Without spoiling the room: expect PowerShell abuse, scheduled tasks, process injection, and HTTP-based C2. These are techniques you’ll see in actual intrusions (e.g., those mapped to MITRE ATT&CK TA0002, TA0005, T1059.001, T1053.005).
Based on the Complex Coronary Therapeutics 2019 conference, requiring you to investigate a medical website for vulnerabilities. Focus Areas: The room primarily tests skills in Information Gathering Web Application Exploitation Privilege Escalation Notable Tasks: Subdomain Enumeration: Using tools like to find hidden directories. Exploiting Local File Inclusion (LFI):
You can watch community-made walkthroughs on YouTube to see the technical steps required to complete the mission and see the full narrative unfold. tryhackme cct2019
The final stage involving complex encoding or algorithm-specific decoding, such as Run-Length Encoding .
Most CTFs focus on exploitation. CCT2019 flips the script—you start post-compromise. You’ll need to think like the attacker and the defender. This mirrors real SOC and DFIR work. Focus Areas: The room primarily tests skills in
You are a newly hired SOC analyst. A senior analyst has vanished mid-investigation, leaving behind a Windows 10 workstation and a pcap (packet capture) file. A user reported that their machine is "acting strange." Your task is to perform to answer specific questions about what happened.
💡 Keep an eye out for "red herrings" in the PCAP files. The creators included intentional distractions to test your ability to filter relevant data. If you're stuck on a specific task, Get the Tshark command for extracting the USB data? Find hints for the slider values in the RE task? Tryhackme Cct2019 Most CTFs focus on exploitation
Analyzing USB capture data ( usb.capdata ) and identifying hidden patterns in packet payloads.
To access the room, navigate to TryHackMe and search for "CCT2019" (Note: It is sometimes listed under "CCT2019" or as part of the Cyber Defense path). You will need a account to spawn the necessary virtual machines.
