Authorized simulated cyberattacks to find and fix security vulnerabilities before hackers exploit them.

Key Concepts

• White Hat vs Black Hat: Ethical (legal) vs malicious (illegal) hacking

• Authorization: Always get permission first

• Methodology: Structured testing approach

The Pentesting Process:

1. Planning - Define scope and rules

2. Reconnaissance - Gather target info

3. Scanning - Find vulnerabilities

4. Exploitation - Break in ethically

5. Reporting - Document findings and fixes

Common Tools :

• Nmap (scanning)

• Metasploit (exploitation)

• Burp Suite (web apps)

• John the Ripper (password cracking)

• Legal & Ethics Follow CFAA/GDPR/PCI DSS laws

• Never exceed authorized scope

• Protect discovered data

Task 2:

WRITING PENTEST REPORTS

Pentesting isn’t just about finding vulnerabilities: -

it’s about clearly communicating risks to stakeholders. TryHackMe’s Writing Pentest Reports room teaches how to structure professional reports. Here’s a quick summary:

Key Sections of a Pentest Report :

1. Executive Summary:

• Brief, non-technical overview of findings.

• Highlight critical risks and business impact.

2. Methodology:

• Tools used (e.g., Nmap, Burp Suite).

• Scope (what was tested and what wasn’t).

3. Findings:

• Risk Ratings (Critical/High/Medium/Low).

• Vulnerability Details: Description, Proof of Concept (PoC), remediation steps.

4. Conclusion & Recommendations:

• Actionable fixes prioritized by risk.

Task - 3

Red Team Fundamentals

Red teaming goes beyond traditional penetration testing—it simulates real-world adversaries to test an organization’s defenses. TryHackMe’s Red Team Fundamentals room covers core concepts. Here’s a breakdown:

Key Concepts in Red Teaming:

1. What is a Red Team?

• Simulates advanced attackers (e.g., APTs, ransomware groups).

• Focuses on stealth, persistence, and evasion.

2. Red Team vs. Penetration Testing:

• Pentesting: Finds vulnerabilities in a controlled way.

• Red Teaming: Mimics real attackers over weeks/months.

3. Common Red Team Tactics:

• Reconnaissance (OSINT, phishing, scanning).

• Initial Access (Exploits, social engineering).

• Persistence & Lateral Movement (Credential theft, pivoting).

• Exfiltration & Covering Tracks.

4. Tools of the Trade:

• C2 Frameworks: Cobalt Strike, Mythic, Sliver.

• Evasion Techniques: Obfuscation, AV/EDR bypass.

Task -4

Vulnerabilities 101:

Vulnerabilities are the weak spots that attackers exploit—knowing them is the first step in securing systems. TryHackMe’s Vulnerabilities 101 room breaks down the basics. Here’s a quick summary:

Key Concepts in Vulnerabilities

1. What is a Vulnerability?

• A flaw in software, hardware, or processes that can be exploited.

• Examples: Weak passwords, unpatched software, misconfigurations.

2. Injection Flaws (SQLi, Command Injection):

3. Broken Authentication (Weak passwords, session hijacking)

4. Sensitive Data Exposure (Unencrypted data, poor key management).

5. Misconfigurations (Default settings, open permissions).

6. Scoring Vulnerabilities (CVSS):

• CVSS (Common Vulnerability Scoring System) rates severity (Low to Critical).

• Factors: Exploitability, impact, and scope.

4. Exploits vs. Vulnerabilities:

• Vulnerability: The weakness itself.

• Exploit: The attack that takes advantage of it.

Task - 5

Red Team Engagements

Red team engagements simulate real world adversaries to test an organization's detection and response capabilities. Unlike penetration tests, they focus on stealth, persistence, and achieving specific objectives.

Key Stages of a Red Team Engagement

1. Planning & Scoping Define rules of engagement (ROE).

Establish objectives (e.g., "gain domain admin access").

Legal agreements (get written authorization!).

2. Intelligence Gathering (Recon) Passive Recon: OSINT (LinkedIn, GitHub, public docs).

Active Recon: Scanning, phishing, social engineering.

3. Initial Access Common vectors:

Phishing (e.g., malicious attachments).

Exploiting public-facing apps (VPNs, web portals).

Physical attacks (bad USB drops).

4. Persistence & Lateral Movement Credential theft (Mimikatz, LSASS dumping).

Privilege escalation (kernel exploits, misconfigurations).

Lateral movement (Pass-the-Hash, RDP, SMB).

5. Objective Completion Exfiltrate data, maintain access, or disrupt operations (if in scope).

6. Reporting & Debrief Detail attack paths, detection gaps, and remediation steps.

Task -6

Governance & Regulation:

Modern cybersecurity isn't just about tools - it's about aligning with legal frameworks and governance standards. This room covers the policies that shape organizational security.

Key Governance Frameworks

1. ISO 27001 International standard for Information Security Management Systems (ISMS)

Focus: Risk management, continuous improvement

Certification requires annual audits

2. NIST Cybersecurity Framework (CSF) 5 Core Functions: Identify, Protect, Detect, Respond, Recover

Used by US govt and critical infrastructure

3. GDPR (General Data Protection Regulation) EU law governing personal data protection

Key requirements:

Data breach notifications within 72 hours

"Privacy by design" systems

Fines up to 4% of global revenue

4. HIPAA (Healthcare) Protects electronic health records in the US

Requires encryption, access controls, audit logs

Task -7:

Security Principles

Understanding core security principles is essential for building robust defenses. This room covers the fundamental concepts every cybersecurity professional should know.

Key Security Principles

1. CIA Triad Confidentiality: Protect data from unauthorized access (encryption, access controls).

Integrity: Ensure data is accurate and untampered (hashing, digital signatures).

Availability: Systems must be accessible when needed (DDoS protection, backups).

2. Least Privilege Users/apps should have only the minimum permissions needed.

Example: Regular users shouldn’t have admin rights.

3. Defense in Depth Multiple layers of security (firewalls, IDS, encryption, physical security).

If one layer fails, others provide protection.

4. Zero Trust "Never trust, always verify."

Continuous authentication and strict access controls.

5. Fail-Secure Systems should default to a secure state if they fail.

Example: Door locks during a power outage.

6. Separation of Duties Critical tasks require multiple people to prevent fraud/abuse.

Example: One person approves payments, another processes them.

7. Security by Design Build security into systems from the start, not as an afterthought.

Task -8

Cyber Kill Chain

The Cyber Kill Chain (developed by Lockheed Martin) breaks down cyberattacks into stages, helping defenders detect and disrupt threats early.

The 7 Stages of the Cyber Kill Chain

1️⃣ Reconnaissance Attacker researches targets (OSINT, scanning, social media).

Defense: Monitor for suspicious data gathering.

2️⃣ Weaponization Creating malicious payloads (malware, phishing emails).

Defense: Email filtering, endpoint protection.

3️⃣ Delivery Sending payloads via email, USB, or exploits.

Defense: Firewalls, spam filters, user training.

4️⃣ Exploitation Triggering vulnerabilities to execute code.

Defense: Patch management, intrusion detection.

5️⃣ Installation Malware gains persistence (backdoors, rootkits).

Defense: EDR solutions, behavior monitoring.

6️⃣ Command & Control (C2) Attacker establishes remote control.

Defense: Block known C2 IPs, network traffic analysis.

7️⃣ Actions on Objectives Attacker achieves goals (data theft, ransomware).

Defense: Data encryption, backups, IR plans.

Task -9:

LINUX MODULES:

Linux powers most servers and cloud infrastructure. Understanding its core components is critical for security professionals. This room covers essential Linux modules and their security implications.

Key Linux Modules & Security Considerations

1. Kernel Modules Loadable components that extend kernel functionality

Security Risks:

Malicious modules (rootkits like Diamorphine)

Unpatched vulnerabilities (e.g., Dirty Pipe exploit)

Defenses:

lsmod to list loaded modules

Secure boot to prevent unauthorized loading

2. Filesystem Permissions Critical Commands:

• chmod (permission changes)

• chown (ownership changes)

Security Best Practices:

Principle of Least Privilege (PoLP)

Sticky bits for shared directories (/tmp)

3. Authentication Modules (PAM) Pluggable Authentication Modules control access

Security Configs:

• /etc/pam.d/ configuration files

• Fail2ban integration

• SELinux/AppArmor Mandatory Access Control (MAC) systems

Key Differences:

• SELinux: Label-based (complex but powerful)

• AppArmor: Path-based (easier to configure)