For some weird and inexplicable reason, every year there are plenty of IT-related advent challenges.
Have you ever seen gardeners, baristas, graphic designers or any other creative profession making advent challenges glorifying their craft? I bet you haven't. Yet, there's an Advent of Code event every year and there are lesser-known events for most popular programming languages. Just to name a few - Advent of SQL, Advent of JavaScript, Advent of Rust and even Advent of No-Code.
This year I decided to try out few of these challenges during my Christmas holidays.
Advent of Code
This is probably the biggest and the most famous of the challenges. Every day you're given a new programming task that you can solve using programming language of your choice. Once you submit the correct answer, you're given another task which extends the previous one.
I don't consider myself a professional developer, and I did not take an Algorithms course in the university. I don't do competitive programming either. So, my goal for this challenge was very modest - I wanted to see whether I'll be able to solve the tasks on my own. I was not going for the fastest solve, made no attempts to use the AI, etc, etc.
Few of the tasks required college-level math knowledge (solving system of linear equations, quadratic equations, etc.) but most of them were variations of maze problems (like finding the shortest path) and graph/subgraph problems.
It seemed to me that 2nd task of the day was designed to demonstrate the limitations of inefficient algorithms and to force you to optimize your solution for either for speed, memory consumption, or both. Caching the values, precomputing partial answers, efficient encoding of states, that sort of thing.
I managed to solve all of the tasks on my own using C# and a very minimal set of 3rd party libraries. Some of the tasks required several attempts and one of them took me almost a week thinking about it (2nd part of Day 21). I also learned about Bron-Kerbosch algorithm but did not implement it from the scratch.
I had to push my limits a little bit with Advent of Code. But in all fairness, we often solve harder problems during Flare-On CTF.
Advent of Cyber
I also decided to try TryHackMe's Advent of Cyber for fun. My goal was to learn more about the cybersecurity areas that I'm not very familiar with - web exploitation, AI, Web3, etc. Advent of Cyber is using a completely different approach than Advent of Code - you're given the problem to solve, as well as a tutorial and a video walkthrough. Of course, you are free ignore the walkthrough and work of the problem on your own.
There was a wide array of tasks covering different areas of cybersecurity. There were both offensive tasks (ranging from XXE to WPA2 attacks to AI prompt injection) and defensive tasks (log analysis, PCAP analysis, using YARA and sandboxes). Nevertheless, there's an extreme amount of hand-holding going on and tasks are always covering the very very basics of the problem.
My experience was mixed. I wasted way too much time dealing with slow and buggy TryHackMe's infrastructure. Quite often, it took me more time to get their VM started than it took me to solve the actual task. On several occasions, I was unable to start their AttackBox because the system thought I've used my free "1 hour per day" limit already. On top of that, some VMs were nothing more than a glorified file storage. Starting a VM just to get a PCAP file that needs to be analyzed in WireShark is quite an overkill.
The quality of the tasks was very mixed too. Some of the tasks were very well thought out and presented, and some of them were not. It was obvious that different challenges were made by different people and each one used his/her preferred steps, even if the end result was the same (like launching Burp Suite and changing the same default setting for the project). This discrepancy made the challenge feel disjointed and not really polished.
All in all, I learned few things about Burp Suite and I got my first hands-on experience with prompt injection and XXE. Was it worth the effort? I'm not so sure.
Happy Holidays!