#pre-security-legacy-path

ah well I searched what it does on google and got a different answer

thanks man 👍

Just to be clear. In reality this might not be true. But for the sake of the exercise in the room, you will find this is the correct answer on the VM.

this should make sense

windows hell is always chasing me xd

Help guys. I can't download the flag.txt

it says connection refused

this is the exercise: Download the file http://10.10.4.11:8000/.flag.txt onto the TryHackMe AttackBox. Remember, you will need to do this in a new terminal.

Can you verify and show a screenshot of your commands and outcome?

@static lion

I got it now. I just had to restart my machine and redo it. THank you guys btw!

anyone up for some collab for BBP bugbountys?

Hey, please do not message across multiple channels, especially as this channel is not the right one 🙂

Can anyone help me with the pyramid of pain it’s telling me to name the file and the hint was Microsoft link but I don’t see anything

The hint is that the file is a Microsoft Excel file.

@zealous dove I already said that before

Nothing works

I’ve been on the same question for days so I’m telling you it’s not working

Hi everyone
how can share screenshot with u guys ?

cuz i am stuck in task Task 4
Filesystem Interaction Continued

linuxfundamentalspart2

i am trying to find the answers but i couldn’t

To send images you'll need to verify.

@glass flume

Which answer can you you not find?

2 and 4

Okey. So what do you think you have to do to answer the question?

Find the 'unknown1' file in tryhackme's home directory.

Then use the command that's mentioned in the text, to determine the file type.

For question 4 you have to find 'myfile' and then use the command mentioned in the text, to see it's contents.

Oh I see the command is not mentioned in the task. It's cat to see the files contents.

myfiles content using cat

unknow is hidden us ls -a

use*

Still I didn’t find unknown1

Which directory are you in?

Use pwd to see which directory you are in.

you are on the wrong machine.... that is the attackbox... you need the target machine

/root

okay how can use target machine ?

read read task 2:s text for how to access it

ohhh thx

Gave +1 Rep to @potent wedge (current: #4 - 1822)

no problem.... would have explained it here if needed but it was easier to just point to the rooms own documentation

Hi everyone! i have a question about ARP Protocol/Request. Basically Arp Request is used in order to find someone's MAC address by sending a msg to everyone sharing the same network, right?

Which TCP ping scan does not require a privileged account
Help me plz i tried every thing but couldn't find a answer

Have you looked at the man page? What have you tried thus far?

Guys, in windows fundamentals 2, where we suppose to find the exe files? Like in task 3, they ask for the exe file but, I can't find in the UAC screen. I wonder maybe there is a thing for finding the exe files I don't know. Can you share with me how you found them?

Hi, in windows fundamentals 2, task 4, question 3. I tought because of there is no address written in IPC$, it is the hidden file. But, the answer longer than that. What can I do?

@languid hound Loading the room now, but the answer isn't the IPC$

If you open the Computer Management tool, you can see shared folders in there, the answer is in that screen.

Is the "investigating windows" practice module doable before the pre security pathway is complete? Embarrassed to say that I tried to skip out half way of my intro to networking room and wasn't able to answer the first question

@woeful furnace Do you have much in the way of experience running windows management tools? If not it may be a little rough. Without knowing your background it's hard for me to make comment.

It's not a hard module, but some of the questions may require some google work.

Unfortunately none

Background is non IT / absolute beginner. Think I need a bit more foundational work before I try it 😛

@woeful furnace If you can figure out how to google answers you are half way to the goal, it's problem solving. Most people can't solve problems, or don't have the experience to. Solving a hacking incident is a lot of experience and knowledge. It's hard to just roll with it.

Yes I did I even used chatgpt but it didn't work either

Good point 🙂 it's a long road ahead

Hi, I think I'm stuck in the same boat 😩 and confused now. I'm on the Attackbox but how do I switch to the target machine?

no, wait I'm connected to the target machine, and I've found unknown1 but this is the content of the file. Seems to be the incorrect answer though?

You need the file type?

I got the file type, thanks! I don't know if it's not responding, or if it's me, but it doesn't show me the contents of myfile?

Gave +1 Rep to @zealous dove (current: #71 - 88)

Try cd myfolder then cat myfile

To read a file you have to give the path to it. If you are in the correct directory you only need cat file but if you are in a different directory you either need to cd into the directory. Or use the path like cat path/to/file

In this case would be cat myfolder/myfile

Ah, thanks so much, a light just came on for me 🙏 I used the cd to get inside the myfolder. appreciate your help!

You could also cat myfolder/myfile

HI, I'm in windows fundamentals 2, task 7. The question is "In System Configuration, what is the full command for Internet Protocol Configuration?". I find the answer from google but I don't understand accually why? I actually don't understand general about the command things in this room. Am I have to memorize all of them? I can't figure out from the task explanation and try to understand why it's answer is this. But still nut fully understand, is there any body can explain

Also in win fun 3, task 8; in the documentation page of bitlocker. It says if you don't have TPM you can use a startup key or use a password and mention non-TPM devices in this paragraph: The system BIOS or UEFI firmware (for TPM and non-TPM devices) must support the USB mass storage device class, and reading files on a USB drive in the preboot environment. I find what the answer is but there is no word like this in documentation and I don't actually get why it's answer.

"a removable device that contains a startup key."

"use a startup key, which is a file stored on a removable drive"

Hence USB startup key

Oh, I guess my brain stop. I read that sentence from 10 minutes😵‍💫

Thank you so much

Gave +1 Rep to @zealous dove (current: #71 - 90)

Hi all, I'm going through Threat Intelligence Tools room and can't get Thunderbird to work on the deployed machine. Says "Thunderbird failed to find the settings for your email account". I don't suppose to use a real email address, right? Thanks in advance.

You found the email, Email1.eml ?

Then right-click open it with Thunderbird.

Done. Thanks.

Hi ...I need a roadmap for cyber security....where can I find one...am I in the correct channel?

I m at level 0

Road map? For THM or in general?

I have no idea what thm is ...

Whatever you think is the best for me

.

Thm = tryhackme

Oh

😅

Then, general ...I guess

You may just wanna Google it then. I've seen this come by here before: https://roadmap.sh/cyber-security

Love ya man

@rigid path

when i see those roadmap, i feel the imposter syndrome coming up like my short web dev career lol

Haha true this roadmap is a lifetime commitment.

Even then might not get it all.

Haha yeah a bit overwhelming , but it's fun so hopefully i can get a career with this

Not sure if this is the right channel to ask for help, but I'm stuck on the Windows Fundementals 3 Room, specifically the question for task 2. It asks me to find the date 2 definition updates were installed but when I input the (what I believe is) the correct date, it says my answer is incorrect.

Edit: Nevermind I was a bit hasty, a simple refresh was all it took to fix the error

#room-help

Hi. I'm new here. I am currently in the in the 'putting it all together' room in 'how the web works' module, and I am unable to complete the 4th task(quiz). I can't move the tiles, they are like images.

What do I do

Hmm are you on mobile device or what browser you using?

I'm using Firefox on a laptop

Hmm strange. I'm not near a laptop right now and on phone it's not possible to drag the images, but I've completed the room so it should be possible.

Sorry can't be of any help.

No problem. I'll keep trying.

which section i have my notes on

How the web works room. Task 4 the quiz.

I have done it.

@zealous dove gives you a really good roadmap, I'm learning CompTIA ITF(IT Fundamental)+ now, and after that I plan to get CompTIA A+ and Network+

♥️appreciated man!

Hi. I'm currently in Linux fundamentals part 3 task 6. I don't understand the question.

@neat bane So crontab / cronjobs are automated tasks on a linux machine.

the question is asking when will this task be run.

so if you hit crontab -e

you will see a screen starting many lines with # theses are commented out lines.

there should be one line that does not start with #.

This is generally where you will see * * * which related to certain timed parameters, eg. every hour, minute, second. In this instance there is a item that is run @ a specific time.

What I am seeing after the commented out lines is:
@reboot /var/opt/processes.sh

Nothing about the parameters

@neat bane Well, you do. It's just not listed how you are expecting it.

||@reboot|| (cron will run) /var/opt/processes.sh

Is there an extra command I need to use. I don't understand

No, the answer is in your last comment. Edited comment to remove actual answer

Thanks. I was thinking it had to do with time because of the format.

Gave +1 Rep to @cyan pulsar (current: #174 - 38)

I can understand that, I'm not certain that it's discussed as an option in the room. However that general location is used for the timing of the cronjob, so my eye was immediately drawn to that area.

Hey guys, I am new to this discord and TryHackMe in general, so I hope some friendly souls will help. I have been trying to do my first "Practice"-room, but I can't get either the AttackBox or openvpn to work fully. The reason I can't get the attackbox to work is that I simply can't get it connected to the internet. I feel like this should be an easy fix but I don't know how - I have tried googling but I can't find anyone else that have this issue. For the openvpn on my own Linux machine, I simply don't know how to get the room ip-adress without opening the attackbox. This is a problem as my linux machine is a virtual machine and my computer can run them both (or at least very poorly). I really hope someone can help so that I can get started doing some of the recommended rooms based on what I have learned. As mentioned I am a complete beginner, so I want to provide more information, but I am unsure of what to add. I am hoping that someone will try and help because I dont know what I can do next

For the AttackBox i think i have tried doing nmap -Pn [ip-adress] in the terminal, because I saw somebody do that in the beginning of a walkthrough, but I am not really familar with that command (other than what i could get from man nmap'ing)

From googling I saw some reddit-posts about that it could be related to premium-access, but the conclusion on that I think was that internet should be included in the 1 hour of free AttackBox access

I have zero understanding of this but I feel like if I succesfully connected to the server with the ip-adress (checked using 10.10.10.10 and it saying that I am connected) should I then not have internet? It feels kind of wierd having the ip-adress used to communicate with on the internet but not access to the internet itself

But again I dont know anything I just hope someone could help me walk through it

Non-subscribers have no internet on attackbox.

The 10.10.x.x IPs are part of the THM network which is not connected to the internet.

When on the attackbox you are on this THM network so you can access those target machines.

When using own VM you have to connect to the openVPN to acces the THM network so you can acces target machines.

For the openVPN I suggest to take a look at this room: https://tryhackme.com/r/room/openvpn

Ok but my problem with accessing the internet is that I want to download the material on the website included in the challenge (for example an image). So for that I would need to connect with openvpn and my own machine?

also thank you so much for your response

Gave +1 Rep to @zealous dove (current: #67 - 108)

I have the openvpn set up on my virtualmachine more or less and this is connected to the internet, but I dont know how to get the tryhackme ip-adress without starting an attackbox

I'm not sure what IP you mean.

Can you verify? Then you can share a screenshot of where the IP would appear that you speak of.

@steel mirage

Ok so I am not able to deploy an attackbox anymore apparently but the one that usually appears where the "access machine box" is

I am apparently not able to put in the screenshot in the chat, but my apologies for not thinking of that sooner

You have to verify first. See link above.

I think I know what you mean. When you acces the attackbox there's an IP on top of the page on THM website. The VM which is connected to the openVPN is replacing the attackbox and the IP you get is then on top of the webpage. However, this aspect of the website is broken so it might say 'not connected' while in fact you are connected. You can thus ignore this. If you connect to the openVPN from your VM and then you can ping 10.10.10.10 it means you are connected.

thank you so much - this one

Gave +1 Rep to @zealous dove (current: #67 - 109)

Or when opening a browser on your VM and browse to 10.10.10.10 and you can see your IP on the bottom of the page you are connected.

that actually makes a lot of sense, thank you so much

it doesn't have to be a specific ip-adress right?

I just have to see a number on the 10.10.10.10 page (?)

The one you see thete is your VPN IP. You might need it for establishing reverse shells or whatnot.

Should be able to see it on your VM desktop corner aswell in Linux.

ok, i think i can move foward based on this (maybe even finally complete my first room) - thank you so much for your time!!

Gave +1 Rep to @zealous dove (current: #66 - 110)

Hello, I'm going through the Snort room (task 2) and trying to run the script by running "sudo ./traffic-generator.sh". Says "command not found". No idea why.

Do you have the correct command? Or are you running it in the directory where traffic-generator.sh is saved?

It's the command they suggest running. I've used cd to get to the correct folder. However it doesn't say it can't find the file. Says "command not found" therefore I think it has to do with the actual command. Thanks for the reply.

Gave +1 Rep to @brave cobalt (current: #11 - 621)

i'm looking for friends to learn togheter i'm in presecurity windows part 2

I am looking for friend to work together learning kalinux all tools pre-installed

theres so many

guys i need help with an issue i'm having in TryHackMe

i was doing the task where u have to change your bank balance

and i added 2000 to my bank successfully but when i had to type in my new balance to the input box

it kept saying the balance was wrong??

The question is not asking for the balance itself. There's a message above the balance with the answer to the question.

oh okay, thankyou!

Hi

Not sure if this is the correct place to put it but I spotted an out-of-date piece of information on the Windows Fundamentals 1 room under the Windows editions task. The task states that the current Windows server operating system is Windows Server 2019 however it is now Windows Server 2022 I believe.

Is anyone else having an issue in Linux Fundamentals 2 attackbox where the password isn't being accepted?

What's the issue?

I'm on the part where you log in with ssh tryhackme@[insert IP address] and I'm trying to input the password. Every variation I've tried has returned "Password denied, please try again."
(I have a screenshot if needed)

Share the room link

https://tryhackme.com/r/room/linuxfundamentalspart2

It says the password is tryhackme

Yeah, that's what I've been putting in

Just copy paste it without "" this

I've tried tryhackme, "tryhackme", TryHackMe, I haven't tried Tryhackme it could be that

Start the machine again

tryhackme is the password for that

To share a screenshot you have to verify.

@sand tiger

Ah ok

Rebooting...

Which IP are you using?

10.10.238.25

It's from the target machine?

yup

Hmm k. Screenshot would be verh helpful.

There we go

So you are using the IP from the attackbox.

You need to Start Machine to get the target IP.

Correct. Sorry, did I misunderstand?

OHHHH

Are trying to connect to the machine ip?

Wait they're different? 238.25 is the one I grabbed from the header, not the instructions. Why have that and then have it not be the one you need?

Because you need to connect to machine ip and not your attackbox ip

They're not the same thing?

No

One is attacking machine and one is target machine.

Well when you start the machine then the command will change and it will show the ip you need to connect to so you can just grab that and paste it on your terminal

Why will you want to connect to your own machine?

It worked! Thank you :]

Yeah, that makes sense. Thank you for clarifying

Hey guys - I have a question about the Packets & Frames Room on the pre-secuirty pathway. My understanding was that packets are inside frames, but the room seems to indicate that frames are inside packets. Is this just a question of different sources using different terminology? Does anyone have some insight on this?

here's a diagram that's closer to what I had learned before:

[Frame(Packet(Segment(data)))]

?

That's what I thought

the Packets & Frames room has frames encapsulated within packets and says they don't have IP addresses... that model, too, would have layer 2 frames containing layer 3 packets like I learned before

It depends on if you are encapsulating or de-encapsulating I guess?

The analogy they use is an envelope within an envelope, with the outer envelope being the packet and the inner one being the frame. I think it's the other way around. Frames have more information, so I thought it'd be the outer envelope.

When you are on the network the packet is king, but when you go outside the network (internet) the packet is encapsulated.

will OSI models be needed when ur tryna hack smth or is it just for knowing?

It's for understanding networking, which is pretty important for hacking.

oh cool

hmm that's a good perspective @cyan pulsar thank you

Gave +1 Rep to @cyan pulsar (current: #148 - 49)

its behind a paywall tho

https://www.forcepoint.com/cyber-edu/osi-model

thnx

It's not an all encompasing article. But it may help.

to continue the analogy, if you want to understand how to make sure your mom never sees your report card, or gets a fake one, you have to know what the envelope looks like and how the letter's going to get to her @trymph1

that's what the OSI model is for computers talking to each other

so its basically what layers are involved in communication between computers?

yeap and who adds what information when and who interprets that information

cool
thnx bruv

HI

#pre-security-legacy-path i just complete the intro to cyber security and upgrade to level two , what path should i chose next anyone can help me out ?

What would you like to do next?

i recommend doing "careers in cyber" and explore more in the areas you like more, there is also a quiz at the end that could guide you. Try to complete as many fundamental rooms as you can.

you can submit feedback like that directly on tryhackme page in menu > profile > give feedback

All of the Windos fundementals will be OOD.

Since Windows 11/Server 2022 are out

could someone explain me the third step of how a request to a website works in the presecurity course in the quiz section.
the third step is: "check your recursive DNS server for address"

I'm not sure what you are asking for, but you are correct for step 3.

If you are asking about recusive DNS servers vs authoritative DNS servers: https://umbrella.cisco.com/blog/what-is-the-difference-between-authoritative-and-recursive-dns-nameservers

Perhaps not the best example as it does focus on cisco umbrella as the recursive dns. But it explains things well enough.

I did not understand why you need to go through this stage and what is the main reason for doing it

Learn about DNS is necessary

if you want to be good at anything hacking related you need to understand fundamentals to the bone

You did not understand me correctly, I’m asking why is the third step of “how a request to a website works” necessary, like why you need to go through this step (the main cause)

You need to get how they work , so you can exploit them later on ,
The things that you are learning now are just headers of things ,
To get u familiar with the coming rooms ..
Like if you don't know what protocols do browsers use to get to the other side ,
How would you intercept them and modefi them ..
My advice is .. just keep on learning, it might seem irrelevant stuff know , but the more you learn the more you are able to see why learning this and that was necessary.
Good luck with that

There are no URLs in that message.

ok

hello friends

What would you call a team of cyber security professionals that monitors a network and its systems for malicious events?

Did you read the hint already?

Yes and I answered Security Operations Center (SOC) but If i send my answer it comes incorrect

Yes and I answered Security Operations Center (SOC) but If i send my answer it comes incorrect

Did you write (SOC) behind it? Or just Security Operations Center?

Yes

Security Operations center (SOC)

Well don't write the acronym.

If you look at the asterisks (*) in the answer field you can see how many letters/words/etc the answer should be.

SOC

You got it now?

Thank you. i will do the correction and get back you

Gave +1 Rep to @zealous dove (current: #51 - 149)

still incorrect

What are you writing exactly?

SOC

In the answer field (where you write the answer) you see asterisks (aka stars *) it indicates how many letters and/or words the answer should be. Based on that you know it's not SOC because there is not only 3 asterisks. Write out the full name.

Alright. You mean should write in full

Security Operations Center. i got it correct. Thank you

Gave +1 Rep to @zealous dove (current: #51 - 150)

Has anyone had any issues with Linux Fundamentals Part 3 and the .flag.txt file not being on the AttackBox machine?

Did wget it?

Did you start the python server on the target machine?

Yes it's running in a seperate terminal

No, you're starting the python server on thr wrong machine.

start it on deployed machine buddy , not in the root machine

You need to SSH in to the target machine, and then start the machine.

Damn

Thank you

Yep, got it now. Can't believe I did that. Thanks for the help

It's ok, you're not the first user to do that, and you don't be the last.

started learning about cybersecurity currently 19% through this pathway

Hello, I recently completed the pre-security pathway and received the certification, unfortunately it has my nickname and I would prefer my full name instead to add it to my LinkedIn Account. Is it possible to update the name on it?

hey guys, i wanted to ask if the pre security pathway is a good start for a complete beginner that doesn't know anything about this field or is there anything i should study alongside with the presecurity pathway

Pre security is a great place to get started for beginners. However with that being said, you shouldn’t full rely on only 1 resource (thm). See what intrigues you and if there’s anything you don’t understand, or want to learn more about, Google will be your best friend.

Unfortunately it's not possible.

Pre security is a good starting point. You could stick to this suggestion of paths: #general message

40% through guys liking everything so far

Hello, I am stuck at Introduction to Defensive Security. I do not see the solution to the question asked at the end. 😅

Sorry, confused the channel. Posted this earlier in the Introduction.

Edit: I did not write the whole answer...Solved.

hey homies, im stuck in the cron tabs section of linux part 3 - I cant see the time of the task ?

@cyan eagle Looking at the answer that was accepted for me: You're not looking for an actual time, but for an event.

So basically, look in the place in the crontab where you'd expect to see a time, and note what it says there. It's a bit confusing because the tutorial doesn't really mention this syntax as a possibility. Hope this helps.

yeah it is still abit confusing, do i have to input a crontab command for this or just look at what its there coz i cant see it on the current crontab

?

ok i got it, its was at reeboot

that was suuuper lame tho hah really badly written

yes that's what i started with but when i studied their foundation networking program i don't know if it's enough or if it isn't and i should go and study networking more deeply like studying for the ccna or it isn't enough but future pathways will dive me more deeply in the networking so i should just follow the pre security pathway

hello buddy i complete the pre security path and and into to cyber secuity what path should i chose next any sugeestion ?

Complete Beginner or Jr Pentester.

Jr Pentester or complete beginner,

ok thnks sir

what about , web fundamentals ,

Also a good one. But web fundamentals an Jr pentester and Complete Beginner have a lot of overlap.

Same rooms in those paths

oh okay okay buddy ,

After presecurity ... introduction to cyber security is better to start?

There is a recommended order of completing the paths - #general message

hey im on the presecurity path and just ran into my first paywall on what is networking it redirects me to a premium room, how much of the path is limited by paywalls?

im not sure about path..but the other day someone said about 63% of THM is free

All the paths have subscription content. 63% of the website is free, there is hundreds or rooms that aren't in any paths, instead you need to search for them.

Thank you for the answer, I have updated my name on the account, will my future certificates reflect the new name?

Gave +1 Rep to @zealous dove (current: #43 - 175)

Yess.

better to start complete beginner or Jr pentesting ,

Hello in pre security, answers to windows fundamentals2 task 2 are outside what is taught in the room, why is that?

It would be difficult to put in or compress all the concepts in a room as it will no longer be bite-sized. Plus, doing research is an important skill you need to build or work on.

hey where I can practice what I learned in the pre security's path please ?

Like smalls projects or something like that

you should take good notes on it and keep on completing other rooms. when you feel you dont understand something look at notes.

also learn using wireshark and observe internet traffic while browsing internet

yep, I take notes with cherrytree but I would like build something for see how it all happens in practice

there is a tool where you can build network...i think its called packet tracer

or try to make your home network better

I have packet tracer too xD, but yes like u said I will try wireshark

Thanks for the answers

no problem...there is room for Wireshark on thm

👍

i just started the pre secuirity

Me too

i just started this pre-security

do i have to remember every single topics of this module?

It's good practice to take notes.

thanks for the information

Gave +1 Rep to @tight ingot (current: #1 - 2646)

Anyone else have the issue in fundamentals of windows 3 when trying to open the windows table through run it says “call this number?”

Haven't heard of it. Could you verify (see link) and show with a screenshot what you mean?

@glossy cairn

How do I send a picture on this app haha new to discord

You have to verify first. See the link above your message.

g

can anyone tell me what is the password of linux machine?

i am try to update . But its asking password

like [sudo] password for tryhackme:

click on split view symbol in the room, then navigate to the (i) symbol and click on it. It should provide you with all the credentials you need.

—————————————————————-

note: the symbol is small and found besides the other symbols like the terminate button and the add time button, its an i inside of a circle.

Hi all, I'm trying to complete the Summit room. I can start the machine but it won't show in split view. Can't see a split view button either. Any ideas?

Start The AttackBox will show the Show Split View button if it not already inside of split screen. The AttackBox is the machine you will be working with to exploit the vulnerable machine. The Start Machine will not show up in Split View, it will be a small rectangular box containing the name of the machine, the ip of the machine and the duration of expiration. This machine is the machine you will be attacking using your own VM or AttackBox

Which one?

it shows the password option : N/A

did the attackbox load? If it did that isnt possible, you cant enter Ubuntu GUI without a password and that applies to most linux distros. The only reasonable idea is that the machine did not load yet and therefore a password didnt exist, meaning N/A.

which room and task/question?

Its task/room independent, i saw that once, it you click the (i) symbol before the machine loads, you get an N/A output or sum.

Got it. Thank you.

Gave +1 Rep to @tawny parcel (current: #662 - 6)

np

Hi

hi!!

HI everybody!
Quick question! I finished pre Security and has just started on the Complete Beginner Path.
Any recomendations on CTFs for that level, outside the ones that are in the current path?
Ty.

You can try picoctf if you want to try something new

Hi I'm struggling with the question in Task 3 of Windows Fundamentals 3. From all I can tell the answer should be virus & threat protection, however, the page tells me that is wrong. Could anoyne help me?

Hello,
Can someone help me with question in room "Windows Fundamentals 3"?
Question from task 3 is not correct - Virus & threat protection

Try just typing Virus threat protection

I checked, that works

why is pre seurity is so energy draining

3 days in maybe got to how http works

idk if thats even a good pace

lmk

brace your self and take breaks

or well pace yourself

and you got this even if you go through it slowly

will i be able to complete it in the next 7 days?

my unis gonna start and thats gonna drain much more energy

i wanna make sure i get pre security done before my uni starts

depends on how quickly you force yourself through it... but no rush

i see

I've been knocking it out in little chunks when I have time at my job

@dark glacier what do you plan on doing after pre Security?

I think I can start CTF challenges

We can do that with just pre Security?

Yes

Since pre sec has linux basics ig

Or I may even start jr pentesting

yea it has Linux basics
I also wanna start CTF but idk if that's possible with pre Security

yeah me too I'll just go for jr pentesting

I like being offensive in cyber

Ye will figure that out

fr ?

me too

Yee

well, i hope we could work together someday

Looking forward to it (:

Happy hacking bro (:

Yee happy hacking (:

For Pre-Security, under Windows Fundamentals 3 task 3 the answer is "Virus & threat protection" for sure because it matches the asteriks on the answer format (***** * ****** **********). I went on ahead on youtube just to make sure I'm not going crazy with the answer, is this a bug? or my answer is just plain wrong.

Left screen is the THM and right is youtube. Any assistance will be much appreciated !!

Anyway, goodmorning ya'll. Happy Friyay

It's a known issue, just answer Virus threat protection and it will auto-correct.

thank you very much. That's the only answer I can't clear to finish Pre-Security, been stressing about it.

Gave +1 Rep to @tight ingot (current: #1 - 2707)

if we complete pre security we don't need to go for introduction to cs and beginner path or should we keep some notes about them

When you complete pre-security you should probably move to Introduction to Cyber Security and after that to Complete Beginner or Jr Pentester

Cool thanks

Gave +1 Rep to @zealous dove (current: #39 - 205)

im so overwhelmed with linux basic 2

its like im constantly haunted by myself that i didnt quite learn the topic above the currenat topic

and some of them i just cant understand

this fever got me lazy and less energy dozing off and shi

what wpuld someones advice be if im struggling with the linux basics 2 ):

Have you tried watching the video to see if you understand it better?

What would you suggest on how we could improve how the content is structured and make it less overwhelming?

been watching the thm video since i didnt buy pro version

visualthings like interepting things visually would make people understand better

blames on me too dam this phone my attention span is low

so i dont really understand what a fragment is in room (HTTP in detail) its saying (Fragment: This is a reference to a location on the actual page requested. This is commonly used for pages with long content and can have a certain part of the page directly linked to it, so it is viewable to the user as soon as they access the page.) so i once created a website, just some HTML and CSS and Js and this website had some sections like (intro, my projects, contact us etc...) is that what it means a fragment ?

A fragment in that context would be if a part of your site does appear in a Google search result, say for instance, the my projects section, when you click on that link pointing to your site, you will find the url will have something like #myprojects and will move to that section upon loading. This is something that has to be included as part of the website source code.

oh i got that
Thanks

@brave cobalt

im greatful that when i started to respect my pace and took breaks and between, ive effortlessly completed the linux fundamentals 1 and 2 which was a pain in the ass before. thanks to that guy/girl who told me to respect my pace i feel much better now (:

Btw

In linux fundamentals 3

Task 4 serving files from your host

What is the purpose of putting up python3 -m http.server

And how do we know what files it has cuz the next the task showed was download something with an wget

And can someone provide me an actual/irl example that uses this ?

...The task your doing is a perfect example.

You'll see why in a minute.

I understand what a wget command is but what I didn't understand is how do we know what files exist cuz the activity told me to download from a particular website/ and a file from that giving me that website's ip and port 8000

Because right now the material is telling you the file exists, so it knows the file is there.

however most times in CTF's people use it to move their own files, or files they know is there from enumeration.

