$ ls -la ~/writeups/tryhackme/
TryHackMe Writeups
Room walkthroughs and notes — penetration testing, forensics, reverse engineering and more.
$ filter --tag
▸
Active Directory Basics
This room will introduce the basic concepts and functionality provided by Active Directory.
windows
activedirectory
▸
Active Recon
Learn how to use simple tools such as traceroute, ping, telnet, and a web browser to gather information.
ping
traceroute
telnet
+1
▸
Advent Calendar 2019
Get started with Cyber Security in 25 Days - Learn the basics by doing a new, beginner friendly security challenge every day leading up to Christmas.
cookie
base64
dirsearch
+36
▸
Advent Calendar 2020
Get started with Cyber Security in 25 Days - Learn the basics by doing a new, beginner friendly security challenge every day leading up to Christmas.
cookie
http
url
+29
▸
Advent Calendar 2021
Get started with Cyber Security in 25 Days - Learn the basics by doing a new, beginner friendly security challenge every day leading up to Christmas.
authentication
authorisation
contentdiscovery
+49
▸
Advent Calendar 2022
Get started with Cyber Security in 24 Days - learn the basics by doing a new, beginner-friendly security challenge every day leading up to Christmas.
frameworks
mitre
iso
+68
▸
Authentication Bypass
Learn how to defeat logins and other authentication mechanisms to allow you access to unpermitted areas.
cookie
▸
Bash Scripting
A Walkthrough room to teach you the basics of bash scripting
linux
bashscripting
▸
Blue
Deploy & hack into a Windows machine, leveraging common misconfigurations issues.
windows
▸
Burp Suite Basics
An introduction to using Burp Suite for Web Application pentesting
burpsuite
▸
Burp Suite Extensions
Learn how to use Extensions to broaden the functionality of Burp Suite.
burp
▸
Burp Suite Intruder
Learn how to use Intruder to automate requests in Burp Suite.
burpsuite
burp
intruder
▸
Burp Suite Other Modules
Take a dive into some of Burp Suite's lesser-known modules.
burp
▸
Burp Suite Repeater
Learn how to use Repeater to duplicate requests in Burp Suite.
burpsuite
repeater
▸
Burp Suite: the basics
burp
▸
CAPA: The Basics
Learn to use CAPA to identify malicious capabilities.
blueteam
malware
incidentresponse
+1
▸
Carrers In Cyber
career
▸
Command Injection
Learn about a vulnerability allowing you to execute commands through a vulnerable app, and its remediations.
rce
▸
Common Attacks
An introduction to common attacks on internet users, and recommendations for staying safe online.
phishing
socialengineering
malware
+4
▸
Content Discovery
Learn the various ways of discovering hidden or private content on a webserver that could lead to new vulnerabilities.
osint
dirb
ffuf
+7
▸
Cryptography Basics
Learn the basics of cryptography and symmetric encryption.
crypto
▸
Cyber Chef The Basics
This room is an introduction to CyberChef, the Swiss Army knife for cyber security professionals.
tools
incidentresponse
blueteam
▸
DNS In Detail
Learn how DNS works and how it helps you access internet services.
dns
networking
▸
Digital Forensics Fundamentals
Learn about digital forensics and related processes and experiment with a practical example.
digitalforensics
▸
Extending Your Network
network
+4
▸
File Inclusion
This room introduces file inclusion vulnerabilities, including Local File Inclusion (LFI), Remote File Inclusion (RFI), and directory traversal.
lfi
▸
Firewall Fundamentals
Learn about firewalls and get hands-on with Windows and Linux built-in firewalls.
firewall
▸
FlareVM: Arsenal of Tools
Learn the arsenal of investigative tools in FlareVM.
reverseengineering
blueteam
debug
+3
▸
Gobuster: The Basics
This room focuses on an introduction to Gobuster, an offensive security tool used for enumeration.
gobuster
▸
Google Dorking
Explaining how Search Engines work and leveraging them into finding hidden content!
googledorking
seo
robots
+1
▸
HTTP In Detail
networking
http
https
+1
▸
Hacker Methodology
nmap
dirb
dirbuster
+7
▸
Hashing Basics
Learn about hashing functions and their uses in password verification and file integrity checking.
hash
hashcat
johntheripper
▸
History Of Malware
Join this room to learn about the first forms of malware and how they turned into the malicious code we see today.
malware
creeper
arpanet
+6
▸
How Websites Work
web
▸
Hydra
Learn about and use Hydra, a fast network logon cracker, to bruteforce and obtain a website's credentials.
hydra
▸
IDOR
Learn how to find and exploit IDOR vulnerabilities in a web application giving you access to data that you shouldn't have.
idor
▸
IDS Fundamentals
Learn the fundamentals of IDS, along with the experience of working with Snort.
ids
▸
Incident Response Fundamentals
Learn how to perform Incident Response in cyber security.
incidentresponse
+13
▸
Intro To Defensive Security
Defense Security
blueteam
+5
▸
Intro To Digital Forensics
Intro to digital forensics
forensics
exiftool
pdfinfo
▸
Intro To LAN
Intro to LAN
networking
subnetting
arp
+1
▸
Intro To Offensive Security
Intro To Offensive Security
▸
Intro To Research
A brief introduction to research skills for pentesting.
cve
man
▸
Intro To Security Operations
Security operations
soc
▸
Intro To x86 64
This room teaches the basics of x86-64 assembly language.
assembly
radare2
▸
Intro to Cross site Scripting
Learn how to detect and exploit XSS vulnerabilities, giving you control of other visitor's browsers.
xss
▸
Intro to SIEM
Learn the fundamentals of SIEM and explore its features and functionality.
siem
logs
▸
Intro to SSRF
Learn how to exploit Server-Side Request Forgery (SSRF) vulnerabilities, allowing you to access internal server resources.
ssrf
▸
Introduction To Cryptography
crypto
▸
Introductory Networking
An introduction to networking theory and basic networking tools
networking
osi
tcp-ip
+1
▸
Java Script Essentials
Learn how to use JavaScript to add interactivity to a website and understand associated vulnerabilities.
javascript
▸
John the Ripper: The Basics
Learn how to use John the Ripper, a powerful and adaptable hash-cracking tool.
johntheripper
▸
Linux Fundamentals 1
Embark on the journey of learning the fundamentals of Linux. Learn to run some of the first essential commands on an interactive terminal.
linux
find
▸
Linux Fundamentals 2
Continue your learning Linux journey with part two. You will be learning how to log in to a Linux machine using SSH, how to advance your commands, file system interaction.
linux
▸
Linux Fundamentals 3
Power-up your Linux skills and get hands-on with some common utilities that you are likely to use day-to-day!
linux
scp
systemctl
+3
▸
Linux Shell
Learn about scripting and the different types of Linux shells.
linux
shell
▸
Linux Strength Training
Guided room for beginners to learn/reinforce linux command line skills
linux
find
hashing
+4
▸
Logs Fundamentals
Learn what logs are and how to analyze them for effective investigation.
logs
incidentresponse
blueteam
▸
Malware Introductory
The start of a series of rooms covering Malware Analysis...
malware
remmina
rdp
+4
▸
Metasploit: Exploitation
Using Metasploit for scanning, vulnerability assessment and exploitation.
metasploit
▸
Metasploit: Introduction
An introduction to the main components of the Metasploit Framework.
metasploit
▸
Metasploit: Meterpreter
Take a deep dive into Meterpreter, and see how in-memory payloads can be used for post-exploitation.
metasploit
meterpreter
▸
Moniker Link (CVE 2024 21413)
Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View.
▸
Network Security
network
▸
Network Services
network
+4
▸
Network Services 2
nfs
smtp
mysql
▸
Networking
Learn the basics of networking and network addressing
networking
networkaddressing
gateway
+3
▸
Networking Concepts
Learn about the ISO OSI model and the TCP/IP protocol suite.
networking
tcp
udp
+2
▸
Networking Core Protocols
Learn about the core TCP/IP protocols.
dns
whois
https
+5
▸
Networking Essentials
Explore networking protocols from automatic configuration to routing packets to the destination.
networking
dhcp
arp
+2
▸
Networking Secure Protocols
Learn how TLS, SSH, and VPN can secure your network traffic.
tls
https
smtps
+6
▸
Nmap
An in depth look at scanning with Nmap, a powerful network scanning tool.
nmap
ports
networking
+7
▸
Nmap: Basic Port Scans
Learn in-depth how nmap TCP connect scan, TCP SYN port scan, and UDP port scan work.
nmap
▸
Nmap: Live Host Discovery
Learn how to use Nmap to discover live hosts using ARP scan, ICMP scan, and TCP/UDP ping scan.
nmap
arp
networking
+5
▸
Nmap: The Basics
Learn how to use Nmap to discover live hosts, find open ports, and detect service versions.
nmap
▸
OSI Model
osi
▸
OWASP Juice Shop
owasp
▸
OWASP Top 10
Learn about and exploit each of the OWASP Top 10 vulnerabilities; the 10 most critical web security risks.
owasp
▸
OWASP Top 10 2021
owasp
▸
OWASP Top 10 2025 Application Design Flaws
Learn about A02, A03, A06, and A10 and how they related to design flaws in the application.
owasp
▸
OWASP Top 10 2025 IAAA Failures
Learn about A01, A07, and A09 in how they related to failures in the applied IAAA model.
iaaa
▸
OWASP Top 10 2025 Insecure Data Handling
Learn about A04, A05, and A08 as they related to insecure data handling.
