- 117 Rooms Complete
- 11 Level
- 17 Badges
Learn about the essential tools for passive reconnaissance, such as whois, nslookup, and dig.
Begin learning the fundamentals of computer networking in this bite-sized and interactive module.
Learn about some of the technologies and designs that power private networks
Get a short introduction to a few of the security topics you'll be learning about.
Continue your learning Linux journey with part two. You will be learning how to log in to a Linux machine using SSH, how to advance your commands, file system interaction.
Embark on the journey of learning the fundamentals of Linux. Learn to run some of the first essential commands on an interactive terminal.
An in depth look at scanning with Nmap, a powerful network scanning tool.
Learn how to use a TryHackMe room to start your upskilling in cyber security.
A Rick and Morty CTF. Help turn Rick back into a human!
An introduction to networking theory and basic networking tools
Learn about the fundamental networking framework that determines the various stages in which data is handled across a network
Understand how data is divided into smaller pieces and transmitted across a network to another device
Power-up your Linux skills and get hands-on with some common utilities that you are likely to use day-to-day!
Learn about how you request content from a web server using the HTTP protocol
Learn how DNS works and how it helps you access internet services.
A Walkthrough room to teach you the basics of bash scripting
Learn about the different career paths in Cyber Security and how TryHackMe can help!
A brief introduction to research skills for pentesting.
Based on the Mr. Robot show, can you root this box?
Learn about some of the technologies used to extend networks out onto the Internet and the motivations for this.
In part 1 of the Windows Fundamentals module, we'll start our journey learning about the Windows desktop, the NTFS file system, UAC, the Control Panel, and more..
Learn how all the individual components of the web work together to bring you access to your favourite web sites.
To exploit a website, you first need to know how they are created.
Learn the basics of Wireshark and how to analyze various protocols and PCAPs
Enumerating and Exploiting More Common Network Services & Misconfigurations
Learn about, then enumerate and exploit a variety of network services and misconfigurations.
Walkthrough on exploiting a Linux machine. Enumerate Samba for shares, manipulate a vulnerable version of proftpd and escalate your privileges with path variable manipulation.
This is a machine that allows you to practise web app hacking and privilege escalation
Learn the various ways of discovering hidden or private content on a webserver that could lead to new vulnerabilities.
Learn the important ethics and methodologies behind every pentest
Learn the principles of information security that secures data and protects systems from abuse
Learn the various ways of discovering subdomains to expand your attack surface of a target.
Authentication Bypass
Learn how to defeat logins and other authentication mechanisms to allow you access to unpermitted areas.
Manually review a web application for security issues using only your browsers developer tools. Hacking with just your browser, no tools or scripts.
Using a web-based code editor, learn the basics of Python and put your knowledge into practice by eventually coding a short Bitcoin investment project.
In part 3 of the Windows Fundamentals module, learn about the built-in Microsoft tools that help keep the device secure, such as Windows Updates, Windows Security, BitLocker, and more...
In part 2 of the Windows Fundamentals module, discover more about System Configuration, UAC Settings, Resource Monitoring, the Windows Registry and more..
An introduction to Hashing, as part of a series on crypto
Learn the fundamentals of Linux privilege escalation. From enumeration to exploitation, get hands-on with over 8 different privilege escalation techniques.
Understand the flaws of an application and apply your researching skills on some vulnerability databases.
Learn how to use John the Ripper - An extremely powerful and adaptable hash cracking tool
An introduction to sending and receiving (reverse/bind) shells when exploiting target machines.
A ctf for beginners, can you root me?
Learn about and exploit each of the OWASP Top 10 vulnerabilities; the 10 most critical web security risks.
Practice your Linux Privilege Escalation skills on an intentionally misconfigured Debian VM with multiple ways to get root! SSH is available. Credentials: user:password321
Learn about active recon, web app attacks and privilege escalation.
Learn about and use Hydra, a fast network logon cracker, to bruteforce and obtain a website's credentials.
Learn to attack WPA(2) networks! Ideally you'll want a smartphone with you for this, preferably one that supports hosting wifi hotspots so you can follow along.
Complete rooms, win tickets. Get 3 of the same tickets and win a prize.
Complete rooms, win tickets. Get 3 of the same tickets and win a prize.
An introduction to encryption, as part of a series on crypto
A room explaining common Linux privilege escalation
A tutorial room exploring CVE-2019-14287 in the Unix Sudo Program. Room One in the SudoVulns Series
A guide to connecting to our network using OpenVPN.
