#room-ideas

I would very love to see a learning path, rooms for analysing games. Find fails in client-server communication, read memory (find items, elements in UI), dupe item... For example, there was a Diablo 3 bot https://www.ros-bot.com/ reading the memory and performing actions, I would very love to know how to do this.

That's really game hacking territory, a bit yikes for here

Also, just an idea but the website tryhackme as a platform could be reused for many other learning purposes like programming learning paths, programming challenges, patterns etc just like stackoverflow, stackexchange. I love how the site is structured and gaining points for learning.

The staff have said before that there's plenty of places to learn programming.

ok

follow up to my question in #resources , maybe there is already a room but i will ask anyway, i had 2 job interviews that asked my about AD DC and i didn't show that i really understand it , i would be nice to have a room that describe windows server Services and AD DS in specifically ,domain controllers , and hierarchy such as , Tree, forest , bushes( that's a joke 🤦‍♂️ 😂 ) thanks

hey

There are already a plethora of existing and just released room already covering this topic

there should be an advanced learning path

consisting of all advanced rooms

maybe a senior penetration tester learning path

a ghidra beginner room would be cool, like the wireshark/nessus/etc have a quick overview 🙏

more linux advance function tutorial room

Elasticsearch from beginner to advanced (Modules)

I read the 'find command' room was removed, and that it was a really good room. It would be good if it was replaced (another 'find command' room)

There is no good room for PORT FORWARD in particular (such as local, remote, and dynamic port forward), and for Windows and Linux both. It would be extremely helpful to create this kind of room.

Wreath

ohh... Thanks

Gave +1 Rep to @somber crow

how to do brute force?

A room about macOS ?

Good idea, although any VM for hands-on skills would be costly as it has to run on mac metal (hardware) and are billed for a 24 hour period at a minimum. 🙂

oh god i didn't think of that

you can do about type juggling in php lang it very good vuln to know about

can anyone suggest me rooms for CTFS

?

sr but what's CTFS .-.

capture the flag games, those are really fun. You need to exploit a system and read a file with a flag in it

thank you, it sounds amazing

Gave +1 Rep to @round scroll

hackintosh?

Not legal on AWS.

oh ok

Can we make another room for the ones that are paid

Like same topic but free

lol

Ya bcoz in cost 7200 in Indian rupee

Also keep a look out for giveaways when the bot is done.

When?

No idea.

I'm not working on it, so I can't give a time-frame xD

damn it bella finish the bot quicker so shadow can do a giveaway of 10 month vouchersa

@cunning thunder I have some questions on the public release process for new rooms, let me know if we can chat, or i if i can DM, thanks!

Gave +1 Rep to @cunning thunder

Go ahead. 🙂

How to create rooms?

Press the 3 dots on your account and then select develop room.

Ok

Any room ideas for beginners?

No, sorry.

It seems like there was a room, but it's retired

any plans for a new linux priv esc room on dirtycred????

How can I create an ubuntu ssh server image with docker so that tryhackme allows it

Like you would normally?

Use ubuntu server 20.04
Otherwise as normal

Alright thanks.

Gave +1 Rep to @somber crow

Cant find the image

Then you're not using google

I just searched it on docker hub

Docker doesnt use systemd. I have the latest release of ubuntu running as a container rn and ssh does not start by default

What?

The host OS needs to be 2004 not the container

I mean i searched the image

How does the host version changes anything

TryHackMe only supports some versions

another day.... another wishing for a new room on the find command to be released so people can quickly find files on linux again

👀 Write one 👀

;_; shadow can't without plagirising the old one a lot

still feels weird that that room got marked as private as as far as shadow sees it has near 0 problems that need fixing to still be super useful for users

From a brief glance, it's a bit of an info dump with lots of questions. I assume there are other reasons, but dunno

¯_(ツ)_/¯

shadow could not do better in explaining find though

shadow assumes

Many issues with the room not being up to the current standard, one of which is it has no interactive element for hands-on skill practice. 🙂

you know what.... if no new room gets made for the find command by december shadow might actually go through and try and create one

that will give shadow time to think about it and actually do other things they need to first

What has that link to do with room ideas ?

lol bro you think its a room ideas

you are not able to read url ?

First of all I'm not your bro.
Secondly, you are in the room ideas channel.

So again, what has that to do with room ideas ?

now its fine , bsdk

You want to be straight on what bsdk means in english rather than kind of obfuscating it?
Or I have to look it up and come back to you again?

-warn 825161961657466930 Insulting with "bsdk", which is some sort of slang that can be looked up. The next time you insult anyone you will be removed from this discord

⚠ Warned rotash#5527

team...is there any plan of launching a room on qradar and arcsight

@remote socket @solid sky @storm canyon - I have a cool idea for a new koth box, already started on basic setup 😉 ... would love to find sometime in the next few weeks to sync up and chat about if/how I could help contribute some boxes for koth in the future ... let me know 😄

Please don’t ping Skidy:) talk to the KOTH staff about it and they can delegate.

my b ... last i asked they mentioned to reach out to skidy 😛 - just wanna get the ball rolling, but no rush

Are y'all planning on putting captions in the videos any time soon? It'd be really helpful for me 😅

Cc @cunning thunder big accessibility QA thing

@steady hornet

u ping the wrong holmes

I'll bring it up 🙂 We're trying to make sure all new rooms that have explanatory images have alt-text to go with them, so this is something that'd make sense as well. I'm not sure whether we'd be able to apply it to old videos/rooms but I could see it being a thing going forwards.

Subtitles would make things really accessible +1

Ay, def, I did mention to ping skidy, but I meant in DMs. NP.
I'd love to discuss/chat about it but I am out of office/home due to some emergency, I'll ping back when I am around.

In case you're not aware, when clicking on the "Watch on YouTube" feature, there's a CC closed-caption option that provides subtitles for videos that support it. 🙂

Good to know! The video I had to watch for one of the rooms didn’t have that option though

Do you remember which room?

The vulnerability room

https://tenor.com/view/do-you-have-any-idea-how-little-that-narrows-it-down-that-narrows-it-down-clear-now-its-clear-now-i-understand-now-gif-21256627 😛

https://tryhackme.com/room/vulnversity

if y'all do implement captions, would it be at all possible to have the text display under the video so the whole screen is visible? it'd be frustrating having captions cover up terminal input

i realize thats kinda a big ask, and probably for another day to deal with - so not biggie or anything. its just a nice idea :]

ah ok, looks like we hosted that before going to Youtube for a lot of new stuff. I'm not sure what the plan is with old content, I'll pass it on 🙂

Hello everyone, can anyone give me idea, i build a room in my local lab on vmware workstation, but when I export the vulnerable machine in .ova format and then import on oracle box for just testing it working or not, so it just showing a blink no login screen coming, any one can give any guidance I am using the ubuntu server CLI based OS

also if i export from vmware work station in .ovf file then it create 3 file .ovf, .iso, and .vmx file

so how should i upload on tryhackme develop room options

Hello sir, I am your premium user .

Here I am stuck on one question. Please check it .

Who is TryHackMe's HTTPS certificate issued by?

for this question to find an answer i had done a lot of research and submitted all possible answers .So please help me . the question is wrong or anything else the right answer.

You search on google you got it! Just checkout the issuer name of the certificate its already given on internet!

This isn’t the right chat but if you have any antivirus that uses web/ MITM protection, you won’t get the right answer

they got an answer in #room-help and told to ask there in future 🙂

I'd love a room explaining how to use Feroxbuster

That's a good idea...

