John is a national cyber-teaching treasure.. this guy can make the most complex things much more understandable and he is the most welcoming guy in a very niche community. Best dude on the interwebs today by far!! 💯
I've remembered a quote what a twitch streamer said yesterday: " Don't compare yourself with others, compare yourself to yourself from yesterday" and I've definetly learned a little bit today here. Thanks John and THM
Wow that's an incredibly simple yet powerful statement. I'm going to have to remember that. Do you remember what streamer said that, they sound like someone I'd enjoy watching.
Great day and perfect walkthrough video! I spend a really nice couple of hours solving it and watched the walkthrough after every few tasks done by myself. All the instructors for this event are great but you're by far my favorite and was so happy to see it was you today! The way you teach is incredible! I didn't feel like it was almost one hour video, and you're super understandable even for a non-english native! Keep the good work :)
I don't think the time stamps in the PowerShell logs are like Unix time stamps, The very first one reads as 20211128153516, which looks a lot like November 28, 2021 15:35:16 (or 35 minutes and 16 seconds past 3 pm for those whose clocks only have 12 hours on them). So while the last digit increases every second, it's not really a second count. ;-) This was a really interesting day on AoC, even though I really struggled to get things working (on a technical level, not when it comes to understanding it). I first tried the browser version, but on my setup (inside my Kali VM that I use for TryHackMe running on Linux Mint) it was unusably slow, despite my PC normally not being on the slow side. So I tried getting RDP working (I know this is seamless in Windows, but I don't have a Windows machine at home anymore), which took a lot of tinkering to get the resolution usable (a 640x480 desktop on a 4k montor isn't exactly usable), and it was still painfully slow, but solvable. Big thanks to John and all the other fine folks behind AoC BTW: Great storytelling 🙂
When I saw that you made this one, I went “Oh no. This is gonna be hard! I remember watching him make Peak Hill!” XD It was a lot of fun! I’m enjoying doing the Advent of Cyber 3 as a beginner from watching your videos for the past few months. Thanks John!!
Hey John, another great video, and I learned a ton! I also want to say thanks for "Resetting Progress" and clearing all the answers out in the room before recording the video. I can't fault others for not doing it, but I find it really distracting when the answers are already populated, because I don't want to spoil it for myself, and then I have to concentrate on actively not looking at the answers lol. Anyway thanks again.
Great challenge, and great explanation! I ended up not needing the video for most of it, but you got me started, clarified things that I was confused about, and added additional insight into the material. Thanks for doing this!
this topic was so unique everything was unique to me did it in 2 hours by myself except for 2 questions i was stuck at for a long time...it was really interesting ...i am out of words ...i cant explain but it was so refreshing man ....HATS OFF TO YOU JOHN!!!
I totally learned a lot I had never heard about UHA files nor shellbags, it was amazing and definitively got me wanting to learn more about these topics
Thanks John for another awesome video, I appreciate the time you take to explain shortly different terms and acronyms, it really helps refreshing them, Loved the whole Web Exploitation week, let’s get some more networking and blue team content!!
I thoroughly enjoyed this exercise John. You are dynamic speaker/teacher and you now have a subscriber and I'll look you on other social media platforms so I can learn from your great content!
John, youre an awesome teacher, i love all your videos and im so glad THM partnered with you to run some of these advent of cyber events. keep up the amazing work! i hope to someday become as knowledgeable as you are in this field.
thank you for putting this together. I never did any blue team stuff before. the attackbox was unuasble i logged in with windows rdp connect instead. My only gripe is the base64 encoded dat file was very hard to copy with such a slow machine
Agreed. So much new knowledge for me but the hardest part was trying to copy/paste the encoded dat file while on the analysis machine. Obviously nothing to do with John’s fantastic work but I wanted to scream during that step, lol.
