TryHackMe | Jr Penetration Tester Training

Skip to main contentSkip to main content

Path Jr Penetration Tester

Learn the essential skills to break into penetration testing.

Pentesting fundamentals, methodologies and tactics
Full lifecycle from recon to reporting
Hands-on web, network and AD hacking
Learn core tools used in cybersecurity

Certificate of Completion

Example learning path completion certificate

Complete this learning path to
develop your skills and earn a
certificate of completion

PT1 Professional Certification completion certificate

PT1 Professional Certification

Get hired with an industry-recognised, practical offensive certification.

Introduction

This learning path covers the fundamental skills that will allow you to succeed as a junior penetration tester. Upon completing this path, you will have the practical skills required to perform security assessments against web applications, enterprise networks and active directory.

Section 1

Start Your Cyber Security Journey

Offensive Security Intro Defensive Security Intro Search Skills

Topic Rewind Recap

Section 2

Penetration Testing Foundations

Guided Pentest: Web Guided Pentest: Infrastructure Dive Into Pentesting

Ticket eligible

Cyber Kill Chain

Ticket eligible

Penetration Testing Frameworks

Ticket eligible

Topic Rewind Recap

Section 3

Network Reconnaissance

Passive Reconnaissance Active Reconnaissance Protocols and Servers Protocols and Servers 2

Topic Rewind Recap

Section 4

Nmap

Nmap Live Host Discovery Nmap Basic Port Scans Nmap Advanced Port Scans Nmap Post Port Scans

Topic Rewind Recap

Section 5

Web Application Security Fundamentals

Walking An Application Content Discovery

Ticket eligible

Modern Web Stacks

Ticket eligible

Web Server Attacks - I Web Server Attacks - II

Topic Rewind Recap

Section 6

Burp Suite

Burp Suite: The Basics Burp Suite: Repeater Burp Suite: Intruder Burp Suite: Other Modules Burp Suite: Extensions

Topic Rewind Recap

Section 7

Web Application Vulnerabilities I

SQL Injection Introduction CSRF Introduction

Ticket eligible

XSS Introduction

Ticket eligible

Intro to SSRF IDOR Recruit

Topic Rewind Recap

Section 8

Web Application Vulnerabilities II

Session Management Broken Authentication File Inclusion Command Injection API Pentesting

Ticket eligible

Topic Rewind Recap

Section 9

Vulnerability Knowledge

Understanding Vulnerability Databases

Ticket eligible

Vulnerability Scanning Tools Basic Vulnerability Identification Techniques

Ticket eligible

Tomcat: CVE-2024-50379 n8n: CVE-2025-68613 AD: BadSuccessor

Topic Rewind Recap

Section 10

OWASP Top 10 (2025)

OWASP Top 10 2025: IAAA Failures OWASP Top 10 2025: Application Design Flaws OWASP Top 10 2025: Insecure Data Handling

Topic Rewind Recap

Section 11

Password Attacks

Phishing Basics

Ticket eligible

Hydra Introduction to Wordlists Password Cracking

Ticket eligible

Topic Rewind Recap

Section 12

Metasploit and Exploitation

Metasploit: The Basics Metasploit: Scanning and Exploitation

Ticket eligible

Metasploit: Post-Exploitation Metasploit: Payload Generation Exploitation and Weaponisation Shells & Listeners Fundamentals Shell Payload Generation & Delivery

Topic Rewind Recap

Section 13

Privilege Escalation

Host-Server Configuration Reviews Linux Privilege Escalation: Enumeration Linux Privilege Escalation: Basics Linux Privilege Escalation: Automation Windows Privilege Escalation Jump Windows Jump

Topic Rewind Recap

Section 14

Active Directory Security Testing Basics

Active Directory Basics Intro to AD Authentication

Ticket eligible

Intro to AD Breaching

Ticket eligible

AD: Basic Enumeration AD: Authenticated Enumeration

Ticket eligible

Intro to Credential Harvesting Intro to AD Lateral Movement Proxy Forward

Topic Rewind Recap

Section 15

Specialized Domains

Wireless Security

Ticket eligible

Mobile Application Security Cloud Security Fundamentals LLM Pentesting

Ticket eligible

The Blue Team Perspective DevSecOps Basics

Topic Rewind Recap

Section 16

Python Scripting Basics

Python: Simple Demo Python: Core Concepts Python: Building Scripts Python: Pentesting Scripts

Ticket eligible

Topic Rewind Recap

Section 17

Pentesting Methodologies and Reporting

Threat Modeling for Pentesters Planning and Scoping Writing Pentest Reports

Ticket eligible

Topic Rewind Recap

Section 18

Jr Pentester Challenges

Domino Silent Monitor Dead Drop Operation Promotion Operation Coldstart Net Sec Challenge Interceptor

Topic Rewind Recap