I can't promise it will be a good room, but I'll certainly give it a bash, I have been thinking on doing a room.

https://tenor.com/view/thank-you-thanks-thank-you-so-much-keanu-reeves-gif-21952233

Problem with having a whole room on Ferox is that there might not be enough content to cover, it’s a similar problem with (iirc) Ciphey

noted

I'll try and flesh it out with adding something, but we will see how it goes, as it's my first room, I don't know how it will turn out, but I'm going to give it a shot.

Thanks for the tip.

Gave +1 Rep to @icy trellis

Hello anyone can you help me out? I am trying to upload the .ova file from Vmware workstation it showing error can't covert on the TryHackme after uploading, even i tried with .ovf file also after export the VM from Vmware Workstation

What operating system and version is it? Does the name of the ova contain special characters?

How long does it roughly take these days to get a room approved guys? My attempt has been stuck on the 'submitted' stage for a long time now?

The QA department is currently short staffed for the amount of rooms that are being made (they are hiring, so hopefully be sorted soon), so in-house content is currently being prioritised, what's your room and i may be able to give it a quick look over

Ah ok no problem thanks it's called SP1r1T. It's a basic room to help beginners understand some of the fundamental concepts etc...

I've looked at your room submission. Please make sure to host the target on our platform, and not as an external website. 🙂

Hi Tim, ok no problem thanks. I'll get around to doing that at some point when I get chance then...

thanks @somber crow I got my mistake update I am using the latest ubuntu 22.02, that's why its not working, Now I recreate the machine in older version and its working and Also hosted too. Thanks Again!

Gave +1 Rep to @somber crow

Anyone tell How much time it will take to review a public room and after that it will become live to every user on the portal?

There's no fixed time for room review, but after it's reviewed a release date will be set. After that release date, it will be available.

great thanks for the info!

In what way?

In what way what?

That there's not enough content to cover with Ciphey.

Oh you mean with using the tool, nvm.

Yes:)

I was thinking you were talking about different ciphers and encodings.

Because Ciphey supports 50.

Mhm:)

I remember doing a room that was just a bunch of encoded/encrypted strings.

I liked it, although it was easy.

Depending on how hard making a room is, I could make one that teaches cryptography.

he there i need fraind

Please don't ask the same question over multiple channels.
Especially if a channel is not even used for that purpose.

A room for linux persistence

mostly of red team rooms are for windows it would be cool to make some others also for linux

Do you know the market share relationship between the two OS? Especially in enterprise, and on workstations and AD environments.

no, sorry if i'm ignorant, i was just guessing

TL;DR: you ain't gonna see Linux very often. It happens, but much less commonly, and the techniques you'll use against it are generally (bar some weird Kerberos for Linux stuff) about the same as they are elsewhere on the site 🤷‍♂️

cool

Idea: Add more badges to feel the satisfaction of progress

More cryptography and steganography rooms like Cicada 3301 vol 1.

Have you done Madness ?

.

I'll need to check

Hello, how about a "source code analysis" room? Finding vulnerabilities in the source code. You have 20-50 lines of code and you have to specify the line number for question one about the task. In question 2 you have to answer the function name or parameter to be used for the "safer" variant. For further development you could build a room for PHP, C and many other languages.

Not quite how you describe it, but there are a few source code analysis rooms already. My https://tryhackme.com/room/hipflask for example 🙂

good one, but done, more of this please 😉

I want to make some cloud focused rooms like an intro to aws room. Can I make a room that doesn't rely on a vm? I wanted to make a room that teaches people how to make their own aws instance configure it for proper settings and test their settings if it's configured properly from their own aws account. There wouldn't be a need for a vm because most of the work will be done on aws itself. A tryhackme room on it will have detailed instructions and screenshots explaining in detail how to do it.

think you can do that kinda stuff for rooms as long as people don't need to pay for external stuff to complete the room

though asking for the room creation channel and going through some back and forth to refine the idea might be worth asking mods for

Good idea. This is part of our road map for internal content development. 🙂

I think a Cloud Security Room would be a Good idea. Cloud is one of the biggest technologies and everyone is going to Need it.

I'd expect this to be for subscribers most likely, because the cloud providers have to be paid for hosting. I know O'Reilly for example now offer an Azure sandbox which is available for a limited amount of time after which it shuts down. However, I support this idea

It would be cool to have some rooms dedicated to the Defender 365 suite, Sentinel etc.

@tender vortex @cunning thunder new room when? https://thehackernews.com/2022/09/warning-new-unpatched-microsoft.html

Haha I'll have to give it a go! Saw the bug this morning but still investigating some details. The exploitation in the wild is scary. Gives me hafnium vibes all over again!

I am subscriber, therefore for me it does not make any difference, but would be a Great idea

Amazon for example offer a Sandbox for AWS as well I think

Is it possible to build a network using the Develop space on THM or can I only build single machines ?

You can build single machines that emulate networks with docker/lxc, but you can't use the THM networks feature

How can I use THM networks feature ? I guess I have to have a strict room idea, how to contact THM for that if I do ?

you can't use the THM networks feature

The networks require a fair amount of work AWS side in a dev environment, and getting them into THM is very much a manual process and a lot of QA needs to be done.

I highly doubt that you'll be able to do it.

If you want to simulate it, using docker instances in a single machine like a network you can probably do it that way.

not room ideas but discord channel ideas, a channel idea channel itself and channels dedicated to discussing specific tools, not just paths and rooms like an nmap channel, a burp channel, metasploit, hydra, john, ... u get the idea. These would become good resources for using the tools themselves.

That would add loads of channels on top of the existing massive number that we've got.

Just discuss in #infosec-general if it's not part of a tryhackme room

ok but posting it there it'll get lost in general chat, of if you mean discussing specific tools, that will also get buried, specific tool-chaqnnels would create a good resource to look things up

Discord is a terrible place for knowledgebases and Q/A.
It's unindexed, not on Google, all the rest. It's not designed for what you're trying to use it.

Documentation is there for your "resource to look things up", as is google

ok the index thing makes sense, but just as you would browse a room channel for people having the same issues as you have you could browse a tool channel in a similar way, you'd immediately know where all tool x related discussions and stuff can be found

Why should people look here for help with a tool rather than through the tool's official channels?

Room channels are also retired for a reason

See here.

hmmm havent subbed to any tool specific discords myself, yeah, perhaps I should check those out first, these channels here would be THM related tho, but i'll go see for tool specific discords

I'm not talking about discord, I'm talking about reading documentation and using official forums, github issues for bugs, etc.

ah, but that's different, i'm looking for chat channels to chat about them, not static resources

So there's no need for indexing, there's no reason that can't be done in #infosec-general

Discord is absolutely not suitable for a resource for looking things up.

Any chance for a Sliver C2 room??

If your interested @waxen night Has a really great guide

https://notateamserver.xyz/sliver-101/

:D

That title is going to age poorly in a few months since they’ve started writing one 😆

a hackers movie inspired room

ctf

https://tryhackme.com/room/kothhackers

gonna give it a go cheers man

Heyy

anyone up I need some help with room kiba

@eager cave #room-hints

A room that teaches Networking hacking

Like Wreath, Holo, Throwback..?

Do they teach tools like airmon-ng and stuff

That's not networking hacking, that's wifi hacking. There's a wifi hacking room.