I partially got the purpose

version - Plesk Obsidian 18.0.51 , any vulnerability ?

hi , i have a problem with phising prevention room , when i submit the answer which is "<domain> service ready" dose not working, please help me to solve the problem i still just have this question and than finsh the whole room on soc1

Solve it a second ago actually... your answer is correct, just remove the "<>"

thank you it works

Have you tried to do a Google search on it for starters? Also, this isn't tied to the learning path per se so you might want to use other channels #general or #infosec-general

hi, I've just started "Windows Fundamentals 1". In the second task, the link to the differences between Windows home and Windows pro is out of date and you have to look for information on the question asked at the end yourself, which is not difficult. Nevertheless, you can update the content of the second task or attach the appropriate link

I think those full rooms could be overhauled with Windows 11 in mind now.

um i dont think its from pre security

Hi, I am stumped on a Windows Fundamentals 1 'The Desktop' question. "Besides Clock and Network, what other icon is visible in the notification area?". I have read through the information multiple times and have tried many things but nothing seems to be working. Would appreciate some help with this one

A menu bar opens when you right click the icon. This menu bar has an option to Open ****** ******.

Is it something to do with volume?

No, right-click on the notification area. This wil pop-up a menu. IN this menu there is an option called open A***** C*****. Fill in the stars.

Thanks for you help 🙂

Hello everyone,
I have a problem with Windows Fundamentals 1, Task 6 (User Accounts, Profiles, and Permissions). For the last question, "What is the account description?"—even though I’m putting the right answer, it’s not being accepted. Is anyone else having the same problem?

Hi, are you sure you didn't put the full name instead of the description ?

Yes,Answer is Account is disabled?

No, to which account are you looking to ?

Guests account

You need to look to the tryhackmebilly account

Ah okey.I will check it now

Let me know if it works for you

Okey.i will

Same problem again incorrect answer

What did you put ?

Account is disabled

From where do you check the account ?

Both-guest and tryhackmebilly

Yup but what did you do to see them, like with which tool ?

Just go to properties and check. From lusrmgr.msc

And you clicked on the users tab ?

Yes I did! Server problem??

Can't connect too so I guess

Then you should have this :

Yes.i did!!

And from that you can see the answer

Yes,I did everything,but not accepted

From the image I sent above, the answer is the description for 'tryhackmebilly' account name

Yes the same tryhackme account is enabled and Guest is disabled. I tried both,didn't work

No I feel like you didn't understood the question, you don't need to click on the account, you want to check the description associated to account named 'tryhackmebilly', you can already see it from the image I send above

I got it that one .The one I stack is last question (what is the account is description?)

Yup and it's on the same row

Yes,I see.Thank you very much for your patience and help.I just look at Guest properties and tryhackme properties.Now I understand what you meant🙂

No problem, sometimes the answer isn't complicated (but sometimes they are harder to find too)

Okey.Thanks

Just did the OSI Game as part of the OSI Model module - great fun xD

Didnt expect that

I have studied ccna in the past but i remember that in OSI Model network layer that we divide (from segment to Packets ---> small chunks of data ) but here says It's the opposite anyone has idea plz?

The third layer of the OSI model (network layer) is where the magic of routing & re-assembly of data takes place (from these small chunks to the larger chunk).

Maybe I should ask here instead of room help. Ok, I have a somewhat grasp on the Ports 101, Source port and Destination ports, first being random 0-65535 and the latter being dependent on where you are getting your data from(80 if website). But I'm unsure once i get to the firewall 101, because I know the Firewall can block the port it controls, and limit the udp/tcp, but how does it limit the port asking for data, if the port is random? Is it Ip address based?

Fundamentally, firewalls are similar to a router in that it uses access control lists (ACLs) to decide what traffic to permit and/or block. ACLs would usually include a source IP, destination IP, protocol and action (permit/deny). The firewall will make a decision on incoming or outbound traffic based on those permitted or blocked ACLs. However, there are also firewalls that have an implicit-deny rule (meaning those that are not explicitly permitted are blocked).

From what I understood, the context as written in the CCNA material would be referring to the sending of data whereas the THM room material is coming from the point of view of receiving data.

Note that packet delivery may vary depending on the protocol used, thus it will need to be re-assembled at the receiving end in order to interpret it properly, in which case, it will be encapsulated from being a packet to a segment.

Others may chime in as well.

@inner bloom is there a reason you're doing this?

hello everyone i hope u’re all doing good , this is yacine and i’m new to tryhackme

i have some questions, i would be grateful if some of you could answer

i’m currently enrolled in the pre security path

and i choosed to start with introduction to networking and intro to linux ,

and i successfully completed the 2 modules

but i didn’t feel really satisfied about my learning, and i want to practice what i’ve learnt ,

so when i went to search for some challenges about linux and networking

i didn’t know how to find them

it’s like i got random ctfs ,

and i’m kinda person who is structured in his learning

i mean , for example if i learn networking, i want to solve some ctfs about what i’ve learned

if i learn some linux stuffs

i want some ctfs avout linux

and etc ……

so i really want some guidance from you

since i’m new to the industry

i hope u’ll get the point

and thank u all

There is not really such a thing as networking ctfs afaik, each of the rooms tends to already have practical aspects built into them in order for you to practice and challenge your knowledge. As for linux, pretty much any linux challenge machine will require basic linux knowledge like that, but it will also require basic hacking knowledge which you may not yet poses. If you wish to practice these things further, doing something like setting up your own linux VM would be a good idea, but I'm not sure you'll really get what you are after with "ctfs", not for these topics quite yet anyways.

so what the ctfs there ( in tryhackme ) about ?

like .. they encapsulate several skills ?

Well most of the challenge rooms are going to be hacking a box, website, or network - though there are others related to things like packet analysis, SOC, hash cracking, OSINT, etc

hello

this is real course

or fack

Hello

Can anyone help me?

In System Configuration, what is the full command for Internet Protocol Configuration?

Which room are you working on?

Hello @open glade ! Same problem. You can help me change iptables?

I achieved. Thank you

Gave +1 Rep to @lapis lantern (current: #2241 - 1)

Can someone help me out here please? Windows Fundamentals 3, room 2, the question is asking me to provide a date for when updates were installed. The solution is to select View Update History in the Windows Update screen and find them there - but the option doesn't appear in my VM. I can't complete the room! Can I not attach a screenshot here?

You need to verify your account

Thanks much, @tight ingot

Gave +1 Rep to @tight ingot (current: #1 - 2819)

Can someone help me out here please? Windows Fundamentals 3, room 2, the question is asking me to provide a date for when updates were installed. The solution is to select View Update History in the Windows Update screen and find them there - but the option doesn't appear in my VM. I can't complete the room! Thanks in advance.

Use systeminfo.exe

The terminal runs a bunch of info down the screen and disappears. Running that isn't intuitive to the lesson anyway, why don't they just fix the VM? This isn't the first time I've noticed discrepancies like this, but the chat help is useless

Now I got systeminfo.exe to give me information, but where does this tell me install dates? I don't see anything useful here.

wmic qfe list Try that one.

Are you there?

#general message

Going by your comments, your over looking this answer, it's not hard to see or hidden.

You even have the option to click on yoru screenshot

yeah wmic qfe list definitely would have done the trick. Thanks for the help

Do you now what else would have done the trick?

That was kind of my whole point. The left was the screenshot from the exercise. The right was my VM. I didn't have the link available to me for some reason.

I mentioned this in my original post

looks like a dispjay issue

Regardless, I appreciate you looking into it for me.

so I was doing Linux Fundamentals Part 3 and I am genuinely mad that I was tricked.

