Free TryHackMe Training: The Ultimate Guide for Beginners

I can help you by summarizing the key points from Ellie Gillard Ellie Gillard's article titled "Free TryHackMe Training: The Ultimate Guide for Beginners," which outlines how to break into and upskill in cybersecurity through free content accessible to all. Here are the bullet points for each level of training mentioned in the article:

Level 1 - Getting Started:

• Tutorial: Learn how to use a TryHackMe room to start your upskilling in cyber security
• Introduces you to TryHackMe and its platform features
• Teaches you how to navigate through a room and complete tasks
• Provides a safe environment to practice and learn different cybersecurity concepts
• Intro to Offensive Security: Hack your first website (legally in a safe environment) and experience an ethical hacker's job
• Teaches the basics of web application security and ethical hacking
• Provides a practical and safe environment to practice hacking a website
• Helps you understand the mindset of an ethical hacker
• Introduction to Offensive Pentesting: Understand what a penetration test involves, including testing techniques and methodologies every pentester should know
• Provides an overview of penetration testing, including different types and methodologies
• Teaches you how to perform basic reconnaissance and information gathering
• Helps you understand how to use different tools and techniques to identify vulnerabilities and exploit them
• Linux Fundamentals: Learn how to use the Linux operating system, a critical skill in cyber security
• Provides a foundation for understanding the Linux operating system
• Teaches you how to navigate and use the Linux command line
• Helps you understand basic Linux concepts such as permissions, file management, and networking
• OHsint: Use open-source intelligence to solve this challenge!
• Teaches you how to use open-source intelligence (OSINT) to gather information
• Provides a practical exercise to apply OSINT techniques
• Helps you understand the value of OSINT in cybersecurity investigations

Level 2 - Tooling:

• Learn how to use Nmap to discover live hosts using ARP scan, ICMP scan, and TCP/UDP ping scan with Nmap Live Host Discovery
• Use Hydra, a fast network logon cracker, to bruteforce and obtain a website's credentials
• Practice Linux Privilege Escalation skills on an intentionally misconfigured Debian VM with multiple ways to get root with Linux PrivEsc
• Introduction to using Burp Suite for Web Application pentesting with Burp Suite: The Basics
• Learn how to use OWASP ZAP from the ground up (an alternative to BurpSuite) with Introduction to OWASP ZAP
• Get an introduction to the main components of the Metasploit Framework with Metasploit: Introduction
• Learn about active recon, web app attacks and privilege escalation with Vulnversity CTF
• Deploy & hack into a Windows machine, leveraging common misconfigurations issues with Blue CTF
• Solve beginner-friendly Capture the Flag challenges with Simple CTF
• Prove your skills and claim the status of Elite Bounty Hacker with Bounty Hacker CTF
• Learn how to brute force, perform hash cracking and escalate privileges with Brute It.

Level 3 - Crypto & Hashes with CTF Practice:

Introduction to Cryptography:

• Learn about various encryption algorithms like AES, DES, RSA, and more
• Understand the basics of symmetric and asymmetric encryption
• Explore cryptographic hash functions and their applications
• Gain knowledge about digital signatures and public key infrastructure (PKI)
• Learn about the Transport Layer Security (TLS) protocol and its role in secure communication

Crack the Hash:

• Practice cracking different types of hashes such as MD5, SHA-1, SHA-256, etc.
• Learn about hashcat, a popular password cracking tool
• Explore different techniques for cracking hashes, including brute-forcing and dictionary attacks

Agent Sudo:

• Explore the world of steganography and discover hidden messages
• Practice Linux privilege escalation techniques
• Learn about file transfer and network scanning tools
• Practice your skills in finding and exploiting vulnerabilities in web applications

The Cod Caper:

• Learn about the basics of Linux command-line interface (CLI)
• Practice basic Linux file manipulation commands
• Learn how to use common Linux tools like grep, find, and curl
• Practice privilege escalation techniques on a vulnerable Linux system

Lazy Admin:

• Practice your Linux privilege escalation skills on a vulnerable system
• Learn about SUID binaries and how they can be exploited for privilege escalation
• Discover different ways of transferring files between systems
• Learn about various Linux tools like nano, tar, and wget

Encryption - Crypto 101:

• Learn about symmetric and asymmetric encryption algorithms
• Understand the basics of block ciphers and stream ciphers
• Explore different types of attacks on cryptographic systems
• Gain knowledge about cryptanalysis and its role in breaking cryptographic systems

Level 4 - Web:

• Content Discovery: Learn different ways to discover hidden or private content on a webserver
• Walking an Application: Manually review a web application for security issues using your browser's developer tools
• SQL Injection: Learn how to detect and exploit SQL Injection vulnerabilities in web applications
• DNS in Detail: Learn about the Domain Name System and how it helps you access internet services
• HTTP in Detail: Learn how to request content from a web server using the HTTP protocol
• Burp Suite Basics: An introduction to using Burp Suite for web application pentesting
• OWASP Juice Shop: Learn how to identify and exploit common web application vulnerabilities using the Juice Shop vulnerable web application
• Overpass: Learn about password managers and how to exploit vulnerabilities in them
• Bolt: Learn about the Bolt CMS and how it can be exploited using Authenticated Remote Code Execution
• Takeover: Learn about subdomain enumeration and how to take over subdomains
• Neighbour: Learn about cloud services and how to find other users' secrets
• Corridor: Try to escape the corridor in this challenge
• Epoch: Learn how to convert UNIX dates and timestamps using an online tool.

Level 5 - Reverse Engineering

• Reverse engineering is the art of taking a compiled program and figuring out what it does. This section will teach you everything you need to know about it.
• Windows Reversing Intro - Introduction to reverse engineering x64 Windows software
• In this room, you will learn the basics of reverse engineering x64 Windows software. You will learn how to use tools like IDA Pro, Ghidra, x64dbg and radare2 to analyze binaries, identify functions, variables and strings, set breakpoints and modify registers and memory. You will also learn how to deal with common anti-reversing techniques like obfuscation, encryption and packing.
• Basic Malware RE - This room aims towards helping everyone learn about the basics of Malware Reverse Engineering
• Malware reverse engineering is the process of analyzing malicious software to understand its functionality, origin and purpose. In this room, you will learn how to use tools like VirusTotal, PEStudio, strings and hex editors to perform static analysis on malware samples. You will also learn how to use tools like Process Monitor, Process Explorer and Wireshark to perform dynamic analysis on malware samples.
• Reversing ELF - A room for beginner Reverse Engineering CTF players to capture the flags
• ELF stands for Executable and Linkable Format, and it is the standard format for executable files on Linux systems. In this room, you will learn how to reverse engineer ELF binaries using tools like Ghidra, radare2 and gdb. You will also learn how to solve common reverse engineering challenges like finding passwords, hidden messages and flags in ELF binaries.
• Dumping Router Firmware - Have you ever been curious about how your router works? What OS it runs? What makes it tick?
• Router firmware is the software that controls the functionality of your router. It is usually stored in a flash memory chip inside the router. In this room, you will learn how to dump the firmware from your router using tools like binwalk, dd and strings. You will also learn how to analyze the firmware using tools like binwalk, hex editors and firmware mod kit.
• Dissecting PE Headers - Learn about Portable Executable files and how their headers work
• PE stands for Portable Executable, and it is the standard format for executable files on Windows systems. PE headers are the data structures that store information about the executable file, such as its entry point, sections, imports and exports. In this room, you will learn how to dissect PE headers using tools like PEView, CFF Explorer and pefile.

Level 6 - Networking

• Networking is the practice of connecting devices to facilitate communication and data exchange
• Introduction to Networking covers theory and basic tools used in networking
• Introduction to LAN focuses on the technologies and designs used in private networks
• Passive Reconnaissance teaches essential tools for gathering information about a network or system without interacting with it
• Active Reconnaissance teaches how to use simple tools like traceroute, ping, telnet, and a web browser to gather information by interacting with a network or system
• Nmap is a powerful network scanning tool used for both passive and active reconnaissance
• Traffic Analysis Essentials covers network security and the foundations of analyzing network traffic to detect anomalies
• Snort is an open-source network intrusion detection system used to detect and prevent attacks in real-time
• Wireshark the Basics teaches the basics of network protocol analysis and how to analyze protocols and PCAPs using Wireshark

Level 7 - Privilege Escalation

• Privilege escalation involves taking a user account and gaining higher privileges such as root or domain admin access
• Linux Privilege Escalation provides hands-on experience with more than 8 different techniques for escalating privileges in Linux systems
• Windows PrivEsc allows for practicing Windows Privilege Escalation skills on a purposely misconfigured Windows virtual machine
• Linux PrivEsc Arena teaches how to escalate privileges using a vulnerable Linux virtual machine
• Windows Privesc Arena teaches how to escalate privileges using a vulnerable Windows 7 virtual machine
• Sudo Security Bypass is a tutorial room that explores the CVE-2019-14287 vulnerability in the Unix Sudo Program
• Sudo Buffer Overflow is a tutorial room that explores the CVE-2019-18634 vulnerability in the Unix Sudo Program
• Blaster is a tutorial on alternative modes of exploitation
• Ignite is a tutorial on a start-up's issues with its web server
• Kenobi teaches how to enumerate Samba for shares, manipulate a vulnerable version of ProFTPD, and escalate privileges using path variable manipulation
• C4ptur3-th3-Fl4g is a beginner-friendly CTF challenge focused on privilege escalation
• Pickle Rick is a Rick and Morty themed CTF challenge where players must help turn Rick back into a human by exploiting vulnerabilities and escalating privileges.

