Tactics Explored: Attacking a login form with Burpsuite
Sticking Point: Only start the Burpsuite capture before entering the credentials. The instructions confused me and I kept trying to capture when initially visiting the page.
The theme of day 3 was shorter than day 2 and I had to scroll back make sure there was even a theme for today. Basically as the security elf things are seemingly back under control but then you notice a bunch of lights flashing on Santa's slay alerting you to the fact that it's been hacked. So as the security elf you have to hack your way into Santa's slay using Burpsuite. After hacking in it looks like the web server communicates with Santa's slay to monitor it's location.
The security challenge today utilized Burpsuite to exploit a login form. Burpsuite is something I've only used a couple of times before when completing other challenges on Tryhackme so it was nice to use it again and get some more hands on. This challenge was the quickest to finish so far because you're only using two small wordlists that are provided and upon logging in you're given the only flag you need. I'm betting they avoided making it too long so people could focus more on learning Burpsuite. Also from the description it looks like tomorrow will build upon today.