Open in app

Sign in

Write

Sign in

TryHackMe Pre-Security Pathway:For all Beginners Who Wants to start a Cyber security Career like me….

CryptoH
9 min readJul 12, 2021

Recently TRYHACKME released a new learning platform Pre Security : Which was amazingily cool .It has some good stuff .It covered very basic to high level which is easily understandable ..

So Don’t get late Start this journey….Let’s begin…..

First of all Pre-Security covered 5 major topics which is given below ..

  • Cyber Security Introduction
  • Network Fundamentals
  • How The Web Works
  • Linux Fundamentals
  • Windows Fundamentals.

Each Pathway has its unique contents. All are not free Almost 70% is free to all rest are for subcritional guy.

That being said, let’s talk about the individual sub-topics included in the pathway:

Cyber Security Introduction

This first sub-topic is fairly simple. It contains just one simple room with 3 tasks which serves as your first baby step into security.

Learning Cyber Security

First things first, it’s a Free room 🎉 which means you won’t need a sub to access it. The tasks in this room talk about some prominent incidents in the past while giving you an overview of what you are in for. Once you’re done, move onto the next section where the real fun begins ;)

Network Fundamentals

Having a fundamental knowledge of how networks work is very important when it comes to security.

Understanding how computers talk to each other is as crucial as is to gather wood when you spawn into a new Minecraft world. This room walks you through the fundamentals of Networking concepts which comprise of but is not limited to: Network Topologies, Various Protocols, Network models, Routing, and much more.

However, it is to be noted that not all rooms in this sub-topic are free.

The Free rooms under the sub-topic are:

  • What Is Networking?
  • Intro To LAN

While the following rooms are paid:

  • OSI Model
  • Packets & Frames
  • Extending Your Network

But let me assure you something, these rooms are brilliant and gamify the entire learning process. Mostly designed by Ben and Adam and people who have spent some time on the platform or in the infosec community must recognize these two names for their creative genius when it comes to resigning CTFs and rooms like these. Hence, a sub is worth it!

Now, let’s take a look at the Individual rooms in this subtopic:

What is Networking?

This room dives into fundamental networking concepts like definitions, history, and protocols. It’s a starter to your journey into the world of Networks, Packets, Protocols; teaching you about the same via interactive tasks.

One particular point that I think is worth mentioning is how these interactive tasks are created. Most of these interactive browser-based tasks gamify the learning process, making the learning curve way too easy for a beginner.

Intro To LAN

This particular room walks you through various concepts related to Local Area Networks which include different kinda topologies, their flaws, subnetting, and various associated protocols like ARP and DHCP.

Having a thorough understanding of LANs is crucial especially if you’re preparing for exams like eJPT in which pivoting through a LAN plays a crucial role.

OSI Model

Anyone with a tad bit of IT experience will tell you how important understanding the OSI layer is to get your networking concepts right. This room uses a nice little game to teach explain the various layers of the OSI model. (Also, while you are at it, why not try to beat the high score at the OSI game?)

Understanding the OSI model is crucial to getting onto the next two rooms Packets & Frames and Extending Your Network.

Packets & Frames

So far we have learnt about the various protocols the Network Devices use while talking to each other. This room walks us through how the communication process occurs: from TCP/IP handshakes to Ports, as well as UDP connections.

Extending Your Network

Finally, we have the last room under this topic. It walks you through the basics of port forwarding(something which you are going to do A LOT during CTFs/Pentests) while also touching on the Defensive side of things. Talk about a perfect finish to a sub-topic.

A key takeaway from this particular lab is the final lab which walks you through how communication over a network happens in real-time via some very easy-to-understand visuals.

With that, we are done with the Networking subtopic and can move onto the next sub-topic: How The Web Works.

How The Web Works

Understanding how the Web works is something important for Pentesters (and Spiderman?).

Most of the online services which we come across have a Web component to them. Hence having a working knowledge of what goes behind the scenes is deemed essential.

This sub-topic covers everything: from DNS to scripting, bringing forth a holistic view of the architecture at plan behind the concepts of web applications.

