This repository contains my personal TryHackMe writeups, notes, and walkthroughs from completed rooms and learning paths.
The purpose of this repository is to document my methodology, commands, observations, mistakes, and final exploitation paths in a way that is useful for revision, portfolio building, and future reference.
Each writeup is written from the perspective of a controlled lab environment. The rooms covered here are intentionally vulnerable systems provided by TryHackMe for cybersecurity training.
The IP addresses shown in these writeups were allocated during the TryHackMe labs, with the attack performed either from the TryHackMe AttackBox or from my own Kali Linux VM using OpenVPN connected to the TryHackMe VPN, including the Paris VPN server where noted.
PLEASE NOTE: This repository may cover both offensive and defensive learning rooms but is for the Jr Penetration Tester path. The format of each entry will therefore vary according to the subject. For example, an offensive room may focus on enumeration and exploitation, while a defensive room may focus on alert analysis, investigation, detection logic or remediation.
Important
This repository will NEVER contain material taken from TryHackMe professional certification examinations or other restricted assessments. It will NOT* provide any flags, passwords, cracked credentials or confidential material that will slow the rate of learning.
If you are looking for any assistance, answers, guides, specific walkthroughs you will NOT find any of those here, help/assistance is limited, but available via the TryHackMe Discord.
Depending on the room, challenge and learning objective, a writeup may include:
- Room overview and learning objectives
- Scope and authorised target information
- Attacker and target IP address details
- Penetration testing methodology
- Passive and active reconnaissance
- Host, port and service enumeration
- Web application enumeration and testing
- Network service assessment
- Vulnerability identification and research
- Exploit selection and validation
- Initial access methodology
- Shell stabilisation and session management
- Linux or Windows privilege escalation
- Active Directory enumeration and attack techniques
- Credential harvesting and authentication testing
- Lateral movement and pivoting
- Post-exploitation enumeration
- Evidence and sanitised command output
- Flags, credentials and sensitive values marked as
<REDACTED> - Technical findings and their potential impact
- Challenges, mistakes and troubleshooting steps
- Lessons learned
- Defensive recommendations and remediation notes
- References and supporting documentation
The level of detail will vary between guided rooms and practical challenges. writeups are intended to document the methodology, decision-making process and lessons learned rather than provide a simple list of answers.
No content from the TryHackMe Jr Penetration Tester (PT1) certification examination will be published in this repository.
Learning Pathway: Jr Penetration Tester
This learning path covers the fundamental skills that will allow you to succeed as a junior penetration tester. Upon completing this path, you will have the practical skills required to perform security assessments against web applications, enterprise networks and active directory.
Learn the essential skills to break into penetration testing.
- Pentesting fundamentals, methodologies and tactics
- Full lifecycle from recon to reporting
- Hands-on web, network and AD hacking
- Learn core tools used in cybersecurity
| No. | Section | Challenge | Difficulty | Status |
|---|---|---|---|---|
| 1 | Web Application Vulnerabilities I | Recruit | ||
| 2 | Web Application Vulnerabilities II | Support | ||
| 3 | Password Attacks | Checkmate | ||
| 4 | Privilege Escalation | Jump | ||
| 5 | Privilege Escalation | Windows Jump | ||
| 6 | Active Directory Security Testing Basics | Proxy | ||
| 7 | Active Directory Security Testing Basics | Forward | ||
| 8 | Jr Pentester Challenges | Domino | ||
| 9 | Jr Pentester Challenges | Silent Monitor | ||
| 10 | Jr Pentester Challenges | Dead Drop | ||
| 11 | Jr Pentester Challenges | Operation Promotion | ||
| 12 | Jr Pentester Challenges | Operation Coldstart | ||
| 13 | Jr Pentester Challenges | Net Sec Challenge | ||
| 14 | Jr Pentester Challenges | Interceptor |
Requests
| No. | Section | Challenge | Status |
|---|---|---|---|
| 15 | Metasploit: Payload Generation | Capstone Challenge |
The tools used vary by room, but may include:
My general approach is:
- Confirm the target IP and attacker VPN IP.
- Run initial port and service enumeration.
- Review accessible services and exposed files.
- Identify an initial access route.
- Stabilise the shell where possible.
- Enumerate users, permissions, cron jobs, timers, services, scripts, and sudo rules.
- Move laterally or escalate privileges one stage at a time.
- Capture flags and document the exact path taken.
- Record lessons learned and defensive remediation notes.
These notes may contain spoilers, command output, vulnerability details and complete attack or investigation paths. Anyone actively completing a room should attempt it independently before reading the associated writeup.
This repository will NOT intentionally publish any of the following:
- TryHackMe flags or answer strings.
- Passwords or cracked credentials.
- Reusable session tokens.
- Private keys or sensitive certificates.
- Certification examination content.
- Copied room instructions or substantial portions of TryHackMe material.
- Material that TryHackMe or a room author has asked learners not to share.
Note
Some values in this writeup have been intentionally redacted to protect the integrity of the challenge and prevent unintended spoilers. Placeholders such as <TARGET_IP> and <TUN0_IP> are used where IP addresses were required to explain the methodology without exposing environment-specific details. Other sensitive or challenge-revealing information has been replaced with <REDACTED>. Any flags have also been redacted, either as THM{...} for TryHackMe-style flags or as <REDACTED> where the flag format differs.
These redactions allow the process to be explained clearly while ensuring the final answer, challenge secrets, and key identifying details are not disclosed.
If restricted or sensitive information is included accidentally, please report it through the repository's GitHub Discussions or Issues area so it can be reviewed and removed.
These writeups are for educational purposes only and are based on authorised TryHackMe lab environments.
All tools, commands, techniques, and methodologies referenced in these writeups were used within controlled training environments where permission was provided by the owner and/or operator of the lab platform. The systems discussed are intentionally vulnerable machines designed for cybersecurity learning, practice, and assessment.
Do not use these techniques, tools, or methods against systems, networks, applications, or services that you do not own or do not have explicit written permission to test. Unauthorised access, scanning, exploitation, or disruption of systems is illegal and unethical.
The tools and methods listed in this repository are examples of approaches used during specific rooms or learning exercises. They are not the only possible solutions, and other tools, techniques, or workflows may be used depending on the target environment, room design, and individual methodology.
TryHackMe periodically updates, replaces or retires rooms and learning paths. Links, room sequences and path content may therefore change after a writeup is published.
Each writeup should be treated as a record of the room as it appeared on the date documented. Where a material change is identified, the relevant page may be updated or marked as archived.
If you notice a broken link, outdated instruction, formatting problem, technical error or any other noticeable issue within a writeup, please report it through the GitHub repository's Issues tab. When raising an issue, include the name of the affected writeup, a brief description of the problem and, where possible, the relevant section or line.
Constructive corrections are welcome and help keep the repository accurate, useful and maintainable.
Thanks for checking out my TryHackMe writeups. These notes form part of my ongoing cybersecurity learning journey, where I document rooms, techniques, tools, mistakes and lessons learned while working through different challenges.
You can view my TryHackMe profile here:
I am also active within cybersecurity learning communities, including Discord, where I discuss labs, tools, methodologies and general security topics with other learners and practitioners.
Feel free to follow my progress, compare approaches or get in touch if you are working through similar rooms.
Walkthrough requests are always welcome, although publication will depend on my availability and whether sharing the content complies with the platform's rules.
Created by V4L1K4HN as part of my cybersecurity learning journey through TryHackMe.
Unless otherwise stated, the original written content in this repository is licensed under the Creative Commons Attribution 4.0 International License.
Copyright © 2026 V4L1K4HN.
You may share and adapt the licensed material for any purpose, including commercially, provided that:
- appropriate credit is given to V4L1K4HN;
- a link to the license is provided; and
- any changes made to the original material are clearly indicated.
This license applies only to original material created by the repository author. TryHackMe content, branding, room materials, third-party software, trademarks, externally sourced material, and any other third-party intellectual property remain subject to their respective owners' terms and licenses.
See the LICENSE file for the complete legal terms.
Powered on ☕ made with ❤️ by V4L1K4HN
⭐ If this project is useful, consider starring it on GitHub.

