TryHackMe Room Curriculum: Comprehensive Cybersecurity Learning Path
The TryHackMe Room Curriculum provides a structured pathway for cybersecurity education, covering foundational skills like Linux and networking, intermediate topics such as web application security and tooling, and advanced challenges including Capture The Flag (CTF) exercises, malware analysis, and reverse engineering. This curriculum guides users through practical, hands-on learning across 27 distinct categories.
Key Takeaways
The curriculum spans 27 categories, from Intro to Hard CTF challenges.
Foundational skills include Linux, networking, and basic scripting languages.
Advanced topics cover malware analysis, forensics, and reverse engineering.
Practical application is emphasized through various Capture The Flag rooms.
Specialized areas include Active Directory, Buffer Overflow, and PCAP Analysis.
How do I begin learning cybersecurity on TryHackMe?
The introductory rooms provide the essential starting point for new users. These modules cover platform navigation, basic connectivity setup via OpenVPN, and core introductory cybersecurity concepts for a smooth start.
- hello
- howtousetryhackme
- gettingstarted
- welcome
- tutorial
- openvpn
- beginnerpathintro
- startingoutincybersec
- introtoresearch
What foundational skills are covered in the TryHackMe Basics Rooms?
These rooms establish core technical competencies, focusing heavily on operating system fundamentals and security principles. Modules cover multi-part Linux command-line usage, pentesting basics, security principles, and the hacker methodology.
- linux2
- linuxmodules
- linuxfundamentalspart1
- linuxfundamentalspart2
- linuxfundamentalspart3
- basicpentestingjt
- pentestingfundamentals
- principlesofsecurity
- ccpentesting
- hackermethodology
- physicalsecurityintro
- linuxstrengthtraining
- catregex
- openvas
- btmisp
- iso27001
- ultratech1
Which TryHackMe rooms focus on reconnaissance techniques?
Reconnaissance rooms teach critical information gathering techniques. This section covers passive and active recon methods, content discovery, OSINT using Shodan, and Google Dorking for target profiling.
- passiverecon
- activerecon
- contentdiscovery
- ohsint
- shodan
- googledorking
- searchlightosint
- webosint
- sakura
How can I develop scripting skills for hacking on TryHackMe?
Developing scripting proficiency is vital for automating tasks and creating custom exploits. This section focuses on practical programming skills using Python and Bash, introducing proof-of-concept scripting.
- pythonbasics
- pythonplayground
- intropocscripting
- peakhill
- javascriptbasics
- bashscripting
What specialized scripting and tooling rooms are available?
These rooms offer exposure to specialized programming languages and tools. The curriculum includes modules dedicated to learning Rust and utilizing YARA for identifying and classifying malware based on patterns.
- rust
- yara
What are the core networking concepts taught in the curriculum?
Mastering essential network infrastructure concepts is fundamental to cybersecurity. Topics include LANs, HTTP, and DNS protocols, crucial for traffic analysis and identifying network vulnerabilities.
- introtonetworking
- whatisnetworking
- bpnetworking
- introtolan
- httpindetail
- dnsindetail
- rfirmware
Which essential cybersecurity tools are covered in the TryHackMe curriculum?
Gain hands-on experience with Metasploit, Nmap, Nessus, Burp Suite, tmux, and Vim. These tools are used for scanning, exploitation, traffic analysis, and web application testing (OWASP ZAP).
- metasploitintro
- rpmetasploit
- rptmux
- tmuxremux
- hydra
- rpsublist3r
- toolboxvim
- learnowaspzap
- phishinghiddeneye
- rustscan
- rpnessusredux
- nmap01
- furthernmap
- tshark
- ffuf
- burpsuitebasics
- burpsuiterepeater
How does the curriculum address cryptography and hash cracking?
Understand cryptography principles, practice hash cracking (Level 1 and 2), and learn password security best practices through challenges like `bruteit` and `agentsudoctf`.
- cryptographyfordummies
- crackthehash
- crackthehashlevel2
- passwordsecurity
- agentsudoctf
- bruteit
What web application security topics are included in the rooms?
Identify and exploit web application vulnerabilities (OWASP Top 10) using vulnerable labs like DVWA and WebGoat to practice injection techniques (SQLi, LFI, SSTI) and application walking.
- webfundamentals
- webappsec101
- vulnerabilities101
- walkinganapplication
- owasptop10
- owaspjuiceshop
- rpwebscanning
- owaspmutillidae
- webgoat
- dvwa
- vulnnet1
- juicydetails
- vulnversity
- injection
- lfibasics
- inclusion
- sqlilab
- learnssti
- sqlinjectionlm
Are there rooms dedicated to Android mobile security?
The curriculum includes specialized content focusing on mobile security. The dedicated room, `androidhacking101`, introduces fundamental concepts and techniques for analyzing and exploiting vulnerabilities in the Android OS.
- androidhacking101
How are digital forensics skills developed in the curriculum?
Learn to investigate digital incidents, covering Linux server forensics, general principles, and specialized memory analysis using tools like Volatility and Autopsy for incident response.
