagements
"Whats Your Name TryHackMe CTF walk through ๐ Utilise your client-side exploitation skills to take control of a web app. ๐ This challenge will test client-side exploitation skills from inspecting Javascript to manipulating cookies to launching CSRF/XSS attacks. ๐๐ Script used on XSS๐๐ https://github.com/djalilayed/tryhackme/blob/main/Whats%20Your%20Name%3F.txt ๐๐ Script used on CSRF ๐๐ https://github.com/djalilayed/tryhackme/blob/main/Whats%20Your%20Name%3F.txt ๐๐ Script used on CSRF (base64) ๐๐ https://github.com/djalilayed/tryhackme/blob/main/Whats%20Your%20Name%3F.txt ๐๐ JPG"
YouTube Link 2024-04-27T14:52Z [----] followers, [----] engagements
"๐๐ฉ TryHackMe Avengers Hub Hackfinity Battle Encore WBCE CMS v1.6.2 RCE kernel module Exploit Welcome to the Hackfinity Battle CTF๐ In this room you exploit WBCE CMS v1.6.2 remote code execution vulnerability after you find admin login details in a zip backup file. ๐ฅRoom Scenario: ๐ฅ๐ Cyber Avengers' private server has been hijacked and Cipher has locked everyone out. Your mission: retrace his steps breach the system escalate privileges and reclaim control. The server is yoursroot it secure it and shut Cipher out for good. ๐ Code & Resources: ๐ ๐ First python script used to get info"
YouTube Link 2025-03-25T17:23Z [----] followers, [---] engagements
"๐๐๐ TryHackMe Notepad Hackfinity Battle Encore IDOR ๐๐๐ Insecure direct object references (IDOR) This easy room to show case a simple IDOR exploit on id parameter. ๐Room Scenario:๐ Thank you for registering to the Online Notepad Service. Your assigned credentials are as follows: Our services are built with security in mind. Rest assured that your notes will only be visible to you and nobody else. ๐Room Link๐: https://tryhackme.com/room/HackfinityBattleEncore #tryhackmeroom #tryhackme #tryhackmewalkthrough #Hackfinity #IDOR"
YouTube Link 2025-03-24T18:45Z [----] followers, [---] engagements
"TryHackMe Network Security Essentials - Full Walkthrough [----] ๐ Learn about key aspects of network security essentials and how to monitor and protect against adversaries. ๐ท๐ท Room Link: https://tryhackme.com/room/networksecurityessentials ๐ Learning Objectives๐ In this room we will cover the following learning objectives: ๐ Understand what a network is and identify its key components. ๐ Explore the concept of the network perimeter and its importance. ๐ Identify the key perimeter threats. ๐ Examine the firewall logs to monitor normal and suspicious logs. ๐ฎ Incident Scenario๐ฎ Initech"
YouTube Link 2025-09-30T14:43Z [----] followers, [---] engagements
"โกโก Old Authentication: TryHackMe - Reverse Engineering & Binary Exploitation CTF - Hackfinity Battle Hackfinity Battle: Old Authentication - Binary Reverse Engineering & Python Scripting In this video we tackle the "Old Authentication" room on TryHackMe part of the Hackfinity Battle student CTF. This challenge involves reverse engineering a binary to crack an old authentication system and retrieve the flag. ๐ Room Link:๐ https://tryhackme.com/room/HackfinityBattle ๐Python script used in this room:๐"
YouTube Link 2025-03-21T00:00Z [----] followers, [---] engagements
"๐ ๐๐ฏTask [--] MacOS The Last Trial Honeynet Collapse CTF TryHackMe ๐๐ ๐ฏ ๐Welcome to Honeynet Collapse ๐ Room Link: https://tryhackme.com/room/honeynet-collapse ๐ฏThe Last Trial๐ฏ ๐Until now the threat actor has managed to move laterally across the domain to gain access to the most critical systems. During this time the security team is focused on the containment and detailed investigation of the whole attack. But amidst this primary attack another critical compromise took place this time on a macOS system. Lucas the lead developer of DeceptiTech unintentionally became a victim of a"
YouTube Link 2025-07-27T06:50Z [----] followers, [---] engagements
"Mountaineer: Flags in the Mountains TryHackMe Challenge CVE-2021-24145 Nginx Alias LFI ๐ป๐ Modern Events Calendar Lite Exploit: Mountainous Mission (TryHackMe) ๐ป๐ Room Link: https://tryhackme.com/r/room/mountaineerlinux ๐ป๐ Website Used: ๐ป๐ Nginx Alias LFI Misconfiguration: https://book.hacktricks.xyz/network-services-pentesting/pentesting-web/nginx ๐ป๐ Wordpress Plugin Modern Events Calendar 5.16.2 - Event export (Unauthenticated) https://www.exploit-db.com/exploits/50084 ๐ป๐ Wordpress Plugin Modern Events Calendar 5.16.2 - Remote Code Execution (Authenticated)"
YouTube Link 2024-10-20T06:30Z [----] followers, [----] engagements
"OWASP API Security Top [--] - [--] Tryhackme walkthrough Learn the basic concepts for secure API development (Part 1)"
YouTube Link 2023-01-17T16:28Z [----] followers, [----] engagements
"๐ฅ๐งฑ๐ก Firewall Fundamentals: Windows & Linux Firewalls Cyber Security [---] TryHackme SAL1 ๐ฅ๐งฑ๐ก ๐ฅ๐งฑ๐ก Learn about firewalls and get hands-on with Windows and Linux built-in firewalls. Dive deep into the world of firewalls with this comprehensive tutorial from TryHackMe's Cyber Security [---] path. Here's what you'll learn: ๐ฅ What Is the Purpose of a Firewall - Understand the critical role firewalls play in securing networks. ๐ฅ Types of Firewalls - Explore different firewall technologies and their applications. ๐ฅ Rules in Firewalls - Learn how to configure firewall rules to protect your"
YouTube Link 2024-10-27T11:26Z [----] followers, [----] engagements
"Logging for Accountability - TryHackMe - Learn about the role accountability plays in logging and incident response. Learning Objectives ๐ฅ Understand where data originates how it is stored and how a security engineer can leverage it. ๐ฅ Understand why accountability is important to security and how logging can help improve its efficacy. ๐ฅ Apply logs and other data sources to incident response and the principle of accountability. https://tryhackme.com/room/loggingforaccountability"
YouTube Link 2023-09-13T08:52Z [----] followers, [----] engagements
"๐ฏ๐งฉ๐ Smol TryHackMe CVE-2018-20463 LFI RCE ๐งฉ๐๐ฏ ๐ฏ๐งฉ๐Test your enumeration skills on this boot-to-root machine. ๐ฏ๐งฉ๐ At the heart of Smol is a WordPress website a common target due to its extensive plugin ecosystem. The machine showcases a publicly known vulnerable plugin highlighting the risks of neglecting software updates and security patches. Enhancing the learning experience Smol introduces a backdoored plugin emphasizing the significance of meticulous code inspection before integrating third-party components. Quick Tips: Do you know that on computers without GPU like the"
YouTube Link 2025-01-26T03:59Z [----] followers, [---] engagements
"๐ฏ ๐ Task [--] - Backdoored Bus TryHackMe: Industrial Intrusion CTF Finding a Docker Backdoor ๐ธ ๐๐ Room Link: https://tryhackme.com/room/industrial-intrusion ๐ธYou get access to container image and your task to find the backdoor. ๐ In this video I solve a Backdoored Bus CTF challenge where a backdoor was hidden in a Python Modbus server. Heres how I found the flag Steps Covered: [--] Extracted the Docker image (tar) manually to analyze layers. [--] Used grep to search for malicious code (os.system eval). [--] Found the backdoor: A curl command with a base64-encoded domain (54484d7b. = THM.). 4"
YouTube Link 2025-06-30T07:38Z [----] followers, [---] engagements
"OWASP Top [--] - [----] TryHackMe Walkthrough - A Hands-On Guide to Web Security Threats SAL1 ๐ฅ๐ฅ Dive deep into the OWASP Top [--] - [----] vulnerabilities with this comprehensive walkthrough of the TryHackMe room In this video we'll explore each of the [--] most critical web security risks showing you how they occur and more importantly how to exploit them. Perfect for beginners and those looking to solidify their web security skills. This walkthrough covers: ๐ Broken Access Control:** (Timestamp: 0:43) Learn how to bypass authorization checks and gain unauthorized access (IDOR Challenge). ๐"
YouTube Link 2023-03-08T07:05Z [----] followers, 65.5K engagements
"TryHackMe Multi-Factor Authentication Full Walkthrough [----] ๐จ๐จ Exploiting Multi-Factor Authentication. ๐จ๐จ This part of Web Application Pentesting Path. ๐๐ Room Link: https://tryhackme.com/room/multifactorauthentications ๐ธBy the end of this room you will:๐ธ ๐ Understand the operational principles of MFA and its significance in strengthening an application's security posture. ๐ Explore the different types of authentication factors used in MFA setups. ๐ Gain insights into practical scenarios where MFA is implemented to protect sensitive data and systems. ๐ตโ๐ตโ Room Tasks: ๐ตโ๐ตโ ๐ฉ"
YouTube Link 2025-09-15T09:04Z [----] followers, [---] engagements
"Tryhackme - Diamond Model - TryHackMe SOC Level [--] SAL1 Learn about the four core features of the Diamond Model of Intrusion Analysis: adversary infrastructure capability and victim. https://tryhackme.com/room/diamondmodelrmuwwg42"
YouTube Link 2022-10-03T17:13Z [----] followers, [---] engagements
"๐จ๐ธ Health Hazard TryHackMe Threat Hunting Simulator Supply Chain Compromise Splunk ๐จ๐ธ ๐ฉ๐ฉ Supply Chain Compromise - Command and Scripting Interpreter - Boot or Logon Autostart Execution ๐งธ๐งธ Room Link: https://tryhackme.com/threat-hunting-sim/scenarios ๐ปโ๐ฉ Scenario overview ๐ปโ๐ฉ After months of juggling content calendars and caffeine-fueled brainstorming co-founder Tom Whiskers finally carved out time to build the companys first website. It was supposed to be simple: follow a tutorial install a few packages and bring the brand to life with lightweight JavaScript magic. But between"
YouTube Link 2025-07-26T06:54Z [----] followers, [--] engagements
"๐จMicrosoft AI Red Teaming Playground Labs: Credential Exfiltration Level [--] Direct Prompt Injection Level 1: Convince the model to reveal the contents of passwords.txt using social engineering techniques. ๐ Learn how to solve the Microsoft AI Red Teaming Playground Labs Credential Exfiltration Level [--] challenge In this step-by-step tutorial I demonstrate how to use prompt injection to exfiltrate the contents of passwords.txt. Perfect for beginners in AI security ethical hacking and red-teaming. Discover jailbreaking techniques bypass AI safeguards and understand why simple prompts like "I am"
YouTube Link 2025-06-04T11:46Z [----] followers, [---] engagements
"๐ง๐ง Lookup TryHackMe CVE-2019-9194 elFinder From Boot to Root ๐ง๐ง TryHackMe Lookup Lookup TryHackMe. ๐ง Test your enumeration skills on this boot-to-root machine. ๐ง ๐ง๐ง https://tryhackme.com/r/room/lookup Lookup offers a treasure trove of learning opportunities for aspiring hackers. This intriguing machine showcases various real-world vulnerabilities ranging from web application weaknesses to privilege escalation techniques. By exploring and exploiting these vulnerabilities hackers can sharpen their skills and gain invaluable experience in ethical hacking. Through "Lookup" hackers can"
YouTube Link 2024-11-24T06:21Z [----] followers, [---] engagements
"TryHackMe Command Injection Full Walkthrough [----] Learn about a vulnerability allowing you to execute commands through a vulnerable app and its remediations. This part of TryHackMe Jr Penetration Tester ๐๐ Room Link: https://tryhackme.com/room/oscommandinjection โ
How to discover the command injection vulnerability โ
How to test and exploit this vulnerability using payloads designed for different operating systems โ
How to prevent this vulnerability in an application โ
Lastly youll get to apply theory into practice learning in a practical at the end of the room. ๐ฏ Room Tasks:๐ฏ ๐ Task 1:"
YouTube Link 2025-09-13T14:50Z [----] followers, [--] engagements
"TryHackMe Extract Full Walkthrough [----] - SSRF & CVE-2025-29927 Exploit Can you extract the secrets of the library ๐ฆ๐ฆ Room Link: https://tryhackme.com/room/extract ๐ฆScenario:๐ฆ The librarian rushed some final changes to the web application before heading off on holiday. In the process they accidentally left sensitive information behind Your challenge is to find and exploit the vulnerabilities in the application to extract these secrets. ๐ฅLinks used on the video:๐ฅ ๐ค Next.js and the corrupt middleware (CVE-2025-29927): the authorizing artifact:"
YouTube Link 2025-08-25T15:34Z [----] followers, [---] engagements
"TryHackMe File Inclusion Full Walkthrough [----] - LFI - RFI - directory traversal โ
This room introduces file inclusion vulnerabilities including Local File Inclusion (LFI) Remote File Inclusion (RFI) and directory traversal. โ
This part of TryHackMe Jr Penetration Tester path ๐๐ Room Link: https://tryhackme.com/room/fileinc ๐Room Tasks:๐ ๐00:00:00 Task [--] Introduction ๐00:03:26 Task [--] Deploy the VM ๐00:04:10 Task [--] Path Traversal - What function causes path traversal vulnerabilities in PHP ๐00:17:00 Task [--] Local File Inclusion - LFI - Give Lab #1 a try to read /etc/passwd. What would"
YouTube Link 2025-09-12T07:39Z [----] followers, [--] engagements
"๐ง ๐จโก Systems as Attack Vectors TryHackMe Walk Through ๐ง๐จ โก ๐ ** Room Link: https://tryhackme.com/room/systemsattackvectors Learn how attackers exploit vulnerable and misconfigured systems and how you can protect them. ๐Learning Objectives๐ ๐ฏ Learn the role of a system in a modern digital world ๐ฏ Explore a variety of real-world attacks targeting systems ๐ฏ Practice the acquired knowledge in two realistic scenarios ๐ Definition of System ๐ค Attacks on Systems ๐ชฒ Vulnerabilities ๐ Misconfigurations ๐ฆข Practice ๐ชฒ๐ชฒLink from the video:๐ชฒ๐ชฒ ๐ทThe DFIR Report: How Real Intrusions Happen:"
YouTube Link 2025-08-14T19:00Z [----] followers, [--] engagements
"TryHackMe Network Discovery Detection - Full Walkthrough [----] Understand how attackers discover assets in a network and how to detect that activity. ๐ท๐ท Room Link: https://tryhackme.com/room/networkdiscoverydetection ๐ฉ Learning Objectives ๐ฉ By the end of this room we aim to understand: ๐ What is network discovery ๐ Why attackers perform network discovery ๐ What are the different types of network discovery ๐ How network discovery techniques work and how we can detect them ๐ฉ Room Tasks: ๐ฉ ๐ 00:00 Task 1: Introduction ๐ง 02:25 Task 2: Network Discovery - What do attackers scan other"
YouTube Link 2025-10-01T17:48Z [----] followers, [---] engagements
"โก๐โก TryHackMe Tomcat: CVE-2024-50379 Time-of-check Time-of-use vulnerability Race Condition ๐ โกโกExplore and learn about the Tomcat CVE-2024-50379 vulnerability.โกโก Dive into the newly discovered Tomcat vulnerability CVE-2024-50379 This room explores a classic Time-of-check Time-of-use (TOCTOU) race condition during JSP compilation on case-insensitive systems. Learn how to exploit detect (access logs system logs Sysmon) and understand the technical background of this critical issue. โก 0:00 Introduction to CVE-2024-50379 โก 02:41 Technical Background: Understanding TOCTOU โก 07:28 Exploitation:"
YouTube Link 2025-03-12T05:36Z [----] followers, [---] engagements
"๐ ๐๐ฏ which ransomware group targeted the organisation Task [--] Filesystem Shock and Silence ๐ ๐๐ฏ ๐Room Link: https://tryhackme.com/room/honeynet-collapse ๐This just quick video to showcase steps for the answer to question: ๐Go beyond the obvious - which ransomware group targeted the organisation ๐Question Hint Perform some OSINT and look deeper - the true story lies beneath the surface. You're looking for the group that got breached ๐ Triage link: https://tria.ge/250610-cs7dvaxtdy โ Educational Purpose Only This content is for educational and authorized penetration testing purposes"
YouTube Link 2025-07-28T17:49Z [----] followers, [--] engagements
"Advent of Cyber [----] Task [--] Day [--] Machine learning Jingle Bell SPAM - TryHackMe Task [--] Day [--] Machine learning Jingle Bell SPAM: Machine Learning Saves the Day Over the past few weeks Best Festival Company employees have been receiving an excessive number of spam emails. These emails are trying to lure users into the trap of clicking on links and providing credentials. Spam emails are somehow ending up in the mailing box. It looks like the spam detector in place since before the merger has been disabled/damaged deliberately. Suspicion is on McGreedy who is not so happy with the merger."
YouTube Link 2023-12-15T16:58Z [----] followers, [---] engagements
"The Return of the Yeti - TryHackMe - Advent of Cyber '23 Side Quest The Yeti needs a plan for [----]. Help him out room link: https://tryhackme.com/room/adv3nt0fdbopsjcap Software used on the room links: hcxtools: extracting wifi wpa handshake https://github.com/ZerBea/hcxtools pyrdp: playing wireshark wifi capture pcap file https://github.com/GoSecure/pyrdp CyberChef: https://gchq.github.io/CyberChef Cracking WPA/WPA2 with hashcat https://hashcat.net/wiki/doku.phpid=cracking_wpawpa2 mimikatz PFX files #tryhackme"
YouTube Link 2023-12-29T05:05Z [----] followers, [---] engagements
"TryHackMe Intro to Cross-site Scripting - Full Walkthrough [----] ๐๐ Learn how to detect and exploit XSS vulnerabilities giving you control of other visitor's browsers. Part of Jr Penetration Tester Path ๐ท๐ท Room Link: https://tryhackme.com/room/xss ๐๐ Room Tasks:๐๐ ๐ 00:00 Task 1: Room Brief ๐ฎ 01:50 Task 2: XSS Payloads ๐ 04:19 Task 3: Reflected XSS ๐ฎ 05:55 Task 4: Stored XSS ๐ 07:36 Task 5: DOM Based XSS ๐ฎ 09:50 Task 6: Blind XSS ๐ 11:22 Task 7: Perfecting your payload ๐ฎ 26:27 Task 8: Practical Example (Blind XSS) โ Educational Purpose Only This content is for educational and"
YouTube Link 2025-09-19T07:31Z [----] followers, [--] engagements
"๐๐ Tcpdump: The Basics - Packet Capture and Filtering Beginners Guide TryHackMe ๐๐ ๐ Learn how to use Tcpdump to save filter and display packets. Tcpdump Tutorial: Essential Skills for Network Analysis TryHackMe Walkthrough ๐ Basic Packet Capture ๐ Filtering Expressions ๐ Advanced Filtering ๐ Displaying Packets https://tryhackme.com/r/room/tcpdump ๐ Like Subscribe and Comment to stay updated with our latest cybersecurity tutorials. If you have any questions or need further clarification on any concept feel free to drop a comment below these tutorials are for educational purposes and"
YouTube Link 2024-11-02T08:24Z [----] followers, [---] engagements
"TryHackMe AppSec IR Full Walkthrough [----] ๐ธ An introduction into the overlapping worlds of AppSec and IR. ๐ธ Learning Objectives ๐ธ ๐ฉ Understand the intersection between AppSec and incident response ๐ฉ Understand the steps that can be taken to prepare for an application incident ๐ฉ Understand the process of responding to an application incident ๐ฉ Understand the importance of learning from an application incident ๐ธ Room Tasks ๐ธ โด Task 1: Introduction ๐ Task 2: AppSec IR Fundamentals ๐ฆ Task 3: Preparing for Application Incidents ๐ Task 4: Responding to an Application Incident ๐ Task 5:"
YouTube Link 2025-09-18T07:31Z [----] followers, [---] engagements
"TryHackMe Sequence - Full Walkthrough [----] - XSS - CSRF - Docker Escape ๐ฉ Chain multiple vulnerabilities to take control of a system. ๐ฉ ๐ฉ๐ฉ Room Link: ๐ฉ๐ฉ https://tryhackme.com/room/sequence ๐ธScenario:๐ธ Robert made some last-minute updates to the review.thm website before heading off on vacation. He claims that the secret information of the financiers is fully protected. But are his defenses truly airtight Your challenge is to exploit the vulnerabilities and gain complete control of the system. ๐ฒ๐ฒ Room Overview ๐ฒ๐ฒ Solving this room involved many steps and chaining many"
YouTube Link 2025-09-22T08:45Z [----] followers, [---] engagements
"๐๐ Introduction to Cryptography - Mastering Cryptography Fundamentals: A TryHackMe Walkthrough ๐๐ Learn about encryption algorithms such as AES Diffie-Hellman key exchange hashing PKI and TLS. Crack the Cryptography Challenge: Learn AES Diffie-Hellman Hashing PKI and TLS ๐ Symmetric Encryption ๐ Asymmetric Encryption ๐ Diffie-Hellman Key Exchange ๐ Hashing ๐ PKI and SSL/TLS ๐ Authenticating with Passwords ๐ Cryptography and Data - Example Mastering Cryptography Fundamentals: A TryHackMe Challenge https://tryhackme.com/room/cryptographyintro #cybersecurity #CTF #hacking #infosec"
YouTube Link 2023-02-07T17:15Z [----] followers, 13.7K engagements
"TryHackMe Detecting Web Attacks Full Walkthrough [----] ๐บExplore web attacks and detection methods through log and network traffic analysis. ๐๐ Room Link: https://tryhackme.com/room/detectingwebattacks ๐บ Web attacks are among the most common ways attackers gain entry into target systems. Public-facing websites and web applications often sit in front of databases and other infrastructure which are appealing targets for attackers. In this room youll learn how to identify these threats using practical detection methods and industry-standard tools. Objectives โก Learn common client-side and"
YouTube Link 2025-09-11T19:14Z [----] followers, [---] engagements
"Public Key Cryptography Basics: RSA SSH and More in Cyber Security [---] TryHackMe SAL1 Discover how public key ciphers such as RSA work and explore their role in applications such as SSH. ๐ Common Use of Asymmetric Encryption ๐ RSA ๐ Diffie-Hellman Key Exchange ๐ SSH ๐ Digital Signatures and Certificates ๐ PGP and GPG https://tryhackme.com/r/room/publickeycrypto these tutorials are for educational purposes and to encourage responsible and legal use of hacking knowledge. #THMCyberSecurity101 #CyberSecurity101 #PublicKeyCryptography #RSA #AsymmetricEncryption #TryHackMe"
YouTube Link 2024-10-25T11:53Z [----] followers, [----] engagements
"๐งฒ ๐ TryHackMe SOC L1 Alert Triage SOC Simulator SAL1 ๐ Learn more about SOC alerts and build a systematic approach to efficiently triaging them. An alert is a core concept for any SOC team and knowing how to handle it properly ultimately decides whether a security breach is detected and prevented or missed and devastating. This is an entry level but essential room for SOC L1 analysts to understand the concept and lifecycle of alerts from event generation to correct resolution. โจ Learning Objectivesโจ โกFamiliarise with the concept of SOC alert โกExplore alert fields statuses and"