Level 8 - CTF practice

Easy:

1. Break Out The Cage - Help (Nicolas) Cage bring back his acting career and investigate the nefarious goings-on of his agent!
2. Lian Yu - A beginner-friendly security challenge
3. B3dr0ck - There’s server trouble in Bedrock
4. Committed - One of our developers accidentally committed some sensitive code to our GitHub repository. Well, at least, that is what they told us...
5. Cyber Heroes - Want to be a part of the elite club of CyberHeroes? Prove your merit by finding a way to log in!
6. Sea Surfer - Ride the wave!
7. Startup - Abuse traditional vulnerabilities via untraditional means

Medium:

1. Post Exploitation Basics - Learn the basics of post-exploitation and maintaining access with mimikatz, bloodhound, powerview, and msfvenom
2. Buffer Overflow Prep - Practice stack-based buffer overflows!
3. Dogcat - Exploit a PHP application via LFI and break out of a docker container
4. Eavesdropper - Listen closely, you might hear a password
5. Surfer - Surf some internal webpages to find the flag!
6. Ollie - Meet the world's most powerful hacker dog!

Level 9 - Windows

Windows Fundamentals 1:

• Introduction to the Windows desktop environment and how to navigate it
• Overview of the NTFS file system and its features, including file permissions and encryption
• Understanding User Account Control (UAC) and how it protects the system from unauthorized changes
• Familiarization with the Control Panel and its various settings and options
• Introduction to the Task Manager and how to use it to monitor system performance and end tasks

Windows Fundamentals 2:

• Overview of the System Configuration utility and how it can be used to manage startup programs and services
• Understanding User Account Control (UAC) settings and how they can be adjusted to suit your needs
• Introduction to Resource Monitor and how to use it to monitor system performance and troubleshoot issues
• Understanding the Windows Registry and how it can be used to manage system settings and configurations
• Overview of Event Viewer and how it can be used to view system logs and troubleshoot issues

Windows Fundamentals 3:

• Introduction to Windows Update and how to keep your system up to date with security patches and bug fixes
• Understanding Windows Security and how it can be used to manage antivirus software, firewall settings, and other security features
• Overview of BitLocker and how it can be used to encrypt hard drives and protect sensitive data
• Introduction to the Windows Defender Firewall and how to configure it to protect your system from network attacks
• Understanding User Account Control (UAC) and how it can be used to prevent unauthorized changes to the system

Active Directory Basics:

• Understanding the role of Active Directory (AD) in managing users, computers, and other resources in a Windows network
• Overview of the various components of Active Directory, including domains, forests, and organizational units (OUs)
• Familiarization with Active Directory Users and Computers (ADUC) and how it can be used to manage users and groups
• Introduction to Group Policy and how it can be used to configure settings and policies across a network
• Understanding the role of Domain Name System (DNS) in Active Directory and how it can be used to resolve domain names to IP addresses

Blue:

• Introduction to common misconfigurations that can make a Windows machine vulnerable to attack
• Overview of privilege escalation techniques that can be used to gain administrative access to a Windows machine
• Familiarization with common attack tools and techniques used in Windows exploitation
• Understanding the importance of reconnaissance and information gathering in preparing for an attack
• Introduction to post-exploitation activities and how to maintain access to a compromised system

Attacktive Directory:

• Overview of the Domain Controller (DC) and its role in managing Active Directory
• Understanding the various attack vectors that can be used to exploit a vulnerable Domain Controller
• Familiarization with the tools and techniques used in Active Directory exploitation, including BloodHound, Mimikatz, and PowerView
• Introduction to privilege escalation techniques that can be used to gain Domain Administrator access
• Understanding how to maintain persistence and evade detection on a compromised system

Retro:

• Introduction to a simulated retro-style game environment with hidden vulnerabilities and challenges to discover and exploit
• Familiarization with various attack tools and techniques that can be used to exploit a Windows machine
• Understanding the importance of reconnaissance and information gathering in preparing for an attack
• Introduction to post-exploitation activities and how to maintain access to a compromised system
• Opportunity to practice your hacking skills and compete with other players to achieve a high score

Blueprint:

Introduction to a simulated Windows environment with hidden vulnerabilities and challenges to discover and exploit

Overview of privilege escalation techniques that can be used to gain administrative access to a Windows machine

We are thankful to all teams members of THM specially original post belong to and source from TryHackMe Ellie Gillard

URL: TryHackMe | Free TryHackMe Training: The Ultimate Guide for Beginners