Easy linux machine to practice your skills
An introduction to using Burp Suite for Web Application pentesting
Learn how to use Repeater to duplicate requests in Burp Suite
Learn all the different techniques used to backdoor a linux machine!
Learn the basics of Active Directory and how it is used in the real world today
Learn how to set up and use Nessus, a popular vulnerability scanner.
Learn how to use OWASP ZAP from the ground up. An alternative to BurpSuite.
A beginner orienteered guide on using the Tor network
Learn how to detect and exploit SQL Injection vulnerabilities
This room introduces file inclusion vulnerabilities, including Local File Inclusion (LFI), Remote File Inclusion (RFI), and directory traversal.
Learn how to detect and exploit XSS vulnerabilities, giving you control of other visitor's browsers.
Learn how to find and exploit IDOR vulnerabilities in a web application giving you access to data that you shouldn't have.
Learn about a vulnerability allowing you to execute commands through a vulnerable app, and its remediations.
Learn about some of the tools, techniques and resources to exploit vulnerabilities
Learn how to exploit Server-Side Request Forgery (SSRF) vulnerabilities, allowing you to access internal server resources.
This room uses the Juice Shop vulnerable web application to learn how to identify and exploit common web application vulnerabilities.
Overpass has been hacked! Can you analyse the attacker's actions and hack back in?
Are you able to use open source intelligence to solve this challenge?
Practice the skills you have learned in the Network Security module.
Learn how to use Nmap to discover live hosts using ARP scan, ICMP scan, and TCP/UDP ping scan.
An introduction to the main components of the Metasploit Framework.
Using Metasploit for scanning, vulnerability assessment and exploitation.
Apply the knowledge gained throughout the Vulnerability Module in this challenge room.
A tutorial room exploring CVE-2021-3156 in the Unix Sudo Program. Room Three in the SudoVulns Series
Introduction to the Hacker Methodology
This room will discuss the various resources MITRE has made available for the cybersecurity community.
Students will learn how to escalate privileges using a very vulnerable Linux VM. SSH is open. Your credentials are TCM:Hacker123
Explaining how Search Engines work and leveraging them into finding hidden content!
Learn about common protocols such as HTTP, FTP, POP3, SMTP and IMAP, along with related insecurities.
Learn in-depth how nmap TCP connect scan, TCP SYN port scan, and UDP port scan work.
Learn advanced techniques such as null, FIN, Xmas, and idle (zombie) scans, spoofing, in addition to FW and IDS evasion.
Learn how to leverage Nmap for service and OS detection, use Nmap Scripting Engine (NSE), and save the results.
Learn about attacks against passwords and cleartext traffic; explore options for mitigation via SSH and SSL/TLS.
Learn how to use simple tools such as traceroute, ping, telnet, and a web browser to gather information.
Take a deep dive into Meterpreter, and see how in-memory payloads can be used for post-exploitation.
Learn how to use Intruder to automate requests in Burp Suite
Learn how to use Extender to broaden the functionality of Burp Suite
Take a dive into some of Burp Suite's lesser known modules
Learn how to use DNS, advanced searching, Recon-ng, and Maltego to collect information about your target.
Learn the fundamentals of Windows privilege escalation. From enumeration to exploitation, get hands-on with privilege escalation techniques seen in the industry today.
Become familiar with cryptography
Learn JavaScript, the high-level, multi-paradigm language of the web.
A beginner friendly walkthrough for internet of things (IoT) pentesting.
Compromise a Joomla CMS account via SQLi, practise cracking hashes and escalate your privileges by taking advantage of yum.
Basic room for testing exploits against the Damn Vulnerable Web Application box
Practise using tools such as dirbuster, hydra, nmap, nikto and metasploit
Cracking hashes challenges
Learn about the different careers in cyber security.
Introducing defensive security and related topics, such as threat intelligence, SOC, DFIR, and SIEM.
Learn about web applications and explore some of their common security issues.
Hack your first website (legally in a safe environment) and experience an ethical hacker's job.
Interactive lab for exploiting Spring4Shell (CVE-2022-22965) in the Java Spring Framework
Learn about the basics of a red engagement, the main components and stakeholders involved, and how red teaming differs from other cyber security engagements.
A box involving encrypted archives, source code analysis and more.
Practice your Windows Privilege Escalation skills on an intentionally misconfigured Windows VM with multiple ways to get