Oh yeah sorry thats what i meant.

another room like Vulnversity thats my favourite room i reckon so far anyway

It came to my mind to create a complex recon room, where a thorough analysis of the system is required. But I'm not sure whether there is interest in this and if yes, what to do or to avoid. Make it more realistic or more challenging with obscure places? Any thoughts about it?

sounds fun and interesting to shadow but dunno what would be required and how it should be done

Root Me is very similar.

@cunning thunder are we getting a room on https://securelist.com/ongoing-exploitation-of-cve-2022-41352-zimbra-0-day/107703/ ? Looks like there's a metasploit module now.

If there's no internal plans I'll have a look at making one?

I started and Centos 8 and Zimbra aren't playing nicely together... might try oracle linux instead, while sticking to these VM's https://docs.aws.amazon.com/vm-import/latest/userguide/prerequisites.html#vmimport-operating-systems-windows

Not that I know of so far. 😎

robert so much like his job at THM that he can't stop making rooms for them

robert has spent too much time around the content devs 😄

Hmmm, we'll see then, might manage to make one

Dewitt. 😄

Sorry if this is the wrong channel, I wasn't sure in what channel to post it. For the room https://tryhackme.com/room/introtolan - I know that myself and others find the red dots circling around the text to be quite distracting and can be quite irritating. Are there any plans on making it more accessible?

Would like to see a crackmapexec room

Not sure if the tool is big enough to be covered on a whole room but I know it is used in a few rooms

It absolutely is, I've been doing some deep dive on tooling lately and it's insane

It’s just impacket, smbmap, smbexec and a few other tools merged into one, no?

Plus a whole load more than just smb, there's an absolute tonne of features

Especially password spraying and PTH focused

You can run mimikatz straight over smb

Is there a room which covers the report writing part of a penetest?

Yes, multiple. Two from Muirland.

The tool has smb, ssh, winrm a lot, I saw that there is modules too which can add a lot, but those room that you said use the tool do you know the name of the room?

Can you point me to those room, james

I can't find this room now? Did it go away?

It's not finished.

ohh ok

a room on Out of Band(OOB) Remote Code Execution (RCE) would be great

Okay, so I was looking for a room where I could learn hashcat tool but I found out there's none. So I think there should be a room made dedicated on hashcat's use syntax and stuff. What do you think , isn't it an important tool to learn?

Is the syntax really that complicated?

The documentation is excellent

john the ripper was no different either but it has a room dedicated to it, I am just saying because it makes the learning process easy. you first read some stuff then there's some question based on that which will give practice there and then only. You don't have to wonder here and there. If we can't demand and get what we need then what's the benefit of being subscriber.

That was a community created room. Not a room made by THM staff.

OHh I see

I don't think there's enough ground to cover on hashcat. The only complicated bits are masks and rules which are basically the same as JTR

ohk I'll try and go through the official documentation itself then. thanks for replying

Gave +1 Rep to @somber crow

the crack the hash and crack the hash 2 room and password attacks room together gets you enough knowledge of both john and hashcat if you go through both using both tools

okay thanks. I'm done with first and I'll try the second one soon.

no problem

"If we can't demand and get what we need then what's the benefit of being a subscriber"

You get a lot of benefits from being a subscriber, but sadly you can't always get what you want

🤣 I knew someone will be, if not completely then at least kinda offended with this. You might be right, I'm sorry.

not really a room idea. but it would be nice to adjust the level of screen the browser vm takes up.

when we open up the attackbox when inside a room.

+1

that the usual way.

More Rooms about Wifi

Enjoyed the ELK room, is there any plans on more ELK rooms? Such as creating and dealing with alerts

Is there any room created on SASE and ZTNA? would be really helpfu;

we have etter-cap any explanation in meet in the middle attack

I would like to make a suggestion: a BeEF room

BeEF is out dated, and not commonly used.

What about a CyberChef room...

It could be interesting a cyberdefense room with auditd

I was wondering if completion certificates could be used for continuing education credit with CompTIA. It would be great if this would become a possibility, a reality, TryHackMe!!

Hello guys!

Is there anyone started solving TJNull boxes? I just solved 2-3 machines

This channel is for suggesting new tryhackme rooms

I created a room and it is submitted but has not been completed by anyone other than me so far. Is this a good place to post it for some feedback?

No, I've you published the room to be reviewed by QA, it's best to wait until they review it.

I suppose you're right, thanks for the reply!

Gave +1 Rep to @loud hornet

Would you please create a room dedicated to Governance? Thanks!

Are there any rooms that focus on Relay-related technologies?

A option on tryhackme site to save rooms to your favorite/bookmark would be awesome 😄

You may use the My Rooms page https://tryhackme.com/rooms It shows the rooms you've joined. 🙂

Would be cool to have an ISO/IEC 27001 room or one that includes the standard for an ISMS

Oh God, I can't stand ISO/IEC

But good idea, #room-ideas ;)

aren't we already in that channel

It was 3:30am, allow it

okay very well....wtf were you even doing up at that time

👀

I have submitted a room with amazing OSINT challenge (based on treasure hunt) to get public ... 2days back.... so just wanted to know how long does it take to get public...

It will take how long it takes QA to work through the list.

Okay.

I was wondering how to build rooms etc. I have some crazy ideas that i think would be fun to complete. is there any documentation on it?

Maybe that helps: https://help.tryhackme.com/room-creation

EPIC! thanks! must have overlooked it!

Hey Instructors, Senior Mods. As the OWASP top 10 list has been updated in 2021, maybe it would be a good idea to update the OWASP room.. What do you think? Just a recommendation because I was about to go through the room and I saw it follows the old top 10 list that's why thought to draw your attention..

#feedback-and-ideas would be a better place for this, or even~~ #room-ideas ~~ my bad, this is room ideas 😂

As the mods on Discord are not site staff, (with the exception of 2/3)

um scrubz this is #room-ideas

Oops! Lol.

lol

..🤣

Good idea. 🙂

Android and IOS (not cisco 😅 ) maybe

JWT rooms

hi. At the new room https://tryhackme.com/room/introtosiem in attached website i can't go back to complete previous tasks. I had to restart VM (website)

Tia stop

Im giving you an official warning next time

Pleass use appropriate channels and google, dont go around spamming the same question all around unrelated channels

I dont remember that I was looking for degree symbol even if I passed that room

@mental cargo no

mb

I have uploaded a VM and it starts and allocates an ip to the VM in the room. But when I try to access it through ssh or through browser (http), it doesn't work. whaat might be the problem

there should be a room on squid proxy.

Hey, can we get SOC level 2 pleas? I loved it , even tho i am more interested in red team but i learned alot from it. Thank you @gritty craterTryHackMe

Gave +1 Rep to @gritty crater

When There is a Red Teamer Path on try Hack me, I think there should be a Proper Blue Teamer Path i mean accept SOC L1 a ANOTHER Proper Blue Teaming Path

i just finished the cyberchef section on AOC2022 and i wish there was a whole room or module focused on things we can do with cyberchef.

the information i just learned from there was awesome guys thank you!

guess you don't count #791764435991658556 then

Ya i remember that and i had completed That
But i mean there should be s title like Blue Teamer too
Like there is A Red Teamer title

I’ve uploaded a machine but I can’t even ping the vm

#room-hints

https://tryhackme.com/room/avevasionshellcode
Task 9
"Are some packers detected as malicious by some AV solutions? (yea/nay)"
This implies that packers themselves are detected as malicious instead of stating that files packed with them might be flagged. Unless Im wrong and a simple messagebox in C later packed will be detected as malicious solely based on the fact that it has been packed.

