Room Link: https://tryhackme.com/r/room/introtooffensivesecurity

Task 1 - What is Offensive Security?

Question: Which of the following options better represents the process where you simulate a hacker’s actions to find vulnerabilities in a system?

  • Offensive Security
  • Defensive Security

Answer: Offensive Security

Task 2 - Hacking Your First Machine

This TryHackMe module introduces beginners to hacking by guiding them through a simulated and legal exercise. The task involves using a command-line tool called GoBuster to brute-force the website of a fake bank application, FakeBank, to uncover hidden directories and pages. Participants start by opening a terminal on a virtual machine provided by the platform.

The task includes:

  • Starting the Machine: Load a virtual machine in Split View to access FakeBank.
  • Using GoBuster: Execute a command in the terminal to find hidden pages on the FakeBank website by brute-forcing with a list of potential page names.
  • Accessing Hidden Pages: Locate a hidden bank transfer page and perform a simulated hack by transferring money between accounts, demonstrating how an attacker might exploit such vulnerabilities.
  • Verify the success of the transfer and answer related questions before terminating the virtual machine. This exercise simulates real-world penetration testing to identify and report vulnerabilities in web applications.

Your First Hack

Step 1 - Open a terminal On the machine, open the terminal using the Terminal icon:
Step 2 - Find hidden website pages

Execute the following command on the terminal:

gobuster -u http://fakebank.com -w wordlist.txt dir

Step 3 - Hack the Bank Transfer $2000 from the bank account 2276, to your account (account number 8881).

If your transfer was successful, you should now be able to see your new balance reflected on your account page. Go there now and confirm you got the money! (You may need to hit Refresh for the changes to appear)

Question: Above your account balance, you should now see a message indicating the answer to this question. Can you find the answer you need?
Answer: BANK-HACKED

If you were a penetration tester or security consultant, this is an exercise you’d perform for companies to test for vulnerabilities in their web applications; find hidden pages to investigate for vulnerabilities.

Task 3 - Careers in Cyber Security

How to Start Learning Cybersecurity

Many people wonder how to become hackers (security consultants) or defenders (security analysts fighting cybercrime). The process is straightforward: focus on a specific area of cybersecurity, and practice regularly through hands-on exercises. By dedicating a little time each day to learning on TryHackMe, you can build the skills necessary to land your first job in the industry.

Real Success Stories:
Paul transitioned from a construction worker to a security engineer.
Kassandra moved from being a music teacher to a security professional.
Brandon leveraged TryHackMe during school to secure his first job in cybersecurity.

Career Paths in Cybersecurity:

For more detailed insights into various cybersecurity careers, explore the cyber careers room on TryHackMe. Here’s a brief overview of a few offensive security roles:
  • Penetration Tester: Tests technology products to identify security vulnerabilities.
  • Red Teamer: Simulates adversary attacks to provide feedback from an attacker’s perspective.
  • Security Engineer: Designs, monitors, and maintains security controls, networks, and systems to prevent cyberattacks.
By committing to daily practice and exploring different career paths, you can successfully enter the cybersecurity field.