Introduction
If you are reading this, you are probably already looking at TryHackMe, and perhaps want a comparison between TryHackMe and other popular platforms, such as HackTheBox, or just want a second opinion on TryHackMe. So, I will get straight to the point and skip the introduction.
I shall be transparent here. Personally, I have yet to try HackTheBox as TryHackMe suited my needs to begin learning Penetration Testing. With that said, I am not completely giving up on HackTheBox. Once I improve my skills, I will definitely go and take a look at the other platforms.
I will try to provide as many screenshots and reference sites for you to look at. Hopefully, by the end of this post, it will help you to decide whether TryHackMe is for you.
What attracted me?
1. Many Learning Paths and Modules to learn from
I joined TryHackMe to hopefully learn more about Penetration Testing and Offensive Security. When I was on this page, I saw that there were paths for ‘Jr Penetration Tester’, ‘Offensive Pentesting’, ‘Red Teaming’, and ‘CompTIA Pentest’. These were exactly what I was looking for. Of course, there are many other learning paths, which I will talk about later on.
If you notice above, I went ahead and complete some introductory and defensive learning paths. I could have just dived right into Penetration Testing and Offensive Security learning paths, but personally, I felt that it might be useful for me to spend some time and learn how to “defend”. If you have prior experience in this field, perhaps you could skip them.
On top of learning paths, there are also other modules that you could learn from (There are a lot of them, trust me). It is quite self-explanatory. The title of the module is what you will be learning. For example, Metasploit, Nmap, Burp Suite, etc.
Another thing to note is how a learning path works. It consists of multiple modules combined together to form a “path”. These modules are selected by the creator of the learning path where he/she deems that the modules are necessary skills to master, which I will talk more about in the next section.
2. Guided pathway, with its readily accessible web-based labs
When I first started using TryHackMe, I felt that the learning paths were very useful, especially for a beginner who had zero ideas of the basic skills that, for example, a Penetration Tester requires. Hence, with the pre-selected modules, it quickly allowed me to identify the skills needed. If you are new, these guided pathways will definitely benefit you.
Remember, they are just modules that are included in the learning path. If you have previously completed any of the modules separately, you will not have to do them again to complete the path.
One function that I like about TryHackMe is that they have web-based labs that we could easily access to have a practical feel of how the attack works, and they are called AttackBox. With just a click of a button and some time to load, these labs/VMs are ready to use. Other than the readily accessible labs on TryHackMe browser, you could also use OpenVPN to connect to the labs.
You could read more about OpenVPN in the link below. Personally, I would prefer using AttackBox as it is so much simpler to use, and it works just as fine.
TryHackMe’s VPN Explained (by Ashu Savani):
https://tryhackme.com/resources/blog/tryhackmes-vpn-explained
TryHackMe OpenVPN Guide:
https://tryhackme.com/access
https://tryhackme.com/room/openvpn
3. Self-accomplishment
If you are a person that is driven by self-accomplishment or someone that needs some form of motivation, I think the TryHackme hacking streak will help you a lot. From my own experience, I had a 30 days streak at one point and I was so afraid of losing it that I made sure that I find some time every night to complete something. Unfortunately, I still lost it in the end due to some personal issues. Nonetheless, having a streak around just adds a little bit of fun and might even motivate you to learn something every single day.
To clarify, the streak freeze shown in the picture above was implemented only recently, and that explains why my streak is no longer at 30.
Leaderboard was also something that kept me going. Yes, it will be difficult to be in the Top 50 ‘All time’, but it is possible to be in the top few ‘Monthly’ just within your country. Something you can try to aim towards every single month if that motivates you as well.
With all these said, I must emphasize that being the top player or having a high streak should not be your main source of motivation to turn on your computer, login into TryHackMe, and start doing the modules every single day. These functions can help to push you a little, but your main motivation should come from your curiosity to learn. Only when you are curious to learn and want to learn badly, then you will find it easy to actually be on this platform every day, no matter how busy you are in your other aspect of life. You don’t necessarily have to be spending many hours at night or burn the midnight oil. Every minutes or hours count.
Other interesting stuff
- Kill of the Hill
This is one thing that I would really love to try in the future. Let’s be honest, at first look, it does look interesting right? But right now, I do not think that I am equipped with the skills and knowledge to attempt this competition. If you have tried this before, you could let me know in the comment section your thoughts. Perhaps in the future, once I have tried it out myself, I will write an article on it and share more.
2. Badges
Badges! Quite self-explanatory. As of right now, there are a total of 45 badges you could earn by completing modules, paths, series, etc. With them, you could one day look back and see how far you have come.
Is TryHackMe only for ‘hacking’?
Nope!
There are a lot of different rooms/modules there that are not hacking-related. To name a few; SOC Level 1, Linux Fundamentals, Wireshark, Malware Analysis, Incident Response and Forensics, and many more… If you have the impression that TryHackMe is only for hacking, I can assure you that it is not.
TryHackMe is also a platform where you could come back, attempt the modules again, and sharpen your skills. You can see this platform as somewhere where you can safely practice, both defensively and offensively, almost like a game.
Conclusion
There is no harm in trying it! Remember, you can always create an account for free. Yes, a free account has its cons and you can view the details here: https://tryhackme.com/why-subscribe (Full disclosure, I am on a premium subscription). Try it for free, think about it, and if you feel it is worth paying for the subscription, go ahead!
Of course, there are other platforms such as HackTheBox (https://www.hackthebox.com/). Once I have tried it out in the future, I will definitely share more details here.
There are also free platforms, such as Port Swigger (https://portswigger.net/web-security). If you research enough, there will always be someone on every platform that tells you that to learn hacking/pen testing/bug bounty, you do not necessarily have to spend money, as there are plenty of free resources out there. This is true! So, know what you are spending. If you are going to spend money, make sure it is worth paying, and you better make the money worth.
Thank you!
Really thank you for reading this far. If you have any questions, please let me know in the comment section. Give a clap if you like this article, or just to make me feel better :) If you want to follow me on this journey, do follow me! See you all in my next post.
