For those of you who want to learn the foundations of Cyber Security, but have no idea how to do so, TryHackMe has got you covered! This brand new learning path will teach you all you need to know to set you on your ways.
In this post, I’ll give an overview of each section and my thoughts on the learning path overall.
Overview
If you haven’t heard of TryHackMe, allow me to briefly introduce who they are and what they offer. TryHackMe is a educational website which specifies in both teaching and learning cyber security.
Users can join rooms (virtual space with associated challenges) which focus on different areas of security and learn the practical skills needed to accomplish the tasks.
Pre-Security Learning Path
I enrolled in the Pre-Security Learning Path when it was initially released. The path itself contains five sections, each focusing on a different area of security:
- Cyber Security Introduction
- Network Fundamentals
- How The Web Works
- Linux Fundamentals
- Windows Fundamentals
Cyber Security Introduction
This section is a simple introduction to the learning path. In particular, it gives a brief overview of both web application and network security and why they are important.
Network Fundamentals
This section teaches the fundamentals of how computer communicate and operate on a network.
The first module What is Networking introduce what a network is and how it relates to the internet. It also practically demonstrates how devices are identified on a network through IP and MAC addresses and how to use the ping command to reach out to specific devices.
The Intro to LAN module gives an overview on how networks are designed and the advantages/disadvantages associated with each design type. It also establishes what routers and switches are and what their respective roles are on a network.
Moreover, this room also introduces two protocols: ARP (Address Resolution Protocol) and DHCP (Dynamic Host Configuration Protocol). In particular, it discusses how each protocol works and what they are used for in the context of a network.
The next module establishes what the OSI model is, what each of the layers are and how they are used to design networked systems.
The Packets and Frames module details how information is split up and sent across a network from one device from another. It does this from both TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) standpoints as well as introducing the the operations of each protocol and how connections are established.
The final module in this section, Extending Your Network, details various technologies which are used to extend and secure networks, such as port forwarding, firewalls, and VPNs.
How The Web Works
As the above shows, as a hacker, you must have a deep understanding of how the web works. This section provides a strong basis to develop skills needed to attack web applications and services.
DNS in Detail introduces the DNS (Domain Name System) and how it lets you access the internet and its services. Specifically, it establishes what the domain hierarchy is, the different record types, and how DNS requests are made.
The next module, HTTP in Detail, provides an overview of the HTTP protocol and how requests are made to a web server. It also goes through HTTP methods, status codes, headers, and cookies.
The How Websites Work module is a neat follow-up on the previous module. In this room, you attack an interactive website using HTML, JavaScript, and code injection.
The final module, Putting It All Together, allows you to apply what you’ve learned in this section to another interactive challenge. This challenge focuses on the process of how requests are made to web servers through DNS servers, WAF (Web Application Firewalls), and load balancers.
Linux Fundamentals
This section extensively covers the Linux operating system and its tools. Once you have these skills and commands memorised, you will be able to navigate and manipulate the Linux file system with impressive speed.
Part 1 introduces the Linux operating system. Firstly it provides a bit of background on Linux before getting you to interact with an in-browser machine. From this you learn basic commands like echo and whoami , how to interact with the file system using ls , cd , cat and pwd . It also introduces how to search for files using find and how to search the contents of files using grep .
Part 2 takes a deep dive into flags and switches for various commands. It also covers how to interact with the file system using the touch , mkdir , cp , mv , rm , and file commands. In addition, this room establishes the common directories on a Linux file system like /etc , /var , /tmp and root, and the basics of permissions.
The final part in this section details how to use the terminal text editors like vim and nano to create and edit files. It establishes how to view running processes using ps , how to use wget , and how to use the package manager to install programs and tools.
Windows Fundamentals
Similar to Linux Fundamentals, this section takes a deep dive into the Windows operating system and provides you with a great foundation which will help you exploit or protect Windows systems.
The first module is a very well-rounded introduction for the Windows operating system. In particular, it gives an overview of the Windows file system, user accounts and permissions, and how to effectively used the Task Manager and Control Panel to manage the system.
The second part concludes this section by going over system configuration, user account controls, the Windows Registry and Resource Monitor.
Review
TryHackMe places a huge emphasis on practical demonstration as well as necessary theory to make sure you have a full understanding of each concept. Each room has at least one interactive component which allows you to apply the skills you’ve learned in a different and fresh way.
In my opinion, TryHackMe is leaps and bounds ahead of other similar platforms, specifically with how each room is designed and how they draw in new users.
If you are new to the Cyber Security scene or are looking to change career path, then I would encourage you to work through this learning path. There is a wealth of material on TryHackMe along with other more advanced learning paths which focus on more specific areas of Cyber Security and Penetration Testing.
I hope you enjoyed this blog post and found it useful.
Stay curious.
- v3r4x