The file catsanddogs.jpg that some user was accessing did not have any cats :<
File was in var/www/html/catsanddogs.jpg

Hi

Hello

"What is the numerical priority value for the MX record?"

user@thm:~$ nslookup --type=MX website.thm
Server: 127.0.0.53
Address: 127.0.0.53#53

Non-authoritative answer:
website.thm mail exchanger = 30 alt4.aspmx.l.google.com

guys what does this signify? any practicality to finding the numerical priority value of an MX record?

"This tells the client in which order to try the servers, this is perfect for if the main server goes down and email needs to be sent to a backup server."

knowing where most of the mail is sent first

and the mail servers which will be used as a backup

Look up "dns mx priority value" on Google. Are you in the DNS room?

"What encryption can you enable on Pro that you can't enable in Home?" ||https://en.wikipedia.org/wiki/Windows_10_editions||

re: Windows Fundamentals 1

Task 2

The link in the task is out of date so a bit harder to find the answer. I suggest you google: windows encryption.

yes, I noticed Microsoft changed the link. I knew the answer without looking it up, yet felt that wikipedia compare might be a bit more stable, just sharing

easy enough to find

oh ya! "1201 days ago" 😄

created that is

hello, I'm doing the Pentest Fundamentals lab and I have a question about black-box, white-box and grey-box penetration testing. Here's the question "You are asked to test an application but are not given access to its source code - what testing process is this?"
i chose black-box testing and it tells me incorrect answer

everything is open source if you know assembly

Make sure you look at the * in the answerfield to know how many words/letters the answer is.

the answer is probably black box, with space in between and without the "test" part from your answer

follow his advice, that's how i figure answers all the time on the website

I recently had to resort to that method for something I struggled at understanding what the question really wanted

a puzzle in itself coming up with a solution 🙂

thank you very much

Gave +1 Rep to @brisk ocean (current: #491 - 10)

Np.

thanks!!

Gave +1 Rep to @modern cloak (current: #915 - 4)

Finished that room but that value makes sense a bit now

Hello everyone! I seem to be stuck on this question. If anyone could share with me some insight would be great appreciated! What layers of the OSI model do firewalls operate at?

Question Hint

Provide the layers, replacing the following "x" and "y" with the appropriate layer in ascending order (i.e. 1,2): Layer x, Layer y

https://tenor.com/view/wipe-off-sweat-bradley-hall-clear-the-perspiration-wash-away-sweat-gif-5666657092934823161

I got it never mine

https://tenor.com/view/wipe-off-sweat-bradley-hall-clear-the-perspiration-wash-away-sweat-gif-5666657092934823161

😂😂

What’s so funny

the gifs????

Oh. I don’t know, I didn’t really find that funny tbh

If you wanna elaborate why you found that funny I would appreciate that

Im having issues with one of the questions in the packets/frames room. Its the one that asks; Provide the order of a normal Three-way handshake (with each step separated by a comma). My response was "syn, syn/ack, ack" and it says its not right? I tried capitals, still not right. Anyone know why it wont accept that answer?

Probably the spaces are the issue.

|| SYN,SYN/ACK,ACK ||

thats exactly what was up. Thanks!

Gave +1 Rep to @zealous dove (current: #34 - 231)

I just had the same issue

I tend to not bother waste time explaining humor, let's keep this room for its sole purpose of helping others in this pathway instead of starting petty arguments

Let's not be rude.

Alright, my bad, I just don't understand how arguing why I laughed at a fellow's joke is relevant here

or relevant/appropriate within any kind of civil conversation really

I agree, but let's not call people slow.

That's fair. I'll remove that part

Lol you must fun at parties. Calling people slow when you yourself are so serious and boring you can’t even understand a joke

👍

hi guys ,
In linux fundementals 2 the attackbox doesn't have the same folders and files as in the room so i can't complete the room.
Any help?

I just started with the tryhack me platform

Could you send a screenshot maybe I can help

Hii Smooth Operator

hey there, make sure you clicked start machine on the top right of task 2 and wait a lil while before starting attackbox and it should be good from there

You might have to ssh from the attackbox to the other machine you have to deploy.

It is meant to have different folders to make you use the commands and find the answers yourself and not just copy the example results

Which task are you on i think I am mixing fundamentals 1 and 2

this was the solution ty

Gave +1 Rep to @naive cedar (current: #2263 - 1)

Hi everyone, I'm in the Windows Fundamentals 1 in the pre security section and I'm having difficulty answering these 3 questions prolly because I'm typing them wrong. Can anyone please help with this?

Which selection will hide/disable the Search box?
Which selection will hide/disable the Task View button?
Besides Clock and Network, what other icon is visible in the Notification Area?

Did you start the machine in task 1, to use it to find the answers?

Yes, I did start the machine @zealous dove

Okey. Now when you right-click the 'search box' there's a menu. All the way at the top there is an option to Show/Hide the search box. Same goes for the 'Task view button'. For the last question you right-click all the way to the right of the task bar and a menu opens: and at the top there is an option to "open A**** C*****" (fill in the stars)

before you answer a question always look at the * in the answerfield to know how many letters/words/etc the anwer is.

Thank you so much @zealous dove I'm finally able to figure it out following your guideline.

Gave +1 Rep to @zealous dove (current: #34 - 234)

In osi model room I have completed the session layer still it is showing it as incomplete

Leave the room and rejoin then asnwer the questions should fix it

@upper bear thanks,it worked

Same here!

Lol, if you read the exchange with Blackout...

Yeah, I did it and it didn't work. Answered it again but when I change pages it turns out blank again. LOL

Did you leave the room and re-join via options?

It worked. Ty. Does it often happens?

No, it doesn't.

I had the same question about layer 5, leaving worked, thx

Same here, thanks

helloo

is the osi model room bugged? task 6 doesn't seem to accept any answers (better, it does accept them and says they're correct but then doesn't complete the task, thereore the room, thereore the path)

Yes. If you leave the room (options at top of the room) and re-join, problem should be fixed.

Thanks

Did this solve the problem for you?

I still cant complete this room and it´s the last thing missing for my certificate :(/

Which room are you having an issue on?

hello, who is starter ( beginner ) in penetration tester?

A bunch of folks are, myself included though I'm not a pentester, just a beginner in cyber.

👍🏻

hello dears,
i would like to join or making a team is there anyone? thanks.

making a team for?

maybe he means for the cyber security 101 path

hey what is passowrd of tryhackme attackbox

click the little 'i' icon near the - and power button and it will tell you the web-based machine info for that attackbox

otherwise every other user/pass combination should be in task 1 or 2 of the module when initalizing a machine

hello for all i am new

hey i really new to this and just wanted to ask, is doing one level a day ok or should i do more or less?

the higher the level you get the more points you need to level up, so it really depends.

at the moment im trying to learn hacking and i dont really care about my level (also for some reason even though i have completed some rooms i still have 0 points)

The level is also not very important. Whats important is that you understand what you learn in the rooms, make notes, practice and have fun with it all.

so to do what i can every day and focus on learning

Just take your time, make sure you understand what you read, take notes and put what you have learned to practice, hands on experience is the best way to learn

ok thanks

Hello everyone! I am also new here and just got started today. Is there any chance someone could share their notes for this pathway? I will return the favor somehow. Thank you!

