Skip to content

DaneB1914/tryhackme-labs

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits
Challenges
Challenges
 
 
api-security
api-security
 
 
ctf-fundamentals
ctf-fundamentals
 
 
web-hacking
web-hacking
 
 
README.md
README.md
 
 

Repository files navigation

TryHackMe — Junior Penetration Tester Labs

This repository documents my hands-on learning journey through the Junior Penetration Tester path on TryHackMe.
The focus is on understanding how and why vulnerabilities occur, not just how to exploit them.

Each write-up reflects practical penetration testing concepts, real-world impact, and defensive considerations.

📈 Progress

  • Introduction to Web Hacking ✅
  • Burp Suite ⏳
  • Network Security ⏳
  • Privilege Escalation ⏳

Write-ups are added as modules are completed.

🔍 Core Web Security Labs

These labs focus on some of the most common and impactful web application vulnerabilities seen during real penetration tests.

🔐 Authentication Bypass

Topic: Broken authentication and logic flaws
Key concepts:

  • Missing or inconsistent authentication checks
  • Flawed authentication workflows
  • Server-side enforcement vs client-side assumptions

📄 Write-up: web-hacking/authentication-bypass.md

🔑 IDOR (Insecure Direct Object Reference)

Topic: Broken access control / authorization
Key concepts:

  • Trusting user-controlled object identifiers
  • Authentication vs authorization
  • Object-level access control failures

📄 Write-up: web-hacking/idor.md

🧪 Cross-Site Scripting (XSS)

Topic: Client-side trust and input handling
Key concepts:

  • Improper input handling and output encoding
  • Context-dependent exploitation
  • Real-world browser-based impact

📄 Write-up: web-hacking/intro-to-xss.md

🧠 Methodology & Approach

Across these labs, I follow a structured penetration testing mindset:

  1. Understand application behavior
  2. Identify user input and trust boundaries
  3. Test authentication and authorization logic
  4. Validate impact
  5. Document findings clearly with remediation guidance

This mirrors how web penetration testing is performed in real consulting and internal security assessments.

🛠 Tools Used

  • Burp Suite
  • Web browser developer tools
  • Kali Linux
  • TryHackMe vulnerable applications

🎯 Goal

The goal of this repository is to:

  • Build a strong foundation in web application penetration testing
  • Practice clear, professional documentation
  • Develop a consistent methodology aligned with real-world pentesting

This repository will continue to grow as I progress through additional penetration testing labs and modules.

⚠️ Disclaimer

All testing documented in this repository was performed against intentionally vulnerable systems provided by training platforms.
No unauthorized testing was conducted.

📌 Connect

  • TryHackMe profile: brotherblond161
  • LinkedIn: danebabcock

Dane Babcock 1/12/2026

About

Documention of TryHackMe labs for educational and professional purposes.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors