What is Room Testing and Who Tests?
TryHackMe uses a room review and testing process to keep content on the site accessible, consistent, and appropriate. Room testers are a handful of volunteers who usually have some other form of involvement in the community, such as a mentor or moderator, although this is not a prerequisite.
Every room that is made "Public" is submitted to the room submission queue. You can look at the progress of your room within the "General" view when managing your room:
Stages of Room Testing
|Submitted||Your room is in the queue, but no room tester has begun evaluating it yet.|
|Evaluating||A room tester has begun evaluating your room.|
|Ready||Your room has been tested and approved. It is now waiting to be given a date for release by an Admin.|
|Rejected||Your room has been rejected, the room tester will have left comments/ideas for improvements. Please take time to review these before re-submitting.|
|Approved||Your room has been made public! Congrats!|
Regardless of room type, room testers will check against the following when testing:
- Check that the room isn't a "No-Go" topic.
- Please ensure that any brute-forcing such as password hashes or enumeration does not take longer than approximately 5 minutes. Although the time taken is dependant on hardware, please use entries that are located high up in wordlists. We suggest that you use the THM AttackBox as a benchmark for hash cracking and similar, as this is accessible to all.
- Rooms should have a maximum of 15 questions unless you have a very lengthy walkthrough AND explicit approval from the admin team. Please email [email protected] regarding this.
- Ensure that the room content (and any downloadable media or attached VMs) is both PG-13 and appropriate for the site. We're an educational platform which is used in classes, workshops, and corporate environments.
- Rooms should not only have text but should have some sort of interactive element to them.
- Room tasks should be consistently and sensibly formatted, written with good grammar and presented in English; if any part of the content includes a different language (including any writeup material), please state so within the room so that the room testing team can discuss this.
- Rooms should have PG-13 and appropriate room icons that are not the generated-placeholders.
- Use appropriate tags for your room, for example, the type of content covered.
- We expect at least four tags for a room.
- We are lenient on tags for challenge/CTFs in line with their difficulty to avoid spoilers, i.e. We would expect an "easy" challenge room to be more revealing in the room tags then that of a medium or hard.
- The author has the necessary rights to the content they're providing (or have credited appropriately).
- Images, quotes or bodies of text that are not by the room creator need to be appropriately accredited. Plagiarism is strongly checked for by room testers.
- The room creator must provide a reference to the licensing agreement or T&Cs of any source code used that isn't their own. Source code must allow commercial use to be hosted on TryHackMe. Source code without any licensing agreement is considered as "All rights reserved" to the original author and cannot be used.
- No uploading boxes from sites such as VulnHub unless you are the author or have explicit, written permission from them. Room testers may ask for proof alongside the research they do to ensure this. Boxes created using SecGen are strictly prohibited.
- Re-submissions are welcome, but please implement any necessary changes suggested by the room tester before re-submitting.
Please do not ban room testers from your submitted rooms.
Rooms with a heavy presence or focus of the following are going to be rejected, where exceptions to this rule are on a per room and topic basis. This is to help avoid repetition of content on the site:
- Steganography rooms:
- Unrealistic or CTF rooms on cryptography or ciphering:
- This includes substitution ciphers i.e. ROT13 and similarly
- The exception to this is unless it's been seen in the wild or is realistic such as the CICCADA 3301 room or content involving AES/RSA encryption for example.
- Anything Illegal and/or considered encouraging "Black Hat" activity.
- Rooms that are "Grey Hat" will be discussed with the admins.
- Rooms with pirated content or content that is taken directly from certifications i.e. PWK labs.
- Challenge rooms that are inspired by certifications are acceptable, however, there is a difference between "inspired" and ripped.
- Questionnaire/quiz style rooms
- Exceptions apply for heavily theory topics, which will be considered on a case-by-case basis.
- Undisclosed 0days
General Exceptions and Caveats:
- Content that is realistic should be given a second chance in testing.
- Most of these rules can be bypassed given particular merit, but this is on a case-by-case basis and will be discussed with other room testers before a decision is made.
Who Should I Contact About My Room?
The room tester who is responsible for your room may leave their THM username with their feedback. However, if not, please ask for a room tester in the THM Discord or alternatively email [email protected] with your query so that it can be forwarded onwards.