Learn Security Basics and get a free OSCP Voucher! ~offered by Try Hack Me.

In this blog post, I am going to review TryHackMe’s newly launched cybersecurity basic path and tell you how you can make use of these free resources (TryHackMe offers a paid subscription, but you can join the learning path and start learning from it without subscribing) to start your journey.

Just a heads up: I am only a student interested in cybersecurity, and all that I have written are purely based on my personal opinion.

So, what is the key to learning cybersecurity? Many people try to jump into tutorials online or Udemy Courses (I am not against it, just that the quality of the content varies from courses to courses) and think that they can become a pro from that one course. Unfortunately, while those courses may teach you how to be a script kiddie, they can never make you a true expert (not to say I am one, but I think that to become one, you need the right direction).

A script kiddie, skiddie, or skid is an unskilled individual who uses scripts or programs, such as a web shell, developed by others to attack computer systems and networks and deface websites, according to the programming and hacking cultures.

The above is a Wikipedia definition of a script kiddie. While these courses may teach you how to type some random command into Metasploit, or have you download and try out random exploits from ExploitDB, do they actually teach you how to create your own exploits? Do they teach you what is going on behind every line of code you type?

Some may think that the end justifies the means: As long one can successfully get root access, what is the problem with blindly using exploits written by others? While this is not necessarily wrong (after all people write such exploits for other people to use them), it denies you the opportunity to learn and add value to the community. What the community truly appreciate is someone who can evaluate a system, identify vulnerabilities, craft exploits, before thinking of ways to fix these vulnerabilities to prevent them from being exploited by malicious actors. To be able to truly do the above and add value to the community, you need to master the basics of cybersecurity. If not, you will never move on far and create an impact.

So now you may ask: How then do we learn the basics? Or what even constitutes as basics? I believe that there a few things we need to learn:

1. Networking (How does the internet work? How does a computer communicate with a server? How do web-app function? What kind of protocols are there and what are their pros and cons?)

2. System Administration (How does the Windows operating system work? What are the interesting aspects of a Linux system? How can we make use of our knowledge to exploit these systems?)

3. Programming (How can I create a script that can interact with web servers? How do I make a port scanning script using python? How can I build a script to brute force a hash?)

These are some fundamentals that are essential for us to master before we can move to a deeper level. The above list is by no means comprehensive, but it is a rough guideline that we can follow when thinking about the foundations of cybersecurity we need to learn. Fortunately, TryHackMe has a learning path which you can follow to fulfil the first 2 objectives stated above.

Above here is a picture of the content in the Pre-Security Roadmap TryHackMe offers, and I must say that they give you just the right amount of foundation for you to dig deeper into the world of cybersecurity. Through interactive tasks and bite-sized chunks of text, they truly help you understand the core concepts of cybersecurity.

In the Cyber Security Introduction Section, there is an introductory room, which provides a lab where you can try to test for security vulnerabilities in TryHackMe’s vulnerable social media site, with a step-by-step guide provided to teach you how to do so:

This will give you a feel of the cool things you can do once you learn how to exploit a web-app. This room also provides you with an idea of exploits on a network, and gives a high level overview of the careers you can embark on after going through the respective programmes in Try Hack Me:

an ethical hacker, penetration tester or cyber security analyst.

Later, in the Network Fundamentals section, there exist rooms which teaches essential networking concepts:

Do note that only the first 2 rooms are accessible without a Try Hack Me subscription, but I would say that you should try them out! If you like those rooms, you can consider purchasing a subscription, which is priced at a low USD$10 per month!

The first room in this section introduces networking concepts like the World Wide Web, IP Address, MAC Address and ICMP through interesting lab excercises:

Lab for MAC Address Spoofing

The next room then further expound on the concepts introduced in the first room, and explains more complicated concepts such as LAN Topologies, Subnetting, ARP and DHCP. I found their lab excercises really helpful in understanding network topologies!

Lab for Network Topology

Later rooms in this section talks about the OSI Model (the most fundamental concept you need to know for networking), packets used during network transfer and how a LAN/WLAN can connect to the wider network (something we call the Internet)

For the How The Web Works section, more information is given regarding the forces at play in the World Wide Web:

Similarly, only the first 2 rooms are free to access without a subscription, something you should seriously consider getting.

The first room talks about how the Domain Name System works, introducing concepts such as the domain heirarchy, different DNS record types and how a DNS request is made through our web browser. Similarly, there is a lab for you to practice using nslookup to make DNS requests:

The second room in this section is one of the best rooms I have gone through, as it answers many of the questions I ask about the internet in my daily life. What happens between my web browser and the web server? HTTP Happens! This room talks about HTTP requests and response, HTTP Methods (Get, Post, Put, Delete) and HTTP Status Code (Do you want to know what is the 404 you get everyday?). Like any other room, there is a interactive lab that accompanies it:

Other rooms in this section teaches you how to create a website, and how the different components of the World Wide Web come together to form what you use everyday!

In the third section, you learn about Linux Fundamentals:

For this section, you get all 3 parts for free. However, the best thing about this section is that all 3 rooms come with a video walkthrough!

In Part 1, you get to practice what you learn in a side-by-side linux envrionment. Concepts introduced include an overview of linux, basic linux commands (echo, whoami, ls, cd, cat, pwd, find,grep) and linux shell operators.

Part 2 of this section gets more interesting: your lab environment is deployed through SSH, and you connect to this lab environment through Try Hack Me’s attack box (a browser based Kali system). In this part, you learn about linux command flags, advance linux commands for interacting with filesystems, user and group permissions, command for switching users and core directories in a linux system.

Part 3 is even more interesting, do check it out!

Lastly, I will leave the Windows Fundamentals section for you to explore yourselves:

All the rooms in this section are free as well!

Closing Words: If you are not willing to fork out the money just yet, you can sign up for a free account here and try accessing the free rooms before making a decision. But I am sure you will fall in LOVE😍 with Try Hack Me. BTW, the Learn and Win Prizes event going on now. If you sign up using my link, both of us will get a free ticket. If you complete enough rooms and win enough tickets, you can get a free OSCP Voucher! This promotion ends on 15 July, so do sign up soon!

Thank you for reading!