📌 Advent of Cyber 2025 Recap 📌
====================
I have managed to complete Advent of Cyber 2025 in the last few days. As always, It was a good learning ground for beginners to pick new concepts. Here is my review. What was your experience?

Something new I have learned
- - - - - - - - - - - - - - - - - - - - - -
Quishing: I learned that phishing via QR codes has its own name! (Day 02)

Hot Takes & Insights
- - - - - - - - - - - - - - -
1. The IDOR Misnomer (Day 05) The name Insecure Direct Object Reference is misleading. Having a "Direct Reference" (like /user/1) isn't the flaw—the flaw is missing authorization.

⚠️ Pro-tip: Hiding IDs (e.g., /user/ea21f...) is just "security by obscurity." If the server doesn't check permissions, it’s still broken. Focus on the check, not the ID!

2. Practical AI Usage in Security Teams (Day 04)
🔴 Red Teams: Instant exploit script generation.
🔵 Blue Teams: Rapid log analysis post-attack.
🛠 DevSecOps: Automated source code auditing.

Room Rankings
- - - - - - - - - - -
1. Favorites:
- Containers (Day 14)
- AWS Security (Day 23)

2. Annoying:
- Prompt Injection (Day 08) 🤖 (That tiny chatbot UI was a struggle!)

Tools I discovered/enjoyed
- - - - - - - - - - - - - - - - - -
1. https://hashes.com/en/tools/hash_identifier
2. https://www.uuidtools.com/decode
3. https://cyberchef.io/
4. https://github.com/activecm/rita
5. https://malware-traffic-analysis.net/
6. https://www.winitor.com/download
7. https://github.com/Seabreg/Regshot
8. https://learn.microsoft.com/en-us/sysinternals/downloads/procmon
9. https://tio.run/#
10. https://ericzimmerman.github.io/#!index.md

#learning
#ctf
#tryhackme

@securednation

The actual date of this post is not today(01/01/2026) but from 30/12/2025. I just want to make that clear.

@securednation

[A visual guide on how browsers work]

#learning
#browsers

@securednation

🩸 CRTOM — done.

Started my red team cert path with Red Team Operations Management.
Not about popping shells yet — this one’s about how real ops are planned, scoped, and run.

Foundations first:
🧠 attacker mindset
📋 engagement flow
🎯 operational thinking

@AfroSec

🚨 Popular workflow automation platform n8n disclosed a critical flaw that lets authenticated users with workflow edit rights execute OS commands on the host.

Tracked as CVE-2025-68668, the issue carries a CVSS score of 9.9.

🔗 Details here → https://thehackernews.com/2026/01/new-n8n-vulnerability-99-cvss-lets.html

[Burp suite extension for testing JS-rich targets]

[Arcanum PI Taxonomy]
Prompt Injection Attack Classification System

You can't patch people. That's the painful truth in security.

Dear TechCrunch, you aren't muck for me. I will try to check out your stories😁

/proc

#linux
#learning

@securednation

🔴 LIVE SESSION TONIGHT 🔴

Topic: Network Security Basics

⏰ Today | 2:00 LT (Night)
📍 On INSA Cyber Talent Center Channel @insactc

Join us for an essential live session where we dive into the core of infrastructure defense. We’ll move beyond the basics to explore how modern networks stay resilient against evolving cyber threats.

⚡️ Session highlights:
- The First Line of Defense: Firewalls, VPNs, and IDS/IPS systems.
- Deep dive into Zero-Trust architecture.
- Defense in Depth: How to layer these tools to create a "hardened" network environment.
- Interactive Q&A: Get your questions answered by experts on this field.

📢 Happening today at 2:00 LT night. Don’t miss it!

