advent-of-cyber-2025

Room Link: https://tryhackme.com/room/splunkforloganalysis-aoc2025-x8fj2k4rqp

▶️ Mad Hat – Day 3 Video Walkthrough

We are providing the official Day 3 walkthrough video for quick onboarding:

🔗 YouTube Link: https://youtu.be/0cuAsDTfNbA?si=Sz6V86u9fB3isdf1


🎄 Advent of Cyber 2025 — Day 3 Write-Up

🧩 Splunk Basics - Did you SIEM?

banner

✅ Challenge Answers — Log Analysis

1️⃣ Attacker IP found attacking and compromising the web server

1clientip

index=main

Answer:

198.51.100.55

2️⃣ Peak traffic day in the logs (YYYY-MM-DD)

2finaldate

index=main sourcetype=web_traffic | timechart span=1d count |  sort -count

Answer:

2025-10-12

3️⃣ Count of Havij user_agent events

3havij

Answer:

993

4️⃣ Number of path-traversal attempts observed

4pathtraversal

Answer:

658

5️⃣ Bytes transferred to the C2 server from the compromised web server

5bytestransfer

index=main sourcetype=firewall_logs src_ip="10.10.1.5" dest_ip="198.51.100.55" AND action="ALLOWED" | stats sum(bytes_transferred) by src_ip

Answer:

126167