TryHackMe

This content has been designed by industry experts to equip you with the job-ready skills required for an entry-level offensive security role

<b><i>A Guide to Entry-Level Security Analyst Skills</i></b>

Evaluate your ability to gather information about a target using both passive and active techniques.

WHOIS, DNS enumeration, sNetubdomain discovery

Banner grabbing and service fingerprinting

Web and network account and service enumeration

Identifying exposed services and misconfigurations

- WHOIS, DNS enumeration, sNetubdomain discovery
- Nmap and port scanning strategies
- Banner grabbing and service fingerprinting
- Web and network account and service enumeration
- Identifying exposed services and misconfigurations

___________________________________________________________

Assess your knowledge of common web application vulnerabilities and your ability to exploit and report them.

OWASP Top 10 vulnerabilities (e.g., SQLi, XSS, IDOR, SSRF, etc.)

Burp Suite usage (proxying, intruder, repeater, decoder)

Authentication and session handling flaws

Exploiting file upload and path traversal issues

- OWASP Top 10 vulnerabilities (e.g., SQLi, XSS, IDOR, SSRF, etc.)
- Manual testing techniques
- Burp Suite usage (proxying, intruder, repeater, decoder)
- Authentication and session handling flaws
- Exploiting file upload and path traversal issues
- Bypassing client-side controls

Evaluate your understanding of internal and external network testing techniques.

Identifying and exploiting SMB, RDP, FTP, SSH, and SNMP services

Password attacks (brute-force, password spraying)

Exploiting misconfigurations and outdated services

Understanding firewalls and network segmentation

- Identifying and exploiting SMB, RDP, FTP, SSH, and SNMP services
- Password attacks (brute-force, password spraying)
- Exploiting misconfigurations and outdated services
- Pivoting and lateral movement techniques
- Network sniffing and traffic analysis
- Man-in-the-middle attacks
- Understanding firewalls and network segmentation

Demonstrate your ability to perform enumeration and attacks in an Active Directory environment.

Kerberos (AS-REP roasting, Kerberoasting)

Abusing misconfigured permissions and trusts

Pass-the-Hash and Pass-the-Ticket attacks

- Kerberos (AS-REP roasting, Kerberoasting)
- LDAP enumeration
- Abusing misconfigured permissions and trusts
- Pass-the-Hash and Pass-the-Ticket attacks
- Privilege escalation in a Windows domain
- Domain enumeration and lateral movement
- BloodHound basics and graph analysis

Evaluate your ability to exploit vulnerabilities and maintain access to compromised systems.

Using Metasploit and manual exploitation techniques

Understanding reverse shells and bind shells

Basic malware staging and persistence methods

Privilege escalation on Linux and Windows systems

Clearing logs and maintaining operational security

- Using Metasploit and manual exploitation techniques
- Understanding reverse shells and bind shells
- File transfer techniques
- Basic malware staging and persistence methods
- Privilege escalation on Linux and Windows systems
- Clearing logs and maintaining operational security

Assess your ability to document findings clearly and manage exam time effectively.

Writing concise and clear vulnerability reports

Managing a 48-hour testing window strategically

Maintaining good note-taking practices during a pentest

Clear communication of attack paths and impact

- Writing concise and clear vulnerability reports
- Prioritizing findings based on risk
- Suggesting relevant mitigations
- Managing a 48-hour testing window strategically
- Maintaining good note-taking practices during a pentest
- Clear communication of attack paths and impact

PT1 Training Content

Find answers and get help from Intercom Support and Community Experts

This site employs cookies and other technologies that we and our third party vendors use to monitor and record personal information about you and your interactions with the site (including content viewed, cursor movements, screen recordings, and chat contents) for the purposes described in our Cookie Policy. By continuing to visit our site, you agree to our {websiteTermsLink}, {privacyPolicyLink} and {cookiePolicyLink}.

This site uses cookies and similar technologies ("cookies") as strictly necessary for site operation. We and our partners also would like to set additional cookies to enable site performance analytics, functionality, advertising and social media features. See our {cookiePolicyLink} for details. You can change your cookie preferences in our Cookie Settings.

We use cookies to make our site work and also for analytics and advertising purposes. You can enable or disable optional cookies as desired. See our {cookiePolicyLink} for more details.

Link, Press control-option-right-arrow to exit

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Thinking...

Searching through sources...

Analyzing...

Tickets submitted through the messenger or by a support agent in your conversation will appear here.

PT1 Training Content

A Guide to Entry-Level Security Analyst Skills

1. Reconnaissance & Enumeration

2. Web Application Testing

3. Network Penetration Testing

4. Active Directory Exploitation

5. Exploitation & Post-Exploitation

6. Reporting & Time Management