YouTube Link 2025-04-11T05:14Z [----] followers, [----] engagements
"๐๐ตโ ๐ง TryHackMe Hide and Seek Linux Forensic DFIR Hackfinity Battle Encore ๐ง Welcome to the Hackfinity Battle CTF๐ In this video we investigate a different persistence technique used by an attacker on a Linux system ๐ฅRoom Scenario: ๐ฅ๐ ๐A note was discovered on the compromised system taunting us. It suggests multiple persistence mechanisms have been implanted ensuring that Cipher can return whenever he pleases. Heres the note: Dear Specter I must say its been a thrill dancing through your systems. You lock the doors; I pick the locks. You set up alarms; I waltz right past them. But"
YouTube Link 2025-03-28T06:51Z [----] followers, [---] engagements
"๐๐๐ TryHackMe Mayhem From Wireshark to Decrypted Havoc C2 ๐๐ ๐๐ Can you find the secrets inside the sea of mayhem๐ ๐๐ Unmasking Havoc C2: Decoding Attacker Secrets in TryHackMe's Mayhem The "Mayhem" room on TryHackMe throws you into a sea of Havoc C2 communication Can you uncover the attacker's secrets hidden within the Wireshark capture Join us as we trace the initial PowerShell infection the disguised notepad.exe Havoc agent and the encrypted communication with the teamserver. We'll guide you through identifying the crucial 0xdeadbeef marker extracting the AES key and IV ๐๐ We"
YouTube Link 2025-04-21T04:43Z [----] followers, [---] engagements
"๐ฅ ๐ก Introduction to Phishing TryHackMe SOC Simulator SAL1 ๐Scenario overview๐ Learn how to use SOC Simulator by completing your first scenario. Close all True Positive alerts to pass ๐Scenario objectives๐ ๐ Monitor and analyze real-time alerts. ๐ Identify and document critical events such as suspicious emails and attachments ๐ Create detailed case reports based on your observations to help your team understand the full scope of alerts and malicious activity. https://tryhackme.com/soc-sim/scenarios #SAL1"
YouTube Link 2025-04-16T15:18Z [----] followers, [---] engagements
"TryHackMe Linux Threat Detection [--] - Full Walkthrough [----] ๐ธ Explore how attackers break into Linux systems and how you can detect this in logs. ๐๐ Room Link: https://tryhackme.com/room/linuxthreatdetection1 ๐ฏLearning Objectives๐ฏ ๐ Understand the role and risk of SSH in Linux environments ๐ Learn how Internet-exposed services can lead to breaches ๐ Utilize process tree analysis to identify the origin of the attack ๐ Practice detecting Initial Access techniques in realistic labs ๐ฏRoom Tasks๐ฏ ๐ 00:00 Task 1: Introduction ๐ฆ 01:39 Task 2: Initial Access via SSH - When did the ubuntu"
YouTube Link 2025-09-24T18:41Z [----] followers, [---] engagements
"โ๐๐โ TryHackMe Sneaky Patch Linux Kernel Forensic Hackfinity Battle Encore โโ Welcome to the Hackfinity Battle CTF๐ In this video we investigate a malicious kernel module install in a Linux system. ๐ฅRoom Scenario: ๐ฅ๐ ๐A high-value system has been compromised. Security analysts have detected suspicious activity within the kernel but the attackers presence remains hidden. Traditional detection tools have failed and the intruder has established deep persistence. Investigate a live system suspected of running a kernel-level backdoor.๐ ๐ TryHackMe Room:"
YouTube Link 2025-03-27T15:31Z [----] followers, [---] engagements
"Understanding Shells in Cyber Security TryHackMe's Shells Overview Cyber Security [---] SAL1 Learn about the different types of shells. Shells Overview TryHackMe Dive into the world of shells with this comprehensive overview from TryHackMe's Cyber Security [---] path. This video covers: ๐ท Shell Overview: What are shells and why are they crucial in cybersecurity ๐ท Reverse Shell: How attackers use this technique to gain control over a remote system. ๐ท Bind Shell: Understanding how to set up and exploit bind shells. ๐ท Shell Listeners: Tools and techniques for setting up listeners to catch"
YouTube Link 2024-10-27T08:49Z [----] followers, [----] engagements
"๐ญ๐ญ Mouse Trap Mobile Mouse Server CVE-2023-31902 TryHackMe ๐ญ๐ญ ๐จ๐ป๐ป๐พ๐ญ Follow the adventures of Jom and Terry members of the TryMouseMe purple team as they work through a thrilling exercise of Attack and Defense. From initial access to persistence you will emulate a three-stage attack on a Windows environment. ๐จ๐ป๐ป๐พ๐ญ Attack Emulation VM (TA001: Initial access TA004: Privilege Escalation TA003: Persistence) CVE-2023-31902 SharpUp.exe ๐จ๐ป๐ป๐พ๐ญ Mobile Mouse 3.6.0.4 Remote Code Execution Exploit ๐จ๐ป๐ป๐พ๐ญ https://github.com/blue0x1/mobilemouse-exploit/tree/main ๐ญ After finding a"
YouTube Link 2024-11-17T08:58Z [----] followers, [---] engagements
"๐จ๐ค๐ค TryHackMe Evil-GPT Walkthrough Hack AI Command Systems ๐จ ๐ค Practice your LLM hacking skills. Room Link: https://tryhackme.com/room/hfb1evilgpt ๐คLearn AI/LLM security testing with this complete walkthrough of TryHackMe's Evil-GPT room In this tutorial I demonstrate how to analyze and exploit AI command execution systems covering prompt injection techniques ๐ What You'll Learn: AI command interpreter vulnerabilities Prompt engineering for security testing Command sanitization bypass techniques File system enumeration via LLM systems โก Topics Covered: Initial reconnaissance and flag"
YouTube Link 2025-07-05T06:05Z [----] followers, [---] engagements
"Networking Essentials: A Beginner's Guide TryHackMe Cyber Security [---] SAL1 Explore networking protocols from automatic configuration to routing packets to the destination. DHCP ARP ICMP & Routing: Networking Basics ๐ง DHCP: Give Me My Network Settings ๐ง ARP: Bridging Layer [--] Addressing to Layer [--] Addressing ๐ง ICMP: Troubleshooting Networks ๐ง Routing ๐ง NAT https://tryhackme.com/r/room/networkingessentials Networking Essentials: From Automatic Configuration to Packet Delivery these tutorials are for educational purposes and to encourage responsible and legal use of hacking knowledge."
