TryHackMe: Advent of Cyber 2022 (Day 1) Someone’s coming to town!

3 min readDec 7, 2022


Another year, another Advent of Cyber from TryHackMe! I am getting started a little late this year due to work obligations, but better late than never! New challenges will be released daily through-out December, and they are all super beginner friendly.

Scenario: The Best Festival Company has been compromised yet again.

“Someone is trying to stop Christmas this year and stop Santa from delivering gifts to children who were nice this year. The Best Festival Company’s website has been defaced, and children worldwide cannot send in their gift requests. There’s much work to be done to investigate the attack and test other systems! The attackers have left a puzzle for the Elves to solve and learn who their adversaries are. McSkidy looked at the puzzle and recognised some of the pieces as the phases of the Unified Kill Chain, a security framework used to understand attackers. She has reached out to you to assist them in recovering their website, identifying their attacker, and helping save Christmas.”

The first challenge starts with a link to The Best Festival Company’s website, which has been defaced:

Question 1: Who is the adversary that attacked Santa’s network this year?

The website has been transformed into a puzzle game, which has all the pieces of the Unified Kill Chain laying about:

Looks like there are 3 puzzles, probably all 3 cycles of the Unified kill Chain. So just put them together like so:

Then it is revealed that the attacker for this year is The Bandit Yeti:

Question #2: What's the flag that they left behind?


Definitely nothing overly complicated for Day 1, haha.




CTF writeups to facilitate cyber education and help me earn CPEs