Getting Started with TryHackMe: A Beginner’s Cybersecurity Roadmap

By Mehmood Ali

Introduction

Whether you’re just starting or looking to grow your skills, this guide will walk you through a structured path on TryHackMe helping you master the basics and build confidence step by step.

Roadmap Overview

The TryHackMe learning path is designed to guide beginners through foundational topics and gradually introduce advanced techniques. It’s divided into several key sections, each focused on specific skills and areas of cybersecurity.

Let’s break down each section:

1. Intro Rooms

This is where your TryHackMe journey begins. These rooms help you:

• Understand how the platform works
• Set up your environment (OpenVPN or AttackBox)
• Navigate and start your first labs

Perfect for first-timers who want a smooth start.

2. Linux & Windows Fundamentals

These two core segments build your knowledge of the most common operating systems used in cybersecurity:

• Learn essential Linux & Windows commands
• Understand file systems, users, permissions, and scripts
• Build confidence navigating real-world environments

3. Basics Rooms

This section introduces you to the fundamental ideas in cybersecurity:

• Penetration testing basics
• Hacker methodologies
• Security concepts and physical security

Hands-on challenges help develop your analytical thinking and practical skills.

4. Recon (Reconnaissance)

Learn the art of gathering information about your targets:

• Passive & active reconnaissance
• Content discovery and directory brute-forcing
• Open-source intelligence (OSINT) techniques

Essential for mapping out systems and finding attack vectors.

5. Scripting

Automate tasks and build custom tools using:

• Python
• JavaScript
• Bash

This section lays the groundwork for writing your own exploits and enhancing productivity as a hacker.

6. Networking

Networking is the backbone of cybersecurity. Learn about:

• IP addressing, subnets, protocols (TCP/UDP)
• LAN and WAN environments
• HTTP, DNS, and network scanning techniques

Gain the skills to spot and exploit network vulnerabilities.

7. Tooling

Master the tools used by professionals:

• Nmap – Port scanning
• Metasploit – Exploitation framework
• Wireshark – Traffic analysis
• Burp Suite – Web vulnerability scanning

Get comfortable using industry-standard tools for assessments and pentests.

8. Crypto & Hashes

Understand the principles behind encryption and data protection:

• Cryptographic algorithms
• Cracking password hashes
• Solving crypto challenges

Strengthen your knowledge of secure communication and integrity.

9. Steganography

Learn how to uncover hidden data inside media files:

• Analyze images, audio, and other file types
• Extract hidden messages and metadata
• Solve stego-based CTF challenges

Perfect for digital forensics enthusiasts!

10. Web Security

Dive into the world of web applications:

• OWASP Top 10 vulnerabilities
• Exploiting SQL injection, XSS, CSRF
• Tools like SQLMap, Burp Suite, and more

Get hands-on with real-world web hacking labs.

Roadmap To Follow

Intro Rooms

• TryHackMe | Welcome
• TryHackMe | How to use TryHackMe
• TryHackMe | Tutorial
• TryHackMe | OpenVPN
• TryHackMe | Learning Cyber Security
• TryHackMe | Starting Out In Cyber Sec
• TryHackMe | Introductory Researching
• TryHackMe | CC: Pen Testing
• TryHackMe | Regular expressions

Linux Fundamentals

• TryHackMe | Learn Linux
• TryHackMe | Linux Modules
• TryHackMe | Linux Fundamentals Part 1
• TryHackMe | Linux Fundamentals Part 2
• TryHackMe | Linux Fundamentals Part 3

Windows Fundamentals

• TryHackMe | Windows Fundamentals 1
• TryHackMe | Windows Fundamentals 2
• TryHackMe | Windows Fundamentals 3

Basics Rooms

• TryHackMe | Basic Pentesting
• TryHackMe | Pentesting Fundamentals
• TryHackMe | Principles of Security
• TryHackMe | The Hacker Methodology
• TryHackMe | Physical Security Intro
• TryHackMe | Linux Strength Training
• TryHackMe | OpenVAS
• TryHackMe | ISO27001
• TryHackMe | UltraTech

