The App Trap

Overview 
 
 Room URL: https://tryhackme.com/room/adventofcyberpreptrack 
 Difficulty: Easy 
 Category: Prep 
 Date Completed: 12/1/2025 
 Objective 
 Find and remove the malicious connected app. 
 
 Table of Contents 
 Introduction 
 Walk Through 
 Lessons Learned 
 Resources 
 
 Introduction 
 McSkidy's social media account has been compromised and is posting suspicious messages about "EASTMAS." A malicious third-party application may be responsible for the unauthorized access. Learning to review and manage app permissions is essential for preventing data leaks and unauthorized account access. 
 
 Walk Through 
 
 Click view site to launch the simulated enviroment 
 There are 3 applications in the enviroment with the following permissions
 
 Weather Elf
 
 Location 
 Network Access 
 Notifications 
 
 
 Gift Tracker
 
 Contacts 
 Network Access 
 Storage 
 
 
 Eastmas Scheduler
 
 Calendar 
 Notifications 
 Passwordvault 
 
 
 
 
 Weather Elf and Gift tracker have appropriate apps for their use case. Eastmas Schedular has no reason to have access to Password Vault 
 Revoked access to password vault 
 
 
 
 Lessons Learned 
 
 Learned to audit third-party application permissions and identify overprivileged apps that request unnecessary access to sensitive data 
 Successfully identified that the Eastmas Scheduler app had suspicious access to the Password Vault and revoked it, demonstrating proper permission management to prevent unauthorized account compromise 
 
 
 Resources 
 TryHackMe 
 App Permission