@insactc @cteinsa

#INSA #NetworkSecurity #ZeroTrust #Firewall #CyberSecurity

የኢመደአ/INSA የዊክ ኢንድ/weekend የታለንት ልማት ፕሮግራም ምዝገባ ተጀመረ

ፕሮግራሙ የሚሰጥበት ቀናት - በሳምንቱ መጨረሻ ቅዳሜ እና እሁድ
ፕሮግራሙ የሚሰጠዉ - አዲስ አበባ ኢመደአ ታለንት ማእከል
ፕሮግራሙን መሳተፍ የሚችሉ
1.በሳይበር እና በመሳሰሉት ዘርፎች ዘርፉ ላይ ልዩ ታለንት ያላቸዉ እና የሞካከሯቸዉን ፕሮጀክቶች ማሳየት የሚችሉ
2.ተቋሙ የሚያዘጋጀዉን ፈተና/ቻሌንጅ ማለፍ የሚችሉ
3.ቅዳሜ እና እሁድ ተመላልሰዉ መሳተፍ የሚችሉ
4.ከአንደኛ ደረጃ ጀምሮ እስከ ዩኒቨርስቲ ተመራቂ

ምዝገባዉ የሚደረግበት ፕላትፎርም ለዚሁ ፕሮግራም ተብሎ በተዘጋጀ ፖርታል - https://talent.insa.gov.et 

የምዝገባ ጊዜ ከጥር 27 - የካቲት 07 ድረስ

ስለፕሮግራሙ ማብራሪያ ከፈለጉ በታለንት ማእከሉ የቴሌግራም ቻናል
https://t.me/insactc
https://t.me/cteinsa
በመግባት ማግኘት የምትችሉ መሆኑን እናሳዉቃለን። 📢 INSA Weekend Talent Development Program – Registration Open

The Information Network Security Administration (INSA) invites talented individuals to apply for its Weekend Talent Development Program in cyber security and related fields.

🗓 Schedule: Saturdays & Sundays
📍 Location: INSA Talent Center, Addis Ababa

Eligible applicants:
✔️ Talented individuals with demonstrable projects
✔️ Those who pass INSA’s exam/challenge
✔️ Primary school students to university graduates
✔️ Must be available on weekends

📝 Registration: February 04 – February 14
🔗 Apply at: https://talent.insa.gov.et

ℹ️ More info:
https://t.me/insactc
| https://t.me/cteinsa

Sign up by March 16, 2026 for a chance to win one of 10 Course and Certification Bundles for 90-days access and 1 exam attempt. Winners are chosen at random and notified by email. No purchase required. Exclusions apply.

Sign up here: offs.ec/3Z6p7W0

🔴 LIVE SESSION ANNOUNCEMENT
🚀 Main Topic: Deployment & Infrastructure Basics
🕑 Time: 2:00 LT
In this live session, we’ll break down how real applications move from your laptop to production — in a simple, developer-friendly way 👩🏽‍💻✨
📌 What you’ll learn:
✅ Dev vs Production Environments (what’s really different?)
✅ Application Deployment Flow (step-by-step)
✅ Introduction to CI/CD — from a developer’s perspective
✅ Common mistakes developers make during deployment
Whether you’re a student, junior developer, or self-taught coder, this session will help you understand deployment without fear 💡
🎯 Join live, ask questions, and level up your backend & DevOps basics!
🔔 Don’t miss it!
Join our
👥 Our Group and Our Channel

A universal troubleshooting guide. There are lots of things I learned from this one page cheat sheet about how to approach a problem.

🔴 LIVE SESSION TONIGHT 🔴

Topic: Penetration Testing (Web Security)

We will cover deep about how to perform web penetration testing security based on the OWASP TOP 10.

⏰ Today | 2:00 LT (Night)
📍 On INSA Cyber Talent Center Channel @insactc

📢 The session have 2 classes. Don’t miss it!

@insactc @cteinsa

#LiveStream #CyberSecurity #PenetrationTesting #WebSecurity #OWASP #Talent #INSA

🔴 PENETRATION TESTING LIVE SESSION PART 2 WILL CONTINUE TONIGHT 🔴

We will focus on doing a simulated labs based on the OWASP TOP 10.

⏰ Today | 1:50 LT (Night)
📍 On INSA Cyber Talent Center Channel @insactc

📢 Don’t miss it! We will ask you some questions at the end of the session.

@insactc @cteinsa

#LiveStream #CyberSecurity #PenetrationTesting #WebSecurity #OWASP #Talent #INSA