🚀 Getting Started with Hacking on TryHackMe (FREE)

@ishowcybersecurity (Ghulam Mohiuddin)

Introduction

Welcome to cybersecurity! In today's digital world, practical skills are essential. TryHackMe is an interactive platform that helps beginners build cybersecurity expertise through hands-on learning. This roadmap will guide you step by step, covering key topics to develop a strong foundation.

---

📌 Roadmap Overview

The TryHackMe Roadmap introduces essential cybersecurity concepts, starting from the basics and advancing to complex techniques. Each section focuses on a specific skill area to ensure structured learning.

---

🔰 Intro Rooms

Start by exploring TryHackMe’s interface, setting up OpenVPN, and understanding the basics of cybersecurity. This section helps you navigate the platform efficiently and begin your learning journey.

---

🖥️ Linux & Windows Fundamentals

Understanding operating systems is crucial in cybersecurity. This section covers:

• Linux & Windows command-line basics
• File systems, permissions, and scripting
• System navigation for security professionals

---

🛡️ Basics Rooms

Get familiar with fundamental security concepts, including:

• Penetration testing methodologies
• Core security principles
• Common hacker techniques & defense strategies

These hands-on exercises strengthen problem-solving skills in real-world scenarios.

---

🔍 Reconnaissance

Learn how to gather valuable information about targets using:

• Passive & active reconnaissance techniques
• Open-source intelligence (OSINT)
• Content discovery for vulnerability assessment

---

🖥️ Scripting

Automate tasks and build custom security tools using:

• Python, JavaScript, and Bash scripting
• Writing Proof-of-Concept (PoC) exploits
• Enhancing cybersecurity workflows with automation

---

🌐 Networking

Networking knowledge is fundamental for security professionals. Topics include:

• Network protocols and architectures
• Local Area Networks (LAN) and packet analysis
• HTTP, DNS, and network scanning tools

---

🛠️ Tooling

Gain hands-on experience with key cybersecurity tools like:

• Metasploit for penetration testing
• Nmap for network scanning
• Burp Suite & Wireshark for web and network security

---

🔐 Crypto & Hashes

Explore cryptography essentials, such as:

• Encryption methods & secure communication
• Hashing algorithms & password security
• Cryptographic challenges for real-world applications

---

🕵️ Steganography

Learn how to hide and uncover hidden data in various digital formats, including:

• Images and audio files
• Encoded text and metadata
• Steganographic analysis techniques

---

🌍 Web Security

Master web application security with:

• OWASP Top 10 vulnerabilities
• Exploiting common web security flaws
• Tools like Burp Suite, SQLMap, and more

---

Cybersecurity Learning Roadmap 🚀

A structured TryHackMe (THM) room roadmap from beginner to advanced cybersecurity skills. All links verified for accessibility.

🔰 Intro Rooms

• Welcome
• How to use TryHackMe
• Tutorial
• OpenVPN
• Learning Cyber Security
• Starting Out In Cyber Sec
• Introductory Researching
• CC: Pen Testing
• Regular expressions

🐧 Linux Fundamentals

• Learn Linux
• Linux Modules
• Linux Fundamentals Part 1
• Linux Fundamentals Part 2
• Linux Fundamentals Part 3

🪟 Windows Fundamentals

• Windows Fundamentals 1
• Windows Fundamentals 2
• Windows Fundamentals 3

🔐 Basics Rooms

• Basic Pentesting
• Pentesting Fundamentals
• Principles of Security
• The Hacker Methodology
• Physical Security Intro
• Linux Strength Training
• OpenVAS
• ISO27001
• UltraTech

🔍 Recon

• Passive Reconnaissance
• Active Reconnaissance
• Content Discovery
• OhSINT
• Shodan.io
• Google Dorking
• WebOSINT
• Sakura Room
• Red Team Recon
• Searchlight - IMINT

📜 Scripting

• Python Basics
• Python Playground
• Intro PoC Scripting
• Peak Hill
• JavaScript Basics
• Bash Scripting
• Learn Rust
• Why Subscribe