Thats not really what it is stating. While mildly ambigious it is showing that just because a packer is used it can still be detected by AV or be used as part of an aggregate risk score to consider a suspicious file as malicious

For example in this threat report the binary has an increased entropy (A common sign of packing) that added to it's indicators. The more overall indicators or high aggregate score the more likely an AV or EDR is to detect a file.

@graceful rivet ^

Oh thanks for clearing this up @karmic raven
This is really helpful ! Gonna keep it in mind

Gave +1 Rep to @karmic raven

Would OSINT rooms be more feasible with offline instances of socials sites like wayback, or just using wayback? iirc there was discussion about the difficulty of osint rooms because things get buried or removed all the time. Or people comment and spoil.

well it can work but it is not the easiest

CompTIA Security+ Room would be very welcome

maybe a room based on domain generation algorithms? dgas are very interesting they can have the weirdest names
attackers have use them before so it is security related to be able to identify them and block them (and be able to recognize them so to not click on them) (dgas are also used for legitimate purposes too to sell domain names to legitimate companies)
word based dgas are especially weird they can have funny sounding names sometimes (there are websites that generate word based domains and have them for sale for companies to buy)(i think it would be interesting to see what names thm gives to the examples, you can have fun and put sillly names)
theres other classifications for dgas too
could be helpful that maybe someone could predict future dga names or rules for them and block them in the firewall; and it would also spread awareness
this could be in the web security section

Not sure if fits here or other # . To make THM certs shown in Role part of profile

A path about mobile application pentesting (android) starting from the very basics (adb, apktool etc.).

There should be way to put a Room in something like a bookmark or TODO, so we know can save what we want to do

Please a dark theme

Yes!

check out the dark reader addon/extension/plugin for firefox and chrome... it basicly makes all websites have a dark theme and works great on tryhackme

I forgot where, but I did see there was a way to check for all "started but incomplete" rooms

log4shell room against a windows target would be interesting and unique

How about creating a path for bug bounty hunters (Methodology, tools, finding the suitable targets etc...)

DevSecOps Path

IoT(mobile devices) PenTestPath

IoT and mobile are pretty different

Thats true.
IoT PenTest path
Mobile Devices PenTest path

2 different now

I thaught mobile phones are a part of IoT

can we have a room designed that focuses on data carving, and foresnics

unless there is one already lol

would be cool to see some hardware trojan materials 😄

Hi, is there perhaps a room about the BEEF framework? Because I could not find it. Could be interesting if it does not exist yet. But if it does exist can someone give me a link to the room.

There used to be, it's not so favoured anymore

Thanks 🙂

Gave +1 Rep to @somber crow

@silent dragon +1

data carving and memory dump analysis would be a big hit I think.

I agree

I am actually looking into making some forensics rooms, so things like that are great ideas!

Perhaps you could infect a Windows 10/11 system with a modern malware, like a keylogger/data exfiltration malware that's intended to be covert. Then run strings on it and have a room where users highlight sections of the output which are relevant.

Ie. Indicators of infection.

This saves you guys the extreme bandwidth that would be required to transmit realistic full memory dumps (8GB)

I also think that some rooms for the compliance standards should be developed. Similar to how the networking osi model room wAs

Wreath, Hipflask

I think that should be more rooms about networking, linux and python

If you search linux there is 9 pages of results.

An info room dedicated to writing XPath queries and helping beginers get familiar with the syntax. 🙏

is there any room on curl ? cant find anything and it seems quite essential

hey guys, im kinda new to tryhackme, just starting out.
there is a lot of interesting rooms, so was thinking to save it for later, but cant see it? like a star or something to have it in our own rooms library to check it our later.
am i missing something or there is no option like that?

There isn't on THM, you could always use your bookmarks on your browser.

also, just realised that not every room has an estimated finish time? it'd be good to know if ill be able to finish the room before work or uni. i know i can leave it and come back to it but i like to finish things when i start it and move on to the next thing next time im free.

thats what im doing atm, still something to consider 😄

Peoples skills vary.

Someone can finish a room an hour, some can do it in 5.

Would depend on the room, IMO.

of course, i understand that.
at least average time would be helpful

Lovely country on your PFP.

Very, bonnie.

I cannot find a channel #path-ideas I'll leave my suggestion here as it seems to be the closest thing.
There is a lot of material on Windows in several rooms and Modules, maybe it could be all consolidated under a Windows security Larning Path?

More of a discord channel idea.
Channel /w list of useful extensions like wappalyzer, darkview etc. with and option to submit ones users find in a format : Name:What it does:How it can benefit us in the CySec context

This would be better implemented outside the discord, as something like a github repository, and then posted in #resources

true dat. Thanks for responding

Gave +1 Rep to @somber crow

Link to the room in the pinned form is broken. I take it that's not intended

It's intended

may I ask what was the room about?

Authentication as the name suggests

Mhm. Aight whatever

Either they heard your request or it was already planned, but I think that's what you asked for 🙂
#announcements message

yeyyy! lets leave it with "they heard me" 🙃

I'm liking the Remediation section of the Web Fundamentals path I'm going through. If y'all can keep that up across all learning path rooms regardless of what path its under, that be awesome 🙂 🙂 Knowing how to fix the vulns is the other side of the battle

if THM decides not to bring a room on BeeF/SET back, the closest i've been able to find so far is the book: The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy 2nd Edition

You also might find some nuggets in the vulnerable vm: WebGoat

I doubt they will, I don't think it's used much

It's old and outdated, they also have a couple phishing rooms already.

Hello everyone

I want to upload Windows VM machine to my room.
I have a question about which type of virtual disk image I should upload? .iso, .vdi or what

.OVA

^ was for you.

He can't upload iso or vdi, as it was asked in questions, so I just narrowed it. Thanks for addition, I didn't know that before

hello guys is there anyone from the room creators can create a room that talks about openshift podman and some pentesting ideas

mimoza69 i like that idea also

basically needs to be ova

Hello guys I'm now learning at the platform and I got an idea of a room, the idea is to create a room about how to type faster and it's benefits on time and effort for hackers

What benefits

tbh, speed doesn't matter

Same as coding, honestly. Typing fast for a long period just means you ain't using your brain.
Typing fast in short bursts then spending time thinking saves seconds, if that.

High WPM is a flex, but an entirely useless one.

what point does shadow have useage for writing out their thoughts in very quick bursts on discord???

Another situation where more thinking, less typing, is a solid philosophy

yuups

Typing in general is probably too broad... What about a room to share useful tools/techniques for aliases, scripts, and stuff to help save time and also documentation + reuse for future time savings? Just a thought, DM me if you wanna chat about it more 😁

More shortcuts?

good point

Hey. I got a room idea that I would like to see: How to manipulate the security feature Kerberos constrained delegation.

Far from mainstream AD hacking but very useful to understand.

Lmfao, that's, uh, about as mainstream as you get I'm afraid

As "mainstream as you get" you say

I would disagree with that statement. But maybe you can point me to a room on THM that goes over just that?

Whether something is covered on THM or not does not define whether it is a common misconfiguration or not. Constrained delegation ain't some arcane knowledge. Heck, even RBCD is well-known.
"Mainstream" would be how often something is seen, and consequently how much visibility it has. As far as AD abuses go, opportunities for delegation attacks aren't exactly uncommon.

If it isn't covered on THM then it probably should be though, for that reason.

I agree with that. However I've not seen it on any platform. So you know, thus the comment

I know for a fact HTB has it in at least a few places. Definitely covered extensively by both Offsec and ZPS. I would imagine also by Pentester Academy given they cover AD attacks.