YouTube Link 2024-10-24T04:16Z [----] followers, [----] engagements
"๐ฐ๐ฐ TryHackMe Billing writeup MagnusBilling RCE CVE-2023-30258 Fail2ban ๐ฐ Some mistakes can be costly. TryHackMe Billing walk through TryHackMe Billing writeup ๐ฐ In this video we tackle the TryHackMe "Billing" room showcasing how to exploit a critical vulnerability to gain root access. We start with an initial scan revealing MagnusBilling running on port [--]. A quick search highlights CVE-2023-30258 an unauthenticated Remote Command Execution (RCE) vulnerability providing a direct path to a foothold. ๐ฐ We demonstrate two methods for exploiting CVE-2023-30258: * Metasploit Module: We'll"
YouTube Link 2025-03-09T01:50Z [----] followers, [----] engagements
"Intranet - TryHackMe - FLAG [--] - Zap ffuf burp Welcome to the intranet Flag [--] using Zap proxy ffuf and Burp suite"
YouTube Link 2023-06-20T11:44Z [----] followers, [---] engagements
"๐ฏ โ
TryHackMe Custom Tooling using Burp Custom Burp Suite Extension (RSA Encrypt/Decrypt) โ
๐ฏ Creating custom tooling for application testing using Burp Plugins. โ
In this TryHackMe walkthrough we tackle the "Custom Tooling using Burp" room Learn how to analyze web applications with custom encryption and build your own Burp Suite extension from scratch to handle it. ๐ตโ Room Focus: Custom Tooling using Burp Platform: TryHackMe ๐ What you'll learn in this video:๐ Understanding the challenge: End-to-end encryption in HTTP requests/responses. โ Identifying flaws in custom encryption schemes"
YouTube Link 2025-06-01T13:43Z [----] followers, [---] engagements
"๐ฏ ๐ Task-20 Echoed Streams TryHackMe: Industrial Intrusion CTF AES-GCM Nonce Reuse Attack ๐๐ Room Link: https://tryhackme.com/room/industrial-intrusion How ONE Cryptographic Mistake Breaks Everything Nonce Reuse Attack Tutorial ๐ธScenario:๐ธ Three months after the Virelia Water Control Facility was breached OT traffic is finally back onlinesupposedly fully remediated. During a routine audit Black Echos red team intercepted two backtoback telemetry packets between a pump controller and the SCADA server. Curiously both packets were encrypted under AESGCM using the same 16-byte nonce (number"
YouTube Link 2025-06-30T10:38Z [----] followers, [---] engagements
"Confluence CVE-2023-22515 - TryHackMe - Exploit CVE-2023-22515 to get admin access to Confluence Server and Data Center editions. On October 4th [----] Atlassian released a security advisory regarding CVE-2023-22515 a broken access control vulnerability with an assigned CVSS score of [----]. The vulnerability was introduced in version 8.0.0 of Confluence Server and Data Center editions and is present in versions 8.3.3 8.4.3 8.5.2. https://tryhackme.com/room/confluence202322515 #tryhackme"
YouTube Link 2023-10-19T05:48Z [----] followers, [----] engagements
"๐ธ๐ปโ๐ปAPT28 Attack Simulation: TryHackMe Incident Response Challenge APT28 in the Snare๐ธ๐ปโ๐ป Hunting APT28 (Fancy Bear) - TryHackMe Walkthrough & Forensic Investigation ๐ TryHackMe "APT28 in the Snare" Full Walkthrough & Forensic Investigation In this hands-on TryHackMe walkthrough we investigate APT28 (Fancy Bear) a notorious Russian cyber-espionage group in a realistic incident response scenario. You'll learn how to: โ
Detect initial access & execution โ
Uncover persistence mechanisms (how APT28 stays hidden) โ
Analyze privilege escalation & data exfiltration โ
Use Eric Zimmermans tools"
YouTube Link 2025-05-25T10:49Z [----] followers, [---] engagements
"TryHackMe Subdomain Enumeration - Full Walkthrough [----] ๐ Learn the various ways of discovering subdomains to expand your attack surface of a target. ๐ท๐ท Room Link: https://tryhackme.com/room/subdomainenumeration ๐ฉRoom Tasks:๐ฉ ๐ 00:00 Task 1: Brief - What is a subdomain enumeration method beginning with B - What is a subdomain enumeration method beginning with O - What is a subdomain enumeration method beginning with V ๐ 02:45 Task 2: OSINT - SSL/TLS Certificates ๐ 04:25 Task 3: OSINT - Search Engines - What domain was logged on crt.sh at 2020-12-26 ๐ 06:00 Task 4: DNS Bruteforce -"
YouTube Link 2025-10-05T06:05Z [----] followers, [--] engagements
"๐ TryHackMe: Directory Walkthrough Kerberos ASREP Roast Hashcat & WinRM Decryption Walkthrough ๐ Room Link: https://tryhackme.com/room/directorydfirroom ๐จTools Used: ๐ Script used in this video decrypt WinRM traffic: https://github.com/djalilayed/tryhackme/blob/main/directory/decrypt_winrm.py ๐ Command used in this video: https://github.com/djalilayed/tryhackme/tree/main/directory ๐ธIn this complete step-by-step walkthrough of the TryHackMe room "Directory" we dive deep into network forensics and Active Directory attacks to go from a packet capture to the final flag. This video is"
YouTube Link 2025-07-21T06:38Z [----] followers, [---] engagements
"๐๐ฅ๐ TryHackMe Heist Smart Contract Hacked ๐ Full Walkthrough (Hackfinity CTF) ๐๐ฅ๐ TryHackMe: Heist - Smart Contract changeOwnership & withdraw Exploit From the Hackfinity Battle CTF event. Welcome ethical hackers ๐ตโ In this video we're diving deep into the "Heist" room from TryHackMe originally featured in the Hackfinity Battle CTF event. The mission: A critical weakness has been found in Cipher's Smart Contract. If exploited we can drain its entire ETH treasury This isn't just about the loot; successfully emptying the contract will cut off funding to the notorious Phantom Node Botnet"
YouTube Link 2025-05-25T15:45Z [----] followers, [--] engagements
"TryHackMe Intro to SSRF Full Walkthrough [----] Learn how to exploit Server-Side Request Forgery (SSRF) vulnerabilities allowing you to access internal server resources. In this room you'll learn what an SSRF is what kind of impact they can have you'll view some example SSRF attacks how you can discover SSRF vulnerabilities how to circumvent input rules and then we have a practice for you against with to try your newfound skills. ๐๐ Room Link: https://tryhackme.com/room/ssrfqi This room part of TryHackMe Jr Penetration Tester path. ๐ What is an SSRF ๐ SSRF Examples ๐ Finding an SSRF ๐"
YouTube Link 2025-09-11T11:45Z [----] followers, [--] engagements
"๐ ๐ Server-side Template Injection TryHackMe A Deep Dive into Exploiting Smarty Pug Jinja2 ๐ ๐ SSTI Overview ๐ Template Engines ๐ PHP - Smarty ๐ NodeJS - Pug ๐ Python - Jinja2 ๐ Automating the Exploitation ๐ Extra-Mile Challenge (Form Tools 3.1.1 CVE-2024-22722) ๐ Mitigation ๐ code / shell used on the room: https://github.com/djalilayed/tryhackme/blob/main/Server-side-Template-Injection/code-used.txt ๐ Server Side Template Injection (SSTI) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary commands via the Group Name field under the add forms section of the"
YouTube Link 2024-06-19T07:32Z [----] followers, [----] engagements
"๐จโ
๐ฆ TryHackMe - Security Footage Walkthrough: Recovering a Scrolling Flag ๐ฆ Security Footage (TryHackMe) - PCAP Forensics OCR & Flag Reconstruction Guide โ
In this comprehensive walkthrough we tackle the "Security Footage" room on TryHackMe Join me as we dive into digital forensics to recover crucial footage and a hidden scrolling flag from a network capture (PCAP file). โ
The hard drives are destroyed but the network never forgets We'll perform an end-to-end investigation covering: ๐ โ
Room Link: https://tryhackme.com/room/securityfootage ๐ Network Forensics Fundamentals: - Analyzing"
YouTube Link 2025-05-11T05:00Z [----] followers, [---] engagements
"๐โ
๐ Crypto Failures Crypt Salt A brute force attack TryHackMe CTF ๐ ๐๐Implementing your own military-grade encryption is usually not the best idea. ๐ First exploit the encryption scheme in the simplest possible way then find the encryption key. Room Link: https://tryhackme.com/room/cryptofailures ๐๐ Scripts Used:๐๐ ๐ Find web Flag๐: https://github.com/djalilayed/tryhackme/blob/main/Crypto%20Failures/admin_flag.py ๐ Simulation [--] steps for the key ๐ https://github.com/djalilayed/tryhackme/blob/main/Crypto%20Failures/find_key_anim_10.php ๐ Get Encryption Key:๐"
