Hello everyone, this is TheF1ash, and this post is going to introduce everyone to the awesome world of TryHackMe’s Pre-Security learning path, a new learning path for beginners.You can join the path at https://tryhackme.com/path/outline/presecurity(You will need a TryHackMe account to join).
I just completed the learning path, and for those who are not familiar with TryHackMe and interested in security, I would absolutely recommend checking out TryHackMe at TryHackMe.com. They have an absolutely enormous number of rooms covering a wide range of topics in security starting from the very basics upto the extreme, and also a lot of rooms to practise your security skills.
Pre-Security Learning Path Introduction
Though we covered a little bit before, the pre-security learning path of TryHackMe is a learning path to teach beginners the basic technical knowledge to get started in cyber security. It covers a wide range of topics which we can see in the screenshot below:
As we can see, the Pre-Security learning path includes modules like an introduction to the Cyber Security field, Network Fundamentals, the Web, Linux and Windows Fundamentals, all of which are necessary skills to get started in cyber security.
Each module has a certain number of rooms which we can work on, and it is recommended to go over them in order. Having looked at the pre-security learning path from a high level, lets dive a little deep into each module.
Cyber Security Introduction
This module is the first module which introduces us to the world of cyber security.
It has just one room, Learning Cyber Security. This room will cover why it is important to learn about web application security and network security. It also gives you a chance to see on an extremely high level, a fun method to hack a hypothetical user’s account on a fake website(see below)! It also introduces you to other learning paths that you can enroll in on TryHackMe, including the Complete Beginner, Offensive Pentesting and Cyber Defense paths.
Network Fundamentals
This module covers fundamentals of computer networks. It is imperative for anyone interested in security to have really strong networking fundamentals.
This module goes in breadth as well as solid depth covering topics starting from what actually networking is, provides an introduction to the Internet, Ping, LAN, ARP and DHCP protocols, Subnetting, OSI Model, and then goes in depth into the Network and Transport layer of the OSI Model with discussions on IP Addresses and how they work, and the TCP and UDP protocols.
I particularly liked the simulated exercises in this module which showed different types of network arrangements, and we could interact with the network to send data across the network and analyze how it travels across different devices. That visual representation is very helpful for getting a deep understanding of how data travels across the network.
Finally we have the ‘Extending Your Network’ module that gives an introduction to some advanced topics like firewalls, VPN, routers and switches, and at the end has a network simulator which will help to understand the chronology of how data flows across the network between two devices. (Screenshot below)
How the Web Works
This module goes into more depth about how the web works. It starts off with going into detail about DNS, then goes into the language of the web, HTTP. Further it explains how websites work and introduces to HTML and JavaScript and gives an example of a HTML Injection attack which users can perform as a task on the exercise webpage. At the end, it goes into more detail about how different components like DNS, Web browsers, Web servers, load balancers and firewalls work together to allow browsers to communicate with the web servers. Finally we get the chance to reinforce our knowledge of what happens behind the scenes when we request a website until we see it load up on our screen, using a quiz.
Linux Fundamentals
Having familiarity with the Linux Operating System is absolutely essential for those interested in security. Many security related tools which are useful in different areas of security work well with Linux. Also, a lot of the different types of servers, like web servers and even embedded systems are powered by linux, so it is extremely beneficial to be well-versed in Linux. This module has 3 rooms which cover the Linux fundamentals in parts.
Linux Fundamentals Part 1
This room covers a lot in breadth about Linux, starting from the Linux background and history and then you get to deploy our own In-Browser Linux Machine! You can execute commands on that Linux machine and work through the tasks, of which there a lot. You will learn to run some basic commands like echo and whoami , just to name a few. You will get to learn how to interact with the filesystem, listing contents of files, changing directories etc. You will also learn how to search for files, and work with the common operators in Linux command line. I would recommend you to play around with the machine! The following shows a screenshot of the linux browser-based machine from the
Linux Fundamentals Part 2
This room is where a lot of fun with the Linux command line starts. You will learn how to actually connect to the Linux machine using SSH remotely from your own computer. You will get familiar with flags and switches in Linux commands, how to create, copy, move and rename files and folders. Further, you will learn how file and folder permissions work in Linux, and introduce how users and groups are maintained in Linux. Another important part is the common directories in Linux, where you will get to learn about the common directories in Linux and their uses.
Linux Fundamentals Part 3
This room goes into more depth with some useful applications and utilities that you will be using as you get more familiar with Linux, like text editors, how to download files from the web, how to transfer files across the network using SCP, serving files from your host using Python3, and then introduces you to processes in Linux and how they work, and how to start and stop processes/services, foregrounding and backgrounding processes. Further it talks about cron jobs which are used for automating tedious tasks in Linux, which can be scheduled at any time you like. It also explores package management and introduces packages and software repos from where you can install new software on your Linux system. It also discusses how to manage the repositories where you get your packages from. Finally, it goes into more depth on log files and has an exercise to work with an apache2 log file.
Windows Fundamentals
Windows is one of the most popular desktop operating systems. It is commonly used for personal PCs, for various purposes like web and directory servers, gaming and many other uses. Knowledge of Windows, like Linux, is essential for anyone interested in security, since those two operating systems are encountered most in the wild. The Windows modules are divided into 2 rooms:
Windows Fundamentals Part 1
The first room in this module provides an introduction to Windows, and gives an opportunity to deploy a Windows machine in-browser, just like we did with Linux! You can also use a RDP client to connect to the Windows machine remotely. It also provides a history of the various Windows editions, and then dives into different components of the Operating System, starting with the Desktop (the Graphical User Interface part), the Start Menu and Taskbar. It then covers the NTFS file system used by Windows, file and folder permissions and Alternate Data Streams(ADS). It also covers the Windows\System32 folder, user accounts, profiles and user/group permissions for files and folders. Then it goes over the UAC(User Account Control) feature, and covers Settings, Control Panel and the Task Manager. All these utilities are useful on a day-to-day basis and it is helpful to get familiar with these utilities.
Windows Fundamentals Part 2
The second room in the Windows module provides a deeper look into various services and utilities available in Windows that we can use to manage the system. For example, it covers the System Configuration utility and its various functions. It also goes over how to change UAC settings that were discussed in Windows Fundamentals part 1. Then it introduces the Computer Management utility and how we can use it to schedule tasks, view and manage event logs, manage folder sharing options, monitor system performance, manage hardware devices attached to the system, manage drives and partitions and work with services. Then it goes on to cover the System Information tool available through the System Configuration panel, which can display a comprehensive view of hardware, system components and software environment which we can use to diagnose computer issues. Then it covers the Resource Monitor utility, which provides a graphical view of CPU, disk, network and memory resource usage. This can help in diagnosing issues related to resource availability and performance.
Then it dives into the Windows Command Prompt, which is the Windows command-line tool similar to the Linux terminal. It covers basic commands like hostname and whoami , ipconfig , how to get help with commands, the netstat command for viewing network connections, net command for managing network resources and its options.
Finally it covers the Registry Editor and Windows registry, which is an important part of the OS for controlling the behavior of the system and applications.
Conclusion
In conclusion, I would like to say that the pre-learning security path is an awesome path for beginners to dip their toes in security waters. The world of security is vast, and it helps them to get comfortable with the basics before diving in to explore the world of security. I highly recommend everyone who is interested in security to complete the Pre-Security learning path. Also, thanks to TryHackMe for creating this path, and in general, for providing the platform that beginners and seasoned people alike can use to improve their cybersecurity skills. In the end, keep learning, keep trying and keep hacking!!!