TryHackMe - Hackers Learning Path

• Below is a series of rooms/machines in TryHackMe for beginners to cyber security to learn and practice.

Ultimate Setup

• Configure environment in one line!

trevohack@anonymous $ curl -O https://raw.githubusercontent.com/Trevohack/TryHackMe-Zero-To-Hero/main/Scripts/setup.sh && chmod +x setup.sh && ./setup.sh

Beginner Level Theory - [ 0x1 - 0x6 ]

• Tutorial
• Beginner

Linux & Bash

• Linux
• Linux 2
• Linux 3
• Bash Scripting
• Linux Modules

Acquainting yourself with tools

Acquainting yourself with tools in cybersecurity involves learning how to effectively use software, hardware, and techniques to secure digital systems and networks against cyber threats.

Nmap & Networking

Nmap, short for "Network Mapper," is a powerful network scanning and exploration tool used in cybersecurity. It's designed to discover hosts, services, and vulnerabilities within a computer network. Nmap employs various scanning techniques, like TCP, UDP, SYN, and ICMP scans, to identify open ports, services running on those ports, and operating systems. This information is crucial for assessing network security, finding potential entry points, and strengthening defenses against potential threats.

• Nmap 1
• Nmap 2
• Nmap 3
• Nmap 4
• Further Nmap
• Networking
• Networking Services
• Protocols And Servers
• Protocols And Servers 2

Tmux: Terminal Configuration

• Tmux
• Tmux 2

Burp Suite

Burp Suite: Essential tool for web app security testing, uncovering vulnerabilities and aiding in their resolution.

• Burp: The Basics
• Burp: Repeater
• Burp: Intruder
• Burp: Other Modules

Metasploit

Metasploit is a leading penetration testing tool for identifying and testing system vulnerabilities, widely used by cybersecurity professionals.

• Metasploit: Introduction
• Metasploit: Exploitation
• Metasploit: Meterpreter

Web Penetration

Web penetration testing: Assessing web app security by simulating attacks to uncover and address vulnerabilities.

• Walking An Application
• Content Discovery
• Subdomain Enumeration
• Authentication Bypass
• IDOR
• XSS
• Command Injection
• SSRF
• File Inclusion
• SQL Injection

Vulnerability Research

• Vulns
• Exploitation
• Vulnerability Capstone

Priv Escalation

Privilege escalation (priv esc) is the act of gaining higher levels of access or privileges than initially granted to a user or system. It involves exploiting vulnerabilities to elevate privileges, granting unauthorized access to resources or actions. This can be a critical step for attackers to gain control over a system, making it a crucial focus in security assessments to prevent unauthorized escalation of privileges.

• Linux Priv Esc
• Windows Priv Esc

Other Essentials

Python

• Python 1
• Python 2
• Flask

Poc Scripting

• Poc Writing

Javascript

• Javascript Basics
• Jason

Pro Level - [ 0x7 - 0xD ]

Active Directory

• Enumerating AD
• Breaching AD
• Lateral Movement & Pivoting
• Exploiting AD
• Persisting AD
• Holo

Buffer Overflow Exploitation

• Buffer Overflow Prep
• Brainstorm

You could get to this level or position after completing the above theory content and starting to practice through CTF challenges.

CTF challenges

For the machines/rooms mentioned below writeups will be added soon!

Easy

• [X] Rootme
• [ ] Ignite
• [X] Pickle Rick
• [ ] Cyborg
• [ ] Tomghost
• [ ] Source
• [ ] Res
• [ ] Lazy Admin
• [ ] Overpass
• [ ] Startup
• [ ] Wgel CTF
• [ ] Gaming Server

Medium

• [X] Athena
• [ ] Wonderland
• [ ] Mr Robot CTF
• [ ] dogcat
• [ ] The Marketplace
• [ ] GoldenEye

Hard

• [ ] Internal
• [ ] Year of the fox
• [ ] Retro
• [ ] Ra

Congrats! 🥳 If you have done all the rooms mentioned here, you are officially a penetration tester. You can go ahead in your career with other resources and platforms.