This was super fun, the walktrough was super clear and easy to follow. Completed like 99% of this by my own. Just had to use the video for one of the questions :D Still a noob, but thanks for creating this. Keep up the good work :)
Great video and nicely explained how everything works. As for possible flag submissions: you could have put a flag as one of the toys in that bag. nothing to hash, just read that one files contents to get your flag.
Sir, you bring something innovative and unique everytime and you carved it fantastically in your all videos. This TryHackMe's Advent of Cyber Day 8 was fantastic and was interesting to get introduction to ShellBags Explorer and UHA Compressed Archive. I hope I will get more content related to blue teaming and red teaming in future from you,sir. I will be glad and amaze to watch those videos.
Great video John, my feedback to you is that as a beginner, i found it a little hard to keep track, if you do another AoC activity i will suggest easier stuff for us beginners. Good Hollidays to everybody
Thank you John for posting this video. "Get started with Cyber Security in 25 Days - Learn the basics by doing a new, beginner friendly security challenge every day leading up to Christmas." I'm not looking for a career in cyber security, but I am interested in cyber security. I'm a basic beginner and it is refreshing to have some one 'hold my hand' while I do this. Thanks again.
for anyone finding diffculties copying all the base64 encoded stuff try deleting all the stuff outside the begin certifcate and end certifcate and then select all and copy
For those who are unable to decode the transcript file due to slowness or copy issue in browser.... Tip :- Copy the whole transcript file and paste in new notepad file, remove contents before --- begin certificate --- and content after -------end certificate --- save file with any name and upload to cyberchef rather than pasting ......hope this help others.
I tried using the web version of the machine, but for some reason it kept starting an ubuntu box. Ended up using RDP as suggested, but thought it might be useful feedback
it may be small crowd, but hey! 6k views in 5hr for sybersec is hUUUUUge crowd. kinda want to bring a DJ and that is - John! awesome job on this one dude ;]
Hi John. Thanks for putting this task together. It's been my favorite so far and i think it will still be when i finish all of them. One question though, would there be a way to use shellbags explorer if the actor didn't show the user.dat base64 code?
(55:19) So, uh, you don't actually need to restore the files to see how many files were in the original Bag of Toys. I would have suggested putting a flag in one of the files you needed to recover as your final check.
You still need the password to get the count. After that it is just extracting files from an archive, which isn't much different from any of the more common formats. So the challenging tasks are done by that point imho, the rest is no challenge for people who join the AoC. ;-)
@@Colaholiker You do not, in fact, need the archive password to get the count. I posted a message in the Advent of Cyber 3 channel on the Try Hack Me Discord server about how to get the count without the archive password (trying to keep things vague here in case someone using the video as a walkthrough accidentally sees this comment before finishing).
@@sillymel Okay, I didn't see it straight away. I'm not on Discord (I still somewhat have a normal live outrside the internet ;-) ), so I just do what John likes to do and press the "I believe" button. :)
I am sorry John, but trying to use CyberChef in this VM is unusable. There is something baked in with the resolution of the firefox browser. I can scroll up and down but cannot see the top and cannot choose different options. I have restarted the VM multiple times and nothing.
I have a super very important pen testing question... I must have the answer... John how long does it take to do your hair in the morning? I must know!
John is a national cyber-teaching treasure.. this guy can make the most complex things much more understandable and he is the most welcoming guy in a very niche community. Best dude on the interwebs today by far!! 💯
*International cyber-teaching treasure :-P
I've remembered a quote what a twitch streamer said yesterday: " Don't compare yourself with others, compare yourself to yourself from yesterday" and I've definetly learned a little bit today here. Thanks John and THM
Wow that's an incredibly simple yet powerful statement. I'm going to have to remember that. Do you remember what streamer said that, they sound like someone I'd enjoy watching.
@@TRD_Mike He made the official video of day 9 walkthrough on THM :)
@@TRD_Mike Jordan Peterson is famous for saying that. He has a lot of little knowledge nuggets
After all that beginner web stuff, this feels like a huge leap in difficulty (in a good way). Nice to see blueteam content!