Hi, I'm not sure what exactly you would want notes on? The only noteworthing path would be the networking, which wouldn't be sufficient with notes alone. So I would recommend that you just do the paths

hey!, what's up guys, I need help I can't run the machine

like in Start Machine

In Offensive Security Intro

#room-bugs message read this

thanks for the help bro, it worked

Gave +1 Rep to @untold scarab (current: #215 - 30)

Hi everyone! I’m looking for notes or resources related to the pre-security path. If anyone has any materials to share or can point me in the right direction, I would really appreciate it. Thank you!

Did you already do the pre-security path?

yes but i was not taking notes so i forgot somethings now i am making/finding notes so i can revise them and save them for future revisions.

Well start now taking notes 😂
Did a gitbook for myself with tools and commands.
Was worth the time spending on that. Did it also way too late thinking „it can’t be that hard“

Hey I just got started 2 days ago, and while I find it very helpful to take notes, it is taking me 2 hours on average to finish a room. Is that normal? And if not, is there a better way than taking handwritten notes? Thank you

Gave +1 Rep to @vale violet (current: #939 - 4)

I would say depending on the room and how easily you understand the content, 2 hours including making good notes is not too bad. I rarely finish a room within the timeframe thats mentioned at the top of the room.😅

Don’t worry about the average time spend in a room. I sometimes spend like 30 min on 1 question and the answer was „easy“ 😂 just keep going and have the discipline to do it everyday that’s where the most people fail. Everybody has his own learning speed. People in here are very helpful when you can not find the answer by yourself.

@zealous dove @vale violet Thanks guys! By the way, do you mind sharing where you are in your learning "adventure"? I am a data analyst who is switching to cybersecurity but I'm kind of lost with the direction I should take

Gave +1 Rep to @zealous dove (current: #32 - 253)

I am fairly new to IT in general and only started doing cyber security about 6 months ago. By which direction you mean blue/red team?

Exactly.

I'm limited by time and I need to find a job ASAP. Just got laid off from my previous job and I'm fully committed to learn and switch to cybersecurity

Are you looking for a job or did you already find one?

I'm sorry for asking too many questions!

Finding a first job in Cyber Security can be challenging. Usually you'll start with something like Helpdesk as there are no real entry level Cyber Security jobs. There's info, discussions, tips, etc. to be found in #cyber-and-careers if you're interested.

As far as picking between blue and red team, i suggest you do the Cyber Security 101 learning path on TryHackMe. This will introduce you to both and when you're finished you might have a (strong) preference towards one or the other.

Realistically I think there's more need for blue teamers than red teamers in the job market, but dont pin me down on that.

Thank you so much for the tips. I'll just keep going!

When you start off, you might take a while writing notes since you don’t have much knowledge. Eventually it’ll go by quicker as you learn more

If you need a job asap I would go for sec+ and just apply a ton to entry levels positions

Hey thank you for your reply! When should I start preparing for the sec+? After finishing SOC1 and SOC2 paths?

Gave +1 Rep to @naive cedar (current: #1534 - 2)

Nah. Just focus entirely on sec+ now. Drop tryhackme for now and get your sec+ certificate first. It took me 2 weeks of studying to take the test and pass.

After that. update your resume to add the newly acquired security+ certification and apply to jobs everyday, meanwhile continue learning on tryhackme. SOC1 or SOC2 won’t prepare you for sec+

But sec+ is not too technical so don’t worry. It’s an entry level certification, but it’s the most widely recognized

Thank you again! I don't have any background or knowledge in cybersecurity. Do you have any suggestions concerning study guides or courses to prepare for the exam?

Gave +1 Rep to @naive cedar (current: #1158 - 3)

I would suggest professormesser on YouTube. He’s the most popular choice and it’s entirely free. Definitely download the exam objectives.

I’ve dm’d you an invite of his discord server, which is a massive community of people starting in cybersecurity like yourself

Wow you're amazing! Thanks again

Gave +1 Rep to @naive cedar (current: #940 - 4)

You’re welcome

Hello everyone! I had a silly question. In the AD Basics room, I was trying to use Remmina to RDP (per instructions) back into my windows desktop deployed machine to use powershell as a user to change another use's password. It prompts for a password to unlock my keyring which is not provided- is there another RDP service they prefer us to use in attackbox? i am guessing so since they didn't provide a password for the Remmina?

Can you give me that link too?

What i found is use xfrerdp and the target ip on the top of the room in a linux terminal

ah, i can do that. the screenshots provided were not using terminal, but i can. 🙂 That's what threw me for a loop.

Thanks!

Yeah i struggeld too with that. Np!

I should probably usemy own vm, but i struggle to understand still if i have made my own secure enough or if i would do something wrong- i have enough knowledge to be dangerous but not secure yet, lol.

I am using attackbox for walktroughs but when i begin with challenges i will use a VM. But isent a Vm secure enough just by being a Vm and not an acual machine?

Just hit cancel,

yes, but i recently participated in a sans designed challenge and still managed to attack the wrong things, lol 🙂

I dont think that has anything to do with the security of VM's

at least if i use attackbox, i won't be using my real computer to do it, lol

if you're running a VM it's wildly unlikely that it'll ever be not secure enough for anything bad to happen

just keep the VM software updated and you'll be fine

They tell you in the text of the task to just click cancel when it prompts for the keyring, and it will continue

they don't tell me anything, just use rdp with zero context of how to 🙂

up until this point, they haven't mentioned using any tool to rdp into anything at all, i am shooting blind here.

I'm talking specifically about what they say when it comes to using remmina and the key ring

it says in the text that when it asks for the key ring password to just hit cancel

but on this learning pathway, they haven't explained using rdp in anything besides windows, so nothing on how to use in any linux system.

also the AD basics room is in the 101 module

yeah- but without instructions, anyone following the presecurity-cyber 101 path has to guess at this point because it's not covered in linux 101 or any of the earlier classes at all- just rdp. i've never used any of these tools

yes, but i don't have any options for that room, so it drops me in two elarning pathways here

I recall vividly that when it explains using remmina it tells you to click "cancel" when you see the keyring popup

and it explains you use it by typing the IP address and such into the correct fields

thanks. i've been on THM a week, and this server 20 minutes. you have been very helpful 🙂

I think it's also important to note that they explained you should be exploring the tools such as remmina when they initially introduced them. They also elaborated that a lot of the learning in the future will more than likely require your own research. They asked you questions in pre-security that were only answerable by searching in google to make this point

If you're planning to be successful in any tech field, researching things on your own and learning them without a handy tutorial for your exact use case is going to be the key

up until this point zero tools have been introduced, is what i am explaining.

RDP was explained onl in context of windows

Did they not introduce remmina?

attackbox is not windows

linux 101 did not cover it at all, only terminal

and ssh, but not rdp

I'm speaking about the path up to this point

correct

including pre security

it has not been introduced at all

correct

If that's the case that's definitely a little backward, but regardless, it's a good opportunity to go and learn on your own

It's common in this line of work to stumble across verbage you know absolutely nothing about, and you have to go learn about it by looking at documentation and such

Dmd you the link

Does doing more rooms help on job interviews ?

same here and I agree, I just started a week ago and this took me a while to figure out 🙂 if you are on your own kali machine and have the THM VPN active, then you could also use xfreerdp (already installed)
xfreerdp /u:THM\phillip /p:Claire2008 /v:10.10.184.85 /dynamic-resolution

It helps you gain some knowledge

TY

Gave +1 Rep to @naive cedar (current: #809 - 5)

can someone help me please

staff?

