Splunk Basics — Did you SIEM | Tryhackme | Day-3 Advent of Cyber 2025 | Walkthrough Hey my dear readers_ Today, we are solving the TryHackMe Advent of Cyber Prep Track 2025. Advent of Cyber …

InfoSecWriteUps' platform is  dedicated to providing insights and resources for cybersecurity professionals and enthusiasts. Through articles, tutorials, and security research, InfoSecWriteUps offers insights into cybersecurity vulnerabilities, attack techniques, and defense strategies. Readers can learn about penetration testing, threat intelligence, and incident response to enhance their cybersecurity knowledge and skills.

InfoSec Write-ups

A walkthrough of TryHackMe's Advent of Cyber 2025 Day 3 challenge focused on using Splunk for incident investigation. The guide covers ingesting web traffic and firewall logs, writing SPL queries to identify a malicious IP, tracing an attack chain from reconnaissance through SQL injection, webshell deployment, ransomware execution, and C2 communication. Specific SPL queries are provided for each investigation phase, along with the final answers to the challenge questions.

Splunk Basics — Did you SIEM | Tryhackme | Day-3

Let’s break down our result for a better understanding: