The article by THM is here.

The beginning is always the worst

First of all Happy New Year to you all! As promised last year, I will go through all the courses listed in TryHackMe’s free offensive security guide. As of now I have finished all the modules in Getting Started and have only the room called Blue left in the Windows section. Since blue seems more like a challenge room I will be writing a separate walkthrough of it.

Getting started

This section contained 7 rooms but some of them I have already completed before. So without further ado let’s get started.

The room called Tutorial does what it sounds like, showing you how can one access the labs in any THM room. Starting out in cybersecurity is more like a morale booster. It very vaguely explains what red and blue teams are. If you are not familiar with these terms you could give it a quick read but otherwise, it doesn’t say much else. The Intro to Offensive Security room seems like the hands-on version moral booster. It has one task where you have to run Gobuster from the CLI and find a hidden endpoint of a web application. Introductory researching sounded like a fun topic since I would like to work in research someday however, it was not what I expected. It is a room on how to find material online to solve your problems. With that said, if you have never done anything IT-related before this room is a MUST DO. One of the most important skills in IT is the ability to describe something with ALL AND ONLY necessary information available to you and to be able to fine-tune this description if you gain more knowledge on a topic. Writing long sentences in Google will not yield good results while compressing them to the minimal necessary information will get you your answer the quickest.

Now I would like to talk about Linux Fundamentals Part 1, 2 and 3. While these are not bad modules I would certainly not encourage anybody to do them. You might ask why. The reason is very simple, there is no level where it would be useful. What I mean by this is that if you have used a Linux computer before and would like to move into IT you probably already know how to navigate your way in the CLI, how to open files, how to read their content etc. On the other hand, if you are a complete beginner this is not the place where you should start. I will detail this a bit more at the end of this post.

Windows

Now here I would like to talk about Windows Fundamentals 1, 2 and 3 as one module. Unfortunately, I have the same conclusion as with the Linux fundamental modules. It shows you where the start menu is, how to customise your background, how to open the registry editor, how to scan with Microsoft Defender etc. Most probably if you used Windows even just as a user before these are all things you are going to be familiar with. Now there was also another room called Active Directory Basics and I have to say this one was pretty good. I work in the field of IT security but my knowledge is rusty and incomplete about AD even tho this is a very important part of pentesting. This room goes from the very basics and touches is things that are obvious, yes, but it gives a good grasp of how an AD works and what it is used for. If you do not know what an AD is I recommend checking it out! Since I have not done Blue yet I have no clue how good it is but I am guessing we will have to exploit EternalBlue. It is an important exploit, it is old but still can be found in the wild, I sometimes came across it too during pentests.

Conclusion

I would say most of these rooms are not something you should do if you have limited time, TryHackMe has very good ones so go explore but it had a few I recommend doing!

Now to the thing I said I’m going to talk about 😀

I know that hacking sounds cool and red teaming is very popular but as with everything IT security also has its minimum knowledge required. To be good at it one must have knowledge from various fields of IT. To get started we need fundamentals otherwise we could only grow to be a script kiddie. So I would say, and I always say this to anybody who asks me, if you are on the level when you do not know how to navigate the terminal or you do but have no knowledge of IT in general, I suggest starting at the fundamental and hacking (or security in general) is not that. Learn programming in a strongly typed language, learn infrastructure fundamentals, know the basics of how programs operate or how the web works, and acquire knowledge about networking. It could be done in multiple ways. You could go to uni and get a diploma, but if that’s not something that you can currently do there are a lot of online material available, a lot of certification preparation courses anything.

To sum things up, if you do not have IT knowledge then do not start with security. Learn the basics of IT first then pivot. On the side, you can of course solve rooms on THM and as time passes you will understand why things do what they do and how that technology was exploited, and it is an excellent motivator, but security is not where you wanna start if you want to be good at it.

I am sorry if I burst some bubbles but it is very important to have the basics down correctly.

Now on my progress on THM, I am currently on the 16th day of my streak and going!

Hope to see you here again!

Thank you for reading!
Sincerely,
B4D4M.