▸
Operating System Security
os
▸
Packets And Frames
network
+4
▸
Passive Recon
Learn about the essential tools for passive reconnaissance, such as whois, nslookup, and dig.
whois
nslookup
dig
+3
▸
Pentesting Fundamentals
Learn the important ethics and methodologies behind every pentest
pentesting
▸
Principles Of Security
Learn the principles of information security that secures data and protects systems from abuse
cia
priviliges
▸
Public Key Cryptography Basics
Discover how public key ciphers such as RSA work and explore their role in applications such as SSH.
RSA
dh
ssh
+3
▸
Putting It All Together
web
▸
Python Basics
Using a web-based code editor, learn the basics of Python and put your knowledge into practice by eventually coding a short Bitcoin investment project.
python
programming
▸
REMnux Getting Started
Learn how you can use the tools inside the REMnux VM.
staticanalysis
malware
reverseengineering
+1
▸
REmux The Tmux
tmux
+1
▸
Race Conditions
Learn about race conditions and how they affect web application security.
racecondition
▸
SOC Fundamentals
Learn about the SOC team and their processes.
blueteam
soc
▸
SQL Fundamentals
Learn how to perform basic SQL queries to retrieve and manage data in a database.
sql
sqlinjection
▸
SQL Injection
Learn how to detect and exploit SQL Injection vulnerabilities
sql
sqlinjection
▸
SQLMap: The Basics
Learn about SQL injection and exploit this vulnerability through the SQLMap tool.
sqlmap
▸
Search Skills
Learn to efficiently search the Internet and use specialized search engines and technical docs.
web
▸
Security Principles
Learn about the security triad and common security models and principles.
cia
dad
iso
+1
▸
Shells Overview
Learn about the different types of shells.
▸
Subdomain Enumeration
Learn the various ways of discovering subdomains to expand your attack surface of a target.
osint
sublist3r
▸
Tcpdump The Basics
Learn how to use Tcpdump to save, filter, and display packets.
web
tcpdump
▸
The Find Command
A learn-by-doing approach to the find command
linux
find
▸
Training Impact on Teams
Discover the impact of training on teams and organisations.
▸
Vulnerabilities 101
Understand the flaws of an application and apply your researching skills on some vulnerability databases.
vulnerability
cvss
vpr
+2
▸
Vulnerability Scanner Overview
Learn about vulnerability scanners and how they work in a practical scenario.
cve
cvss
openvas
▸
Vulnversity
Learn about active recon, web app attacks and privilege escalation.
nmap
gobuster
privilegeescalation
+2
▸
Walking An Application
Manually review a web application for security issues using only your browsers developer tools. Hacking with just your browser, no tools or scripts.
web
▸
Web Application Basics
Learn the basics of web applications: HTTP, URLs, request methods, response codes, and headers.
web
▸
Web Application Security
#webserver
idor
▸
Web Fundamentals
Learn how the web works!
web
▸
What Is Networking
What is networking?
networking
web
ping
▸
Windows Command Line
Learn the essential Windows commands
windows
cmd
▸
Windows Fundamentals 1
In part 1 of the Windows Fundamentals module, we'll start our journey learning about the Windows desktop, the NTFS file system, UAC, the Control Panel, and more.
windows
▸
Windows Fundamentals 2
In part 2 of the Windows Fundamentals module, discover more about System Configuration, UAC Settings, Resource Monitoring, the Windows Registry and more.
windows
▸
Windows Fundamentals 3
In part 3 of the Windows Fundamentals module, learn about the built-in Microsoft tools that help keep the device secure, such as Windows Updates, Windows Security, BitLocker, and more...
windows
▸
Windows Powershell
Discover the "Power" in PowerShell and learn the basics.
windows
powershell
▸
Wireshark The Basics
Learn the basics of Wireshark and how to analyse protocols and PCAPs.
wireshark
networking
▸
Yara
Learn the applications and language that is Yara for everything threat intelligence, forensics, and threat hunting!
yara
loki
thor
+4