TryHackMe Advent of Cyber Certificate of Completion

Advent of Cyber 2024: My Journey and Lessons Learned

The holiday season is often a time for joy, reflection, and celebration. For cybersecurity professionals and enthusiasts alike, it’s also a time to sharpen skills, solve puzzles, and engage with some of the holiday capture the flag competitions such as Advent of Cyber from TryHackMe, Holiday Hack from Sans, or The Winter Hackathon from HackTheBox. This year’s Advent of Cyber 2024 delivered an exceptional experience, and I’m eager to share my reflections and key takeaways from participating in this event.

What is Advent of Cyber?

TryHackMe’s Advent of Cyber is an annual, free, beginner-friendly cybersecurity challenge throughout December. A new task is released daily, covering a broad range of cybersecurity concepts such as networking, cryptography, web application security, and penetration testing. What sets AoC apart is its commitment to making learning accessible and engaging through festive themes, guided tasks, and a collaborative community atmosphere. This is the ideal starting holiday CTF event (in my opinion) for someone new to cyber security — or those who still want to work on a 24-day long CTF event that won’t be too time intensive during the holiday season.

Highlights of Advent of Cyber 2024

This year, AoC featured:

1. Immersive Storylines: The 2024 edition centered around an engaging narrative surrounding The Glitch, McSkiddy, and the town of Wareville where their SOC-mas celebration was at risk from Mayor Malware and his desire to frame Glitch for a failed SOC-mas season.
2. Comprehensive Coverage of Cybersecurity Disciplines: AoC 2024 emphasized a holistic approach by incorporating challenges that spanned red team (offensive security), blue team (defensive security), and purple team (collaborative security) tasks. This balanced focus highlighted the interdependence of these domains and demonstrated the importance of adopting a well-rounded perspective in cybersecurity.
3. Interactive Learning: Each task was thoughtfully designed with guided instructions, hints, and in-depth explanations. This approach ensured participants not only completed the challenges but also gained a strong understanding of the underlying principles. This makes for a great refresher for those who have been in infosec/cybersecurity for a while, and also a great way to gain knowledge and experience for those who are newer.
4. Community Engagement: The TryHackMe community played a pivotal role in the event’s success. Active discussions on Discord and forums provided a space for collaboration, mutual learning, and celebration of milestones. From what I had witnessed, both the staff and other participants on Discord (and on Reddit) both were happy to help troubleshoot the issues people were running into over the 24 days. Similarly, the TryHackMe platform is a low-cost way to gain new skills minus the price point of others where if you’re still early in your career or education may not be able to bite the bullet of the price on for additional VM time.

My Key Learnings

1. OSINT — A Trusted Ally

While I’ve long relied on OSINT (Open Source Intelligence) in my professional practice, the challenges reinforced its versatility and importance. The tasks validated my existing knowledge while encouraging me to refine techniques for gathering and analyzing publicly available information. As someone who frequently advocates for reducing digital footprints and defending against social engineering, it was rewarding to see OSINT presented as a foundational skill for both offensive and defensive roles.

2. Phishing Detection and Analysis

The phishing-themed challenges underscored the criticality of email security. I enhanced my ability to dissect email headers, identify malicious links, and recognize common phishing tactics. These are practical, real-world skills that every cybersecurity professional should master.

3. Web Application Security

Several challenges explored vulnerabilities such as SQL injection, Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF). Tackling these tasks deepened my understanding of the OWASP Top 10 vulnerabilities and reinforced the importance of secure coding practices in preventing exploitation.

4. Mastering Burp Suite

One of the most exciting yet challenging aspects of this year’s AoC was working with Burp Suite, a tool I had only limited experience with prior to the event. The tasks provided a structured and practical introduction to Burp’s features, helping me overcome the initial learning curve. By completing the assigned challenges and exploring additional Burp-focused rooms on TryHackMe, I was able to apply my newly developed skills in meaningful ways. This journey — both frustrating and rewarding — reminded me why I enjoy cybersecurity so much: it’s a never-ending puzzle that demands continuous learning and adaptation.

5. The Value of Purple Teaming

What stood out most this year was the integration of purple team tasks. These challenges demonstrated the critical interplay between offensive and defensive teams, emphasizing how collaboration strengthens overall security. For example, simulating an attack provided insights into how defenses can be fortified while analyzing defensive mechanisms offered clarity on gaps attackers could exploit. This synergy illuminated why a purple team mindset is essential for building resilient security strategies.

Why AoC is a Must-Join Event

Advent of Cyber 2024 wasn’t just about solving individual challenges; it was about expanding my skillset and appreciating the broader cybersecurity landscape. Unlike events that focus solely on red teaming or blue teaming, AoC provided a comprehensive learning experience that underscored the importance of all three disciplines. This inclusive approach breaks away from the misconception that “everyone wants to do red team stuff” and instead celebrates the collaborative nature of cybersecurity as a whole.

For professionals, the event acts as a springboard to broaden expertise and dive into unfamiliar territory. For instance, as someone who already felt proficient in OSINT and social engineering, I found immense value in the technical depth of blue and purple team tasks. By pushing participants beyond their comfort zones, AoC fosters holistic growth and equips them to tackle the multifaceted challenges of the cybersecurity field.

Tips for Future Participants

If you’re considering joining AoC next year, here are some recommendations:

1. Start Early and Stay Consistent: Completing one challenge each day ensures steady progress and prevents overwhelm.
2. Leverage the Community: Engage with the TryHackMe forums and Discord channels. Learning from others is one of the best parts of this event.
3. Document Your Journey: Taking detailed notes not only reinforces your learning but also serves as a valuable reference for future projects.
4. Keep an Open Mind: Embrace challenges across all cybersecurity disciplines, even those outside your comfort zone. You’ll discover new interests and areas for growth.

Final Thoughts

Advent of Cyber 2024 was an extraordinary experience that not only enhanced my technical skills but also broadened my understanding of the interconnected roles within cybersecurity. TryHackMe’s dedication to creating an accessible, educational, and festive event is truly commendable. I’m already eagerly anticipating Advent of Cyber 2025, and hoping that I can find the time to tackle the Advent of Cyber Side Quest too! I was disappointed that I couldn’t find the time to complete it too before the end of the event, but I am still planning to complete it too just as soon as I can find the extra time again.

For anyone on the fence about participating, I wholeheartedly encourage you to dive in. Whether you’re a seasoned professional or just starting your cybersecurity journey, AoC offers something valuable for everyone. Plus, what better way to celebrate the holidays than by saving SOC-mas while leveling up your skills?

Happy Hacking and Happy Holidays!