Recon

• TryHackMe | Passive Reconnaissance
• TryHackMe | Active Reconnaissance
• TryHackMe | Content Discovery
• TryHackMe | OhSINT
• TryHackMe | Shodan.io
• TryHackMe | Google Dorking
• TryHackMe | WebOSINT
• TryHackMe | Sakura Room
• TryHackMe | Red Team Recon
• TryHackMe | Searchlight – IMINT

Scripting

• TryHackMe | Python Basics
• TryHackMe | Python Playground
• TryHackMe | Intro PoC Scripting
• TryHackMe | Peak Hill
• TryHackMe | JavaScript Basics
• TryHackMe | Bash Scripting
• TryHackMe | Learn Rust
• TryHackMe | Why Subscribe

Networking

• TryHackMe | Introductory Networking
• TryHackMe | What is Networking?
• TryHackMe | Networking
• TryHackMe | Intro to LAN
• TryHackMe | HTTP in detail
• TryHackMe | DNS in detail
• TryHackMe | Dumping Router Firmware

Tooling

• TryHackMe | Metasploit: Introduction
• TryHackMe | Metasploit: Introduction
• TryHackMe | tmux
• TryHackMe | REmux The Tmux
• TryHackMe | Hydra
• TryHackMe | Sublist3r
• TryHackMe | Toolbox: Vim
• TryHackMe | Introduction to OWASP ZAP
• TryHackMe | Phishing: HiddenEye
• TryHackMe | RustScan
• TryHackMe | Nessus
• TryHackMe | Nmap Live Host Discovery
• TryHackMe | Nmap
• TryHackMe | TShark
• TryHackMe | ffuf
• TryHackMe | Burp Suite: The Basics
• TryHackMe | Burp Suite: Repeater

Crypto & Hashes

• TryHackMe | Cryptography for Dummies
• TryHackMe | Crack the hash
• TryHackMe | Crack The Hash Level 2
• TryHackMe | Agent Sudo
• TryHackMe | Brute It

Steganography

• TryHackMe | CC: Steganography
• TryHackMe | Cicada-3301 Vol:1
• TryHackMe | Musical Stego
• TryHackMe | Madness
• TryHackMe | Psycho Break
• TryHackMe | Unstable Twin

Web

• TryHackMe | HTTP in detail
• TryHackMe | WebAppSec 101
• TryHackMe | Vulnerabilities 101
• TryHackMe | Walking An Application
• TryHackMe | OWASP Top 10
• TryHackMe | OWASP Juice Shop
• TryHackMe | Web Scanning
• TryHackMe | OWASP Mutillidae II
• TryHackMe | WebGOAT
• TryHackMe | DVWA
• TryHackMe | VulnNet
• TryHackMe | Juicy Details
• TryHackMe | Vulnversity
• TryHackMe | Injection
• TryHackMe | LFI Basics
• TryHackMe | Inclusion
• TryHackMe | SQL Injection Lab
• TryHackMe | SSTI
• TryHackMe | SQL Injection
• TryHackMe | Basic Pentesting
• TryHackMe | OWASP Juice Shop
• TryHackMe | Ignite
• TryHackMe | Overpass
• TryHackMe | Year of the Rabbit
• TryHackMe | Develpy
• TryHackMe | Jack-of-All-Trades
• TryHackMe | Bolt

Android

• TryHackMe | Android Hacking 101

Forensics

• TryHackMe | Linux Server Forensics
• TryHackMe | Forensics
• TryHackMe | Memory Forensics
• TryHackMe | Volatility
• TryHackMe | Disk Analysis & Autopsy

Wi-Fi Hacking

• TryHackMe | Wifi Hacking 101

Reverse Engineering

• TryHackMe | Intro to x86-64
• TryHackMe | Windows x64 Assembly
• TryHackMe | Reverse Engineering
• TryHackMe | Reversing ELF
• TryHackMe | JVM Reverse Engineering
• https://tryhackme.com/room/ccradare
• TryHackMe | CC: Radare2
• TryHackMe | CC: Ghidra
• TryHackMe | Aster
• TryHackMe | Classic Passwd
• TryHackMe | REloaded