🌐 Networking

• Introductory Networking
• What is Networking?
• Networking
• Intro to LAN
• HTTP in detail
• DNS in detail
• Dumping Router Firmware

🛠️ Tooling

• Metasploit: Introduction
• tmux
• REmux The Tmux
• Hydra
• Sublist3r
• Toolbox: Vim
• Introduction to OWASP ZAP
• Phishing: HiddenEye
• RustScan
• Nessus
• Nmap Live Host Discovery
• Nmap
• TShark
• ffuf
• Burp Suite: The Basics
• Burp Suite: Repeater

🔐 Crypto & Hashes

• Cryptography for Dummies
• Crack the hash
• Crack The Hash Level 2
• Agent Sudo
• Brute It

🖼️ Steganography

• CC: Steganography
• Cicada-3301 Vol:1
• Musical Stego
• Madness
• Psycho Break
• Unstable Twin

🕸️ Web

• WebAppSec 101
• Vulnerabilities 101
• Walking An Application
• OWASP Top 10
• OWASP Juice Shop
• Web Scanning
• OWASP Mutillidae II
• WebGOAT
• DVWA
• VulnNet
• Juicy Details
• Vulnversity
• Injection
• LFI Basics
• Inclusion
• SQL Injection Lab
• SSTI
• SQL Injection
• Ignite
• Overpass
• Year of the Rabbit
• Develpy
• Jack-of-All-Trades
• Bolt

📱 Android

• Android Hacking 101

🔎 Forensics

• Linux Server Forensics
• Forensics
• Memory Forensics
• Volatility
• Disk Analysis & Autopsy

📶 Wi-Fi Hacking

• Wifi Hacking 101

⏪ Reverse Engineering

• Intro to x86-64
• Windows x64 Assembly
• Reverse Engineering
• Reversing ELF
• JVM Reverse Engineering
• CC: Radare2
• CC: Ghidra
• Aster
• Classic Passwd
• REloaded

🦠 Malware Analysis

• History of Malware
• MAL: Malware Introductory
• Basic Malware RE
• MAL: Researching
• Mobile Malware Analysis
• Carnage
• Dunkle Materie

⬆️ PrivEsc

• Linux Privilege Escalation
• Linux PrivEsc
• Linux PrivEsc Arena
• Windows PrivEsc
• Windows PrivEsc Arena
• Linux Agency
• Sudo Security Bypass
• Sudo Buffer Overflow
• Blaster
• Ignite
• Kenobi
• c4ptur3-th3-fl4g
• Pickle Rick

🪟 Windows

• Investigating Windows
• Investigating Windows 2.0
• Investigating Windows 3.x
• Blueprint
• VulnNet: Active
• Anthem
• Blue

🏢 Active Directory

• Attacktive Directory
• Post-Exploitation Basics
• USTOUN
• Enterprise
• RazorBlack

📦 PCAP Analysis

• h4cked
• Carnage
• CCT2019
• Overpass 2 - Hacked

💥 BufferOverflow

• Buffer Overflow Prep
• Gatekeeper
• Chronicle
• Intro To Pwntools

🏆 CTF Challenges

🟢 Easy CTF

• GamingServer
• OverlayFS - CVE-2021-3493
• Psycho Break
• Bounty Hacker
• Fowsniff CTF
• RootMe
• AttackerKB
• Pickle Rick
• c4ptur3-th3-fl4g
• Library
• Thompson
• Simple CTF
• LazyAdmin
• Anonforce
• Ignite
• Wgel CTF
• Kenobi
• Dav
• Ninja Skills
• Ice
• Lian_Yu
• The Cod Caper
• Blaster
• Encryption - Crypto 101
• Brooklyn Nine Nine
• Year of the Rabbit
• Jack-of-All-Trades
• Madness
• KoTH Food CTF
• Easy Peasy
• Tony the Tiger
• CTF collection Vol.1
• Smag Grotto
• Couch
• Source
• Overpass
• Gotta Catch'em All!
• Bolt
• Overpass 2 - Hacked
• kiba
• Poster
• Chocolate Factory
• Startup
• Chill Hack
• ColddBox: Easy
• GLITCH
• All in One
• Archangel
• Cyborg
• Lunizz CTF
• Badbyte
• Team
• VulnNet: Node
• VulnNet: Internal
• Atlas
• VulnNet: Roasted
• Cat Pictures
• Mustacchio

🟡 Medium CTF

• Mr Robot CTF
• GoldenEye
• StuxCTF
• Boiler CTF
• HA Joker CTF
• Biohazard
• Break it
• Willow
• The Marketplace
• Nax
• Mindgames
• Anonymous
• Blog
• Wonderland
• 0day
• Develpy
• CTF collection Vol.2
• CMesS
• Deja Vu
• hackerNote
• dogcat
• ConvertMyVideo
• KoTH Hackers
• Revenge
• harder
• HaskHell
• Undiscovered
• Break Out The Cage
• The Impossible Challenge
• Looking Glass
• Recovery
• Relevant
• Ghizer
• Mnemonic
• WWBuddy
• The Blob Blog
• Cooctus Stories
• One Piece
• toc2
• NerdHerd
• Kubernetes Chall TDI 2020
• The Server From Hell
• Jacob the Boss
• Unbaked Pie
• Bookstore
• Overpass 3 - Hosting
• battery
• Madeye's Castle
• En-pass
• Sustah
• KaffeeSec - SoMeSINT
• Tokyo Ghoul
• Watcher
• broker
• Inferno
• VulnNet: dotpy
• Wekor
• pyLon
• The Great Escape
• SafeZone
• NahamStore
• Sweettooth Inc.
• CMSpit
• Super-Spam
• That's The Ticket
• Debug
• Red Stone One Carat
• Cold VVars
• Metamorphosis
• SQHell
• Fortress
• CyberCrafted
• Road

🔴 Hard CTF

• Motunui
• Spring
• Brainpan 1
• Borderlands
• hc0n Christmas CTF
• Daily Bugle
• Retro
• Jeff
• Racetrack Bank
• Dave's Blog
• CherryBlossom
• CCT2019
• Iron Corp
• Carpe Diem 1
• Ra
• Year of the Fox
• For Business Reasons
• Anonymous Playground
• Misguided Ghosts
• Theseus
• Internal
• Year of the Dog
• You're in a cave
• Year of the Owl
• Year of the Pig
• envizon
• GameBuzz
• Fusion Corp
• Crocc Crew
• Uranium CTF
• Year of the Jellyfish
• Rocket
• Squid Game
• EnterPrize
• Different CTF
• VulnNet: dotjar
• M4tr1x: Exit Denied
• Shaker

📚 Miscellaneous

• Introduction to Django
• Git Happens
• Meltdown Explained
• Splunk
• Linux Backdoors
• Jupyter 101
• Geolocating Images
• Tor
• tomghost
• DLL HIJACKING
• Intro to IoT Pentesting
• Attacking ICS Plant #1
• Attacking ICS Plant #2
• Printer Hacking 101
• DNS Manipulation
• Introduction to Flask
• MITRE
• magician
• JPGChat
• Baron Samedit
• CVE-2021-41773/42013
• Binary Heaven
• Git and Crumpets
• Polkit: CVE-2021-3560
• Hip Flask
• Bypass Disable Functions
• Wordpress: CVE-2021-29447
• Linux Function Hooking
• REvil Corp
• Sudo Buffer Overflow
• Sudo Security Bypass
• Solar, exploiting log4j
• Conti
• Dirty Pipe: CVE-2022-0847
• The find command

🤝 Conclusion

To summarize, the TryHackMe learning path is perfect for beginners who want to get into cybersecurity. It provides clear instructions and practical tasks to help you understand the basics and grow your skills.

From my personal experience with TryHackMe, I can confidently say that the platform has helped me a lot in becoming more knowledgeable in cybersecurity. The various challenges and tools have broadened my understanding and sharpened my skills over time.

🤝 Contribution

Found a broken link or have suggestions? Open an issue or PR!

📜 License

This roadmap is free to use under [MIT License]