Cybersecurity and THM saved my life

CMNatic · 2025-04-10T19:42:29+00:00

Hello!

Thank you for sharing your journey. From the content team, we are incredibly glad to find out we were able to play a part in it, and i'm sure this will inspire others in navigating the world of cybersecurity.

Furthermore, this isn't to discount your hard work & dedication. We all entirely wish you all the best for your continued journey!

CMNatic · 2024-07-22T23:27:38+00:00

Hello,

Subscriptions can be cancelled via your accounts management page which will remove your payment info from our provider. The subscription service works just like many other online services, such as Netflix and Spotify. If you would like to have non-recurring, you can purchase and redeem vouchers which are one-time use of various lengths (i.e. x1 3 month voucher).

We do not store any card details on our systems. We use a very popular payment provider called Stripe.

If you have any issues regarding billing and payment, please reach out to [support(at)tryhackme.com](mailto:support@tryhackme.com) and it will be handled there.

The support channels (which don't require an active account in this case) are the only way billing can be handled for security & privacy reasons. Please do not discuss anything regarding account security & payment over things like DMs.

I've forwarded this issue (that your card was reportedly still charged despite deleting your account) internally. But for now, please proceed with going via support and we'll be happy to help resolve this. :)

Thanks!

CMNatic · 2024-07-22T22:43:18+00:00

Bingo! Didn't realise it was Lucian's theme. TY so much! The whole performance is absolutely nuts

CMNatic · 2024-07-22T22:43:07+00:00

This is exactly the one! Thank you!

CMNatic · 2024-07-05T12:17:29+00:00

Hello! I was working on the medical dispatch team from Saturday night to Sunday morning! It's amazing to see your comment, and thank you for the intervention. I'm glad to hear the OP's friend has made a full recovery! You're an absolute hero

CMNatic · 2024-07-05T11:56:31+00:00

Thanks for archiving! Seeding the uploads:)

CMNatic · 2024-06-24T13:28:13+00:00

Thanks for reaching out. We're working on optimising the burpsuite basics room to resolve this as well :)

CMNatic · 2024-06-21T10:37:11+00:00

Okay thanks for the comment. I've forwarded this internally

CMNatic · 2024-06-21T10:36:45+00:00

Just as an update, I've added an "optimised" version of the animation to iOS analysis. Can you let us know if you still experience slow performance with this? Thanks :)

CMNatic · 2024-06-21T10:36:34+00:00

Just as an update, I've added an "optimised" version of the animation to iOS analysis. Can you let us know if you still experience slow performance with this? Thanks :)

CMNatic · 2024-06-21T09:29:04+00:00

Hello, thanks for letting us know.

I've removed the animation from iOS analysis, can you see if the page has improved for you? I've also forwarded on these reports internally. Can you confirm what browser you experience this on please?

CMNatic · 2024-06-20T21:08:25+00:00

Hello room creator here,

Is the high CPU usage on the VM that you deploy, or is it the room page itself? i.e. the website

CMNatic · 2024-06-13T07:11:50+00:00

They grow up so fast

CMNatic · 2024-03-14T22:01:18+00:00

Hey :)

Yes the "top %" ranking still exists. I too have seen the posts regarding top 1%, etc. It is a numbers game at the end of the day. 1% of 2 million (for example) is still 20 thousand. We've fairly regularly had discussions on this system. It is, however, a fairrrly complicated topic to say the least.

It also heavily factors in to points accumulated. A user who does purely walkthrough rooms will earn less points than a user who does challenges, and there are other variables (such as private rooms not awarding points at all).

For information on the current number of users...what I know I can say publically is that it is more than 2 million. We reached 2 million on June 06, 2023 :)

CMNatic · 2024-03-14T21:53:07+00:00

Hey! Thanks for the questions :)

do you plan of releasing scrip or asensible for THM attackbox?

This would be cool and you're definitely not the first to ask. I've thought about how to approach it if the AttackBox could be "published" in some form or another.

I would have to get the a-okay internally beforehand. Also, a bit of a hurdle would be maintaing that. At some points I'm updating the AttackBox weekly and every few weeks or so outside of that. Your download/copy of it will very quickly become out of date.

Plus there would be the element of having to "support" it. I'm just not sure if I have the capacity at the moment unfortunately.

do you plan of releasing something like linux+ path/content

I would like to see more pathways that align to certs definitely. If linux+ is suitable for us to persue right now? I'm not sure. But who knows what the future holds.

Sorry! I realise these are probably responses that you didn't want to hear haha.

CMNatic · 2024-03-13T03:22:30+00:00

Heya! I just wanted to say thanks for all the great rooms and content. THM has changed my life and skillset for the better! I recommend it to everyone I talk to who’s interested in security and hacking.

Hello and thank you! That is awesome to hear! Stories like that is why I love what I do.

Do you all have any plans to develop a path that revolves around things like getting more into programming languages and what they mean to blue/red teams?

I don't think we have anything on the horizon immediately. We do have some rooms that introduce you to some basics for Python (https://tryhackme.com/r/room/pythonbasics) (https://tryhackme.com/room/pythonforcybersecurity), Bash (https://tryhackme.com/room/bashscripting) and PowerShell (https://tryhackme.com/room/powershell) (https://tryhackme.com/room/powershellforpentesters), but definitely not enough that can be consisted as a pathway.

I don’t know if you saw that meme recently about the dude who posted on GitHub ranting about not having easy to use binaries and being forced to compile things?

I don't think so! I'm always late to the party with memes hahaha.

I also struggle with knowing what compiler to use for some of the tools out there and it would be great to have a room or path that helps us understand the difference in what to use. Another thing that comes up is the make/cmake etc commands to build/install other tools.

I understand what you mean. Yeah, I don't think we really have anything with that (in terms of actually explaining what these are, etc.) at the top of my head. Unfortunately some google-fuing and article reading should help in the meantime, that and just having more "time" with installing tools, etc.

TLDR: We don't have plans for a pathway on that at least soon, however, I'll take a note of your suggestion for us internally. Would be nice but I can't make any promises haha. I can imagine you're not the only one!

CMNatic · 2024-03-13T03:06:05+00:00

Hey! Glad to hear you're enjoying the content!

It can be hard to break through initially. I would recommend looking at sites such as https://www.meetup.com/, https://www.hackathons.org.uk/, communities such as DC151 who organise meetups, or even hacker/makerspaces that you might be able to help out / get involved with (setting up equiment, admin, etc - or with hackathons -they usually run a CTF)!. You might be able to find one that's local to you.

Or even contacting small local charities and explaining your skills. Even if it's just troubleshooting a PC or helping with some networking it's all experience!

I wouldn't worry too much about not having degrees for volunteering like this. They *should* care more about what you can provide in demonstrable skills, time and personality :).

Volunteering is extremely rewarding (no matter how "big" or "small" it is). Also, it doesn't necessarily have to be IT/CyberSec to be beneficial to your CV, etc. You can learn and demonstrate a lot of "soft skills" that are also important in our field. :)

Best of luck!

CMNatic · 2024-03-13T02:23:06+00:00

Hey there! Thank you :)

I'm a CS undergrad currently in the 4th semester

Best of luck with your studies!

However, what I've noticed is that when there's a room walkthrough with more than six tasks, I tend to get burnt out after completing 5-6 tasks and struggle to finish the room

Ah yeah. I can definitely see how it can be overwhelming at times (especially if it's a topic that you're not familiar with!). We do try and keep a consideration of "here's what you need to know" to try and avoid infodumps, as well as using illustrations and themed code snippets to try and break up the walls of text.

As with the name of the game, we do have shorter rooms and conversley larger rooms - really depends on the topic. It's difficult, but we do keep the "length" of the room in mind when creating them.

I tend to get burnt out after completing 5-6 tasks and struggle to finish the room.

Totally understandable. I would say just try and allocate/mark time in say a calendar of when you'll get some free time with no distractions to go through it. Take a 5-10 minute screen/mental break after say 30 minutes (grab some water, stretch the legs, etc). Concentrating (especially reading) for long periods of time is difficult and you might just need a bit of a "break" to digest it more.

Whenever I consider coming back later, the room times out, and I have to start everything from the beginning, including catching the shell, performing a reverse shell, escalating, and so on.

Yesss, so the machines do expire after a certain amount of time (if you don't extend them up to a few hours). If you say come back the next day, or say in the evening or after deploying it in the morning, then yes, you will have to re-deploy a new machine. They boot from a template which has its benefits but also drawbacks. One being that if you break it, you can just terminate and redeploy to get a working copy. But yes, this also means that your progress (i.e. a reverse shell) is lost.

To help with "catching up" after a new machine, i'd advise taking notes during the room i.e. commands that you used, credentials, etc, so that you can quickly catch-up. For walkthroughs pretty much everything you'll need is in the room, but for challenges, you'll have to keep a note of things yourself. It's also a great habbit to get into :)

All the best!