YouTube Link 2025-03-03T19:42Z [----] followers, [---] engagements
"โ๐ TryHackMe Serverless Walkthrough AWS SSRF & Role Escalation to Hijack Cloud Infrastructure โ Welcome to the Hackfinity Battle CTF๐ Infinity Shell CTF: Decoding Base64 & Tracing the Hacker (TryHackMe) ๐In this detailed walkthrough of TryHackMe's 'Serverless' room I demonstrate how to exploit AWS credentials and leverage vulnerabilities like SSRF LFI and role escalation to take control of a cloud-based red team infrastructure. Follow along as I uncover hidden flags from the DarkMatter gang's contractor ShadowFang and show you step-by-step how to access leaked information and overcome AWS"
YouTube Link 2025-03-27T12:35Z [----] followers, [---] engagements
"๐จ๐ค๐ธ๐ค ContAInment TryHackMe Room: Ransomware Investigation Walkthrough ๐จ๐ค๐ค ๐ธCan you help contain the ransomware threat with the help of AI๐ธ ๐๐Join me as we dive into the ContAInment TryHackMe room a thrilling ransomware investigation challenge In this walkthrough well step into the role of a Security Analyst at West Tech tasked with investigating a ransomware attack on senior researcher Oliver Deers workstation. Learn how to identify the attacker's entry point trace their actions recover stolen data and neutralize the threat using both manual techniques and an AI-powered IR"
YouTube Link 2025-07-10T08:07Z [----] followers, [---] engagements
"๐ฏ ๐ Task [--] Orcam TryHackMe Industrial Intrusion CTF Walkthrough Malicious Macro Analysis ๐๐ Room Link: https://tryhackme.com/room/industrial-intrusion ๐ธScenario:๐ธ You get an email with attachment Microsoft docm file. with Macro enable. you need to analyses the VBA code inside the macro to get the flag. In this step-by-step walkthrough we tackle the malicious document challenge from the TryHackMe Industrial Intrusion room. We'll go from receiving a suspicious email to fully reverse-engineering the hidden VBA macro to find the flag. This guide is perfect for anyone studying for"
YouTube Link 2025-06-30T16:58Z [----] followers, [---] engagements
"๐ธ๐จ TryHackMe Stolen Mount NFS From Wireshark PCAP to QR Code Flag ๐จ๐จ Analyse network traffic related to an unauthenticated file share access attempt focusing on potential signs of data exfiltration. โก Room Link: https://tryhackme.com/room/hfb1stolenmount ๐ธScenario:๐ธ An intruder has infiltrated our network and targeted the NFS server where the backup files are stored. A classified secret was accessed and stolen. The only trace left behind is a packet capture (PCAP) file recorded during the incident. Your mission should you accept it is to discover the contents of the stolen data. ๐ฉ๐ฉIn"
YouTube Link 2025-07-13T05:45Z [----] followers, [---] engagements
"Vulnerability Scanner Overview TryHackMe Cyber Security [---] SAL1 Learn about vulnerability scanners and how they work in a practical scenario. ๐ชซ What Are Vulnerabilities ๐ชซ Vulnerability Scanning ๐ชซ Tools for Vulnerability Scanning ๐ชซ CVE & CVSS ๐ชซ OpenVAS ๐ชซ Practical Exercise https://tryhackme.com/r/room/vulnerabilityscanneroverview these tutorials are for educational purposes and to encourage responsible and legal use of hacking knowledge. #THMCyberSecurity101 #CyberSecurity101 #CyberSecurity #TryHackMe #VulnerabilityScanner #HackingTutorial #InfoSec #CyberTraining"
YouTube Link 2024-10-28T07:36Z [----] followers, [----] engagements
"๐ฏ๐ Active Directory Enumeration for Beginners TryHackMe AD: Basic Enumeration Walkthrough PT1 ๐ท Learn how to enumerate an Active Directory network and get initial access. ๐ด Learn how to enumerate an Active Directory (AD) network and gain initial access in this step-by-step TryHackMe walkthrough Active Directory enumeration is a critical skill for penetration testers and ethical hackers. In this video well cover: โ
Mapping Out the Network (fping nmap) Host Discovery Port Scanning โ
Network Enumeration With SMB (nmap smbmap.py) Discovering Services Listing SMB Shares Accessing SMB Shares"
YouTube Link 2025-05-26T06:14Z [----] followers, [---] engagements
"๐ Dark Encryptor Hackfinity Battle Encore Command Injection Welcome to the Hackfinity Battle CTF In this room you learn how to exploit Command Injection ๐๐Room Scenario:๐๐ Void managed to hack into DarkMatter's internal network. I don't think they use it much but we found this encryption tool hosted on a server. Let's see if we can find anything interesting lying around. ๐Room Link๐: https://tryhackme.com/room/HackfinityBattleEncore ๐ Like Subscribe and Comment to stay updated with our latest cybersecurity tutorials. If you have any questions or need further clarification on any"
YouTube Link 2025-03-24T18:45Z [----] followers, [---] engagements
"๐ด Dark Encryptor [--] Hackfinity Battle Encore Command Injection ๐ด Welcome to the Hackfinity Battle CTF In this room you learn how to exploit Command Injection similar to Dark Encryptor [--] ๐ฅRoom Scenario: ๐ฅ After pivoting through their internal network we have found yet another encryption tool. Can you hack into the server and extract the secret data Our intel tells us that the app is using the gpg tool. ๐Room Link๐: https://tryhackme.com/room/HackfinityBattleEncore ๐ Like Subscribe and Comment to stay updated with our latest cybersecurity tutorials. If you have any questions or need"
YouTube Link 2025-03-25T08:19Z [----] followers, [---] engagements
"๐จ๐ธ Event Horizon TryHackMe Decrypt Covenant C2 traffic Wireshark ๐จ๐ธ ๐งธ๐งธ Unearth the secrets beyond the Event Horizon. ๐๐ Room Link: https://tryhackme.com/room/eventhorizonroom ๐ปโ Room Scenario:๐ปโ ๐ฉJoin Tom and Dom on a quest to find out what happens when you look beyond the Event Horizon. A quest beyond borders they need you to utilize all your abilities to find the secrets that were taken when they crossed over to the other side. ๐๐Attacker was able to brute force ESMTP email sent phishing email to local user as Powershell script to calculate mass of the black hole but hidden at"
YouTube Link 2025-08-10T12:00Z [----] followers, [---] engagements
"Getting Started with Nmap: The Basics Discover Hosts and Open Ports in Cyber Security [---] SAL1 ๐ Learn how to use Nmap to discover live hosts find open ports and detect service versions. ๐ Host Discovery: Who Is Online ๐ Port Scanning: Who Is Listening ๐ Version Detection: Extract More Information ๐ Version Detection: Extract More Information ๐ Output: Controlling What You See ๐ Conclusion and Summary https://tryhackme.com/r/room/nmap these tutorials are for educational purposes and to encourage responsible and legal use of hacking knowledge. #CyberSecurity101 #NmapBasics #PortScanning"
YouTube Link 2024-10-24T14:14Z [----] followers, [---] engagements
"๐ก๐จ๐จ Bypass Really Simple Security CVE-2024-10924 TryHackMe ๐ก ๐ก Learn how to exploit a WordPress website using CVE-2024-10924 and understand various mitigation techniques.๐จ ๐ก WordPress is one of the most popular open-source Content Management Systems (CMS) and it is widely used to build websites ranging from blogs to e-commerce platforms. In November [----] a critical vulnerability was discovered in the Really Simple Security plugin a widely adopted security plugin used by millions of websites. The vulnerability allowed attackers to bypass authentication and gain unauthorised access to"
YouTube Link 2025-02-05T09:12Z [----] followers, [----] engagements
