AGENDA
In this article, we’ll check out TryHackMe, its features, and more specifically, the Pre Security Learning Path. Here are some of the topics we will cover:
- What is TryHackMe?
- Learning Paths
- Pre Security Path
- Modules, Leaderboards, KOTH, and more…
WHAT IS TRYHACKME?
TryHackMe (THM) is a cyber security online training platform. The premise is that it contains “rooms” where you can learn about various cyber security related fields like: networking, operating systems, pentesting, exploitation, reverse engineering, malware forensics, and more. The biggest piece to this is that the training is very hands on. How does that work? Well there are virtual machines within the rooms that you can interact with and put into practice the task that you are learning. There is a ton of research showing that hands-on technique is one of the best methods to learn.
You’re probably thinking, “Okay, sounds cool, but how much does it cost?” Unlike most cyber security online training platforms that cost hundreds or even thousands of dollars, THM is nearly free. At this moment, there are 390 publicly accessible rooms. Of those, 310 are free! About 80% of the content is completely free and only requires an account. You read that right, no subscription or payment, or “type in your credit card to continue” is necessary to learn 80% of the available content. Like me, if you want to dabble into the 20% of the rooms that require a subscription, no worries – it is crazy affordable. Depending on where you live and when you read this, the price may change. I doubt it will change much though, if at all, because I have been a subscriber for almost 2 years now and the price has not changed at all. If you are US based, you have 2 options: monthly for $10 or yearly for $90. Neither option requires any contracts. So, if you want to do monthly for two months, then unsubscribe, you can, and the process is literally a click. I’ve done it myself and it is that simple. Zero hassle. Bonus: I believe they have a student discount too, which requires verification, so check that out if you are one.
Reading all of that, you’re probably thinking the same thing I thought when I did my research originally – no way! Actually YES way. Don’t take my word for it. A quick google search will show a plethora of resources on reddit, medium, twitter, blogs, you name it that tells you exactly what I told you above.
If you aren’t convinced yet, no problem. Let’s break down some of the specific features THM platform has to offer…
LEARNING PATHS
THM has something they refer to as Learning Paths. Basically, a learning path is filled with a certain number of rooms that cover topics under a specific umbrella, like Offensive Pentesting or Cyber Defense. Looking below, you can see all the learning paths they currently offer. Some rooms belong to multiple learning paths and some rooms don’t belong to any path. The cool thing about a learning path is that it recommends specific rooms for that topics and it helps keep you on track. You can also jump between paths if you change your mind. Let’s check the Pre Security learning path.
PRE SECURITY PATH
The Pre Security learning path has numerous sections. Looking below, you can see what each section covers, and you can see your progress on the right. Currently I completed this learning path, so I can access my certificate proving that I finished all the rooms within this learning path.
If we expand a section, we can see the specific rooms that this section contains:
Each room has tasks. And within each tasks, there are questions. Some are knowledge questions, and others require you to complete some sort of hands-on activity. Here is an example of one of the rooms:
To avoid spoilers, here is an example of an extended task that is not yet completed:
As you can see, this task has 3 questions. In order to answer them, you must start the virtual machine (green button on the top right) and interact with it accordingly. You can do this by one of the two ways: either download their OpenVPN package and connect to their environment, or use their in house “Attack Box” virtual machine (subscription required). This is basically a Kali box with a few custom changes. In order to get the question correct, you must to submit the right answer. You can also see that these questions have Hints, but not all questions do.
Before we move on, I wanted to highlight this specific learning path. The Pre Security learning path covers the basics to really get you going on a cyber security career. By combining a traditional learning style, where you read information and answer knowledge questions, with a hands-on approach, it really caters to everyone. If you are already knowledgeable in a certain area, you can just skip to the questions and give it a shot. The flexibility of doing it in a manner that helps you learn best is amazing.
Okay, if you still are not sold, let’s review a few more features that THM has to offer…
MODULES, LEADERBOARDS, KOTH, AND MORE…
Modules are like mini learning paths. They focus on slightly more specific areas and include rooms that cover that topic.
For example, check out the Threat and Vulnerability management below:
You’ll see that it includes a mixture of paid and free rooms, but the majority are free. While they do recommend completing modules in a certain order, it isn’t necessary. You are free to jump around as you please.
If you would rather jump into a specific room because hey, why not, you have that ability. Here, you can see that we can specifically look through all the publicly rooms available, search specific rooms by keywords, or filter:
You can also see that each rooms is also categorized by difficulty (Info, Easy, Medium, Hard, and Insane).
If you are a competitor, like I am, look no further. The Leaderboards feature is great to see where you stack globally or within your country, and if it is all time or monthly. The monthly scores reset every time, while the all time is cumulative.
Another FREE features is King of the Hill (KOTH):
Attack & Defend in KOTH is harder than you think, but it is super fun! THM has created an environment that allows you to battle other cyber enthusiasts around the world.
Or considering that the majority of the features are free, then don’t. But again, if you are not convinced, then here are more cool things:
You can develop your own room! I don’t know about you, but that’s pretty cool. The fact that they will host your virtual training environment on their platform is pretty awesome. This would be a great item to have on your resume 😉
Compromise a network of machines like you would in a potentially real world scenario:
THM’s Networks has several rooms filled with giants networks for you to attack. This one specifically has 46 tasks(!) that cover things like web enum and exploit, pivoting using proxychains and SSH tunneling, internal server enum and exploit, C2 beacons, endpoint enum and exploit, AV evasion, and exfiltration. Ya, you better be making an account about now…
Do you love badges?? Well guess what, THM has them…
Badges are earned by completing certain rooms or objectives (like KOTH winner). As you can see, I’m still working on completing some of them myself…
Lastly and probably one of the most important aspects is the fact that the THM creators have fostered a community that really helps each other out. From their forum, to their blog, their Twitter, and their discord server, THM members have created a community that helps other learn and progress toward their personal goals. With well over 500K members worldwide and growing, there really is no reason not to become one yourself and invest the time to better your cyber security skills.
Hey, thanks a lot for reading this far! Now go hack at TryHackMe!