Advice and answers from the TryHackMe Team

The Room Review Process

The Room Review Process

Updated at January 26th, 2022

What is Room Testing and Who Tests?

TryHackMe uses two test phases to review a room: Room Testing and User Acceptance Testing (UAT). The overall goal of this process is to keep room content on the site accessible, consistent, appropriate, high quality, and engaging to our users.

Room Testing is performed by TryHackMe QA Staff, who validate the quality of room content against a carefully defined Quality Standard.

After a room has gone through Room Testing, your room might be selected for UAT, where community UAT volunteers will review from a user perspective.


Stages of Room Testing

Every room made "Public" is submitted to the room submission queue. When the room status changes, you will be notified by email. You can look at the progress of your room within the "General" view when managing your room (on the THM site: /room/manage/your_room_name):

The status of your room reflects at what stage of Room Testing your room currently resides. The following table provides an overview of the status:

Status Meaning
Submitted Your room is in the room submission queue, but Room Testing has not started yet. It will remain in the queue until TryHackMe QA Staff selects it for evaluation. Depending on various factors, your room may stay in the submitted state for a while. There is no defined amount of time after which your room gets evaluated.
Evaluating TryHackMe QA Staff has started evaluating your room. We might contact you through Site Messages (or the THM Discord) and have questions regarding your room during this time. After Room Testing, your room might be selected for the final User Acceptance Testing (UAT) phase. This is great news! Please note that, for UAT, you will be invited to a Thread on the TryHackMe Discord server to collaborate with UAT volunteers.
Ready Your room has been thoroughly tested and approved. It is now waiting to be given a release date by the Release Coordinator. Scheduling your room might take some time, depending on how busy the room release schedule is. Rest assured, your room is destined for release greatness!
Rejected Unfortunately, at this time, your room has been rejected. The TryHackMe QA Staff will have left comments/ideas for improvements. Please take some time to review these comments carefully before re-submitting.
Approved Your room has been made public and is considered released! Congratulations, and thank you for contributing to the TryHackMe learning platform!


General Guidelines:

Regardless of room type, room testers will check against the following when testing:

  • Check that the room isn't a "No-Go" topic.
  • Please ensure that any brute-forcing such as password hashes or enumeration does not take longer than approximately 5 minutes. Although the time taken is dependant on hardware, please use entries that are located high up in wordlists. We suggest that you use the THM AttackBox as a benchmark for hash cracking and similar, as this is accessible to all.
  • Rooms should have a maximum of 15 questions unless you have a very lengthy walkthrough AND explicit approval from the QA team. Please email [email protected] regarding this.
  • Ensure that the room content (and any downloadable media or attached VMs) is both PG-13 and appropriate for the site. We're an educational platform which is used in classes, workshops, and corporate environments.
  • Rooms should not only have text but should have some sort of interactive element to them.
  • Room tasks should be consistently and sensibly formatted, written with good grammar and presented in English; if any part of the content includes a different language (including any writeup material), please state so within the room so that the room testing team can discuss this.
  • Rooms should have PG-13 and appropriate room icons that are not the generated-placeholders.
  • Room icon image should not have a white background, and the banner of the room should be of high quality.
  • Task questions that require an answer should be in the form of a question. For example: "What is the user.txt flag?" instead of "user.txt."
  • Task questions that don't require an answer should not be blank. Include instructional text, for example: "Read the above."
  • Use appropriate tags for your room, for example, the type of content covered. 
    • We expect at least four tags for a room.
    • We are lenient on tags for challenge/CTFs in line with their difficulty to avoid spoilers, i.e. We would expect an "easy" challenge room to be more revealing in the room tags then that of a medium or hard.
  • The author has the necessary rights to the content they're providing (or have credited appropriately).
    • Images, quotes or bodies of text that are not by the room creator need to be appropriately accredited. Plagiarism is strongly checked for by room testers.
    • The room creator must provide a reference to the licensing agreement or T&Cs of any source code used that isn't their own. Source code must allow commercial use to be hosted on TryHackMe. Source code without any licensing agreement is considered as "All rights reserved" to the original author and cannot be used.
    • No uploading boxes from sites such as VulnHub unless you are the author or have explicit, written permission from them. Room testers may ask for proof alongside the research they do to ensure this. Boxes created using SecGen are strictly prohibited.
  • Re-submissions are welcome, but please implement any necessary changes suggested by the room tester before re-submitting.

Please do not ban room testers from your submitted rooms.

"No-Go" Topics

Rooms with a heavy presence or focus of the following are going to be rejected, where exceptions to this rule are on a per room and topic basis. This is to help avoid repetition of content on the site:

  • Steganography rooms:
    • The only exception to this should be anthology rooms where it's part of a greater collection or series, but steganography shouldn't be a focus of the room. For example, MuirlandOracle's "Willow" in the Flora Series is a great example of an exception to this.
  • Unrealistic or CTF rooms on cryptography or ciphering:
    •  This includes substitution ciphers i.e. ROT13 and similarly
    • The exception to this is unless it's been seen in the wild or is realistic such as the CICCADA 3301 room or content involving AES/RSA encryption for example.
  • Anything Illegal and/or considered encouraging "Black Hat" activity.
    • Rooms that are "Grey Hat" will be discussed with the admins.
  • Rooms with pirated content or content that is taken directly from certifications i.e. PWK labs.
    • Challenge rooms that are inspired by certifications are acceptable, however, there is a difference between "inspired" and ripped.
  • Questionnaire/quiz style rooms
    • Exceptions apply for heavily theory topics, which will be considered on a case-by-case basis.
  • Undisclosed 0days


General Exceptions and Caveats:

  • Realistic content may be given a second chance in testing.
  • Some of these rules may be bypassed given particular merit. A decision is made on a case-by-case basis and will be discussed by the TryHackMe QA Staff.


Who Should I Contact About My Room?

The TryHackMe QA Staff member responsible for your room will leave their THM username with their feedback. However, if not, please ask a Lead Room Reviewer in the THM Discord or email [email protected] with your query so that it can be forwarded onwards. During the UAT phase, you may ask questions in the Discord Thread for your room.

Did this article help you?