Malware Analysis

• TryHackMe | History of Malware
• TryHackMe | MAL: Malware Introductory
• TryHackMe | Basic Malware RE
• TryHackMe | MAL: Researching
• TryHackMe | Mobile Malware Analysis
• TryHackMe | Carnage
• TryHackMe | Dunkle Materie

PrivEsc

• TryHackMe | Linux Privilege Escalation
• TryHackMe | Linux PrivEsc
• TryHackMe | Linux PrivEsc Arena
• TryHackMe | Windows PrivEsc
• TryHackMe | Windows PrivEsc Arena
• TryHackMe | Linux Agency
• TryHackMe | Sudo Security Bypass
• TryHackMe | Sudo Buffer Overflow
• TryHackMe | Blaster
• TryHackMe | Ignite
• TryHackMe | Kenobi
• TryHackMe | c4ptur3-th3-fl4g
• TryHackMe | Pickle Rick

Windows

• TryHackMe | Investigating Windows
• TryHackMe | Investigating Windows 2.0
• TryHackMe | Investigating Windows 3.x
• TryHackMe | Blueprint
• TryHackMe | VulnNet: Active
• TryHackMe | Anthem
• TryHackMe | Blue

Active Directory

• TryHackMe | Attacktive Directory
• TryHackMe | Post-Exploitation Basics
• TryHackMe | USTOUN
• TryHackMe | Enterprise
• TryHackMe | RazorBlack

PCAP Analysis

• TryHackMe | h4cked
• TryHackMe | Carnage
• TryHackMe | CCT2019
• TryHackMe | Overpass 2 – Hacked

BufferOverflow

• TryHackMe | Buffer Overflow Prep
• TryHackMe | Gatekeeper
• TryHackMe | Chronicle
• TryHackMe | Intro To Pwntools

Easy CTF

• TryHackMe | GamingServer
• TryHackMe | OverlayFS – CVE-2021-3493
• TryHackMe | Psycho Break
• TryHackMe | Bounty Hacker
• TryHackMe | Fowsniff CTF
• TryHackMe | RootMe
• TryHackMe | AttackerKB
• TryHackMe | Pickle Rick
• TryHackMe | c4ptur3-th3-fl4g
• TryHackMe | Library
• TryHackMe | Thompson
• TryHackMe | Simple CTF
• TryHackMe | LazyAdmin
• TryHackMe | Anonforce
• TryHackMe | Ignite
• TryHackMe | Wgel CTF
• TryHackMe | Kenobi
• TryHackMe | Dav
• TryHackMe | Ninja Skills
• TryHackMe | Ice
• TryHackMe | Lian_Yu
• TryHackMe | The Cod Caper
• TryHackMe | Blaster
• TryHackMe | Encryption – Crypto 101
• TryHackMe | Brooklyn Nine Nine
• TryHackMe | Year of the Rabbit
• TryHackMe | Jack-of-All-Trades
• TryHackMe | Madness
• TryHackMe | KoTH Food CTF
• TryHackMe | Easy Peasy
• TryHackMe | Tony the Tiger
• TryHackMe | CTF collection Vol.1
• TryHackMe | Smag Grotto
• TryHackMe | Couch
• TryHackMe | Source
• TryHackMe | Overpass
• TryHackMe | Gotta Catch’em All!
• TryHackMe | Bolt
• TryHackMe | Overpass 2 – Hacked
• TryHackMe | kiba
• TryHackMe | Poster
• TryHackMe | Chocolate Factory
• TryHackMe | Startup
• TryHackMe | Chill Hack
• TryHackMe | ColddBox: Easy
• TryHackMe | GLITCH
• TryHackMe | All in One
• TryHackMe | Archangel
• TryHackMe | Cyborg
• TryHackMe | Lunizz CTF
• TryHackMe | Badbyte
• TryHackMe | Team
• TryHackMe | VulnNet: Node
• TryHackMe | VulnNet: Internal
• TryHackMe | Atlas
• TryHackMe | VulnNet: Roasted
• TryHackMe | Cat Pictures
• TryHackMe | Mustacchio

