Advent of Cyber

Get Started With Cyber Security in 25 Days

Learn the basics of Cyber Security by doing a new, beginner friendly security exercise every day leading up to Christmas

Over $10,000 worth of prizes! The more questions you answer, the more chance you have of winning!

The event is completely free. Absolutely no costs involved, so make sure to tell your friends!

Complete all 25 daily security tasks and earn a custom certificate of completion!

Featured security tasks from John Hammond, TheCyberMentor, Tib3rius & DarkStar.

What you will learn

Each day in December, a new (beginner friendly) task will be released, which follows a fun Christmas story!

Web Exploitation Networking OSINT Scripting Reverse Engineering Defensive Blue Teaming
  • Day 1

    A Christmas Crisis

    Understand how the web works and take back control of the Christmas Command Centre!

    HTTP Cookies
  • Day 2

    The Elf Strikes Back

    Learn about basic file upload filter bypasses by performing a security audit on the new security management server!

  • Day 3

    Christmas Chaos

    Hack the hackers and bypass a login page to gain admin privileges.

    Authentication Bypass
  • Day 4

    Santa's watching

    Exploit Santa's login form and obtain admin credentials to save Santa's nice list!

    Authorization Bypass
  • Day 5

    Someone stole Santa's gift list!

    Learn to detect and exploit one of the most dangerous web vulnerabilities!

    SQLi PHP
  • Day 6

    Be careful with what you wish on a Christmas night

    Get familiar with compromising user interactions with vulnerable applications by executing custom javascript code.

    Javascript XSS
  • Day 7

    Coal for Christmas

    Kris Kringle checked his Naughty or Nice List, and he saw that more than a few sysadmins were on the naughty list! He went down the chimney and found old, outdated software, deprecated technologies and a whole environment that was so dirty! Take a look at this server and help prove that this house really deserves coal for Christmas!

    By John Hammond, a special contributor

    DirtyCow Privilege Escalation
  • Day 8

    The Grinch Really Did Steal Christmas

    Understand a few of the technologies that power the internet! Use this knowledge to track the activity of the Grinch who stole christmas!

    Wireshark Packet Analysis
  • Day 9

    What's Under the Christmas Tree?

    Practice the most fundamental stage of penetration testing: information gathering, using industry standard tools/techniques.

  • Day 10

    Anyone can be Santa!

    Discover a common misconfiguration on file transfer servers, and understand how it may be abused.

  • Day 11

    Don't be Elfish!

    Get hands-on with Samba, a protocol used for sharing resources like files and printers with other devices.

  • Day 12

    The Rogue Gnome

    We've got intial access, but now what? Learn some of the common linux privilege escalation techniques used to gain permissions to things that we shouldn't..

    Privilege Escalation Linux
  • Day 13

    Ready, set, elf.

    Learn how vulnerabilities can be identified, use public knowledgebases to search for exploits and leverage these on this Windows box; So quit slackin' and get whackin'!

    Public Exploits
  • Day 14

    Where's Rudolph?

    Twas the night before Christmas and Rudolph is lost
    Now Santa must find him, no matter the cost
    You have been hired to bring Rudolph back
    How are your OSINT skills? Follow Rudolph's tracks...

    By The Cyber Mentor, a special contributor

  • Day 15

    There's a Python in my stocking!

    Utilise Santa's favourite type of snake: Pythons to become a scripting master expert!

  • Day 16

    Help! Where is Santa?

    Santa appears to have accidentally told Rudolph to take off, leaving the elves stranded! Utilise Python and the power of APIs to track where Santa is, and help the elves get back to their sleigh!

  • Day 17
    Reverse Eng


    Learn the basics of assembly and reverse engineer your first application!

    GDB Linux
  • Day 18
    Reverse Eng

    The Bits of the Christmas

    Continuing from yesterday, practice your reverse engineering.

    GDB Linux
  • Day 19

    The Naughty or Nice List

    Santa has released a web app that lets the children of the world check whether they are currently on the naughty or nice list. Unfortunately the elf who coded it exposed more things than she thought. Can you access the list administration and ensure that every child gets a present from Santa this year?

    By Tib3rius, a special contributor

    Web SSRF
  • Day 20
    Blue Teaming

    PowershELlF to the rescue

    Understand how to use PowerShell to find all that was removed from the stockings that were hidden throughout the endpoint.

  • Day 21
    Blue Teaming

    Time for some ELForensics

    Understand how to use PowerForensics to find clues as to where the naughty list was hidden.

  • Day 22
    Blue Teaming

    Elf McEager becomes CyberElf

    You have found where the naughty list has been hidden online but it's encoded. Learn how to decode the contents of this file using CyberChef.

    Cyberchef Encoding
  • Day 23
    Blue Teaming

    The Grinch strikes again!

    As the day draws near the Grinch is desperate. He used his secret weapon and launched a ransomware attack crippling the endpoints. Understand what is VSS and how it is used to recover files on the endpoint.

    Volume shadow copy service Windows forensics
  • Day 24

    The Trial Before Christmas

    Ready for one last challenge to make sure you've earned your presents this year? Use the skills gained throughout Advent of Cyber to prove your mettle and conquer day twenty four!

    By DarkStar7471, a special contributor

    Web Linux

What is Advent of Cyber?

Advent of Cyber is an event aimed at helping users get started with cyber security, by releasing beginner friendly security exercises every day leading up to Christmas.

We know that Security can be a daunting field. It can be very difficult for beginners to take the jump and get started with learning just a small part of security!

For 25 days we will release tasks breaking down common security topics into byte-sized walkthroughs and challenges.

Each task will be self contained and will include the basic information required to start working on a challenge - We won't be throwing you in the deep end! The challenge will contain supporting material about that particular topic to ensure that you're actually learning.

Our Sponsors

In the spirit of Christmas, we've brought together some of the biggest names in cyber security and are ecstatic that they're supporting the event!

CompTIA is the global, non-profit IT trade association and creator of vendor neutral IT certifications. CompTIA certifications are developed with the support of leading technology companies and organisations and validated by industry experts around the world.

Offensive Security offers industry-defining information security training. In addition to courses and certifications, students can get hands-on pentesting practice in our Proving Grounds labs. Level up your skills and learn the Try Harder mindset with the team behind Kali Linux and the OSCP certification.

INE is the premier provider of technical training for the IT industry in the areas of Cyber Security, Networking, Cloud and Data Science. It is our mission to be the world’s leading provider of hands-on, role-based technical training, maniacally focused on developing experts. Try our platform for free with the INE Starter Pass.

Not only are we making this event free, we're personally adding gifts to the prize pool. Our mission is to make learning cyber security easier and more accessable; learn more about our mission and values here.


We will choose a random winner everyday, to enter simply complete the task released on that day.

At the end of the competition, we'll enter every participant who completed a question into a raffle to win the prizes. Every question a user completes, gives a higher chance of winning. You can win one of the following:

Total Prize Pool Value: $13,377


Complete every task in the event and earn a certificate of completion! Make sure your name is set in your settings.

The Advent of Cyber tasks will remain open until November 2021, so you have plenty of time to earn your certificate should you not complete all the tasks right away.

Event Details

  • Starting Date: Tue 1st, December 2020
  • Task Release Time: Between 7pm and 8pm GMT
  • Ending Date: Thu 26th, December


Breaking any of the following rules will result in elimination from the competition

  • * and the OpenVPN server is off limits to probing, scanning or exploiting.
  • Users are only authorized to hack machines that have started in the rooms they have access to.
  • Users are not to target or attack other users
  • Users should only enter the event once, using one account.
  • Answers to questions are not to be shared.

How to enter

  1. Register an account on TryHackMe.

  2. Click here to join the room!

  3. Wait for the first task to be released (Dec 1st)