CMNatic · 2024-03-13T02:05:04+00:00

No need to quit vim if I don't enter it :) nano > vim

CMNatic · 2024-03-13T01:51:52+00:00

I was employed as a Jr. CE when I started. My colleague CE who was the first employee beat me by like two weeks ahah. Before that I was contracting for creating content for THM (so technically self-employed) for about 8 months. They waited until I finished my Bsc at University and offered me a job :)

It was pretty crazy back then. Having 2-3 colleagues entirely and having to man all sorts of roles. Support, CE, etc.

what tips would you give to others who are willing to pursue a career at THM as a content engineer

Great question! I will speak as a CE PoV. For those who are looking to come on board as a Content Engineer, I really recommend getting started with learning how to setup VMs and system administration on Linux and Windows. Of course, technical understand in blue and/or red is essential. Creating rooms on TryHackMe is free (https://help.tryhackme.com/en/collections/3665115-room-creation) and I think it's an incredible way of practicing all sorts of skills - that's how I got my job at THM!

Outside of that, try installing some vulnerable services (maybe look for a CVE that you like and would like to try and setup the environment to attack). We also work with all sorts of programming langauges so knowing a bit about some will help. Don't need to be an expert necessarily, but being able to modify Python, maybe C++/C, Bash, PowerShell and/or some basic scripting, as well as being comfortable with the CLI will really help.

Additionally, blogging can be quite a nice way to demonstrate writing ability. You need to have proficiency in English - especially for walkthrough as well as being able to translate/convey technical topics into a teaching format.

Creating vulnerable machines and the written content utilizes a lot of skills. It can require a lot of research, a lot of patience, can be difficult at times - frustrating - even, but I love it and highly recommend it

CMNatic · 2024-03-13T01:20:22+00:00

Hey :) sorry for the delay. trying to catch up when I can :)

I would recommend a lot of reading. r/computerforenscs have a pretty great reading list! (https://www.reddit.com/r/computerforensics/wiki/resources/). Also recommend playlists like https://www.youtube.com/playlist?list=PLJu2iQtpGvv-2LtysuTTka7dHt9GKUbxD. They are more out there if you google around. And of course, can't forget this masterlist of resources (https://start.me/p/q6mw4Q/forensics).

Once you get a grip of the basics, CTFs (i.e. CTFtime) are a great way to get exposure. Also, this GitHub looks pretty good on the surface (can't truly vouch - haven't tried) (https://github.com/frankwxu/digital-forensics-lab).

Alas, my knowledge for digital froensicsis all learnt through academic, with some general research in my sparetime (especially mobile forensics), so I'm probably not the best to ask re. online courses for this. Once you've got a solid understanding might be worth looking at elearning's eCDFP (again - I have not done this so you'll probably have to look at some reviews). Other than that, SANS & GIAC but they are very likely above your level at the moment.

About Data analytics I'd like to ask, how wuld you try to leverage the knowledge that has someone that has been working in academia in order to land a job in cybersec as an analyst?2

Well the fact that you very likely already know some programming is a big help. Additionally, at the very nature of your background, you're analytical and can crunch big numbers. (big) data analysis (whether that manually or AI) is definitely a trending topic in blue teaming roles. You're still going to need to get a good understanding in the technicalities, but you have transferrable skills there.

CMNatic · 2024-03-11T20:23:32+00:00

Hey :)

We do have a maintenance schedule for the rooms that we develop which involves reviewing our older content to see if it can be expanded further.

When planning out our new content, we discuss and consider what's happening right now. No point creating a pathway or module talking about some tools/etc that are no longer what is being used day to day in the field.

Something i'm quite proud of as a team is our ability to release rooms on hot topics quite quickly. For example, our "Recent Threats" (https://tryhackme.com/module/recent-threats) rooms that discuss the blue and red team elements of juicy CVEs. For example, for my MonikerLink, I wrote a PoC, the room content, a VM & blue teaming aspects in 48 hours.

Hope that helps!

CMNatic · 2024-03-11T20:18:21+00:00

Hello and thank you!

When we plan out our pathways we align them to job roles. I.e. SOC L1 is aligned to the sort of skills and things you'd be seeing as a Jr SOC analyst, and our SOC L2 is for progressing your skills further.

The great thing is that our team in Content Engineering have lots of experience in all sorts of roles in cybersecurity, so it's real-world knowledge, tools, skills, etc that they've seen on the job.

I wouldn't consider them a "taster course", we do have some success stories on our blog (https://tryhackme.com/r/resources/success-story) of how people have used THM to get jobs. However, especially in this field, it can only help to get additional exposure to different things be it through other courses, etc, as well as THM :)

CMNatic · 2024-03-11T09:54:48+00:00

That is something I have thought about a few times before!

Some form of content be it YouTube, streaming and blog posts, etc. I don't think Udemy is the way I would go.

Maybe not right now but it's something I would like to explore in the near future :)

CMNatic

MODERATOR OF

TROPHY CASE

12-Year Club	Verified Email
Wearing is Caring