Skip to content

Latest commit

 

History

History
164 lines (124 loc) · 16.9 KB

thm-rooms.md

File metadata and controls

164 lines (124 loc) · 16.9 KB

Awesome THM Rooms

  • awesome-thm-rooms was created to simplify the process of discovering and navigating TryHackMe (THM) rooms.
  • If you’ve found it difficult to search for rooms on TryHackMe, this repository provides an organized and accessible list of rooms to help you explore content more efficiently.

Explore

  • The categorized list of TryHackMe rooms will be placed here in this section.
  • The list of URLs for these rooms can be found in the thm-rooms-list.md file.

Advent of Cyber

  1. 25 Days of Cybersecurity - Get started with Cyber Security in 25 Days - Learn the basics by doing a new, beginner friendly security challenge every day.
  2. Advent of Cyber 1 - 2019 - Get started with Cyber Security in 25 Days - Learn the basics by doing a new, beginner friendly security challenge every day leading up to Christmas.
  3. Advent of Cyber 2 - 2020 - Get started with Cyber Security in 25 Days - Learn the basics by doing a new, beginner friendly security challenge every day leading up to Christmas.
  4. Advent of Cyber 3 - 2021 - Get started with Cyber Security in 25 Days - Learn the basics by doing a new, beginner friendly security challenge every day leading up to Christmas.
  5. Advent of Cyber 4 - 2022 - Get started with Cyber Security in 24 Days - learn the basics by doing a new, beginner-friendly security challenge every day leading up to Christmas.
  6. Advent of Cyber 5 - 2023 - Get started with Cyber Security in 24 Days - Learn the basics by doing a new, beginner friendly security challenge every day leading up to Christmas.
  7. Advent of Cyber 6 - 2024 - Dive into the wonderful world of cyber security by engaging in festive beginner-friendly exercises every day in the lead-up to Christmas!

Careers

  1. Careers in Cyber - Learn about the different careers in cyber security.
  2. Security Principles - Learn about the security triad and common security models and principles.
  3. Training Impact on Teams - Discover the impact of training on teams and organisations.

Cryptography

  1. Cryptography Basics - Learn the basics of cryptography and symmetric encryption.
  2. Hashing Basics - Learn about hashing functions and their uses in password verification and file integrity checking.
  3. Introduction to Cryptography - Learn about encryption algorithms such as AES, Diffie-Hellman key exchange, hashing, PKI, and TLS.
  4. Public Key Cryptography Basics - Discover how public key ciphers such as RSA work and explore their role in applications such as SSH.

CTF

  1. c4ptur3-th3-fl4g - A beginner level CTF challenge
  2. Fowsniff CTF - Hack this machine and get the flag. There are lots of hints along the way and is perfect for beginners!
  3. GoldenEye - Bond, James Bond. A guided CTF.
  4. Mr Robot CTF - Based on the Mr. Robot show, can you root this box?
  5. Pickle Rick - A Rick and Morty CTF. Help turn Rick back into a human!

iOS

  1. iOS Analysis - Discover the forensic artefacts present within iOS.

Linux

  1. Firewall Fundamentals - Learn about firewalls and get hands-on with Windows and Linux built-in firewalls.
  2. Linux Privilege Escalation - Learn the fundamentals of Linux privilege escalation. From enumeration to exploitation, get hands-on with over 8 different privilege escalation techniques.
  3. Linux Shells - Learn about scripting and the different types of Linux shells.
  4. Linux System Hardening - Learn how to improve the security posture of your Linux systems.

Networking

  1. Extending Your Network - Learn about some of the technologies used to extend networks out onto the Internet and the motivations for this.
  2. Firewall Fundamentals - Learn about firewalls and get hands-on with Windows and Linux built-in firewalls.
  3. Firewalls - Learn about and experiment with various firewall evasion techniques, such as port hopping and port tunneling.
  4. HTTP in Detail - Learn about how you request content from a web server using the HTTP protocol
  5. Intro to LAN - Learn about some of the technologies and designs that power private networks
  6. Net Sec Challenge - Practice the skills you have learned in the Network Security module.
  7. Network Security Protocols - Learn about secure network protocols at the different layers of the OSI model.
  8. Network Security Solutions - Learn about and experiment with various IDS/IPS evasion techniques, such as protocol and payload manipulation.
  9. Networking Concepts - Learn about the ISO OSI model and the TCP/IP protocol suite.
  10. Networking Core Protocols - Learn about the core TCP/IP protocols.
  11. Networking Essentials - Explore networking protocols from automatic configuration to routing packets to the destination.
  12. Networking Secure Protocols - Networking Secure Protocols
  13. OSI Model - Learn about the fundamental networking framework that determines the various stages in which data is handled across a network
  14. Packets & Frames - Understand how data is divided into smaller pieces and transmitted across a network to another device
  15. Protocols and Servers 1 - Learn about common protocols such as HTTP, FTP, POP3, SMTP and IMAP, along with related insecurities.
  16. Protocols and Servers 2 - Learn about attacks against passwords and cleartext traffic; explore options for mitigation via SSH and SSL/TLS.
  17. What is Networking? - Begin learning the fundamentals of computer networking in this bite-sized and interactive module.

OWASP

  1. OWASP API Security Top 10 - 1 - Learn the basic concepts for secure API development (Part 1).
  2. OWASP API Security Top 10 - 2 - Learn the basic concepts for secure API development (Part 2).
  3. OWASP Top 10 - 2021 - Learn about and exploit each of the OWASP Top 10 vulnerabilities; the 10 most critical web security risks.
  4. OWASP Top 10 - Learn about and exploit each of the OWASP Top 10 vulnerabilities; the 10 most critical web security risks.

Programming

  1. JavaScript Essentials - Learn how to use JavaScript to add interactivity to a website and understand associated vulnerabilities.
  2. Python Basics - Using a web-based code editor, learn the basics of Python and put your knowledge into practice by eventually coding a short Bitcoin investment project.
  3. SQL Fundamentals - Learn how to perform basic SQL queries to retrieve and manage data in a database.

Recon

  1. Active Reconnaissance - Learn how to use simple tools such as traceroute, ping, telnet, and a web browser to gather information.
  2. Enumeration - This room is an introduction to enumeration when approaching an unknown corporate environment.
  3. Introductory Researching - A brief introduction to research skills for pentesting.
  4. Passive Reconnaissance - Learn about the essential tools for passive reconnaissance, such as whois, nslookup, and dig.
  5. Red Team Recon - Learn how to use DNS, advanced searching, Recon-ng, and Maltego to collect information about your target.
  6. Search Skills - Learn to efficiently search the Internet and use specialized search engines and technical docs.
  7. Subdomain Enumeration - Learn the various ways of discovering subdomains to expand your attack surface of a target.
  8. Web Enumeration - Learn the methodology of enumerating websites by using tools such as Gobuster, Nikto and WPScan

Red Team

  1. Red Team OPSEC - Learn how to apply Operations Security (OPSEC) process for Red Teams.
  2. Red Team Recon - Learn how to use DNS, advanced searching, Recon-ng, and Maltego to collect information about your target.

