TryHackMe.com Career Changer
Shahzad MS
Senior SOC Analyst | SOC, GRC, IAM, DLP | Cloud Engineer | Azure, AWS, GCP, M365 | SysOps, SecOps | Advisor, Mentor, Entrepreneur
TryHackMe is an online platform that provides cybersecurity training and education to beginners. It offers a range of interactive exercises, real-world scenarios, and guided content to help users learn and upskill in cybersecurity. The platform provides both free and premium training content, with over 350 free training labs and a series of free events throughout the year. TryHackMe covers various topics such as offensive security, pentesting, Linux fundamentals, cryptography, web application security, and more. It is designed to be a safe and controlled environment for users to practice and develop their cybersecurity skills.
Level 1 - Getting Started
?is designed to help beginners ease into the world of cybersecurity. Learners will start with a tutorial on how to use TryHackMe, an online platform for cybersecurity training. Then, they will learn the basics of offensive security by hacking a website in a safe, legal environment and experiencing what it's like to be an ethical hacker. They will also learn about penetration testing, including testing techniques and methodologies, and get an introduction to the Linux operating system, which is widely used in the cybersecurity industry. Finally, they will learn how to use open-source intelligence to solve a challenge. Overall, Level 1 is designed to give learners a solid foundation of knowledge and skills to build upon in the later levels.
Level 2 - Tooling
learners will focus on tooling, which is essential for pentesters. They will learn how to use tools such as Nmap, Hydra, Burp Suite, OWASP ZAP, and Metasploit to become better hackers. Additionally, they will practice Linux Privilege Escalation skills and tackle more complex introductory CTFs like Vulnversity, Blue, Simple CTF, Bounty Hacker, and Brute It. Overall, the goal of this level is to give learners the necessary skills to use various tools to uncover vulnerabilities and exploit them.
Level 3 - Crypto & Hashes with CTF Practice
?This section covers various aspects of cryptography, including encryption algorithms like AES, Diffie-Hellman key exchange, hashing, PKI, and TLS. The Crack the Hash challenge provides an opportunity to practice cracking hashes. Agent Sudo involves hacking into a secret server located under the deep sea. The Cod Caper is a guided room that takes you through infiltrating and exploiting a Linux system, while Lazy Admin is a fun opportunity to practice your skills with Linux. Finally, the Encryption - Crypto 101 article is an introduction to encryption, which is part of a larger series on cryptography. Together, these resources provide a comprehensive introduction to cryptography and valuable practice for aspiring hackers.
Level 4 - Web
?focuses on web application security, covering a range of topics such as Content Discovery, Walking an Application, SQL Injection, DNS, HTTP, Burp Suite Basics, OWASP Juice Shop, Overpass, Bolt, Takeover, Neighbour, Corridor, and Epoch. Through these resources, you will learn how to discover hidden or private content on a web server, manually review a web application for security issues, detect and exploit SQL Injection vulnerabilities, understand how DNS works and how it helps you access internet services, and request content from a web server using the HTTP protocol. You will also be introduced to using Burp Suite for web application pentesting, the Bolt CMS and how it can be exploited using Authenticated Remote Code Execution, and the concept of subdomain enumeration. Additionally, you will have the opportunity to practice your skills with challenges like OWASP Juice Shop, Overpass, Takeover, Neighbour, Corridor, and Epoch, all of which offer a fun and engaging way to learn about web application security.
Level 5 - Reverse Engineering
focuses on reverse engineering, which involves taking a compiled program and figuring out what it does. The section includes resources such as Windows Reversing Intro, which provides an introduction to reverse engineering x64 Windows software, and Basic Malware RE, which is aimed at helping beginners learn about the basics of Malware Reverse Engineering. The section also includes a room called Reversing ELF, designed specifically for beginner Reverse Engineering CTF players to capture the flags. Additionally, Dumping Router Firmware offers an opportunity to learn about how routers work, including their operating systems and what makes them function. Finally, Dissecting PE Headers teaches you about Portable Executable files and how their headers work.