- linuxserverforensics
- forensics
- memoryforensics
- bpvolatility
- autopsy2ze0
What rooms cover wireless network security and hacking?
The `wifihacking101` room covers wireless protocols, common vulnerabilities, and practical steps for assessing and exploiting Wi-Fi networks, providing a focused area for network security specialists.
- wifihacking101
What is taught in the Reverse Engineering section?
Deconstruct software by learning assembly (x86-64, Win64), general principles, and using tools like Ghidra for binary analysis. Challenges involve analyzing Linux and JVM files.
- introtox8664
- win64assembly
- reverseengineering
- reverselfiles
- jvmreverseengineering
- ccradare
- ccghidra2
- aster
- classicpasswd
- reloaded
How does the curriculum approach malware analysis?
Study the history of malware, basic reverse engineering, and research methodologies. Practical rooms focus on command and control infrastructure, providing insight into modern threat operations.
- historyofmalware
- malmalintroductory
- basicmalwarere
- malresearching
- mma
- c2carnage
- cl2.carnage
- dunklematerieptxc9
What rooms teach the techniques of steganography?
Explore concealing messages within files. Challenges require analytical skills to uncover hidden information in various media formats, including image and musical steganography.
- ccstego
- cicada3301vol1
- musicalstego
- madness
- psychobreak
- unstabletwin
How can I learn Privilege Escalation techniques?
Gain higher access levels on compromised systems. Focused training covers Linux and Windows environments, including dedicated arenas for practicing techniques to achieve root or administrator access.
- linprivesc
- linuxprivesc
- linuxprivescarena
- windows10privesc
- windowsprivescarena
- linuxagency
What are the key Windows security topics covered?
Dive into Windows fundamentals (three parts) and security investigation techniques. This prepares users for securing and analyzing Windows environments and tackling practical challenges like `blue`.
- windowsfundamentals1xbx
- windowsfundamentals2x0x
- windowsfundamentals3xzx
- investigatingwindows
- investigatingwindows2
- investigatingwindows3
- blueprint
- vulnnetactive
- anthem
- blue
Which rooms focus on Active Directory exploitation?
Focus on attacking and defending Active Directory (AD) environments. Learn to enumerate, exploit, and maintain persistence within AD structures, simulating real-world internal network penetration tests.
- attacktivedirectory
- postexploit
- ustoun
- enterprise
- razorblack
How is network traffic analysis (PCAP) taught?
Examine captured network traffic to identify malicious activity, C2 communication, or data exfiltration in practical scenarios like `h4cked` and `overpass2hacked` for incident investigation.
- h4cked
- c2carnage
- cct2019
- overpass2hacked
What is the focus of the Buffer Overflow rooms?
Master this high-impact vulnerability class by learning preparation steps and exploitation techniques necessary to successfully execute a buffer overflow attack, leading to remote code execution.
- bufferoverflowprep
- gatekeeper
What types of challenges are included in the Easy CTF rooms?
Apply foundational skills in beginner-friendly Capture The Flag challenges. These rooms cover web exploitation and basic privilege escalation across numerous scenarios like `kenobi` and `picklerick`.
- overlayfs
- gamingserver
- psychobreak
- cowboyhacker
- ctf
- rrootme
- attackerkb
- picklerick
- c4ptur3th3f14g
- bsidesgtlibrary
- bsidesgtthompson
- easyctf
- lazyadmin
- bsidesgtanonforce
- ignite
- wgelctf
- kenobi
- bsidesgtdav
- ninjaskills
- ice
- lianyu
- thecodcaper
- blaster
- encryptioncrypto101
- brooklynninenine
- yearoftherabbit
- jackofalltrades
- madness
- kothfoodctf
- easypeasyctf
- tonythetiger
- ctfcollectionvol1
- smaggrotto
- couch
- source
- overpass
- pokemon
- bolt
- overpass2hacked
- kiba
- poster
- chocolatefactory
- startup
- chillhack
- colddboxeasy
- glitch
- allinonemj
- archangel
- cyborgt8
- lunizzctfnd
- badbyte
- teamcw
What miscellaneous or uncategorized rooms are available?
This section groups niche topics, specific tools (pwn tools), vulnerability exploitation in various environments (`vulnnetnode`), and unique challenges like `mustacchio` and `madeyescastle`.
- chronicle
- introtopwntools
- vulnnetnode
- vulnnetinternal
- atlas
- vulnnetroasted
- catpictures
- mustacchio
- madeyescastle
- enpass
- sustah
- somesint
- tokyoghoul666
- watcher
- broker
- inferno
- vulnnetdotpy
- wekorra
- pylonzf
- thegreatescape
- safezone
- nahamstore
- sweettoothinc
- cmspit
- superspamr
- thatstheticket
- debug
- redstoneonecarat
- coldvvars
- metamorphosis
- sqhell
- fortress
- cybercrafted
What skills are tested in the Medium CTF challenges?
Medium CTF rooms require intermediate concepts, demanding complex exploitation chains and deeper analysis. These challenges often integrate multiple vulnerability types, requiring skills in web exploitation and advanced privilege escalation.
