Cybersecurity Journey: A Beginner’s Roadmap with TryHackMe

Introduction:

In the ever-evolving realm of cybersecurity, the need for skilled professionals has never been greater. With cyber threats becoming more sophisticated, the demand for knowledgeable and trained individuals in this field is on a constant rise. For beginners aspiring to carve a niche in this dynamic sector, the question often arises – where to begin? This is where TryHackMe steps in, offering an immersive and structured learning path for aspiring cybersecurity enthusiasts. This article dives into the comprehensive training levels provided by TryHackMe, guiding beginners from their first steps to more advanced stages in the realm of cybersecurity. Whether you’re a complete novice or someone with a basic understanding of IT, this guide offers a step-by-step pathway to hone your skills in ethical hacking and cyber defense.

Level 1 – Getting Started

• Tutorial: Learn how to use a TryHackMe room to start your upskilling in cyber security.
• Intro to Offensive Security: Hack your first website legally in a safe environment.
• Introduction to Offensive Pentesting: Understand the essentials of penetration testing.
• Linux Fundamentals: Learn to use the Linux operating system.
• OHsint: Use open-source intelligence in this challenge.

Level 2 – Tooling

• Nmap Live Host Discovery: Discover live hosts using various Nmap techniques.
• Hydra: Learn to use Hydra for network logon cracking.
• Linux PrivEsc: Practice Linux Privilege Escalation on a Debian VM.
• Burp Suite: The Basics: Introduction to Burp Suite for Web Application pentesting.
• Introduction to OWASP ZAP: Learn OWASP ZAP, an alternative to BurpSuite.
• Metasploit: Introduction: Basics of the Metasploit Framework.
• CTFs: Introductory Capture the Flag challenges (Vulnversity, Blue, Simple CTF, Bounty Hacker, Brute It).

Level 3 – Crypto & Hashes with CTF Practice

• Introduction to Cryptography: Basics of encryption algorithms like AES, Diffie-Hellman, PKI, and TLS.
• Crack the Hash: Challenges focused on cracking hashes.
• Agent Sudo: Infiltrate a secret server under the sea.
• The Cod Caper: Guided room on infiltrating and exploiting a Linux system.
• Lazy Admin: Practice your Linux skills.
• Encryption – Crypto 101: Introduction to basic encryption concepts.

Level 4 – Web

• Content Discovery: Discover hidden content on webservers.
• Walking an Application: Manually review web application security.
• SQL Injection: Detect and exploit SQL Injection vulnerabilities.
• DNS in Detail: Learn how DNS works.
• HTTP in Detail: Understand the HTTP protocol.
• Burp Suite Basics: Intro to Burp Suite for Web Application pentesting.
• OWASP Juice Shop: Identify and exploit common web application vulnerabilities.
• Overpass: Explore a password manager made by CompSci students.
• Bolt: Learn about Bolt CMS vulnerabilities.
• Takeover: Focus on subdomain enumeration.
• Neighbour: Find secrets in a new cloud service.
• Corridor: Escape the corridor challenge.
• Epoch: Tools for converting UNIX dates and timestamps.

Level 5 – Reverse Engineering

• Windows Reversing Intro: Intro to reverse engineering x64 Windows software.
• Basic Malware RE: Learn basics of Malware Reverse Engineering.
• Reversing ELF: Beginner Reverse Engineering CTF challenges.
• Dumping Router Firmware: Explore the inner workings of a router.
• Dissecting PE Headers: Understand Portable Executable files.

Level 6 – Networking

• What is Networking?: Fundamentals of computer networking.
• Introduction to Networking: Basics of networking theory and tools.
• Introduction to LAN: Technologies and designs in private networks.
• Passive Reconnaissance: Tools like whois, nslookup, and dig.
• Active Reconnaissance: Tools like traceroute, ping, and telnet.
• Nmap: In-depth look at Nmap.
• Traffic Analysis Essentials: Foundations of Network Security and Traffic Analysis.
• Snort: Detect threats and analyze traffic with Snort.
• Wireshark the Basics: Analyzing protocols and PCAPs with Wireshark.

Level 7 – Privilege Escalation

• Linux Privilege Escalation: Hands-on with various escalation techniques.
• Windows PrivEsc: Practice Windows Privilege Escalation.
• Linux PrivEsc Arena: Escalate privileges on a vulnerable Linux VM.
• Windows Privesc Arena: Escalate privileges on a vulnerable Windows VM.
• Sudo Security Bypass: Explore CVE-2019-14287 in Unix Sudo.
• Sudo Buffer Overflow: Explore CVE-2019-18634 in Unix Sudo.
• Blaster: Look at alternative exploitation modes.
• Ignite: Tackle issues on a start-up’s web server.
• Kenobi: Work with Samba and ProFTPD.
• C4ptur3-th3-Fl4g: Beginner-friendly CTF.
• Pickle Rick: A Rick and Morty themed CTF.

Level 8 – CTF Practice

• Easy: Break Out The Cage, Lian Yu, B3dr0ck, Committed, Cyber Heroes, Startup.
• Medium: VulvNet: Active, Buffer Overflow Prep, Dogcat, Eavesdropper, Surfer, Ollie.

Level 9 – Windows

• Windows Fundamentals 1: Learn about the Windows desktop, NTFS, UAC, and more.
• Windows Fundamentals 2: System Configuration, UAC Settings, Resource Monitoring, Windows Registry.
• Windows Fundamentals 3: Microsoft tools for device security.
• Active Directory Basics: Basics of Active Directory.
• Windows-specific Challenges: Blue, Attacktive Directory, Retro, Blueprint, Anthem, Relevant, Windows Forensics 1, LocalPotato, PrintNightmare, Thrice!

This structured approach from TryHackMe covers a broad spectrum of cybersecurity topics, providing a solid foundation for anyone looking to start or enhance their skills in this field.

Conclusion:

Embarking on a journey in cybersecurity can seem daunting at first, but with structured and well-guided training, it becomes an achievable and exciting endeavor. TryHackMe’s comprehensive training program offers a unique blend of theoretical knowledge and practical experience, ensuring that beginners are not only introduced to the fundamentals but also get to practice and apply their learning in real-world scenarios. From understanding the basics of networking and Linux to mastering advanced techniques in privilege escalation and reverse engineering, tryhackme training roadmap is designed to equip aspiring cybersecurity professionals with the skills and confidence needed to succeed in this challenging field. As you complete each level, you not only gain valuable knowledge but also build a foundation for a rewarding career in cybersecurity. So, take your first step with TryHackMe and embark on a journey of learning, discovery, and professional growth in the fascinating world of cybersecurity.