Day 11 of Advent of Cyber 2025 exploring Cross-Site Scripting (XSS) vulnerabilities by identifying and exploiting both Reflected and Stored XSS attacks on McSkidy's message portal.

Day 9 of Advent of Cyber 2025 exploring password cracking techniques using pdfcrack and John the Ripper to crack encrypted PDFs and ZIP files, plus bonus KeePass database cracking for a side quest.

Day 7 of Advent of Cyber 2025 covering network discovery and port scanning with Nmap, uncovering hidden services on non-standard ports, and using multiple protocols to discover keys and regain access to a compromised server.

Day 6 of Advent of Cyber 2025 introducing malware analysis fundamentals through static and dynamic analysis of a suspicious executable using PeStudio, Regshot, and Process Monitor to identify malicious behaviors and persistence mechanisms.

Day 5 of Advent of Cyber 2025 exploring Insecure Direct Object Reference (IDOR) vulnerabilities by identifying weak access controls, exploiting horizontal privilege escalation, and understanding authentication versus authorization flaws.

Day 3 of Advent of Cyber 2025 introducing Splunk SIEM for investigating a ransomware attack through web traffic and firewall log analysis using Search Processing Language (SPL) queries.

Day 2 of Advent of Cyber 2025 exploring phishing attack techniques by creating fake login pages, crafting convincing phishing emails using the Social-Engineer Toolkit, and harvesting credentials to test organizational security awareness.

A beginner-friendly challenge teaching the fundamentals of nmap network scanning, including basic scans, full port scans, IP range scanning, service version detection, and using ncat for connections.

A cloud security audit challenge identifying dangerous firewall misconfigurations in Azure Network Security Groups that expose production systems to internet-based attacks.

A cloud security audit challenge discovering exposed Terraform configuration files containing long-lived SAS tokens with full permissions in an Azure static website storage account.