Complete Beginner Certificate
Introduction
After joining TryHackMe.com I decided to enroll in the “Complete Beginner” learning path.
There are quite a few path I believe you can start with and, to be fair, some of the topic are shared with other introductory learning path but as the name implied, the complete beginner is the one that cover pretty much all the fundamentals. For this, is also the longer one between Introduction to cybersecurity, Pre security and Web fundamentals.
This path takes you through various aspects of cybersecurity and it’s divided in eight different sections as we will cover later.
Before we start it’s worth noting that pretty much every room have practical hands on on the subjects they explain, giving a good balance between theory. Few also, are completely CTF (Catch The Flag) rooms.
Section 1: Complete Beginner Introduction
The journey begins with a welcoming to Try Hack Me, how to use the rooms (Attack Machine and OpenVpn) and research from answer.
But also ease newcomers into a general definition of offensive and defensive security.
Section 2: Linux Fundamentals
One of my favourite room since I like the Os.
This section, divided in three rooms, dives deep from the basics of Linux as Os, to teaching the command-line interface (CLI) commands, SSH and logs directories.
Very useful to understand better Linux and where to expect to find the files or directory you are looking for including permissions privileges.
Section 3: Network Exploitation Basics
Very interesting module, Networks are often the first target in a cyber attack.
This section, divided in four rooms, where in the first covers the fundamentals of networking.
But from the second we start to have more fun as it is completely dedicated to Nmap;
the third room covers SMB, Telnet and FTP ;
and finally in the last room we dive into NFS, SMTP and MySQL.
In short this is an intensive room that let you play with quite a few tools.
Section 4: Web Hacking Fundamentals
This module is the longest module of the path, no just for seven different rooms that contains but also every room was full of information.
We start in the first room where we touch on HTML and Java script for then going in the second one to understand HTTP/S and cookies.
In the third one we are welcomed to an general overview on how to use Burp Suite which I enjoined a lot.
We then moved of course into the fourth one that covers OWASP Top 10, extremely interesting and packed followed with the fifth room: OWASP Juice Shop, shorter than the previous room but still interesting and practical.
Finally with the last two room we learn how to upload vulnerabilities in the first one and on the last one we put all together as is the first CTF Challenge room of the path. I will admit, I wasn’t the faster but after going trough my notes and back to the rooms I did manage to complete it.
As I said long room but worth it!
Section 5: Cryptography
Short module but fundamental to many scenarios.
It’s divided in the rooms and in the first one we are introduced to hashing and some website base hash-cracking tools.
On the second one we cover John the Ripper tool quite extensively, my favourite of the module.
And on the final room, instead of decryption, we learn about encryption.
Again short but very useful knowledge to have!
Section 6: Windows Exploitation Basics
Windows… not my favourite Os and because of that learning how to exploit the system was quite fun. This module is a quite long and intense.
Which is understandable as lots of server and client are running Microsoft.
After the first couple rooms where we are shown how Windows works and operate, in room three we start dealing with the basic configurations whiting the active directories.
After we have room four dedicated to an introduction of Metasploit and Mfsconsole;
and finally in room five we learn exploitation with Metasploit from scanning vulnerabilities to Msfvenom;
To close Metasploit in room six we discover how does Meterpreter works.
For the last room of the module as we should expect there is a CTF challenge room where we put in practice what we learned about Windows Os.
Quite overwhelming module but we can always go back to the exact argument we need.
Section 7: Shells and Privilege Escalation
Only three rooms in this section but a lot of content.
In the first room we learn reverse shell using different tools such as netcat and socat for then using payloads with msfvenom; we dive also in webshells and at the end there are two practice box (Linux and Windows).
The second room revolves around Linux instead, from enumeration to exploitation;
and the last room let you practice all the exploitation you learned, and I mean all.
Very fun module to complete
Section 8: Basic Computer Exploitation
This last section like the previous one it’s very practical,
Inside the first room we learn about gobuster for reconnaissance purpose;
room two is a challenge room where we use all the knowledge we learn from the start.
The same can be said for room three and four as they too are challenge rooms.
This was my favourite module as it has the most challenging room, where if you don’t remember something you going back and find the right room to re-learn it.
Conclusion
Completing the “Complete Beginner” path on TryHackMe has provided me with a strong foundation in cybersecurity. From understanding the basics of Linux and networking to exploiting vulnerabilities in web applications and computer systems, this learning path has equipped me with essential skills and knowledge. Bare in mind though that this path is more focused on offensive than defensive and covers more Linux Os than Windows Os.
Overall is a great path and once completed you notice that you automatically advance a lot in Introduction to cybersecurity, Pre security and Web fundamentals as they share some of the same modules.
It also has some common room with Jr Penetration Tester path which is the one I’m looking to complete next.