‘Twas the month of October
when the ghouls all came back,
The red teams were scheming
to launch their attacks,
The blue teams were building
their defences and forts,
Digging and threat-hunting
finding hackers to thwart,
Can you try your hand
sitting dubiously behind that screen?
Launch our challenges if you dare
in TryHackMe’s Hackerween!
Today marks the start of our very first Hackerween! (Say whaaat!) This event is a 5-day affair launching on the 27th of October and running through to the 31st of October. We’re releasing a brand new challenge every single day, created by our team of experts to exercise your skills on different topics.
Who is Hackerween for?
Our 5 challenges have incrementing difficulty. The first two days are beginner-friendly, and then we're amping up the difficulty for more technical users. This is a great way to trial your skills - but remember - we have guided labs to enable you to upskill and prepare for more technical topics where you need it.
What are TryHackMe challenges all about?
In 2022, TryHackMe released challenges - search by type > challenges on our Hacktivities page. Every other Friday, we launch a brand new challenge lab that aims to exercise your skills in various blue and red topics, including SSRF, Kubernetes, phishing, reversing and bypassing authentication methods, and so. much. more!
The purpose of our challenge labs is to give you a space where you can practice and test your skills without being hand-held. We have guided content ready for you whenever you need it, so if you decide you need to brush up on topics, you can jump back into a guided lab to learn pre-challenge. The reason for these challenges is to give you a space to hack (and defend) away on your own!
So, whilst we’re bringing you a bunch of epic challenges every fortnight, Hackerween is all about giving you a range of challenges in one, celebrating everything cyber security and upskilling in your field - woohoo!
October 27th - PrintNightmare
Easy, blue team lab
In the weekly internal security meeting, it was reported that an employee overheard two co-workers discussing the PrintNightmare exploit, and how they can use the exploits to elevate their privileges on their local computers. Inspect the artefacts on the endpoint to detect the exploit they used!
October 28th - Epoch
Easy, red team lab
Be honest, you have always wanted an online tool that could help you convert UNIX dates and timestamps… and this new online date converter tool is totally secure...right?! In this challenge, you must figure out how the web application works, convert UNIX dates, and exploit the web application to find the flags!
October 29th - Warzone
Medium, blue team lab
You work as a Tier 1 Security Analyst for a Managed Security Service Provider (MSSP). Today you're tasked with monitoring network alerts. A few minutes into your shift, you get your first network case: Potentially Bad Traffic and Malware Command and Control Activity Detected. Your race against the clock starts. Inspect the PCAP and retrieve the artefacts to confirm this alert is a true positive.
October 30th - Templates
Medium, red team
Pug is our favourite templating engine! We made this super slick application so you can play around with Pug and see how it works. Seriously, you can do so much with it. Try out the Pug templating engine and inject some code to exploit!
October 31st - PS Eclipse
Medium, blue team
You are a SOC Analyst for an MSSP (Managed Security Service Provider). A customer sent an email asking to investigate the events that occurred in Keegan's machine. The client noted that the machine is operational, but some files have a weird file extension. The client is worried that there was a ransomware attempt on Keegan's device. Your manager has tasked you to check the events in Splunk to determine what happened.
Don’t miss out!
Each of these labs has been formulated to enable you to practice your skills in action. The labs will be available on their respective days at 4 PM BST (3 PM UTC and 11 AM ET.)
PS - love a themed training spree? We’re with you, pal! Keep your peepers peeled for our annual Christmas event, Advent of Cyber, and even more juicy technical training being launched super soon! Ho ho hackety ho witches and ghouls! (A lot happened in one there…)