Discover Our Free Defensive Security Training!

At TryHackMe, we understand that accessibility is crucial in your learning journey. This is why, as a free user, you can access hundreds of our training rooms for free!

With over 500 free training labs and a series of free events throughout the year, we’re making it easier than ever to learn, advance, and upskill. Whether you're a free user just starting out or looking to refine your skills, our training modules cater to a variety of proficiency levels!

Before we dive in, we’d just like to explain that rooms on TryHackMe are broken into walkthroughs and challenges. Walkthroughs guide you and teach the skills required, while challenges test your skills, without any help.

Top tip! You can bookmark rooms to come back to them later on. Bookmark any of the rooms we’ve listed in this guide by clicking on the ‘bookmark’ icon inside the room.

Getting Started

If you’re new here, hello! It’s great to have you here. To get you all set up and introduced to the wonderful world of cyber security, we recommend starting with these rooms:

• Starting Out In Cyber Sec - Learn about the different career paths in Cyber Security and how TryHackMe can help!
• Intro to Defensive Security - Introducing defensive security and related topics, such as threat intelligence, SOC, DFIR, and SIEM.
• Security Principles - Learn about the security triad and common security models and principles.
• Junior Security Analyst Intro - Play through a day in the life of a Junior Security Analyst, their responsibilities and qualifications needed to land a role as an analyst
• Security Engineer Intro - What does a day in the life of a security engineer look like?
• Intro to Detection Engineering - Introduce the concept of detection engineering and the frameworks used towards crafting effective threat detection strategies

Cyber Defense Frameworks

Dive deeper into the frameworks that guide cyber defense strategies. Understanding these frameworks will equip you with the knowledge to tackle cyber security challenges:

• Cyber Kill Chain - The Cyber Kill Chain framework is designed for identification and prevention of the network intrusions. You will learn what the adversaries need to do in order to achieve their goals.
• Pyramid Of Pain - Learn what is the Pyramid of Pain and how to utilise this model to determine the level of difficulty it will cause for an adversary to change the indicators associated with them, and their campaign.
• Unified Kill Chain - The Unified Kill Chain is a framework which establishes the phases of an attack, and a means of identifying and mitigating risk to IT assets.

Threats & Vulnerabilities

Venture into the realm of threats and vulnerabilities that pose risks to digital environments. These training rooms are crafted to empower you with the expertise to discern, scrutinise, and alleviate a wide spectrum of cyber security threats and vulnerabilities:

• Introductory Researching - A brief introduction to research skills for pentesting
• Vulnerabilities 101 - Understand the flaws of an application and apply your researching skills on some vulnerability databases
• Phishing Analysis Fundamentals - Learn all the components that make up an email
• Phishing Emails in Action - Learn the different indicators of phishing attempts by examining actual phishing emails
• Nessus - Learn how to set up and use Nessus, a popular vulnerability scanner
• OpenVAS - Learn the basics of threat and vulnerability management using Open Vulnerability Assessment Scanning

Threat Intelligence & Monitoring

Build on your foundational knowledge by learning about threat intelligence and monitoring. These rooms will guide you on how to gather intelligence, monitor network traffic, and detect anomalies:

• Intro to Cyber Threat Intel - Introducing cyber threat intelligence and related topics, such as relevant standards and frameworks
• Intro to Log Analysis - An intro to log analysis, best practices, and essential tools for effective detection and response.
• Log Operations - Learn the operation process details.
• Threat Intelligence for SOC - Learn how to utilise Threat Intelligence to improve the Security Operations pipeline
• Threat Intelligence Tools - Explore different OSINT tools used to conduct security threat assessments and investigations
• Intro to Endpoint Security - Learn about fundamentals, methodology, and tooling for endpoint security monitoring
• Traffic Analysis Essentials - Learn Network Security and Traffic Analysis foundations and take a step into probing network anomalies
• Snort - Learn how to use Snort to detect real-time threats, analyse recorded traffic files and identify anomalies
• Wazuh - Wazuh is a free, open source and enterprise-ready security monitoring solution for threat detection, integrity monitoring
• Introduction to SIEM - An introduction to Security Information and Event Management
• Splunk: Exploring SPL - Learn and explore the basics of the Search Processing Language