Can you describe the issue you are having so we can point you to the right direction?

It definitely does. Thanks for answering the question.

Gave +1 Rep to @dull narwhal (current: #2339 - 1)

I just started my THM journey a couple days ago. Since I'm currently on the Pre-Security-Path I thought I'd post this here. Since learning cybersecurity is a fairly long journey I thought someone here might find a little competition helpful for maintaining motivation.

No stakes other than bragging rights. Only rule is whoever has the highest ranking on the leaderboard is winning.
If you're already ahead of me, fair game.
If you start behind me, it's easy to catch up (for now).

Currently ranked 428,278. GLHF!

Started yesterday, my rank is 1,126,228, I will catch up 😤 😤

Oh yeah. You'll drop that 7th digit before you know it. Getting to 5 digits gon' be a little tougher tho. Here's where I am now, after 24 rooms. Finished Pre-Sec and onto Complete Beginner now. We'll see where I'm at after that & Intro

Hey congrats on finishing pre-sec! I'm almost done with that path too. Do you mind telling me how you take notes? It's taking me ages

uh......... what're these noats you speak of?

I'm not great with notes but I use something like notepad++ for things I need to type out to help me remember. I use Obisidian for any notes that I take for future reference.

Huh? Do you just read and do the tasks or do you take notes?

Thanks. I'm handwriting everything. It's really helpful with memorizing stuff but it's taking me a lot of time

Gave +1 Rep to @restive sand (current: #2342 - 1)

Tbh I haven't really prioritized taking notes because I'm not studying for a test. My approach is to learn by doing. There's 900 rooms and almost all of them have at least one VM to practice on.

I tried that too with the same issue so I type things out in plain text notes. It helps some and that way if I need to be reminded I can search for it too. For me, like what @hollow totem said, I learn best by doing. Practice helps reinforce the things that can be practiced and that helps me remember things best.

Yeah makes sense. Good luck everyone!

you too!

When would you all reccomend to start doing the Practice?

Should I finish Pre-Security first?

Technically (i.e. according to the structure of THM's website) everything is Practice. The Practice tab is just a sample selection of all the hundreds of rooms available (which are listed exhaustively in the Search tab). They're all rooms with VMs. The only difference between a "learning" room and a "practice" room is how much handholding you get in the written portion.

Hi mate, follow This Pattern PreSecurity >> CyberSEc101 >> And Take a quiz find your way in cybersec

I highly recommend premium

Realistically, if you are a beginner the Pre-security is really just the basics before you even start with security. You should probably do Intro to Cyber Security and the Complete Beginner (and/or the CyberSecurity101) paths before doing practice (CTF) rooms. However, you can always start doing practice and see how far you get with current knowledge and skills.

hi everyone. I need some help on lesson Soc level 1, MITRE and the 4th question. What are the data sources for Detection? (format: source1,source 2. source 3 with no spaces) I am in the phishing page searching trying different tabs.

nevermind found it

I can't figure out the 5th question on Soc level 1, MITRE and the question is What groups have used spear-phishing in their campaigns? two groups only . I tried to look into the phishing: spearphishing attachment because it shows which groups under the Procedure examples.

i have the feeling he found it

Hi, I'm that comptete beginner.
Which should i do first out of the three paths? CS 101. Intro to CS or Complete Beginner?

Depends what's easier for you, complete beginner is specially designed for people that are new to cybersecurity and just introduces basic concepts and foundational topics

I would recommend that first and later gradually move to CS 101 or intro to cyber security

TBH, I am as new to this as is possible to be so don't want to miss any assumed knowledge

Then you should start with complete beginner as it will cover concepts from scratch and then move to CS 101 because it will soldify your understanding of computers or networks

Excellent. Thank you

Gave +1 Rep to @crisp sparrow (current: #377 - 14)

i am one the same pace tooo

I am loving going through these learnings

I am learning so much!!!

where in the course are you right now?

Hello all ! I have done all soc paths FREE, waiting for black friday. When will they announce it ?

Probably around Black Friday.

Cant wait to see the reduction in prices- thank you

Gave +1 Rep to @tight ingot (current: #1 - 2965)

It will probably be around 20%

not bad at all ill register for sure thanks

Are you a student?

No unfortunately

.

when we will see those reduced prices?

Black Friday probably

nice

Help with the "Firewall Rules" mini game in Task 3 of "Extending Your Network". I think I understand the concept but just don't know how to execute it probably.

Figured it out

Hello guys! I just reached the HTML Injection task and i am having a hard time understanding it... I couldnt for the life of me figure out what i had to do, so i followed the video and still don't understand it.. I thought i would have to look at the source code and implement the website link in there, but instead the video showed to input the code in the box. How can that be an injection? I don't understand how a code implemented in a box where the user is supposed to write something, can become malicious?

hello im new

Hi everyone, I just started the Pre Security learning path yesterday. After completing "What is Networking?", I noticed that the next module, "Intro to LAN," requires a subscription. Does this mean I won’t be able to complete the Pre Security pathway for free? I read somewhere that it’s free, so I just wanted to make sure if Pre Security is actually paid?

Yes some of the courses are not free. Pre security has a few free and a few non-free rooms. I just click through a few of them to see if they require a subscription or not. I know all the windows fundamentals are free, but to be honest they didn't help me all that much

The text you put into the box should usually just be a name, that isn't malicious. It becomes malicious if the user inputs code into the box. When they click submit button, the website runs the code! So basically you can write code sneakily and take advantage of this website, because the author thought people would only submit names.

Aah okay! didnt even know that was a possibility! cool!

It's super cool, and scary! Later some input boxes are sent to a database. If I want to add a new user named "Garrett" I'd input the name. But since I know my input will be sent to a database that uses SQL. I can input an SQL code snippet that accesses the passwords table and get all the users passwords! Stuff like this is super important when making websites, make sure all your doors are closed.

That sounds really interesting! Cant wait to read more about it!

Hi, i am new to cybersecurity or network security concepts in general. i am currently taking the pre-security learning path and realized the next LAN room is only for those subscribed. I am trying to figure how i can manage the subscription fees. meanwhile, its nice to see a community learning the concepts and are at different levels of learning. All the best. also, if anyone is new and would like a buddy to share notes etc, please reach out.

It's significantly cheaper if you buy an annual but if you're not sure whether you can swing $14 on month to month, I would by a 1-month voucher and email it to yourself. That will give you a one month subscription without worry about auto-renew. Although I believe that THM will always give you the full length of your subscription.

Hi I am new member

hey you guys i need some assistance. Im working on Soc level 1, Mitre/Task 3 and question 5 What groups have used spear-phishing in their campaigns? Im in the link but its so much that where I go to Its not helping. Just some guidance to the right catorgory

plus i can't move forward to the other questions since they reference off the question 5

Go to mitre attack webpage for T1566.001 or spear phishing link and scroll to the groups section, it should list them then, i can't give you direct answer but some of the groups might be lazarus group, FIN7, etc...

im currently in that reading it again,

none of them dealing with the campaign fits for that question

Axiom and gold southfield aren't working?

im not even on that page. I in the spearphishing attachment under Phishing

What task are you on

Write in a format

task 3, and i went into mitre ATT&CK and went to phishing and clicked spearphishing attachment

You may find your answer here https://attack.mitre.org/techniques/T1566/

Read the description

You will get to know the answer