There is a lot to learn about web applications. If you are aiming for Bug Bounties sooner or later, having a thorough understanding of how the different components come together might open up new Attack Vectors for you to explore at a later on️‍🔥

This sub-topic has the following four rooms:

  • DNS in Detail
  • HTTP in Detail
  • How Websites Work
  • Putting it all Together

Out of which, the first two free while the rest two require a subscription.

DNS in Detail

DNS aka Domain Name System is the backbone behind the entire web architecture. A lot of modern-day attacks also use DNS for a vast majority of attacks hence getting a working knowledge of how DNS works can be handy as well. Like all rooms, this room comes with an interactive lab to get you the hands-on experience!

(I will go on a limb here and suggest the SQHell room and This Def Con Talk to anyone curious about how DNS is used by malicious actors in case they are curious.)

HTTP in Detail

Next up, we have the basic communication protocols used by the Web aka HTTP and HTTPS. This is the protocol in which the internet talks and to be able to break web applications or protect them, we need to understand its intricacies.

This room walks you through various important concepts like Requests and Responses, HTTP Status Codes, Various Headers, etc, all of which are important to know when working with web apps.

How Websites Work

Now that we know how the Web speaks, finally, we need to know about the languages it speaks in, the most important of which are HTML and Javascript. This room also covers some common scenarios like Sensitive Data Exposure and HTML injection.

Putting it all Together

The last room under this sub-topic talks about some very important components which work behind the scenes like Load Balancers, CDNs, Databases, and WAFs.

It also talks about Virtual hosts, Static and Dynamic contents, and Scripting Languages for both front and backend.

Finally, in a nice little task, it sums up the entire process which happens when we request a page on the internet, thereby painting a complete picture for us.

Linux Fundamentals

When it comes to Security you HAVE to know your way around Linux. It is the prime tool in your arsenal as well as the very thing which you might need to break into. About 99% of the web applications run on Linux.

Also, if you’re going to dive into security, you will need a Penetration Testing distro like Blackarch, Kali Linux, Parrot Security, etc.(I use Arch btw)

The entire walkthrough is divided into 3 parts which cover a wide range of Linux-related topics. These include basic functionalities like navigating around the filesystem, creating files, searching for files, file permissions, and much more. It even touches on some intermediate topics like Process Monitoring, Package Management, and Log Monitoring.

Windows Fundamentals

Finally, we have the Windows Fundamentals sub-topic: a set of two rooms that walk you through the Windows Operating System. Now despite most of us being familiar with Windows, this room is a must from a Technical perspective.

The rooms begin with fairly simple tasks like Navigating the GUI, The File System, Task Manager, etc, and gradually move onto more complex topics like System Configuration, Computer Management, Registry Editor, etc.

These rooms will prove massively useful when you later perform penetration tests on Windows-based boxes as they can be quite confusing at times.

Having a working knowledge of Windows is very important as the majority of PC users still run Windows as their primary operating system while most corporates provide their employees with Virtual Windows Desktop. Another MAJOR MAJOR MAJOR incentive to learn Windows is because sooner or later it would come extremely handy when pentesting Active Directory.

What Next?

Now that you have completed the Pre Security pathway and gained a working knowledge of how things work, why not get started with some basic hacking with the Complete Beginner Pathway? The pathway really teaches you the basic attacking techniques and is a good prep point for exams like eJPT.

Conclusions

Understanding these Fundamental concepts is very crucial as a Penetration Tester or a Blue Teamer. You need to be aware of all possible attack surfaces in an infrastructure: may it be the Network, the Web, or the Operating system.

An important part of the learning curve is practicing. TryHackMe really does a good job at providing some pristine learning content. You can signup for TryHackMe from here. Also, asking questions is equally important. Join the THM Discord Server. We are Never Gonna Give You Up, Never Gonna Let You Down.

Tryhackme
Pre Security
Thm
Walkthrough

--

--

CryptoH

Written by CryptoH

0 Followers

what is bio....Nothing

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams