TryHackMe | Jr Penetration Tester Training

Skip to main contentSkip to main content

New 2026

Path Jr Penetration Tester

Learn the essential skills to break into penetration testing.

Pentesting fundamentals, methodologies and tactics
Full lifecycle from recon to reporting
Hands-on web, network and AD hacking
Learn core tools used in cybersecurity

Certificate of Completion

Example learning path completion certificate

Complete this learning path to
develop your skills and earn a
certificate of completion

PT1 Professional Certification completion certificate

PT1 Professional Certification

Get hired with an industry-recognised, practical offensive certification.

Introduction

This learning path covers the fundamental skills that will allow you to succeed as a junior penetration tester. Upon completing this path, you will have the practical skills required to perform security assessments against web applications, enterprise networks and active directory.

Section 1

Start Your Cyber Security Journey

Offensive Security Intro Defensive Security Intro Search Skills

Topic Rewind Recap

Section 2

Penetration Testing Foundations

Guided Pentest: Web Guided Pentest: Infrastructure Dive Into Pentesting Cyber Kill Chain Penetration Testing Frameworks

Topic Rewind Recap

Section 3

Network Reconnaissance

Passive Reconnaissance Active Reconnaissance Protocols and Servers Protocols and Servers 2

Topic Rewind Recap

Section 4

Nmap

Nmap Live Host Discovery Nmap Basic Port Scans Nmap Advanced Port Scans Nmap Post Port Scans

Topic Rewind Recap

Section 5

Web Application Security Fundamentals

Walking An Application Content Discovery Modern Web Stacks Web Server Attacks - I Web Server Attacks - II

Topic Rewind Recap

Section 6

Burp Suite

Burp Suite: The Basics Burp Suite: Repeater Burp Suite: Intruder Burp Suite: Other Modules Burp Suite: Extensions

Topic Rewind Recap

Section 7

Web Application Vulnerabilities I

SQL Injection Introduction CSRF Introduction XSS Introduction Intro to SSRF IDOR Recruit

Topic Rewind Recap

Section 8

Web Application Vulnerabilities II

Session Management Broken Authentication File Inclusion Command Injection API Pentesting Support

Topic Rewind Recap

Section 9

Vulnerability Knowledge

Understanding Vulnerability Databases Vulnerability Scanning Tools Basic Vulnerability Identification Techniques Tomcat: CVE-2024-50379 n8n: CVE-2025-68613 AD: BadSuccessor CVE-2026-46300: Fragnesia CVE-2026-42945: Nginx Rift

Topic Rewind Recap

Section 10

OWASP Top 10 (2025)

OWASP Top 10 2025: IAAA Failures OWASP Top 10 2025: Application Design Flaws OWASP Top 10 2025: Insecure Data Handling

Topic Rewind Recap

Section 11

Password Attacks

Phishing Basics Hydra Introduction to Wordlists Password Cracking Checkmate

Topic Rewind Recap

Section 12

Metasploit and Exploitation

Metasploit: The Basics Metasploit: Scanning and Exploitation Metasploit: Post-Exploitation Metasploit: Payload Generation Exploitation and Weaponisation Shells & Listeners Fundamentals Shell Payload Generation & Delivery

Topic Rewind Recap

Section 13

Privilege Escalation

Host-Server Configuration Reviews Linux Privilege Escalation: Enumeration Linux Privilege Escalation: Basics Linux Privilege Escalation: Automation Windows Privilege Escalation Jump Windows Jump

Topic Rewind Recap

Section 14

Active Directory Security Testing Basics

Active Directory Basics Intro to AD Authentication Intro to AD Breaching AD: Basic Enumeration AD: Authenticated Enumeration Intro to Credential Harvesting Intro to AD Lateral Movement Proxy Forward

Topic Rewind Recap

Section 15

Specialized Domains

Wireless Security Mobile Application Security Cloud Security Fundamentals LLM Pentesting The Blue Team Perspective DevSecOps Basics

Topic Rewind Recap

Section 16

Python Scripting Basics

Python: Simple Demo Python: Core Concepts Python: Building Scripts Python: Pentesting Scripts

Topic Rewind Recap

Section 17

Pentesting Methodologies and Reporting

Threat Modeling for Pentesters Planning and Scoping Writing Pentest Reports Re-Testing

Topic Rewind Recap

Section 18

Jr Pentester Challenges

Domino Silent Monitor Dead Drop Operation Promotion Operation Coldstart Net Sec Challenge Interceptor

Topic Rewind Recap