Medium CTF

• TryHackMe | Mr Robot CTF
• TryHackMe | GoldenEye
• TryHackMe | StuxCTF
• TryHackMe | Boiler CTF
• TryHackMe | HA Joker CTF
• TryHackMe | Biohazard
• TryHackMe | Break it
• TryHackMe | Willow
• TryHackMe | The Marketplace
• TryHackMe | Nax
• TryHackMe | Mindgames
• TryHackMe | Anonymous
• TryHackMe | Blog
• TryHackMe | Wonderland
• TryHackMe | 0day
• TryHackMe | Develpy
• TryHackMe | CTF collection Vol.2
• TryHackMe | CMesS
• TryHackMe | Deja Vu
• TryHackMe | hackerNote
• TryHackMe | dogcat
• TryHackMe | ConvertMyVideo
• TryHackMe | KoTH Hackers
• TryHackMe | Revenge
• TryHackMe | harder
• TryHackMe | HaskHell
• TryHackMe | Undiscovered
• TryHackMe | Break Out The Cage
• TryHackMe | The Impossible Challenge
• TryHackMe | Looking Glass
• TryHackMe | Recovery
• TryHackMe | Relevant
• TryHackMe | Ghizer
• TryHackMe | Mnemonic
• TryHackMe | WWBuddy
• TryHackMe | The Blob Blog
• TryHackMe | Cooctus Stories
• TryHackMe | One Piece
• TryHackMe | toc2
• TryHackMe | NerdHerd
• TryHackMe | Kubernetes Chall TDI 2020
• TryHackMe | The Server From Hell
• TryHackMe | Jacob the Boss
• TryHackMe | Unbaked Pie
• TryHackMe | Bookstore
• TryHackMe | Overpass 3 – Hosting
• TryHackMe | battery
• TryHackMe | Madeye’s Castle
• TryHackMe | En-pass
• TryHackMe | Sustah
• TryHackMe | KaffeeSec – SoMeSINT
• TryHackMe | Tokyo Ghoul
• TryHackMe | Watcher
• TryHackMe | broker
• TryHackMe | Inferno
• TryHackMe | VulnNet: dotpy
• TryHackMe | Wekor
• TryHackMe | pyLon
• TryHackMe | The Great Escape
• TryHackMe | SafeZone
• TryHackMe | NahamStore
• TryHackMe | Sweettooth Inc.
• TryHackMe | CMSpit
• TryHackMe | Super-Spam
• TryHackMe | That’s The Ticket
• TryHackMe | Debug
• TryHackMe | Red Stone One Carat
• TryHackMe | Cold VVars
• TryHackMe | Metamorphosis
• TryHackMe | SQHell
• TryHackMe | Fortress
• TryHackMe | CyberCrafted
• TryHackMe | Road

Hard CTF

• TryHackMe | Motunui
• TryHackMe | Spring
• TryHackMe | Brainpan 1
• TryHackMe | Borderlands
• TryHackMe | hc0n Christmas CTF
• TryHackMe | Daily Bugle
• TryHackMe | Retro
• TryHackMe | Jeff
• TryHackMe | Racetrack Bank
• TryHackMe | Dave’s Blog
• TryHackMe | CherryBlossom
• TryHackMe | CCT2019
• TryHackMe | Iron Corp
• TryHackMe | Carpe Diem 1
• TryHackMe | Ra
• TryHackMe | Year of the Fox
• TryHackMe | For Business Reasons
• TryHackMe | Anonymous Playground
• TryHackMe | Misguided Ghosts
• TryHackMe | Theseus
• TryHackMe | Internal
• TryHackMe | Year of the Dog
• TryHackMe | You’re in a cave
• TryHackMe | Year of the Owl
• TryHackMe | Year of the Pig
• TryHackMe | envizon
• TryHackMe | GameBuzz
• TryHackMe | Fusion Corp
• TryHackMe | Crocc Crew
• TryHackMe | Uranium CTF
• TryHackMe | Year of the Jellyfish
• TryHackMe | Rocket
• TryHackMe | Squid Game
• TryHackMe | EnterPrize
• TryHackMe | Different CTF
• TryHackMe | VulnNet: dotjar
• TryHackMe | M4tr1x: Exit Denied
• TryHackMe | Shaker