"๐๐ฉ๐ผ๐ป Hack Back: Binary analysis Reverse Shell Smart Contract TryHackMe ๐ฉ๐ผ๐ป๐ ๐Can you get to the bottom of what's wrong with the machine๐ ๐You have just been handed a machine by a disgruntled colleague. Pulling hairs out he explains that of late this machine has been very slow and crashed multiple times. They said the machine is relatively new and not nearly at an age where its performance should suffer. They've asked if you can look at the machine and determine what's causing this behavior. Can you use your cyber sleuthing skills and know how to get to the bottom of the machine's"
YouTube Link 2024-11-11T05:50Z [----] followers, [---] engagements
"TryHackMe Invite Only Full Walkthrough [----] - Hijacked Discord Invites - Malware Delivery ๐ฅ๐ฅ Extract insight from a set of flagged artefacts and distil the information into usable threat intelligence. ๐๐๐๐ Room Link: https://tryhackme.com/room/invite-only โกโก Scenario:โกโก You are an SOC analyst on the SOC team at Managed Server Provider TrySecureMe. Today you are supporting an L3 analyst in investigating flagged IPs hashes URLs or domains as part of IR activities. One of the L1 analysts flagged two suspicious findings early in the morning and escalated them. Your task is to analyse these"
YouTube Link 2025-09-14T07:18Z [----] followers, [---] engagements
"TryHackMe Walking An Application - Full Walkthrough [----] ๐ฑ๐ฑ Manually review a web application for security issues using only your browsers developer tools. Hacking with just your browser no tools or scripts. ๐๐ Room Link: https://tryhackme.com/room/walkinganapplication ๐๐ Room Tasks ๐๐ 00:00 โ
Task 1: Walking An Application 01:13 โ
Task 2: Exploring The Website 03:06 โ
Task 3: Viewing The Page Source - What is the flag from the HTML comment - What is the flag from the secret link - What is the directory listing flag - What is the framework flag 13:50 โ
Task 4: Developer Tools -"
YouTube Link 2025-10-20T10:37Z [----] followers, [--] engagements
"Publisher: Exploiting SPIP with CVE-2023-27372 for RCE and Beyond TryHackMe CTF walk through Test your enumeration skills on this boot-to-root machine. CVE-2023-27372 / SPIP publishing system ๐ท room link: https://tryhackme.com/r/room/publisher The "Publisher" CTF machine is a simulated environment hosting some services. Through a series of enumeration techniques including directory fuzzing and version identification a vulnerability is discovered allowing for Remote Code Execution (RCE). Attempts to escalate privileges using a custom binary are hindered by restricted access to critical system"
YouTube Link 2024-06-29T13:22Z [----] followers, [----] engagements
"TryHackMe FAT32 Analysis Examine the FAT32 filesystem from a forensic point of view Examine the FAT32 filesystem from a forensic point of view โ
Room Link โ
: https://tryhackme.com/room/fat32analysis โ
Introduction โ
โก A filesystem tracks how and where files are stored on an Operating System. It provides a translation between the files locations on the OS and their locations on physical storage. A filesystem also tracks file-related changes and options such as file deletion file access file size and more. โก Filesystems are an essential component in forensics. Threat actors often abuse it in"
YouTube Link 2025-02-09T16:43Z [----] followers, [----] engagements
"TryHackMe Padelify - Full Walkthrough [----] - XSS - WAF ๐ Use red-teaming techniques to bypass the WAF and obtain admin access to the web application. ๐ฆฎ ๐ Room Link: https://tryhackme.com/room/padelify ๐ง Youve signed up for the Padel Championship but your rival keeps climbing the leaderboard. The admin panel controls match approvals and registrations. Can you crack the admin and rewrite the draw before the whistle ๐ Tasks ๐ ๐ What is the flag value after logging in as a moderator ๐ What is the flag value after logging in as admin โ Educational Purpose Only This content is for"
YouTube Link 2025-11-24T03:35Z [----] followers, [---] engagements
"TryHackMe: Industrial Intrusion CTF (Breach Task) Node-RED ๐๐ Room Link: https://tryhackme.com/room/industrial-intrusion ๐ฏ Get ready for the Industrial Intrusion CTF In this video we tackle the pre-task challenge "Breach" on TryHackMe. Our mission is to find a way to open the main gate by bypassing the badge authentication system. ๐ฏ Join us as we dig into the control infrastructure exploring open ports and uncovering a critical weakness in the system's HMI (Human-Machine Interface). ๐ฏ This is the perfect warm-up for the main event. If you want to see how to exploit real-world Industrial"
YouTube Link 2025-06-26T06:18Z [----] followers, [----] engagements
"Decrypt NTLM traffic - Wireshark - Decrypting SMB3 Traffic -TryHackme Block - ๐ฆ This new way to solve the Block room on TryHackMe. Showcasing how to decrypt smb traffic if you know user password using Wireshark NTLMSSP support Also if you just have NT hash you can decrypt NTLM encrypted traffic (smb3 encrypted traffic) by providing the hash in a keytab file. ๐ฆ๐ฆScript used to generate keytab file: https://github.com/dirkjanm/forest-trust-tools/blob/master/keytab.py ๐ฆ๐ฆArticles used: ๐ https://wiki.wireshark.org/NTLMSSP ๐ "
YouTube Link 2024-08-13T06:43Z [----] followers, [---] engagements
"TryHackMe JWT Security - Full Walkthrough TryHackMe Walkthrough on Token-Based Authentication Master JWTs & Token Security TryHackMe Room Guide ๐ท๐ท Room Link: https://tryhackme.com/r/room/jwtsecurity In this room you will learn about JSON Web Tokens (JWTs) and the security associated with them. With the rise of APIs token-based authentication has become a lot more popular and of these JWTs remain one of the most popular implementations. However with JWTs ensuring the implementation is done securely is incredibly important. Insecure implementations can lead to serious vulnerabilities with"
YouTube Link 2024-09-20T06:26Z [----] followers, 13.5K engagements
"๐ง โจ๐ EXT Analysis forensic basics of the EXT file system TryHackMe ๐ง ๐ง๐งDiscover the forensic basics of the EXT file system.๐ง๐ง https://tryhackme.com/room/extanalysis ๐งFile system analysis is a fundamental skill in digital forensics allowing investigators to extract and interpret data stored on storage devices. EXT4 the default file system for many Linux distributions organizes data into structures like inodes directories and blocks each carrying critical information about files directories and their history.๐ง ๐งThis room focuses on analyzing the EXT4 file system to gather evidence"
YouTube Link 2025-02-20T13:40Z [----] followers, [---] engagements
"TryHackMe Contrabando Full Walkthrough [----] LFI SSTI Request Smuggling ๐ง TryHackMe room link: https://tryhackme.com/room/contrabando ๐ง๐ Never tell me the odds.๐๐ง Our company was excited to release our new product but a recent attack has forced us to go down for maintenance. They have asked you to conduct a vulnerability assessment to help identify how the attack occurred. Are you up for it In this room you start by exploiting CVE-2023-25690 (HTTP request splitting with mod_rewrite and mod_proxy) and get your first initial reverse shell inside the machine you scan local networks to find a"
YouTube Link 2025-08-18T14:32Z [----] followers, [----] engagements
"IDORable Bistro - SANS Holiday Hack Challenge [----] ๐ฏ Josh has a tasty IDOR treat for youstop by Sasabune for a bite of vulnerability. What is the name of the gnome ๐ท๐ท Challenge Link: https://www.sans.org/cyber-ranges/holiday-hack-challenge ๐ฉ๐ฉ Hints: ๐ฉ๐ฉ โ
Sometimes.developers put in a lot of effort to anonymyze information by using randomly generated identifiers.but.there are also times where the "real" ID is used in a separate Network request. โ
I had tried to scan one of the QR codes and it took me to somebody's meal receipt I am afraid somebody could look up anyone's meal if they"
YouTube Link 2025-11-30T07:11Z [----] followers, [--] engagements