Tools

  1. CAPA: The Basics - Learn to use CAPA to identify malicious capabilities.
  2. CyberChef: The Basics - This room is an introduction to CyberChef, the Swiss Army knife for cyber security professionals.
  3. FlareVM: Arsenal of Tools - Learn the arsenal of investigative tools in FlareVM.
  4. Gobuster: The Basics - This room focuses on an introduction to Gobuster, an offensive security tool used for enumeration.
  5. Hydra - Learn about and use Hydra, a fast network logon cracker, to bruteforce and obtain a website's credentials.
  6. Introduction to OWASP ZAP - Learn how to use OWASP ZAP from the ground up. An alternative to BurpSuite.
  7. John the Ripper: The Basics - Learn how to use John the Ripper, a powerful and adaptable hash-cracking tool.
  8. Metasploit: Exploitation - Using Metasploit for scanning, vulnerability assessment and exploitation.
  9. Nmap 01 - Live Host Discovery - Learn how to use Nmap to discover live hosts using ARP scan, ICMP scan, and TCP/UDP ping scan.
  10. Nmap 02 - Basic Port Scans - Learn in-depth how nmap TCP connect scan, TCP SYN port scan, and UDP port scan work.
  11. Nmap 03 - Advanced Port Scans - Learn advanced techniques such as null, FIN, Xmas, and idle (zombie) scans, spoofing, in addition to FW and IDS evasion.
  12. Nmap 04 - Post Port Scans - Learn how to leverage Nmap for service and OS detection, use Nmap Scripting Engine (NSE), and save the results.
  13. Nmap: The Basics - Learn how to use Nmap to discover live hosts, find open ports, and detect service versions.
  14. Nmap - An in depth look at scanning with Nmap, a powerful network scanning tool.
  15. REMnux: Getting Started - Learn how you can use the tools inside the REMnux VM.
  16. SQLMap: The Basics - Learn about SQL injection and exploit this vulnerability through the SQLMap tool.
  17. Sysinternals - Learn to use the Sysinternals tools to analyze Windows systems or applications.
  18. Tcpdump: The Basics - Learn how to use Tcpdump to save, filter, and display packets.
  19. ToolsRus - Practise using tools such as dirbuster, hydra, nmap, nikto and metasploit
  20. Wireshark 101 - Learn the basics of Wireshark and how to analyze various protocols and PCAPs

TryHackMe

  1. Kali Machine - Access your own Kali Machine
  2. Starting Out In Cyber Sec - Learn about the different career paths in Cyber Security and how TryHackMe can help!
  3. Tutorial - Learn how to use a TryHackMe room to start your upskilling in cyber security.

Vulnerabilities

  1. Authentication Bypass - Learn how to defeat logins and other authentication mechanisms to allow you access to unpermitted areas.
  2. Command Injection - Learn about a vulnerability allowing you to execute commands through a vulnerable app, and its remediations.
  3. File Inclusion - This room introduces file inclusion vulnerabilities, including Local File Inclusion (LFI), Remote File Inclusion (RFI), and directory traversal.
  4. IDOR - Learn how to find and exploit IDOR vulnerabilities in a web application giving you access to data that you shouldn't have.
  5. Intro to Cross-site Scripting - Learn how to detect and exploit XSS vulnerabilities, giving you control of other visitor's browsers.
  6. Intro to SSRF - Learn how to exploit Server-Side Request Forgery (SSRF) vulnerabilities, allowing you to access internal server resources.
  7. SQL Injection - Learn how to detect and exploit SQL Injection vulnerabilities
  8. Vulnerabilities 101 - Understand the flaws of an application and apply your researching skills on some vulnerability databases.

Web Application

  1. How Websites Work - To exploit a website, you first need to know how they are created.
  2. Web Application Basics - Learn the basics of web applications: HTTP, URLs, request methods, response codes, and headers.
  3. Web Enumeration - Learn the methodology of enumerating websites by using tools such as Gobuster, Nikto and WPScan

Windows

  1. Active Directory Basics - This room will introduce the basic concepts and functionality provided by Active Directory.
  2. Firewall Fundamentals - Learn about firewalls and get hands-on with Windows and Linux built-in firewalls.
  3. Microsoft Windows Hardening - To learn key attack vectors used by hackers and how to protect yourself using different hardening techniques.
  4. Windows Command Line - Learn the essential Windows commands.
  5. Windows PowerShell - Discover the "Power" in PowerShell and learn the basics.

License

  • Content License: The contents of this repository, including documentation, markdown files, and other text-based materials, are licensed under the CC0 1.0 Universal (CC0 1.0) Public Domain Dedication. This means you can freely copy, modify, and distribute the content without any restrictions.

  • Script License: The scripts in this repository, located in the /scripts folder, are licensed under the MIT License. You are free to use, modify, and distribute the scripts, as long as you include the license notice in all copies of the code.

Trademark

The TryHackMe name and logo are the intellectual property of TryHackMe Ltd. This repository is not affiliated with, endorsed by, or associated with TryHackMe Ltd in any way. The content in this repository is a collection of links to TryHackMe rooms and is intended for educational purposes only.