I can always count on you for giving us those christmas & good vibes and most especially, knowledge!!!!!
Great day and perfect walkthrough video! I spend a really nice couple of hours solving it and watched the walkthrough after every few tasks done by myself. All the instructors for this event are great but you're by far my favorite and was so happy to see it was you today!
The way you teach is incredible! I didn't feel like it was almost one hour video, and you're super understandable even for a non-english native! Keep the good work :)
Thank you! I really enjoy your videos and I love that I am being introduced to other pros and their channels with the other Advent days.
I don't think the time stamps in the PowerShell logs are like Unix time stamps, The very first one reads as 20211128153516, which looks a lot like November 28, 2021 15:35:16 (or 35 minutes and 16 seconds past 3 pm for those whose clocks only have 12 hours on them). So while the last digit increases every second, it's not really a second count. ;-)
This was a really interesting day on AoC, even though I really struggled to get things working (on a technical level, not when it comes to understanding it). I first tried the browser version, but on my setup (inside my Kali VM that I use for TryHackMe running on Linux Mint) it was unusably slow, despite my PC normally not being on the slow side. So I tried getting RDP working (I know this is seamless in Windows, but I don't have a Windows machine at home anymore), which took a lot of tinkering to get the resolution usable (a 640x480 desktop on a 4k montor isn't exactly usable), and it was still painfully slow, but solvable.
Big thanks to John and all the other fine folks behind AoC
BTW: Great storytelling 🙂
When I saw that you made this one, I went “Oh no. This is gonna be hard! I remember watching him make Peak Hill!” XD It was a lot of fun! I’m enjoying doing the Advent of Cyber 3 as a beginner from watching your videos for the past few months.
Thanks John!!
Hey John, another great video, and I learned a ton! I also want to say thanks for "Resetting Progress" and clearing all the answers out in the room before recording the video. I can't fault others for not doing it, but I find it really distracting when the answers are already populated, because I don't want to spoil it for myself, and then I have to concentrate on actively not looking at the answers lol. Anyway thanks again.
Mr John you sir are amazing , thank you for teaching us , always makes it so easy to learn from you .
I really enjoyed this special of yours! Great job and thank you, John! :)
Im Newbie in this world and I am fascinated with all this material. Thanks THM TEAM!
Great challenge, and great explanation! I ended up not needing the video for most of it, but you got me started, clarified things that I was confused about, and added additional insight into the material. Thanks for doing this!
46:34
“So Santa’s bag of toys has been FULL ON compromised”
I laughed harder than I should have 🤣
this topic was so unique everything was unique to me did it in 2 hours by myself except for 2 questions i was stuck at for a long time...it was really interesting ...i am out of words ...i cant explain but it was so refreshing man ....HATS OFF TO YOU JOHN!!!
i love your teaching and the way you explain things,within two days of watching!!
Awesome walkthrough John. Thank you for the guidance. I am new to cybersecurity and learned a lot of new content from this walkthrough. Thank you.
I totally learned a lot I had never heard about UHA files nor shellbags, it was amazing and definitively got me wanting to learn more about these topics
Thanks John for another awesome video, I appreciate the time you take to explain shortly different terms and acronyms, it really helps refreshing them, Loved the whole Web Exploitation week, let’s get some more networking and blue team content!!
It was lots of fun! Have to watch it again as there were a lot of new things for me! Thank you for the video, John...Merry Christmas ☃❄⛄
I thoroughly enjoyed this exercise John. You are dynamic speaker/teacher and you now have a subscriber and I'll look you on other social media platforms so I can learn from your great content!
This special task was totally worth the wait. Got to learn much new things and got great exposures to tools and techniques. Loved it!!
John, youre an awesome teacher, i love all your videos and im so glad THM partnered with you to run some of these advent of cyber events. keep up the amazing work! i hope to someday become as knowledgeable as you are in this field.
Thanks for making the questions and explanations.
Thnx for this nice and well structured challenge and video! Learned some stuff I didn't knew.
Good one. I will read more on ShellBag for the future. Thanks John.
Thanks John, always easy to follow along and great content from you and THM!
Loved it!! Loads of fun and learnt a lot. Thanks John!
Great room John. Really appreciated that you included some Easter eggs like 'shellbags' and 'lolbins' for beginners like myself to look more into!
Thank you John. You helped me understand so many new notion.
Awesome job as always! Thanks for all your hard work! Merry Christmas!
"I love ya. I'll see ya in the next video." What a great way to end a fantastic day of cyber!
51:11 Note that UHARC GUI actually tells you the file count right below the file list, no extraction necessary :p
This was awesome, learned a lot about something I have not seen before: shell bags.
Thanks for a great walkthrough John...LOVE your content
Great stuff! As usually... of course!
I am glad I had solved this Day 8 before I watched this video. I don't like spoilers... :D
this is defently my first time with blue team and RDP. great for me as i am a begginer. thank you so much.
thank you for putting this together. I never did any blue team stuff before. the attackbox was unuasble i logged in with windows rdp connect instead. My only gripe is the base64 encoded dat file was very hard to copy with such a slow machine
Agreed. So much new knowledge for me but the hardest part was trying to copy/paste the encoded dat file while on the analysis machine.
Obviously nothing to do with John’s fantastic work but I wanted to scream during that step, lol.
This was super fun, the walktrough was super clear and easy to follow. Completed like 99% of this by my own. Just had to use the video for one of the questions :D Still a noob, but thanks for creating this. Keep up the good work :)
I only had technical difficulties and made it rhough it on my own... but afterwards I had to watch the video, just for John's additional explanations.
Fantastic and very creative! Have had a great time learning! Ty so much!
:))))
You make learning fun with your explanations. God bless you!
Truly Amazing and feeling interesting to go along with you in this year in Advert of cyber 3
26:22 That looks more like the time in YYYYMMDDHHMMSS
Ah! You are totally right! That is not Unix time, my mistake!!
Great video and nicely explained how everything works.
As for possible flag submissions:
you could have put a flag as one of the toys in that bag. nothing to hash, just read that one files contents to get your flag.
Royally enjoyed this walk thru, thank you!!!!
This, like your other content, honestly was a lot of fun to watch (though I must confess I watched it at 1.5 speed).
6:50 ... you could have right clicked on the wallpaper/desktop and hovered over view and made the icons larger
Sir, you bring something innovative and unique everytime and you carved it fantastically in your all videos. This TryHackMe's Advent of Cyber Day 8 was fantastic and was interesting to get introduction to ShellBags Explorer and UHA Compressed Archive. I hope I will get more content related to blue teaming and red teaming in future from you,sir. I will be glad and amaze to watch those videos.
Oh, Networking tasks are on the way. Thanks for revealing :)
Another great visual write up and challenge!!
Amazing content as always John! This AoC is AMAZING!
44:00 Shows the total numer right away in the Log
Great video John, my feedback to you is that as a beginner, i found it a little hard to keep track, if you do another AoC activity i will suggest easier stuff for us beginners. Good Hollidays to everybody
Thank you John, you saved Christmas !
Super fun challenge. Thanks for such a great explanation.
Thank you John for posting this video. "Get started with Cyber Security in 25 Days - Learn the basics by doing a new, beginner friendly security challenge every day leading up to Christmas." I'm not looking for a career in cyber security, but I am interested in cyber security. I'm a basic beginner and it is refreshing to have some one 'hold my hand' while I do this. Thanks again.
How did you select so fast with Shift on 27:00 . Can you explain in more details? thanks.
This was awesome! Thanks John!