"TryHackMe AI in Security - old sAInt nick - Advent of Cyber [----] ๐ Unleash the power of AI by exploring it's uses within cyber security. ๐ฆฎ Day [--] of Advent of Cyber [----] ๐ ๐ง Link: https://tryhackme.com/room/AIforcyber-aoc2025-y9wWQ1zRgB ๐ฆฎ The lights glimmer and servers hum blissfully at The Best Festival Company (TBFC) melting the snow surrounding the data centre. TBFC has continued its pursuit of AI excellence. After the past two years they realise that Van Chatty their in-house chatbot wasnt quite meeting their standards. ๐ฆฎ Unfortunately for the elves at TBFC they are also not immune"
YouTube Link 2025-12-04T16:59Z [----] followers, [---] engagements
"Neighborhood Watch Bypass - SANS Holiday Hack Challenge [----] - Linux PATH hijacking Assist Kyle at the old data center with a fire alarm that just won't chill. ๐ท๐ท Challenge Link: https://www.sans.org/cyber-ranges/holiday-hack-challenge ๐ฉ๐ฉ Room Scenario: ๐ฉ๐ฉ ๐ chiuser @ Dosis Neighborhood ๐ $ ๐ฅ๐จ๐ฅ๐จ๐ฅ๐จ๐ฅ๐จ๐ฅ๐จ๐ฅ๐จ๐ฅ๐จ๐ฅ๐จ๐ฅ DOSIS NEIGHBORHOOD FIRE ALARM SYSTEM - LOCKOUT MODE ๐ฅ๐จ๐ฅ๐จ๐ฅ๐จ๐ฅ๐จ๐ฅ๐จ๐ฅ๐จ๐ฅ๐จ๐ฅ๐จ๐ฅ ๐จ EMERGENCY ALERT: Fire alarm system admin access has been compromised ๐จ โ
The fire safety systems are experiencing interference and admin privileges have been mysteriously"
YouTube Link 2025-12-18T05:39Z [----] followers, [---] engagements
"Carrotbane of My Existence Side Quest Access key - Full Walkthrough [----] ๐ฏ๐ฏ Step by step to get the key to access side quest room Carrotbane of My Existence https://tryhackme.com/room/sq3-aoc2025-bk3vvbcgiT ๐ฏ๐ฏ Key is on room CyberChef - Hoperation Save McSkidy - Day [--] https://tryhackme.com/room/encoding-decoding-aoc2025-s1a4z7x0c3 ๐ Scenario: ๐ Hopper managed to use CyberChef to scramble the easter egg key image. He used this very recipe to do it. The scrambled version of the egg can be downloaded from:"
YouTube Link 2025-12-31T23:45Z [----] followers, [--] engagements
"Quantgnome Leap - SANS Holiday Hack Challenge [----] Charlie in the hotel has quantum gnome mysteries waiting to be solved. What is the flag that you find ๐ท๐ท Challenge Link: https://www.sans.org/cyber-ranges/holiday-hack-challenge ๐ฉ๐ฉ Room Scenario: ๐ฉ๐ฉ +---------------------------------+ "If we knew the unknown the unknown wouldn't be unknown." Quantum Leap (TV series) +---------------------------------+ You observed me the Gnome. .and I observed you back. Did you see me Am I here or not Both Neither Am I a figment of your imagination Nay I am the QuantGnome. Welcome to my challenge ***"
YouTube Link 2025-12-08T13:26Z [----] followers, [---] engagements
"TryHackMe Breaking Crypto the Simple Way - Common Cryptographic Mistakes - Bit Flipping Attacks ๐๐ Can You Break Crypto This Easily TryHackMe - Exploiting Simple Crypto Flaws - Exploiting common cryptographic mistakes. ๐๐ Learn how to exploit common cryptographic mistakes in this TryHackMe walkthrough We'll cover brute-forcing keys breaking hashes finding exposed keys and even bit flipping attacks. Perfect for beginners and anyone looking to understand real-world crypto vulnerabilities. Let's dive in ๐Brute-forcing Keys (RSA) ๐Breaking Hashes (HMAC hashcat) ๐Exposed Keys (Encryption"
YouTube Link 2025-04-09T06:51Z [----] followers, [----] engagements
"Rogue Gnome Identity Provider - JWKS spoofing - SANS Holiday Hack Challenge [----] Hike over to Paul in the park for a gnomey authentication puzzle adventure. What malicious firmware image are the gnomes downloading This room is about JWT authentication bypass via jku header injection (JWKS spoofing) ๐ท๐ท Challenge Link: https://www.sans.org/cyber-ranges/holiday-hack-challenge ๐ฉ๐ฉ Scripts Used in this video ๐ฉ๐ฉ Python script to generate jwks.json: https://github.com/djalilayed/SANS-Holiday-Hack-Challenge-2025/blob/main/Rogue_Gnome_Identity_Provider/jwks.py Commands Used:"
YouTube Link 2025-12-07T09:04Z [----] followers, [---] engagements
"TryHackMe Farewell - Full Walkthrough [----] ๐ฏ Use red-teaming techniques to bypass the WAF and obtain admin access to the web application. ๐๐ Room Link: https://tryhackme.com/room/farewell ๐ฏ The farewell server will be decommissioned in less than [--] hours. Everyone is asked to leave one last message but the admin panel holds all submissions. Can you sneak into the admin area and read every farewell message before the lights go out ๐ฏ Commands / payloads used on the video: https://github.com/djalilayed/tryhackme/tree/main/Farewell ๐ฏ Python script used on the video:"
YouTube Link 2025-11-17T16:15Z [----] followers, [---] engagements
"Dosis Network Down - SANS Holiday Hack Challenge [----] ๐ฏ Drop by JJ's 24-7 for a network rescue and help restore the holiday cheer. What is the WiFi password found in the router's config ๐ท๐ท Challenge Link: https://www.sans.org/cyber-ranges/holiday-hack-challenge ๐ฉ๐ฉ Hints: ๐ฉ๐ฉ โ
I can't believe nobody created a backup account on our main router.the only thing I can think of is to check the version number of the router to see if there are any.ways around it. โ
You know.if my memory serves me correctly.there was a lot of fuss going on about a UCI (I forgot the exact term.) for that router."
YouTube Link 2025-11-29T14:26Z [----] followers, [---] engagements
"Rabbit Store SSTI Rabbitmq SSRF API web application testing TryHackMe ๐ฅ๐ฅ New room Rabbit Store from @RealTryHackMe : Demonstrate your web application testing skills and the basics of Linux to escalate your privileges. ๐ฅ๐ฅ This interesting room you start with JWT token exploit (Mass assignment vulnerabilities) for entry point SSRF then SSTI exploit for root you work with Rabbitmq (Password Hashes) ๐ฅ๐ฅ Room Link: https://tryhackme.com/room/rabbitstore ๐ฅ๐ฅ API testing (Mass assignment vulnerabilities) https://portswigger.net/web-security/api-testing ๐ฅ๐ฅ SSTI payload used in this room:"
YouTube Link 2025-02-25T15:04Z [----] followers, [----] engagements
"TryHackMe Elastic Stack: The Basics Full Walkthrough [----] Understand how SOC analysts use the Elastic Stack (ELK) for log investigations. ๐๐ Room Link: https://tryhackme.com/room/investigatingwithelk101 ๐ธ Learning Objectives ๐ธ This room has the following learning objectives: ๐ Understand the components of ELK and their use in SOC ๐ Explore the different features of ELK ๐ Learn to search and filter data in ELK ๐ Investigate VPN logs to identify anomalies ๐ Familiarize with creating visualizations and dashboards in ELK ๐ธ Timestamp: ๐ธ 00:00 Task 1: Introduction 01:27 Task 2: Elastic"
YouTube Link 2026-01-20T09:21Z [----] followers, [---] engagements
"Monday Monitor on TryHackMe Swiftspend's Cybersecurity Challenge TryHackMe SOC Level [--] SAL1 ๐ช๐ช Ready to test Swiftspend's endpoint monitoring ๐ช๐ช Scenario Swiftspend Finance the coolest fintech company in town is on a mission to level up its cyber security game to keep those digital adversaries at bay and ensure their customers stay safe and sound. Led by the tech-savvy Senior Security Engineer John Sterling Swiftspend's latest project is about beefing up their endpoint monitoring using Wazuh and Sysmon. They've been running some tests to see how well their cyber guardians can sniff out"
YouTube Link 2024-07-30T13:11Z [----] followers, [----] engagements
"TryHackMe Passive Reconnaissance - Full Walkthrough [----] Learn about the essential tools for passive reconnaissance such as whois nslookup and dig. ๐ท๐ท Room Link: https://tryhackme.com/room/passiverecon ๐ฏ Room Tasks: ๐ฏ ๐ Task 1: Introduction ๐ Task 2: Passive Versus Active Recon ๐ Task 3: Whois ๐ Task 4: nslookup and dig ๐ Task 5: DNSDumpster ๐ Task 6: Shodan.io ๐ Task 7: Summary ๐ฆฎ Websites used on the video: ๐ฆฎ Shodan: https://www.shodan.io/ Nslookup: https://www.nslookup.io/ Mxtoolbox: https://mxtoolbox.com/ DNSDumpster: https://dnsdumpster.com/ โ Educational Purpose Only This"
YouTube Link 2026-01-02T10:33Z [----] followers, [---] engagements
Limited data mode. Full metrics available with subscription: lunarcrush.com/pricing