{"id":257,"date":"2024-08-08T11:43:48","date_gmt":"2024-08-08T11:43:48","guid":{"rendered":"https:\/\/paradoxa.me\/?p=257"},"modified":"2024-08-27T11:44:33","modified_gmt":"2024-08-27T11:44:33","slug":"jr-penetration-tester-try-hack-me","status":"publish","type":"post","link":"https:\/\/paradoxa.me\/index.php\/2024\/08\/08\/jr-penetration-tester-try-hack-me\/","title":{"rendered":"~ Jr. Penetration Tester &#8211; Try Hack Me"},"content":{"rendered":"<h1 style=\"text-align: center;\">Jr. Penetration Tester<\/h1>\n<h1 style=\"text-align: center;\">from Try Hack Me<\/h1>\n<h2 class=\"western\"><strong>Introduction<\/strong><\/h2>\n<p>After completing the &#8220;Complete Beginner&#8221; learning path, I also finished the Pre Security, Introduction to Cyber Security, and Web Fundamentals paths.<br \/>\nMany of the rooms in these paths overlapped with the one I had just completed, so it made sense to tackle them next. From there, I decided to pursue the offensive side of cybersecurity by enrolling in the Jr. Penetration Tester path.<\/p>\n<p>This path guides you from the basics of cybersecurity and penetration testing to more advanced topics and tools. It includes hands-on labs, practical exercises, and theoretical content to provide a well-rounded learning experience.<\/p>\n<p>The path consists of eight sections and 38 rooms and is marked as an intermediate-level path.<\/p>\n<h2 class=\"western\">Section 1: Introduction to Cyber Security<\/h2>\n<p>This section mirrors the beginning of the Complete Beginner path, so there\u2019s nothing new to cover here.<\/p>\n<h2 class=\"western\">Section 2: Introduction to Pentesting<\/h2>\n<p>A brief section with only two rooms.<br \/>\nIt introduces penetration testing ethics and methodologies, such as OWASP, followed by security principles, including the CIA Triad and threat modeling, among others.<\/p>\n<h2 class=\"western\">Section 3: Introduction to Web Hacking<\/h2>\n<p>Section 3 is where we start diving deeper into offensive security. Although still introductory, this section features ten rooms.<\/p>\n<p>The first room covers tools for examining web applications, such as Inspector and Debugger.<br \/>\nThe second room focuses on manual content discovery (ranging from file .txt to HTTP headers) and OSINT research.<\/p>\n<p>The third room we have an introduction of subdomain enumeration.<\/p>\n<p>In the fourth room, we explore methodologies like brute forcing and cookie tampering.<\/p>\n<p>The next couple of rooms cover Insecure Direct Object Reference (IDOR) and Local File Inclusion (LFI).<\/p>\n<p>Rooms seven and eight provide an introduction to Server-Side Request Forgery (SSRF) and Cross-Site Scripting (XSS) using payloads.<\/p>\n<p>The section finally concludes with rooms on site injection and SQL injections, which have been my favorite so far.<\/p>\n<h2 class=\"western\">Section 4: Burp Suite<\/h2>\n<p>This section consists of five rooms, all dedicated to Burp Suite!<\/p>\n<p>The first room introduces the suite and the FoxyProxy browser extension.<br \/>\nRoom two is focused on Repeater, room three on Intruder, and room four covers other tools within the suite (Decoder, Comparer, Sequencer, and Organizer).<br \/>\nThe final room discusses Burp Suite extensions and API.<\/p>\n<p>This was one of my favorite sections as it thoroughly explains Burp Suite and its capabilities.<\/p>\n<h2 class=\"western\">Section 5: Network Security<\/h2>\n<p>Another interesting section.<\/p>\n<p>We explore reconnaissance in the first couple of rooms, passive reconnaissance in the first and active in the second.<\/p>\n<p>The following four rooms are completely dedicated to Nmap; which is great as the tool is very useful and powerful for reconnaissance.<\/p>\n<p>Afterward, we learn about various protocols and how to attack them.<\/p>\n<p>Finally, the section concludes with a challenge room that tests what we\u2019ve learned.<\/p>\n<h2 class=\"western\">Section 6: Vulnerability Research<\/h2>\n<p>Although a small section, it\u2019s probably the most important.<\/p>\n<p>In the three rooms, we first learn about vulnerabilities, then how to find and exploit them.<\/p>\n<p>We also get to put theory into practice in the final room.<\/p>\n<h2 class=\"western\">Section 7: Metasploit<\/h2>\n<p>This section has only three rooms, compared to the more extensive Burp Suite section, but it\u2019s still very interesting.<\/p>\n<p>The first room provides an overview of Metasploit, while the second and third rooms dive into exploitation and payload creation with Msfvenom, followed by Meterpreter.<\/p>\n<p>Note: This section was also covered in the Complete Beginner path, but it was good to refresh my memory.<\/p>\n<h2 class=\"western\">Section 8: Privilege Escalation<\/h2>\n<p>The final section of the path includes three very practical rooms that challenge us to apply the knowledge we\u2019ve gained so far on both Linux and Windows plus new ways to enumerate, exploit and escalate privileges inside the target.<\/p>\n<p>I think is the best way to conclude the path via hands on Labs that cement the concept and provide us whit a better understand on how to go about the target machine.<\/p>\n<h2 class=\"western\">Conclusion<\/h2>\n<p>I really enjoyed this path as it delves into more advanced topics about exploiting targets and what to do after exploitation.<\/p>\n<p>I can say it\u2019s my favorite path so far! Although it\u2019s specifically designed for red team members, I would recommend it to the blue team as well, as it provides insight into an attacker\u2019s mindset.<\/p>\n<p>Following this logic, my next path will be SOC Level 1, where I\u2019ll learn how a defensive team frame work operates.<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Jr. Penetration Tester from Try Hack Me Introduction After completing the &#8220;Complete Beginner&#8221; learning path, I also finished the Pre Security, Introduction to Cyber Security, and Web Fundamentals paths. Many [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"iawp_total_views":17,"footnotes":""},"categories":[44,38],"tags":[50,40,49,51,48,42],"class_list":["post-257","post","type-post","status-publish","format-standard","hentry","category-tryhackme","category-cybersecurity","tag-burp-suite","tag-cybersecurity","tag-metasploit","tag-nmap","tag-penetration-tester","tag-try-hack-me"],"_links":{"self":[{"href":"https:\/\/paradoxa.me\/index.php\/wp-json\/wp\/v2\/posts\/257","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/paradoxa.me\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/paradoxa.me\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/paradoxa.me\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/paradoxa.me\/index.php\/wp-json\/wp\/v2\/comments?post=257"}],"version-history":[{"count":1,"href":"https:\/\/paradoxa.me\/index.php\/wp-json\/wp\/v2\/posts\/257\/revisions"}],"predecessor-version":[{"id":258,"href":"https:\/\/paradoxa.me\/index.php\/wp-json\/wp\/v2\/posts\/257\/revisions\/258"}],"wp:attachment":[{"href":"https:\/\/paradoxa.me\/index.php\/wp-json\/wp\/v2\/media?parent=257"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/paradoxa.me\/index.php\/wp-json\/wp\/v2\/categories?post=257"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/paradoxa.me\/index.php\/wp-json\/wp\/v2\/tags?post=257"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}