Forensics

Step into the role of a cyber forensic investigator and learn how to uncover hidden data, analyse various systems, and follow digital trails:

• Intro to Digital Forensics - Learn about digital forensics and related processes and experiment with a practical example
• DFIR: An Introduction - Introductory room for the DFIR module
• Windows Forensics 1 - Introduction to Windows Registry Forensics
• Linux Server Forensics - Learn about digital forensics artefacts found on Linux servers by analysing a compromised server
• Digital Forensics Case B4DM755 - Acquire the critical skills of evidence preservation, disk imaging, and artefact analysis for use in court
• KAPE - An introduction to Kroll Artifact Parser and Extractor (KAPE) for collecting and processing forensic artifacts
• Legal Considerations in DFIR - Understand the processes involved in DFIR and the legal considerations that guide them.

Malware Analysis

• History of Malware - Join this room to learn about the first forms of malware and how they turned into the malicious code we see today
• MAL: Researching - Understanding checksums, how to generate them and their use throughout malware analysis with online sandboxing & reporting services
• MAL: Malware Introductory - The start of a series of rooms covering Malware Analysis
• Dissecting PE Headers - Learn about Portable Executable files and how their headers work
• Registry Persistence Detection - Learn to use the AutoRuns PowerShell module to detect persistence mechanisms that use the Registry
• x86 Architecture Overview - A crash course in x86 architecture to enable us in malware reverse engineering

Incident Response

Be the first line of defense in a cyber incident. Learn the real-world strategies and techniques used in incident identification, scoping, and remediation:

• Intro to IR and IM - An introduction to Incident Response and Incident Management
• Identity and Access Management - Learn about identification, authentication, authorisation, accounting, and identity management.
• Preparation - A look into the Preparation phase of the Incident Response
• Identification & Scoping - A look into the second phase of the Incident Response Framework, Identification & Scoping
• Investigating Windows - A Windows machine has been hacked, it's your job to go investigate this Windows machine and find clues to what the hacker might have done
• Redline - Learn how to use Redline to perform memory analysis and to scan for IOCs on an endpoint

Purple Teaming

Explore the collaborative effort of red and blue teams through purple teaming exercises. Enhance your understanding of threat emulation, threat hunting, and vulnerability assessment:

• Intro to Threat Emulation - A look into threat emulation practices as a means of cyber security assessment
• Threat Hunting: Introduction - Behind the scenes of Threat Hunting - mindset, process, and goals
• Threat Hunting: Foothold - Hunting suspicious activities indicating initial user or host compromise
• Confluence CVE-2023-22515 - Exploit CVE-2023-22515 to get admin access to Confluence Server and Data Center editions

CTF Practice (Challenges)

Put your skills to the test with Capture The Flag challenges! These rooms are categorised by difficulty to provide a progressive learning experience.

Easy

• Investigating Windows - A windows machine has been hacked, it's your job to go investigate this windows machine and find clues to what the hacker might have done
• Pickle Rick - A Rick and Morty CTF. Help turn Rick back into a human!
• Overpass 2 - Hacked - Overpass has been hacked! Can you analyse the attacker's actions and hack back in?

Medium

• Carnage - Apply your analytical skills to analyse the malicious network traffic using Wireshark
• Masterminds - Practice analysing malicious traffic using Brim
• REvil Corp - You are involved in an incident response engagement and need to analyse an infected host using Redline
• Disk Analysis & Autopsy - Ready for a challenge? Use Autopsy to investigate artifacts from a disk image
• Conti - An Exchange server was compromised with ransomware - use Splunk to investigate how the attackers compromised the server!
• Investigating Windows 2.0 - In the previous challenge you performed a brief analysis. Within this challenge, you will take a deeper dive into the attack
• Investigating Windows 3.x - Find the artifacts resident on the endpoint and sift through captured data to determine what type of attack occurred on the endpoint

Access more defensive security training!

We hope this free defensive security training list gives you a kickstart in your affordable learning journey!

And if you want to unlock even more defensive security training, we have hundreds of subscriber-only rooms waiting for you with a premium subscription.