Misc

• TryHackMe | Introduction to Django
• TryHackMe | Git Happens
• TryHackMe | Meltdown Explained
• TryHackMe | Splunk
• TryHackMe | Linux Backdoors
• TryHackMe | Jupyter 101
• TryHackMe | Geolocating Images
• TryHackMe | Tor
• TryHackMe | tomghost
• TryHackMe | DLL HIJACKING
• TryHackMe | Intro to IoT Pentesting
• TryHackMe | Attacking ICS Plant #1
• TryHackMe | Attacking ICS Plant #2
• TryHackMe | Printer Hacking 101
• TryHackMe | DNS Manipulation
• TryHackMe | Introduction to Flask
• TryHackMe | MITRE
• TryHackMe | magician
• TryHackMe | JPGChat
• TryHackMe | Baron Samedit
• TryHackMe | CVE-2021-41773/42013
• TryHackMe | Binary Heaven
• TryHackMe | Git and Crumpets
• TryHackMe | Polkit: CVE-2021-3560
• TryHackMe | Hip Flask
• TryHackMe | Bypass Disable Functions
• TryHackMe | Wordpress: CVE-2021-29447
• TryHackMe | Linux Function Hooking
• TryHackMe | REvil Corp
• TryHackMe | Sudo Buffer Overflow
• TryHackMe | Sudo Security Bypass
• TryHackMe | Solar, exploiting log4j
• TryHackMe | Conti
• TryHackMe | Dirty Pipe: CVE-2022-0847
• TryHackMe | The find command

Special Events

• TryHackMe | 25 Days of Cyber Security
• [TryHackMe | Advent of Cyber 1 (2019)
• [TryHackMe | Advent of Cyber 2 (2020)
• TryHackMe | Advent of Cyber 3 (2021)
• TryHackMe | Advent of Cyber 2022
• TryHackMe | Cyber Scotland 2021
• TryHackMe | Hacker of the Hill #1
• TryHackMe | Learn and win prizes
• TryHackMe | Learn and win prizes #2

Personal Journey & Insights

As someone who’s used TryHackMe for over 8 years, I’ve witnessed the platform’s growth and its incredible impact on aspiring cybersecurity professionals.

From tackling my first rooms to reaching the Top 1% of global users, TryHackMe has been the cornerstone of my learning journey. The hands-on challenges helped bridge the gap between theory and practice — something no textbook can fully offer.

One of the best things about TryHackMe is the community. Whether it’s forums, Discord servers, or discussion sections within rooms, there’s always someone willing to help, collaborate, or share insights. I’ve learned just as much from others as I have from the rooms themselves.

Reaching the top ranks wasn’t easy – it took consistency, curiosity, and a lot of trial and error. But every challenge helped me think critically, solve problems faster, and grow stronger in my technical abilities.

Conclusion

The TryHackMe roadmap is one of the best ways to enter the cybersecurity field. With a beginner-friendly structure, practical challenges, and a supportive community, it gives you everything you need to start building real-world skills.

My advice for beginners:

• Be consistent
• Don’t be afraid to fail
• Ask questions, stay curious, and engage with others
• Practice what you learn

Whether you’re brand new or sharpening your skills, TryHackMe has something valuable for everyone. Dive in, stay focused, and enjoy the journey into the world of cybersecurity.

Happy hacking!
– Mehmood Ali