Hi, I am Nakulan - an aspiring penetration tester and ethical hacker. I recently completed the Google Cybersecurity Certificate and decided to commit one full month to land a cybersecurity internship — without paying for expensive certifications like CEH or CompTIA.

This blog marks the end of my third and fourth week, and I want to document everything I’ve learned so far. Hopefully, this will help others who are also starting from scratch and aiming for practical experience.

According to the ChatGPT roadmap, my next focus is to complete the Simple CTF on TryHackMe, dive deeper into the FTP, SMB, and SSH rooms, and get more comfortable with the Hack The Box platform. Alongside that, I’m supposed to upload my lab work to GitHub and start applying for internships. While I haven’t applied yet, I did manage to complete everything else on the list, which feels like solid progress.

WHAT I LEARNED THIS WEEK:

1.TRYHACKME - SIMPLE CTF

Service Enumeration
Exploitation Basics
Privilege Escalation
Capture the Flag (Flag Hunting)

2.TRYHACKME - OWASP TOP 10

The 10 most critical web security risks
Exploit each of the OWASP Top 10 vulnerabilities

3.HACKTHEBOX -MEOW

Service Enumeration
Default Credentials & Weak Security Practices
Gaining Access (Initial Foothold)

4.HACKTHEBOX -MEOW

Basic port scanning (Nmap).
Identifying weak/insecure services (Telnet).
Exploiting default/no-password logins.
Navigating Linux to capture a flag.
Foundational cybersecurity lessons (why weak configs are a big risk).

5.HACKTHEBOX -FAWN

Port & service scanning (Nmap).
Enumerating and using FTP services.
Logging in with anonymous credentials.
Transferring files to your machine.
Why insecure FTP setups are a real-world risk.

6.HACKTHEBOX - DANCING

Risks of misconfigured SMB shares (data exposure).
Importance of restricting share access and setting proper permissions.
Real-world link: SMB vulnerabilities (e.g., WannaCry used SMB).

7.HACKTHEBOX - REDEEMER

Risks of running databases without authentication.
Importance of firewalling internal services like Redis.
How exposed services can lead to sensitive data leaks.

HOW I FINISHED MY SIMPLE CTF ROOM

This was my very first CTF on TryHackMe, and an important milestone in my journey toward landing a job in cybersecurity. It was definitely challenging, but I managed to push through and solve it.

🔑 Key Learnings

Scanning with Nmap
Using CVE exploits effectively
Privilege escalation to gain a root shell

Finishing this room wasn’t easy, especially since it was my first attempt at a real CTF. I relied on hints within TryHackMe and even went through a walkthrough to fully understand some parts. In the end, I was able to complete it — and more importantly, I learned a lot in the process.

My plan now is to redo this room, but this time without using any external help and in a faster time. This will not only test my memory but also help me build speed and confidence for future CTF challenges.

KEY TAKEAWAYS

Solving my first CTF gave me a real taste of how penetration testing works in practice.
Using tools like Nmap and learning about CVE exploits built my confidence.
Privilege escalation is a challenging but crucial skill I need to keep practicing.
It’s okay to rely on hints and walkthroughs in the beginning — what matters is understanding the process.
Re-doing the room without help will strengthen my skills and improve my speed.

WHAT I AM GONNA DO NEXT?

What I’m Going to Do Next

Update my resume by adding the rooms and labs I’ve completed so far.
Work on small projects that can showcase my skills and make me stand out when applying for internships.
Reach out to professionals on LinkedIn for guidance, feedback, and mentorship.
Practice more CTFs to sharpen my problem-solving skills and build confidence.

Follow my journey:

GitHub: github.com/NAKULAN14

Linkedln: linkedin.com/in/nakulan-devarajan-4486611b8

Thank you for reading!!

WEEK 3 & 4 : My Cyber Security Journey