Ok! Need to check It out then.

Damn, impressive certs.

Ok, PHP filter chaining ?

That's not mainstream, you have to give me that

It's certainly less commonly discussed, yes, and almost certainly less commonly found. I'm a red teamer though, not a webapp pentester. You would have to speak to someone who works consistently with webapps to get a definitive answer there 🙂

And a pretty new phenomena. Also, really cool shit

It might help to consider "mainstream" as being whether your average colleague in the respective discipline is likely to be able to hold a conversation on the topic.
For example, if I say constrained delegation to a group of AD infrastructure pentesters or red team operators, I wouldn't expect to have to explain myself.

I suspect you would be right in saying that PHP filter chaining is not something that your average webapp pentester would be able to immediately recognise and discuss in-depth if it was brought up (I.e. making it a more niche topic), but again, I'm not a webapp tester. Can ask a couple tomorrow if you want the experiment though lmao

Hahah why not 😉 But you seem to be well rounded. So I mean how often do you encounter filter chaining. I'm pentesting from a regulatory perspective. That "constrains" me a bit 😉

I'm relatively well rounded in training, but again, my day-to-day work is active directory exploitation, red / purple team ops, and maldev.
That said, to my understanding filter chaining is used pretty much exclusively to exploit LFIs (I can think of another few uses for filters -- e.g. XXE -- but less commonly), so realistically speaking you're looking at "how common is an LFI"

Every webapp pentester should know what an LFI is, but whether they know filter chaining as a technique to exploit it is another matter, and a harder question to answer.

Yeah that's true. And granted, LFI is more or less path traversal so we got that covered as well.

Yeah, just a PHP specific extension of it

SSRF might have some use for it

Really anything that would bypass sanitation I guess

Mhm, assuming you could get the filters to execute (not entirely sure they would in things like your typical libcurl SSRF), that could work

I suspect you would struggle to get the app to treat it as anything other than a string in most instances there though.

Hmm. Might have to setup a lab and try it out. Also, there is a lot of sloppy devs out there that would use sanitation as primary defense for sqlis

True, but one would hope they were doing it with filter functions rather than concatenating user input into filter streams. That would be a lot more complex

True.

Was thinking of a comment you made regarding RBCD.

You create a new object that would imitate, and inherit the privs of a DC right?

Somewhat. You often create a new machine account, but it can work without if you already have one (or a service account) compromised.
It's basically a way to introduce a constrained delegation vulnerability by abusing write permissions over a target service, so it's a service that you would be compromising rather than a DC necessarily.

That said, if you happened to have GenericWrite (or an equivalent) over a service running on a DC then yes, that would get you access to it.

Right. Thanks for an awesome chat.

Gave +1 Rep to @native raptor

My pleasure, and same to you 🙂

Wellou

hello would anyone create a room about IBM QRadar SIEM
we got good rooms on splunk so it will be good if we had for QRadar too

@cunning thunder, Please could I chat in a private for my creative room? 🙂

Why don't anyone do a Room with out-of-band Sqli

I have a lot of ideas for some rooms but I am first wondering how to get my first 2 rooms I submitted to get reviewed? One of them has not been reviewed in 121 days

Did you see the tester evaluate or be prepared of your room accessible to the public? Did you email staff for that?

@kindred widget

Here we go. https://help.tryhackme.com/room-creation/the-room-review-process

Hope TryHackMe QA Staff will fix that on Monday. But I’m a member 🙂

I’ll read this over later today!! Thank you

Gave +1 Rep to @fringe marten

guys can i edit the privately uploaded room ?

if it's uploaded by you then Yes.

I mean edit with ssh or something.

No, you'll need to upload a new VM image with the changes made

Hi Everyone, we have built an active directory pentesting lab, the VM that holds the lab infra is 70 GiB

It's hosted on Azure, Is there a method to get it directly to the THM platform from Azure

Because it's too large to download

No, there is not

Do you know of an easier way we could get this to the THM platform

Build it locally

Hi James, I don't have the system requirements to build it locally my goal is to give this to the THM community as a free lab, could you make a request to your Engineering team to help us out, thank you.

I do not represent THM, but I understand the restrictions on building content as someone who has created a decent amount of content on THM

There is unfortunately little that can be done unless you're a THM employee, which neither of us are

Yes I understand what you trying to say, I will try contacting THM support and see what their response would be, thank you

It'll be the same, but I wish you the best of luck

Interesting idea. I've forwarded this to our content engineering team for you. 🙂

Thank you very much, looking forward to a positive reply

Gave +1 Rep to @cunning thunder

Hi y'all! I posted this in general, but I wanted to post it here too. I am developing a room called "Intro to ROP" which is a sequel to my Intro to Pwntools room, and I am looking for beta testers. If you are interested, please feel free to DM me. Thanks!

are there any rooms that help you understand how to research a given vulnerability for example, CVE-2023-25824.
On how to go about this and how to identify fixes etc.
I would love to learn this

If you type CVE on the room search page and use the "walkthrough" filter, you can find a few rooms covering this topic. We also have a module https://tryhackme.com/module/recent-threats

is there any rooms about fixing and modifying exploits ?

i suggest a room about a technique called Wildcard Injection and/or exploining wildcard for privilege escalation

there are entire articles about it, but I believe it would be cool to have a room

yes. the only room i saw it was Skynet, but i have solved just 80 rooms till now. so if there are more rooms with this technique, it's ok 🙂

i didn't know xD

A room about mobile security would be fantastic!

For example a room about mobile hardening, Android pentesting, etc.

It could be useful to learn new things about smartphone security as we use our phones everyday.

Let me what you think guys.

https://tryhackme.com/room/androidhacking101
https://tryhackme.com/room/mma
https://tryhackme.com/room/iosforensics

Oh damn!

I didn't even see that

lol

thanks

are they room about hardware hacking ?

yo peeps

Guys,
Do you think of a QRadar room for the Cyber ​​Defense path?
I haven't found any labs that work well related to QRadar. Next to that, CyberDefenders has a lab but the VM is very problematic...

https://cyberdefenders.org/blueteam-ctf-challenges/39#nav-questions

Any plan on adding more series?

think series is slowly getting faced out in favour of modules

OWASP Mobile Top 10
room idea

i wish if there was a path specially for malware researcher and analysis

True, we only got one module for malware analysis

Hello, We need room for CVE-2023-23397

Mobile hacking. More updated than the ones above. iOS apps android apps

hi

maybe heap exploit

That’s so sad I love the series😭

shadow is not sure shadows comment is accurate but this is what it felt like to shadow at the time they made the comment

What's your favourite series?
Bear in mind there is one right answer to this question

LMAO

What’s the correct answer?

You tell me 😁

Pre security was pretty fun🙏

a bug bounty pathway

+++

That's a learning path, not the same as a series. You can find series on the practice page

I really liked the SOC L1 path, it turned out really cool! Are there any plans to create a dedicated path for CTI?

well creating paths need a lot of rooms and a lot of work... so maybe but be prepared to wait for a long time

shadow has very little to do with if and when paths release though

Jabba, Can I DM you about next creative room?

If you want :)

Thank you.

Gave +1 Rep to @icy trellis

What does DM mean?!

Hello everyone!
I have idea for tryhackme, If tryhackme create path about bug bounty hunting I think it will be good for users

Direct message. It means private message.

