Cybersecurity skills are quite in demand. With all the hacking going on, like the Colonial Pipeline Attack or the recent Kaseya supply chain compromise, Cybersecurity skills are very valuable. But getting first started in Cybersecurity is not very easy. If you are interested in IT Security and ask yourself the following questions, then this blog post is exactly for you:
- How do I get started?
- How can I get hands-on experience?
- Which skills should I learn?
As you have probably already seen on my blog, I post CTF WriteUps. Security CTFs (Capture the flags) are one of the best ways to learn and get hands-on experience in the Cyber domain (at least in my opinion). One of the sites, I would highly recommend for beginners (but also for experienced Cyber Security professionals) is TryHackMe. On TryHackMe you can learn anything from Offensive Cybersecurity skills (e.g. Penetration Testing, AV Evasion) to Defensive Cybersecurity skills (e.g. Malware Analysis, Security Monitoring, Incident Response). Another important topic to consider, is the fundamentals. TryHackMe also provides hands-on Training for topics like, Operating System concepts, Networking, Web technologies…. This huge amount of learning content is suitable for any Cybersecurity position.
With the latest TryHackMe path release, they are targeting beginners (and professionals that want a quick refresher). Paths are a collection of rooms / CTFs to learn a specific topic in Cybersecurity (e.g. Penetration Testing, Cyber Defense). These paths do reward a “Certification of completion”. (TIP: These are perfect for sharing on LinkedIn. Because they show your initiative to learn and further develop your skills). Recently TryHackMe has published the path “Pre Security”. This path is best suitable for beginners which try to learn the fundamentals. But it is also a good room for advanced Cybersecurity practitioners, who want to refresh their knowledge. The “Pre Security” path contains the following domains:
It starts with an introductory room on Cybersecurity. The room contains quick topics about Web Application Security and Network Security. Finally it will suggest you a roadmap.
The Network fundamentals domain contains the following topics:
- Networking basics
- Local Area Networks
- ISO OSI model
- Networking Hardware
- Advanced concepts: Port forwarding, firewalls, VPNs
The next domain “Linux Fundamentals” is about the operating system Linux. Never heard of? No problem! You will learn it :) The room will make you confortable using Bash and understanding the basic concepts of the operating system.
The final domain will go over the basic concepts of the Windows operating system. Here you will learn about Windows tools, such as the command line, Ressource Monitor, Computer Management, the Registry Editor,… (just to name a few) You will also learn about the concepts of the operating system.
The best part is: All of these rooms contain some sort of hands-on challenge. for example, sending packets through a network, adding a basic firewall rule, using the Windows command line, using bash, seeing web vulnerabilities in action…. As you can guess the amount of learning content is tremendous and the “Pre Security” path is just the beginning! ;)
Also these rooms contain detailed explanation about the topic. You will learn anything, that you need to complete the challenges!
The Path goes on
TryHackMe is not only hosting one path. Currently there are 6 learning paths which will guide you through. If you are a beginner (and have subscribed), then I would recommend you take the paths in the following order:
- Pre Security
- Complete Beginner
- Web Fundamentals
- Cyber Defense or Comptia Pentest+ (Choose the one first that you are most interested in)
- Offensive Pentesting
I have also completed the Cyber Defense path and I love it!
Another very nice feature of TryHackMe are the “Networks”. These are real networks, which you are allowed to hack. You will learn a lot of industry ready skills, like Active Directory Penetration Testing, Pivoting, AV Evasion, Writing a Penetration Testing Report…. Currently there are 3 Networks:
The best thing about the Networks: The Wreath Network is free after a 7 days streak!
Also TryHackMe includes modules, which are a collection of rooms that cover a specific topic. Currently there are the following modules:
- How The Web Works
- Linux Fundamentals
- Network Exploitation Basics
- Web Hacking Fundamentals
- Windows Exploitation Basics
- Shells and Privilege Escalation
- Basic Computer Exploitation
- Threat and Vulnerability Management
- Security Operations & Monitoring
- Threat Emulation
- Incident Response and Forensics
- Malware Analysis
- Network Fundamentals
- Windows Fundamentals
As you probably have guessed, I am a huge fan of TryHackMe. This is also one of the reasons, why I mainly publish CTF WriteUps for that site. TryHackMe helped me learn a lot of Cybersecurity skills. If you have not yet signed up, I would highly encourage you to do so! It is free anyways :) Also by completing the “Pre Security” path until 15th July, you have the chance of winning many prices, including Subscription vouchers, Security+ vouchers, and even an OSCP voucher!
Wether you are a beginner, professional or studying for a certification… TryHackMe has you covered!