Cybersecurity 101 – Search Skills (TryHackMe Walkthrough)

The Start Your Cybersecurity Journey path on TryHackMe begins with the fundamentals, and one of the most essential is search skills. As cybersecurity professionals, we must know not only where to find information but also how to evaluate, refine, and apply it.

This walkthrough covers the Search Skills room step by step, including all tasks, insights, and answers.

---

Task 1: Introduction – Information Overload

A Google search for “learn cybersecurity” returns hundreds of millions of results, and “learn hacking” doubles that number. The internet is overflowing with information, but success depends on knowing how to filter, refine, and identify trustworthy sources.

Question: Check how many results you get when searching for learn hacking.

• Answer: At the time of writing, ~1.5 billion results.

---

Task 2: Evaluation of Search Results

Not all content online is reliable. To evaluate information effectively, consider:

• Source: Who published it? Are they credible?

• Evidence: Are claims backed by data or reasoning?

• Objectivity: Is the content unbiased?

• Corroboration: Do multiple sources agree?

Anything lacking these elements may be “snake oil” — misleading or fraudulent.

Questions & Answers:

• What do you call a cryptographic method or product considered bogus or fraudulent?
  → Snake oil

• What is the name of the command replacing netstat in Linux systems?
  → ss

---

Task 3: Search Engines

Search engines are powerful, but advanced operators unlock their full potential:

• "exact phrase" → finds exact matches.

• site:domain.com → restricts results to a domain.

• -keyword → excludes results containing a term.

• filetype:pdf → searches for files instead of webpages.

Questions & Answers:

• How would you limit your Google search to PDF files containing the terms cyber warfare report?
  → filetype:pdf cyber warfare report

• What phrase does the Linux command ss stand for?
  → socket statistics

---

Task 4: Specialized Search Engines

Beyond Google, specialized engines provide targeted intelligence:

• Shodan: Search for internet-connected devices (e.g., Apache servers, IoT).

• Censys: Focuses on internet assets like domains, certificates, and services.

• VirusTotal: Scans files/URLs with multiple AV engines.

• Have I Been Pwned (HIBP): Checks if emails appear in data breaches.

Questions & Answers:

• What is the top country with lighttpd servers?
  → United States

• What does BitDefenderFalx detect the file with the given hash as?
  → Android.Riskware.Agent.LHH

---

Task 5: Vulnerabilities & Exploits

The CVE program standardizes vulnerability identification (e.g., CVE-2024-3094 in XZ Utils). CVEs ensure researchers, vendors, and defenders all reference the same flaw consistently.

Supporting resources:

• Exploit Database: Contains verified exploit code.

• GitHub: Often hosts PoCs and research tools.

Question & Answer:

• What utility does CVE-2024-3094 refer to?
  → xz

---

Task 6: Technical Documentation

Official documentation is often the most reliable and updated source:

• Linux/Unix: man pages (e.g., man ip).

• Windows: Microsoft Docs.

• Products: Snort, Apache, PHP, Node.js, etc.

Questions & Answers:

• What does the Linux command cat stand for?
  → concatenate

• What is the netstat parameter in MS Windows that displays the executable associated with each active connection and listening port?
  → -b

---

Task 7: Social Media

Social platforms like LinkedIn, Facebook, and Twitter/X are valuable for professionals — but also risky if oversharing.

• LinkedIn: Useful for analyzing technical backgrounds.

• Facebook: May expose personal details (e.g., school names, password reset hints).

• Twitter/X & groups: Great for following cybersecurity news and trends.

Questions & Answers:

• You are hired to evaluate the security of a company. What social media website would you use to learn about an employee’s technical background?
  → LinkedIn

• Which platform might reveal answers to personal secret questions (e.g., “Which school did you go to as a child?”)?
  → Facebook

---

Task 8: Conclusion

This module introduced the most common sources of information every cybersecurity professional should master:

• Search engines (and advanced operators).

• Specialized engines (Shodan, Censys, VirusTotal, HIBP).

• CVE databases and exploit repositories.

• Official documentation.

• Social media and news outlets.

The key takeaway: Cybersecurity starts with the ability to search, evaluate, and apply the right information.