May I know what is creative room if it is not secret : )

Well My first creative rooms is OSINT challenge. It was submitted 2 months ago. Doesn’t matter if the review is still pending. I will make another ideas, But I am not working on them until first creation room is successfully shared publicly. 😅🥲

Sadly, our staff is not responding. :/

Check out:
https://www.securitylearningacademy.com/local/navigator/index.php?search=qradar&level=top&courseTypes=Lab
https://community.ibm.com/community/user/security/blogs/nikhil-bhavsar1/2020/08/26/step-by-step-qradar-deployment-at-aws
https://qradar-demo.mybluemix.net/
Also, SIEM free module from Rangeforce.

K8s room/module with a badge would be nice 😊

IMO I have found valid resources for bug bounty pathway, What if tryhackme adds Bug hunting pathway using portswigger's resource. I think it will be great!

https://www.youtube.com/watch?v=DDfUoQWnrfM
Would be cool to see a room/series of rooms focused on LLMs and ways to not only host but also exploit LLMs to find vulnerabilities;

Linked this video because normally the official chatgpt prevents using itself as a tool for bruteforcing and other things, but if you run it locally you can bypass a lot of the protections that are built into most LLMs like gpt4;

After submitting a room for review to be available for everyone, how long does it usually take for the review to be completed, should I expect some sort of confirmation that the room has been approved?

It's as long as a piece of string:)
Yes, you will receive an email if it is approved/ denied.

I see, thanks I'll have to wait then 😁

I don't know if this is the correct channel for this but I'm trying my best, does anyone know if the new learning path will be available for subscribers? They made it sound like it would be only available for businesses/teams, if anyone has any info on this and they don't mind sharing then I'd like to know, Attacking and Defending AWS just sounds like a great opportunity to learn, I'm also biased because I've been studying AWS lately

It more than likely just be for business.

Yup, at the moment it is just for business & education users. It may be opened up to individuals in the future but that's a big may

Is there a room for building, deploying, and then utilizing AI chat bots for social engineering and whatnot and exploiting servers/web applications?

Example room:

L1: Introduction

An introduction to chatbots and how they process and work internally
Building a chatbot with any suitable programming language such as js or python
Then deploying the chatbot on a local server

L2: Chatbot Security

Exploiting chatbots through malicious inputs
Protecting chatbots from attacks

L3: GPT and Advanced Chatbots

Brief introduction to GPT and its capabilities
Building an advanced chatbot using GPT
Then finally deploying the chatbot on a cloud server

L4: Social Engineering, Exploitation, and Payload forging with Chatbots

Using chatbots to perform social engineering attacks
Detecting and preventing social engineering attacks using chatbots

L5: Chatbot CTF Challenge

A scenario where users must use chatbots to solve a series of challenges and ultimately gain access to a vulnerable system/server

|| Can we have a room on Selinux, please? ||

I wonder if there's any room or lessons for social engineering

To my POV it's possible to extend Metasploit rooms with one which gives a clue how to obfuscate payload to make it less visible to anti-virus software and merge it with other working soft to make user to run it without suspicion.

We need Azure rooms

Use of AI in CyberSecurity (Prompt Engineering).

can we start promoting the use of rlwap -cAr?

for nc listeners

eh

kinda already explained that that exists in the what the shell room

Yeah

Nice to meet you

hello

Someone should make a room on how to make rooms. Unironically

Now that Brim has changed to Zui. A Zui room please

What happened to the Linux privesc playground?

The user who created it deleted the room
You can cause the same affect by just adding suid to every binary in /bin and /usr/bin

Damn 😦
And ok thank you very much for that tip 😊😊😊

Gave +1 Rep to @somber crow

I got an idea. I think tryhackme need Bug Bounty pathway. It will be great room for everyone

honestly, I don't think that having a whole pathway dedicated to bug bounties is worth it.
A room on bug bounties? Sure

Ehh, a module, on bug bounties

After that though, throw on enough other pre-made modules and you have a pathway right there

Bug bounties are great, but they don’t need that much coverage as you’re using red team skills

Bug bounties is practically all web. There are tons of modules on that.

Yeah, making a pathway is probably not a ton of work, but the point is more to give guidance in terms of what to do, not so much it existing

The rooms already exist

You mean more of a methodology?

unless i didn't fint it, there is no room on suricata IDS/IPS

As in, take a bunch of relevant rooms together, throw in a room or two for focusing on efficient scanning methodology and stuff yeah

From what I've seen, a lot of bug bounty hunting is more about picking targets and working efficiently before moving on

Hey how about some real wifi action

It's all virtual machines, you can't really do "real wifi" given that it's cloud

A room where there are 5-10 questions which need no answers because if someone is busy or can't do rooms for some reason, they get to keep their streak. I call it the streak room. I know there is a reason why that room doesn't exist but some people can't devote enough time to do a room for a few days but they usually do when they're free.

Whole point of a streak is to show your dedication

We introduced streak freezes to give users a break

Much appreciated ^

yess so keen on wifi

Anyone got any ideas for network storylines, will see what I can do. Potentially building something similar to the red team capstone and see where that goes (Obviously if THM Staff don’t mind)

you got called in to try and get rid of intruders that have setup "ransomware" on the corporate network.. your goal is to reverse the encryption access and find how the network got breached

Why always blue challenge is subscriber only while red challenge always free?!

That actually sounds really cool. If you don’t mind, could I start developing it?

networks can only be built by staff

Ik, might developed it to make THM Staff lives easier

but you can’t lol

the functionality is only available to staff

blue challenges are usually with windows which requires a little more power than linux, so to be able to run these machines it costs a little more 😄

I thought blue challenge only for blu team members red challenge only for red teamers

no, everything is for everyone 😄

doubt you could get it approved and spun up by staff on tryhackme but if you wanna try to build a network with that premise go for it

If your talking about a THM room, the closest thing you could do would be with containers

I’ve already mentioned this, but they need to be careful with copyright.

Purposely mimicking the RTC setup for purposes of reproducing it won’t at all get approved

???

What?

shadow not understand the second sentence in your message... can you explain it???

They’ve expressed multiple times how they want to copy the RTC network for non-business users

This isn’t at all approved by TryHackMe and they could get into some more trouble than it’s worth

oooh yeah that... shadow wondered why it was a problem if they made their own network with the blue team aspect shadow suggested

got confused with what you meant with RTC hence the major part of the confusion

Was talking about Shadows Idea but I appreciate the advice nonetheless. Will consider options but doubt I will proceed cause do not fancy to push the wrong ideas around.

Please note that community content creator submissions only allow for regular rooms. Network configuration is only an option for content that is built in-house.

What if creating a room about bypassing windows virus defender ?🤔
Will tryhackme allow it? Because I am not sure it is ethical or not

Check the red teaming path

I am in that room

After learning about antivrus defenders in windows and its types, I thought about bypassing

But that's what the module host evasions is about

A room about ransomware recovery : What should be done before disaster (backups for example), and what to do after (restore, and maybe trying to counter it with the "no more ransom" website) ?

Would anyone like an AWS room? Room on how yo set your own homelabs on AWS

Unlikely to be reviewed, as we have a full fledged AWS learning path. 🙂

Right

The harder part being making it interactive with a hands-on exercise on the AWS platform. AWS is truly something to learn by doing directly through the AWS console. 🙂

Since I'll most likely have to have a closer look at MISP /w plugins and all that jazz... think that would be interesting content on thm aswell? Kinda supplementing the existing MISP room

I am interesting tryhackme's privacy policy about rooms! I mean What if room about MiTM, DDOS, Game hacking, Mobila application hacking, Android & IOS hacking if it is okay, why not create : ) ?

