Feature
#ELLIE • 5 min read

Discover our Free Offensive Security Training!

Did you know? As a free TryHackMe member, you can access hundreds of rooms and modules that cover topics like penetration testing, ethical hacking, network security, and more!

In this guide, we’ve compiled a list to get you started, featuring categories within offensive security and the free training we have to teach you the basics, taking you from beginner to pro in no time!

Before we dive in, we’d like to explain that rooms on TryHackMe are broken into walkthroughs and challenges. Walkthroughs guide you and teach required skills, while challenges test your skills, without any help.

Top tip! You can bookmark rooms to come back to them later on. Bookmark any rooms we’ve listed in this guide by clicking on the ‘bookmark’ icon inside the room.


Getting Started


Windows

  • Windows Fundamentals 2 - In part 2 of the Windows Fundamentals module, discover more about System Configuration, UAC Settings, Resource Monitoring, the Windows Registry and more.
  • Windows Fundamentals 3 - In part 3 of the Windows Fundamentals module, learn about the built-in Microsoft tools that help keep the device secure, such as Windows Updates, Windows Security, BitLocker, and more...
  • Active Directory Basics - This room will introduce the basic concepts and functionality provided by Active Directory.
  • Blue - Deploy & hack into a Windows machine, leveraging common misconfiguration issues.

Networking

  • Introductory Networking - An introduction to networking theory and basic networking tools.
  • What is Networking? - Begin learning the fundamentals of computer networking in this bite-sized and interactive module.
  • Passive Reconnaissance - Learn about the essential tools for passive reconnaissance, such as whois, nslookup, and dig.
  • Active Reconnaissance - Learn how to use simple tools such as traceroute, ping, telnet, and a web browser to gather information.
  • Wifi Hacking 101 - Learn to attack WPA(2) networks! Ideally, you'll want a smartphone with you for this, preferably one that supports hosting wifi hotspots so you can follow along.

Website Fundamentals

  • Web Application Security - Learn about web applications and explore some of their common security issues.
  • DNS in detail - Learn how DNS works and how it helps you access internet services.
  • HTTP in detail - Learn how to request content from a web server using the HTTP protocol.
  • SQL Injection - Learn how to detect and exploit SQL Injection vulnerabilities.
  • OWASP Juice Shop - This room uses the Juice Shop vulnerable web application to learn how to identify and exploit common web application vulnerabilities.

Offensive Security Tools

  • Burp Suite: Repeater - Learn how to use Repeater to duplicate requests in Burp Suite.
  • Hydra - Learn about and use Hydra, a fast network logon cracker, to bruteforce and obtain a website's credentials.
  • SQLMAP - Learn about and use Sqlmap to exploit the web application.
  • Nmap Live Host Discovery - Learn how to use Nmap to discover live hosts using ARP scan, ICMP scan, and TCP/UDP ping scan.
  • Nmap - An in-depth look at scanning with Nmap, a powerful network scanning tool.
  • RustScan - Learn how to use RustScan.
  • Metasploit: Introduction - An introduction to the main components of the Metasploit Framework.
  • Nessus - Learn how to set up and use Nessus, a popular vulnerability scanner.
  • Introduction to OWASP ZAP - Learn how to use OWASP ZAP from the ground up. An alternative to BurpSuite.
  • Ffuf - Enumeration, fuzzing, and directory brute forcing using ffuf.
  • Shodan - Learn about Shodan.io and how to use it for devices enumeration - is your coffee machine publicly accessible?
  • Empire - Learn how to use Empire and its GUI Starkiller, a powerful post-exploitation C2 framework.

Red Teaming

  • Red Team Fundamentals - Learn about the basics of a red engagement, the main components and stakeholders involved, and how red teaming differs from other cyber security engagements.
  • Red Team Threat Intel - Apply threat intelligence to red team engagements and adversary emulation.
  • Red Team Engagements - Learn the steps and procedures of a red team engagement, including planning, frameworks, and documentation.
  • Encryption - Crypto 101 - An introduction to encryption, as part of a series on crypto.
  • Windows API - Learn how to interact with the win32 API and understand its wide range of use cases.
  • Introduction to Antivirus - Understand how antivirus software works and what detection techniques are used to bypass malicious file checks.
  • Bypassing UAC - Learn common ways to bypass User Account Control (UAC) in Windows hosts.
  • Vulnerabilities 101 - Understand the flaws of an application and apply your researching skills to some vulnerability databases.
  • Linux Privilege Escalation - Learn the fundamentals of Linux privilege escalation. From enumeration to exploitation, get hands-on with over 8 different privilege escalation techniques.
  • Pentesting Fundamentals - Learn the important ethics and methodologies behind every pentest.
  • Python Basics - Using a web-based code editor, learn the basics of Python and put your knowledge into practice by eventually coding a short Bitcoin investment project.

CTF Practice (Challenges)

Put your skills to the test with Capture The Flag challenges. These rooms are categorised by difficulty to provide a progressive learning experience.

Easy

  • Pickle Rick - A Rick and Morty CTF. Help turn Rick back into a human!
  • Vulnversity - Learn about active recon, web app attacks and privilege escalation.
  • Basic Pentesting - This machine allows you to practise web app hacking and privilege escalation!
  • Kenobi - Walkthrough on exploiting a Linux machine. Enumerate Samba for shares, manipulate a vulnerable version of proftpd and escalate your privileges with path variable manipulation.
  • Blaster - A blast from the past!
  • Bolt - A hero is unleashed.

Medium

  • Overpass 2 - Hacked - Overpass has been hacked! Can you analyse the attacker's actions and hack back in?
  • Relevant - A penetration testing challenge!
  • Mr Robot CTF - Based on the Mr. Robot show, can you root this box?
  • Solar, exploiting log4j - Explore CVE-2021-44228, a vulnerability in log4j affecting almost all software under the sun.

Hard

  • Internal - Another penetration testing challenge!
  • Daily Bugle - Compromise a Joomla CMS account via SQLi, practise cracking hashes and escalate your privileges by taking advantage of yum.
  • Retro - Can you time travel? If not, you might want to think about the next best thing.
  • Enterprise - You just landed in an internal network. You scan the network, and there's only the Domain Controller...
  • Plotted-LMS - Everything here is plotted!

Access more offensive security training!

We hope this free offensive security training list gives you a kickstart in your affordable learning journey!

And if you want to unlock even more offensive security training, we have hundreds of subscriber-only rooms waiting for you with a premium subscription.


authorBen Spring
Nov 28, 2023

Join over 640 organisations upskilling their
workforce with TryHackMe

We use cookies to ensure you get the best user experience. For more information contact us.

Read more