- road
- mrrobot
- goldeneye
- stuxctf
- boilerctf2
- jokerctf
- biohazard
- breakit
- willow
- marketplace
- nax
- mindgames
- anonymous
- blog
- wonderland
- 0day
- bsidesgtdevelpy
- ctfcollectionvol2
- cmess
- dejavu
- hackernote
- dogcat
- convertmyvideo
- kothhackers
- revenge
- harder
- haskhell
- undiscoveredup
- breakoutthecage1
- theimpossiblechallenge
- lookingglass
- recovery
- relevant
- ghizerctf
- mnemonic
- wwbuddy
- theblobblog
- cooctusadventures
- ctfonepiece65
- toc2
- nerdherd
- kuberneteschalltdi2020
- theserverfromhell
- jacobtheboss
- unbakedpie
- bookstoreoc
- overpass3hosting
- battery
What advanced topics are covered in the Hard CTF rooms?
Hard CTF rooms test advanced skills in complex, multi-stage environments. These challenges require deep technical knowledge, sophisticated exploitation, and extensive lateral movement, simulating highly realistic penetration testing scenarios.
- m4tr1xexitdenied
- motunui
- spring
- brainpan
- borderlands
- hconchristmasctf
- dailybugle
- retro
- jeff
- racetrackbank
- davesblog
- cherryblossom
- cct2019
- ironcorp
- carpediem1
- ra
- yotf
- forbusinessreasons
- anonymousplayground
- misguidedghosts
- theseus
- internal
- yearofthedog
- inacave
- yearoftheowl
- yearofthepig
- envizon
- gamebuzz
- fusioncorp
What kind of content is offered through Special Event rooms?
Special Event rooms are themed challenges (e.g., Advent of Cyber) designed around holidays or specific learning initiatives. These events cover a broad spectrum of topics in an engaging, gamified format.
- hackerofthehill
- 25daysofchristmas
- learncyberin25days
- adventofcyber2
- adventofcyber3
- cyberweek2021
- tickets1
- tickets2
What diverse technical subjects are covered in the general Misc rooms?
This section covers specialized technical subjects, including specific vulnerabilities (Meltdown), niche tools (Splunk), and web frameworks (Django, Flask). It provides targeted learning on current security issues and specialized technologies.
- solar
- django
- githappens
- meltdownexplained
- bpsplunk
- linuxbackdoors
- thefindcommand
- jupyter101
- geolocatingimages
- torforbeginners
- tomghost
- dllhijacking
- iotintro
- attackingics1
- attackingics2
- printerhacking101
- dnsmanipulation
- flask
- mitre
- magician
- jpgchat
- sudovulnssamedit
- cve202141773
- binaryheaven
- gitandcrumpets
- polkit
- hipflask
- bypassdisablefunctions
- wordpresscve202129447
- linuxfunctionhooking
- revilcorp
- sudovulnsbof
- sudovulnsbypass
- crocccrew
- uranium
- yearofthejellyfish
- rocket
- squidgameroom
- enterprize
- adana
- vulnnetdotjar
Are there additional advanced Hard CTF challenges available?
This continuation section provides further high-difficulty CTF challenges. These rooms demand mastery of advanced exploitation and persistent problem-solving in challenging, simulated environments like `fortress` and `inferno`.
- vulnnetnode
- vulnnetinternal
- atlas
- vulnnetroasted
- catpictures
- mustacchio
- madeyescastle
- enpass
- sustah
- somesint
- tokyoghoul666
- watcher
- broker
- inferno
- vulnnetdotpy
- wekorra
- pylonzf
- thegreatescape
- safezone
- nahamstore
- sweettoothinc
- cmspit
- superspamr
- thatstheticket
- debug
- redstoneonecarat
- coldvvars
- metamorphosis
- sqhell
- fortress
- cybercrafted
Frequently Asked Questions
What is the recommended starting point for new users?
New users should start with the Intro Rooms, such as `hello`, `howtousetryhackme`, and `gettingstarted`, to learn platform navigation and basic connectivity via OpenVPN.
Which rooms cover fundamental operating system skills?
Fundamental OS skills are covered extensively in the Basics Rooms, particularly the multi-part series on Linux fundamentals (`linuxfundamentalspart1`, `part2`, `part3`) and general Linux modules.
Where can I practice web application exploitation?
Web application exploitation is covered in the Web section, utilizing vulnerable environments like `owaspjuiceshop`, `dvwa`, and `webgoat` to practice injection and vulnerability scanning.
What is the difference between Easy, Medium, and Hard CTF rooms?
CTF difficulty scales based on complexity. Easy rooms apply basic skills (`kenobi`), Medium rooms require multi-stage exploitation (`mrrobot`), and Hard rooms demand advanced techniques (`brainpan`).
Which specialized areas are available for advanced learning?
Advanced specialized areas include Active Directory exploitation (`attacktivedirectory`), Reverse Engineering (`introtox8664`), Malware Analysis, and Digital Forensics (`memoryforensics`).