Not sure what you mean?

There are a lot of rooms on mobile

There is nothing ethical about DDoS.

When creating rooms, it is important for us to assess the legality of it.

Is it legal for us to teach? Maybe.

Should we be teaching it? That's where the problem comes. Just because it's legal, does not mean we should be teaching it. We are not 'gatekeeping' knowledge, but as a business there are things we can and cannot do.

Firstly, DDoS is not at all appropriate. Unless you are referring to "Denial of Service", of which is different, but still not appropriate. If you are a proper pentester, the likelihood of you peforming a denial of service attack is low. And if a company required a stress test, they would go to a company with the resources for it. Not a single pentester.

It is ethically questionable when you have the power to perform a DDoS attack and you yourself are not the owner of a large infrastructure.

Secondly, there are already MiTM attacks on TryHackMe. It is not easy to simulate all attacks in a virtual environment, but our community (and team of awesome Content Engineers) can usually get pretty creative to at least simulate what it would be like.

Game hacking. I'm not sure what you mean here. If you are referring to cheats to gain an unfair advantage. That is unethical. Once again, there are little actual reasons for you to understand how to hack games.

Do games have bug bounty programs? Yes. But still, there is little reason for us to teach it here. Especially as the complexity of game hacking is something you would look into later in your career. TryHackMe is for beginners.

'Mobile application hacking', now it just sounds like you're looking to be unethical. See reasons above.

I would like to make two things clear:

• Unethical behaviour is not tolerated here. I am not exactly calling you out here, but I hope this makes it clear. All of these topics are very... suspicious.

• Anything I say does not reflect TryHackMe's decisions. Nothing I say is 100% certain of an executive decision for TryHackMe. These are my own thoughts and opinions.

If any of this is wrong, inaccurate or does not make sense, please feel free to correct me or point it out

Maybe,make a room based on fighting against corruption in Brazil
Take for example the "scandal of the Leeches";
Where congressman in 2006 made a bidding fraud, overbilling ambulances in most brazilian cities over 120%.
Step 1: Implementation of solution: OSINT, to find about the operations, detect which congressman still haven't got arrested, which political parties still make part of new scandals,
Step 2: Simple solution with data architectures through blockchain to detect why and where the over billed ambulances are parked.
Step3: Implement regular smart contracts to prevent lobbying, with a new digital coin name Real DIgital.
Step 4 conclusion: Keep on fighting against corruption implementing data transparency and view how brazilian governments make it difficult to data scrap stuff.

Thank you for explaining I understood you 100%. Yes it sound unethical I just asked it. I don't mean any cheating my pc and phone is low not worthy to game : ). I saw mind blowing bug bounty programs with games and mobile (XIaomi, android, IOS). Then I was thinking "why tryhackme or hackthebox has not teaching about these?". I asked DDOS and MITM with knowing it is unethical, because I always Interested this thinks which is never teached anywhere.

Gave +1 Rep to @icy trellis

One more question. I am having a lot questions while learning in tryhackme but it is not related any room of tryhackme but it is related hacking (like technical help, advice) I want to ask to create channel in discord for that if possible

#site-support ?

Need more blue team rooms that cover things like Azure Sentinel, Carbon Black, ArticWolf, Qradar.

I was not sure that channel okay for questions which is not related tryhackme room, but thank you

Gave +1 Rep to @loud hornet

#infosec-general

That's excessively political for tryhackme, politics is best avoided as it leaves a foul taste in the mouth

Well, real politics

Keep it English @tight grail

There’s no need to know about the topics that the user discussed as pentesters aren’t commonly asked to perform those techniques

If you're really that worried, you can hot glue gun the usb port.

Re. Qradar: I really want to make a room on qradar siem, not sure how that'll pan out with the community edition though.
But good to know there's at least one other person interested 😄

Telling you splunk is not even popular anymore in my area as it used to be. Its now all Microsoft 365 defender, Azure sentinel, Carbon Black, QRADAR

there is no platform atm that has hands on practice with those tools

😦

I`m trying to create a private room, Ive uploaded a ubuntu server as an .ova file and added it to my room but when I start the machine I cant ping it, any sugestions please ?

Have you allocated the correct resources to the machine?

I think I did, around 30gb of space, 4gb of ram, I even tested the .ova localy imported it into virtual box and was working fine managed to ping it

That could be the reason why, I don't think any of the target machines have 4GB of RAM.

Should I do 2 ?

@lunar plank could be one of the best people to ask, if they're not busy.

I`ve did 2gb of ram I also did 512ram still cant get a ping

Does it ping on your local machine when deployed with 512mb? How long does it take to load up?

yeah managed to ping it but was a bit slow, I`ve given up thx anyway

Gave +1 Rep to @somber crow

room based on explaining and securing top 25 bugs https://www.bleepingcomputer.com/news/security/mitre-releases-new-list-of-top-25-most-dangerous-software-bugs/

Hey guys, has anyone solved PowerShell room from Offensive Sec chapter??

Dear admins, can I know how much time it would take to make rooms public (writeup accepted)?

There is over 200 rooms in the review line, could be a while

well, then make it looks like a company instead of politics

Ok thanks

Gave +1 Rep to @loud hornet

Hi Everyone
I have joined 'internal' room using attackbox but I am not able to get Target IP.

in description they have mentioned that machine IP is the target IP. Is this correct?

@smoky mirage Hi there, please ask in #room-help
This channel is for ideas for new tryhackme content

sure thx

How about an intro to heap exploitation room?

smart house ctf

Smart house?

Do you mean IoT's?

can anyone suggest me btech final year project ideas in cyber security field

thanks a lot in advance

I honestly don't know too many details, I heard that the smart home ctf will be half and half and it would be nice if there were educational resources from tryhackme and to learn and practice a bit

well there is a section in the latest advent of cyber to hack a smart camera using some protocols a lot of smart home stuff use

Can you please make some changes to save button on the rooms. It doesn't give you opposite options like when i saved a room, it doesn't tell me to unsaved when hover the cursor over it. To add more into it, Could you let user create a category or something of saved rooms so they can refere back easily when they want to. Thanks for such a wonderful website.@remote socket @cunning thunder @topaz mortar

Gave +1 Rep to @remote socket

There is an x in your saved rooms to remove it.

You should also be able to click the Save Room button again, so it will remove the room again

Thank you guys for you response. I mean at first glance I can not figure out so I use cursor and it shows same " Save room ". Also different icon for save and unsaved will quickly help to figure out. Like with saved room ✅️

Just a feedback👍 so take it lightly.

🙂

Is there a BYOVD room already?

Any body interested in making a room for firebase authentication mechanism

mac os hardening, (vm -) network hardening, kali linux hardening / initial kali security config, suricata, fail2ban, utm, system integrity protection are my ideas for rooms

I don't think MacOs can be done, as you can't put their software and OS on non-apple hardware.

it'd have to be theory only for mac

pretty sure there is alredy some stuff on network security

not sure what you mean by "kali linux hardening"? its supposed to be a hacking distro...

I believe there are alredy rooms on IDS/IPS too

SIP sounds interesting

it can be done but it's expensive in aws

What about building a C2 (command & control) framework in python or C# with most of the functionality like metasploit?

More scripting rooms! Automation, writing exploits, evading AV, debugging, creating new tools. Lua scripting in nmap

hi

hi everyone

In room oscommandinjection task 2

THM, start use a .php sample, pretty nice BUT just bellow a new sample, just in phyton, why change, so comfussing.

Will someone explain the Phyton model too me in .php?

both are like servers that have command injection functionality

the python one I assume(I dont use flask) after the http://domain:port/<its takes a shell command>

and that shell command gets executed using a subprocess shell which can do the same like the normal terminal

so in conclusion, python unlike php has to import a module to use os commands

Thank you ☺️

No problem

Hardening kali means how to make your kali fit for hacking e.g. install and config a firewall, check for rootkits, backdoors, and exploits, disable samba and openssh server if not needed or use fail2ban, disable root in older distros, basic log monitoring, things like kali-tweeks and other tips from kali docs. here is a list for mac os https://github.com/drduh/macOS-Security-and-Privacy-Guide

https://tryhackme.com/room/linuxsystemhardening

Im not sure if they'd do specific distros, but your welcome to do one if you want

You don't need to do a lot of kali hardening. It's safe out-of-the-box, all those services are disabled. Firewall is not neccesary if the ports are all closed hehe

Scapy room! Also, more learning paths for certifications other than Pentest+

Hello everyone I am new to Tryhackme Website I can't understand where I started my career as a Penetration tester can anybody guide me please thank you.

Go do the web fundamentals room first, into the other basic rooms that say easy then when you’ve finished all those start the penetration tester room that has 64hrs next to it

android reverse engineering (especially dynamic analysis) with frida

i found no courses to learn re with frida

intro to steganography

Osint pathway

Hi everybody, is it possible to propose/implement some ctf related to specific security solution.
Like ctf on hacking kubernetes ? I have some idea and i would like to share it

chances some random person will go into and make room from your idea is not that high... the chances of you doing good if you make your own room from your idea is widely better

Yeah that what i want to do

I want to know how to share it for create a room in thm

Hello guys, anyone knows how to solve this extra task in Linux Privesc room -Task 7- Sudo - Environment Variables:

malware development path

Can you provide a use case?

to learn it .

For what though? For what job role?

malware analysis

Can you change your status, please? @tacit anvil

how can i change it

@icy trellis

Your status on Discord

https://beebom.com/how-change-discord-status/amp/

Hey Folks, I want to submit a room for THM community. Can someone please help me with this if they have a prior experience in creating rooms for the platform??
I also want to get started in building vulnerable VMs for the infosec community, but with vulnhub owned by OffSec now, is there an alternative on how can I make my VMs public?

Give me a sec I'll get you access to the creator's lounge

Hey, i had submitted my room a month back ig... but still it shows status submitted, can uu guys confirm if this isnt any glitch or something...

There is a loooong list to go through.

Web3 Room, where you learn exploits, wallets drains, the risks in web3 and more

When I set up a room in TryHackMe and specify it as free, subscriber-only, or business, does it affect me as the creator in any way? Specifically, are there any rewards associated with creating a subscriber-only room?

Also when did i get access to creator's lounge 😄

Just submitted a room and can not wait to get other creator's feedback.

No.

Need to ask a mod for it.

Okay. Thanks for your time : )

Just out of curiosity, what will make me publish room for a special part of the users only ? 😄

Special part?

Subscribers, or business users only.

That's more for internal use, but it's up to the creator really

This is more of a path idea, but maybe a path focused on bug bounties, how to go about them, and just educating people about those principles?

could be a room tbh

the rest is already in the other paths

problem with bug bounties is that there's no real standard

maybe I’ll make a room for it, just like a super basic one, idk

Thanks for the answer : ). Is it possible to get access to creator's lounge or should the room get accepted first.

Gave +1 Rep to @cedar echo

Yeah it's possible

➕ Gave the role Creators-Lounge to _biggib

Done

Good idea

Are there any prerequisites that someone must have before someone can create a room for other users? And is there somewhere aome reference what room topics are „allowed“?

no prerequisites..... but there is helpful documentation to go through... think most topics are allowed as long as they are deemed ethical hacking

!docs room-creation

@hoary shale ⬆️

Thx! @forest summit

so this is not a room but it's about KOTH, the idea is to place voting system on private games for KOTH

Yes, maybe why not!

How about a room focusing on TAXXI and STIX contents'?

I am assuming you are not referring to the English rock band 😁

Could you provide more details?

https://oasis-open.github.io/cti-documentation/stix/intro.html

For example , STIX is a format used to exchange data in cyber intelligence. In the cyber intelligence room (one of the various tasks is mentioned) but would be better to deep this topic

Instead TAXXI is the protocol used to exchange this data

bad or good idea?

I haven’t seen it, certainly not a bad idea. Just not of how many people it would appeal to

more info there: https://www.cloudflare.com/learning/security/what-is-stix-and-taxii/

can you guys help me to decode this TGUE?O·S·K·MTUEGI·SYENFE·TOI···SRO·T·SF·OYT···O·T·KUMH·I·AE·NMK··

solved now pay me in two cups of coffee (espresso shots added) for the solution 😂

try cipher

Can you provide context?

😋

@errant thistle Please do not ignore me 🙂

Did you figure it out?

Are there anyone can solve it ?

Solve what?

@loud hornet

Until the user answers Jabba, I'm not touching it.

As I don't know where it has come from, it could be a job interview, exam or school work.

Okey, i understood.

Are there any rooms for CI/CD exploitation ? Like repos credential stealing , iac? etc yet ?

I guess, there are two room on the thm, one of these is the "Intro to Pipeline Automation" and second the "Dependency Management", can you check out ?

I have one in the pipeline, but it's proving difficult to set up

Something where you can go from exploiting a pipeline to spinning up an vm in a cloud environment to laterally enumerate and move around would be sick but maybe that’s asking too much 😅

That's probably a bit much

Haha

I have to see if what I want to do is actually possible, tbh.

Then I think basic enumerating repos for creds with some open source tools would be cool , add in some education about securing various pipelines and what to look for

What did you have in mind ?

Gonna keep that secret for now:)

I definitely think there should be more bug bounty rooms including one for project discovery tools like Nuclei and subfinder

An idea for a blue team room: Reviewing and applying security baseline configurations for Windows and Linux, probably two rooms.

Windows could describe Microsoft Security Baselines and how the GPOs work, their impact and etc. Can mention NIST standards and CIS Benchmarks in passing.

Linux would be similar, but I’m not sure a good free baseline to use, although US Military STIG or OpenSCAP would be viable

Emphasis on, this may break legacy services, but hardens your environment to a significant degree. Stress that OSes are not configured securely by default

This is a problem I have at work, so I presume that it would be useful info for all

Possible concern: These baselines are so broad that it may be difficult to summarize unless you hit on the important points

i discovered that there are sql injections entry points in various http headers beyond cookies. i suggest a room on this topic. for example, the http header X-Forwarded-For can be an entry point

This isn't a room-idea but it would be really neat to get an Ares bot. The Ares server has one.

https://github.com/bee-san/Ares

@icy trellis Rust -> JavaScript ?

Que?

You mean convert it to something usable by the bot?

yeah

I don't want to take power away from the other functions on the bot

Are there any rooms fot GRC

Here's an idea, instead of having a boot2root machine, you get root ssh credentials and have to patch up the vulnerabilities/ harden the machine, then when ready, an automated script would be ran to test the defence and see how they did .....does this seem doable?

I'm not certain about getting ssh credentials, but patching after getting access seems to be the format for KoTH? At least that's how I understood it when I read the mechanics.

Yes, it is partly like koth but would be an actull room instead 🙂

Just like the first half of koth (getting root) is what the boot2root machines are already

I'm 99% sure that's been done