Sir Please make more videos of this type , it seems to be useful to beginners !
i love how you laughed at the evil content of bag of toys :) :) ye who comes up with this stuff . thanks again for a great video
for anyone finding diffculties copying all the base64 encoded stuff try deleting all the stuff outside the begin certifcate and end certifcate and then select all and copy
Spot on buddy as always explained everything easily liked it a lot.
For those who are unable to decode the transcript file due to slowness or copy issue in browser....
Tip :- Copy the whole transcript file and paste in new notepad file, remove contents before --- begin certificate --- and content after -------end certificate --- save file with any name and upload to cyberchef rather than pasting ......hope this help others.
I tried using the web version of the machine, but for some reason it kept starting an ubuntu box. Ended up using RDP as suggested, but thought it might be useful feedback
Wonderful series!! Thanks a lot.
Great! Day 8, one the best so far, too bad the THM windows machine kept breaking :D
now its not even opening and the new instruction is said to access with attack machine into rdp
They are working on the network problems. Should be back to normal soon
it may be small crowd, but hey! 6k views in 5hr for sybersec is hUUUUUge crowd.
kinda want to bring a DJ and that is - John!
awesome job on this one dude ;]
Cute challenge, thanks for the walkthrough, sure easier than day 6 :-D
Thank you for the great walkthrough.
i dint wanna be the one who should asking the stuff out of topic or subject but was that a cop or ambulance at 11:05-11:12
It was a lot of fun ! New flavor of challenge!!
Shellbags was new for me. useful in Forensics, i'm guessing. just had a small reconnection in the middle, but overall awesome!
Fantastic! Thank you I am learning so much! :)
John thanks for an awesome video, you are a legend sir.
Please make upcoming days video also because i like the way you teach
That was really nice, Thank you !!
Let's open the bag of toys 😬😆❤️
Thanks, i got to learn new things and it was fun :)
Awesome, Learnt a lot today Thanks
It was cool using Windows machine as the attackbox.
Hi John.
Thanks for putting this task together. It's been my favorite so far and i think it will still be when i finish all of them.
One question though, would there be a way to use shellbags explorer if the actor didn't show the user.dat base64 code?
Thank you man. This is amazing;)
great stuff... just a thought, could have a flag file in the archive...
(55:19) So, uh, you don't actually need to restore the files to see how many files were in the original Bag of Toys. I would have suggested putting a flag in one of the files you needed to recover as your final check.
You still need the password to get the count. After that it is just extracting files from an archive, which isn't much different from any of the more common formats. So the challenging tasks are done by that point imho, the rest is no challenge for people who join the AoC. ;-)
@@Colaholiker You do not, in fact, need the archive password to get the count. I posted a message in the Advent of Cyber 3 channel on the Try Hack Me Discord server about how to get the count without the archive password (trying to keep things vague here in case someone using the video as a walkthrough accidentally sees this comment before finishing).
@@sillymel Okay, I didn't see it straight away. I'm not on Discord (I still somewhat have a normal live outrside the internet ;-) ), so I just do what John likes to do and press the "I believe" button. :)
Great job thank you for the video appreciate it.
camel case lol, I really liked it but my machine crashed constantly maybe too many hereos!
loved this task John♥️
This room was real fun :)
Excited to be here for a live THM!!!
That was amazing, it was like uncovering whole story, have you considered making games about hacking?
Good job!! Thank you it was fun
I am sorry John, but trying to use CyberChef in this VM is unusable. There is something baked in with the resolution of the firefox browser. I can scroll up and down but cannot see the top and cannot choose different options. I have restarted the VM multiple times and nothing.
isn't it ctrl+scolling to get the other views? (for details)
So is "disabling powershell" in windows like going onto a linux machine going "lets delete bash"
good video, yeah the hash was a bad idea, good one
I have a super very important pen testing question... I must have the answer...
John how long does it take to do your hair in the morning? I must know!
Answer me John , did you have fun making the third powershell transcript ?
thanks man! great stuff!
Yeah, that was a good one!
have you ever thought about teaching in a university?
you definitely have a great way of explaining things!