Level 6 - Networking
focuses on computer networking and covers the fundamentals of networking theory and basic networking tools. The section includes resources such as What is Networking?, a bite-sized and interactive module designed to help beginners understand the basics of computer networking. Additionally, Introduction to LAN provides an introduction to the technologies and designs that power private networks. The section also covers reconnaissance, with Passive Reconnaissance teaching essential tools such as whois, nslookup, and dig, and Active Reconnaissance teaching how to use simple tools such as traceroute, ping, telnet, and a web browser to gather information. Furthermore, Nmap offers an in-depth look at scanning with this powerful network scanning tool. The section also covers Traffic Analysis Essentials, which teaches network security and traffic analysis foundations and helps you probe network anomalies. Finally, Wireshark the Basics provides an introduction to the basics of Wireshark and how to analyse protocols and PCAPs.
Level 7 - Privilege Escalation
Privilege escalation is a critical skill in CTFs and hacking, where a user account is elevated to root or domain admin. Several rooms offer hands-on experience in different techniques for privilege escalation on Linux and Windows systems, including intentionally misconfigured VMs and vulnerable versions of Sudo and ProFTPD. Additionally, CTF challenges such as C4ptur3-th3-Fl4g and Pickle Rick provide beginner-friendly opportunities to test and hone these skills.
领英推荐
Level 8 - CTF practice
Easy Level
For the easy level CTF challenges, there are a variety of options available for those who are just starting out or looking for a more relaxed challenge. Break Out The Cage is a fun and entertaining challenge where you play as Nicolas Cage and help him investigate the suspicious activities of his agent. Meanwhile, Cyber Heroes is a challenge that tasks you with finding a way to log in and become part of an elite group of cyber heroes. These challenges are perfect for beginners who want to try their hand at CTFs and get a feel for the type of puzzles and obstacles they might encounter in more advanced challenges.
Medium Level
Moving on to the medium level CTF challenges, the difficulty level starts to ramp up a bit. Post Exploitation Basics is a great challenge for those looking to learn more about post-exploitation techniques and tools like mimikatz, bloodhound, powerview, and msfvenom. Another medium-level challenge is Dogcat, which involves exploiting a PHP application via LFI and breaking out of a docker container. These challenges require more advanced knowledge and skills than the easy level challenges, but they are still approachable for those with some experience under their belt.
Level 9 - Windows
offers a wide range of Windows practice rooms to enhance your knowledge in the operating system. Starting with Windows Fundamentals modules, which provide a solid understanding of the Windows desktop, NTFS file system, UAC, Control Panel, and more. You can also dive deeper into Windows Fundamentals in part 2 and 3, exploring topics such as System Configuration, Resource Monitoring, Windows Registry, and built-in Microsoft tools like Windows Security, BitLocker, and Windows Updates to help keep the device secure. If you want to specialize in Active Directory, the Active Directory Basics room is an excellent start to learn about the fundamental concepts and functionality provided by Active Directory.
For those who want to practice their hacking skills, rooms like Blue and Attacktive Directory provide the opportunity to exploit common misconfigurations issues and vulnerable Domain Controllers. You can also tackle challenges like Anthem and Blueprint to escalate your privileges to Administrator or try your hands at penetration testing in Relevant. If you're interested in Windows Forensics, you can check out the Windows Forensics 1 room, which provides an introduction to Windows Registry Forensics. Lastly, if you want to learn how to elevate your privileges on Windows using LocalPotato, you can explore the LocalPotato room, which focuses on CVE-2023-21746.
Official Website: https://tryhackme.com/
Linkedin: https://www.dhirubhai.net/company/tryhackme/
Twitter: https://twitter.com/RealTryHackMe
Facebook: https://www.facebook.com/TryHackMe/
YouTube: TryHackMe - YouTube