Open in app

Sign in

Write

Sign in

TryHackMe Pre-Security Pathway

Yatharth Ramteke
8 min readJul 12, 2021

My first blog about THM

Recently, TryHackMe released a brand new Path: Pre Security

The Path is divided into five sub-topics, which we shall go over in depth further below.

  • Cyber Security Introduction
  • Network Fundamentals
  • How The Web Works
  • Linux Fundamentals
  • Windows Fundamentals

Each pathway focuses on a different topic. Approximately 85% of the information is free, I strongly advise buying a membership.

Getting a TryHackMe subscription is one of the finest security learning investments you can make.
The majority of the information on the platform is free, and the community encourages learning, but that sub unlocks the full power of the platform.

So, let’s have a look at the different sub-topics covered by the pathway:

Cyber Security Introduction

This first sub-topic is straightforward. It’s simply one basic room with three tasks, and it’s your first step toward learning security.

room link :https://tryhackme.com/room/beginnerpathintro

It’s a Free room, so you won’t need a subscription to get in.
The tasks in this area discuss various past figures while also providing you an outline of what you’ll be doing.
After that, continue on to the next stage, which is where the real fun begins.

Network Fundamentals

When it comes to security, having a basic understanding of how networks function is critical.

Understanding how computers communicate with one another is just as important as gathering wood when you first enter a new Minecraft world.
This session will take you through the foundations of networking topics such as network topologies, different protocols, network models, routing, and much more.

It should be noted, however, that not all rooms in this sub-topic are free.

The following rooms are available for free under the sub-topic:

  • What Is Networking
  • Introduction to LAN

The following rooms, on the other hand, are charged:

While the following rooms are paid:

  • OSI Model
  • Packets & Frames
  • Extending Your Network

But let me assure you that these rooms are fantastic and make the entire learning process more enjoyable.
Ben and Adam are primarily responsible for the design of these CTFs and rooms, and anybody who has spent time on the platform or in the infosec world would remember these two individuals for their inventiveness when it comes to creating CTFs and rooms.
As a result, a subscription is well worth it!

Let’s look at the different rooms in this subtopic now:

What is Networking?

This section covers basic networking topics such as definitions, history, and protocols.
It’s the beginning of your trip into the world of Networks, Packets, and Protocols, and it’ll teach you all you need to know through interactive exercises.

The way these interactive activities are developed is one thing that I believe is worth highlighting.
The majority of these interactive browser-based exercises gamify the learning process, making it far too simple for a novice to pick up.

Intro To LAN

This room will guide you through many topics connected to Local Area Networks, such as various topologies, their faults, subnetting, and other associated protocols such as ARP and DHCP.

A solid grasp of LANs is essential, especially if you’re studying for examinations like the eJPT, which require rotating across a LAN.

OSI Model

Anyone with even a slight amount of IT expertise will tell you how crucial it is to grasp the OSI layer in order to properly comprehend networking principles.
The different levels of the OSI model are explained via a fun little game in this room.

To go to the following two rooms, Packets & Frames and Extending Your Network, you must first understand the OSI paradigm.

Packets & Frames

So far, we’ve learned about the many protocols that Network Devices use to communicate with one another.
This room explains how the communication process works, from TCP/IP handshakes through Ports and UDP connections.

Extending Your Network

Finally, under this topic, we have the final chamber.
It takes you through the fundamentals of port forwarding (which you’ll be doing a lot during CTFs/Pentests) as well as the defensive side of things.
What a great way to wrap up a sub-topic.

The last experiment, which uses some very simple visualisations to show you how communication over a network happens in real time, is a crucial lesson from this lab.

With that, the Networking subtopic is complete, and we may go on to the next subtopic, How The Web Works.

How The Web Works

Pentesters must have a good understanding of how the internet operates.

The majority of the online services we encounter have a Web component.
As a result, having a good understanding of what happens behind the scenes is considered vital.

This sub-topic covers everything from DNS to scripting, providing a comprehensive perspective of the architecture at the heart of web application ideas.

Web apps have a lot to teach you.
If you plan on pursuing Bug Bounties in the future, having a detailed grasp of how the various components interact might lead to the discovery of new Attack Vectors.

There are four rooms in this sub-topic:

  • DNS in Detail
  • HTTP in Detail
  • How Websites Work
  • Putting it all Together

The first two are free, but the remaining two need a membership.

DNS in Detail

The Domain Name System, or DNS, is the foundation of the whole web architecture.A lot of modern-day assaults employ DNS for the great majority of their attacks, thus learning how DNS works may be useful as well.
This room, like all others, has an interactive lab where you may receive hands-on experience!

HTTP in Detail

Next, we’ll look at the Web’s core communication protocols, such as HTTP and HTTPS.
This is the protocol via which the internet communicates, and understanding its complexity is required to disrupt or defend web applications.

This room introduces you to key topics like as Requests and Responses, HTTP Status Codes, and Various Headers, all of which are essential to understand when dealing with online apps.

How Websites Work

Finally, now that we understand how the Web communicates, we must understand the languages it uses, the most significant of which being HTML and Javascript.
Sensitive Data Exposure and HTML Injection are two typical scenarios covered in this session.

Putting it all Together

The final room in this sub-topic discusses several critical components that operate behind the scenes, such as load balancers, CDNs, databases, and WAFs.It also discusses virtual hosts, static and dynamic content, and front and backend scripting languages.

Finally, it summarises the entire process that occurs when we request a page on the internet.

Linux Fundamentals

When it comes to security, you must be familiar with Linux.
It’s the most important weapon in your armoury, as well as the one you might need to break into.
Linux is used to operate nearly all web applications.

The tour is broken into three chapters, each of which covers a different aspect of Linux.
Basic functions such as browsing the filesystem, creating files, searching for files, file permissions, and much more are included.
Process monitoring, package management, and log monitoring are among the intermediate subjects covered.

Windows Fundamentals

Finally, there’s the Windows Fundamentals sub-topic, which consists of two rooms that guide you through the Windows OS.
Despite the fact that most of us are familiar with Windows, this room is a requirement from a technical standpoint.

The rooms start with fundamental activities like navigating the graphical user interface, the file system, and the task manager, then progress to more sophisticated topics like System Configuration, Computer Management, and Registry Editor.

These rooms will come in handy later when performing penetration testing on Windows-based machines, since they may be rather perplexing.

Because the majority of PC users still use Windows as their primary operating system, and most corporations offer their staff with Virtual Windows Desktops, having a functional understanding of Windows is essential.
Another compelling reason to learn Windows is that it will come in helpful for pentesting Active Directory at some point.

This leads us to the path’s finish.
Don’t forget to claim your very awesome certificate once you’ve completed all of the labs!

What Next?

Why not start with some basic hacking with the Complete Beginner Road now that you’ve completed the Pre Security pathway and have a working grasp of how things work?

Conclusions

As a Penetration Tester or a Blue Teamer, it’s critical to understand these fundamental principles.
You must be aware of all possible attack surfaces in an infrastructure, whether they are network, web, or operating system-related.

Practicing is a crucial component of the learning process.
TryHackMe performs an excellent job of delivering high-quality learning materials.
Here is where you may sign up for TryHackMe.
In addition, it is critical to ask questions.
Become a member of the THM Discord Server.
We’ll never give up on you, and we’ll never let you down.

My thm profile link tryhackme.com/p/eaglestrike

Username:- eaglestrike

--

--

Yatharth Ramteke

Written by Yatharth Ramteke

1 Follower

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams