π Enumeration & Brute Force Attacks
β
TryHackMe: Enumeration & Brute Force
In this room, I explored different techniques attackers use to gather information about a target. I practiced using tools like Hydra and Gobuster to brute-force services like SSH and directories β learning just how important strong passwords and secure configurations are.
Key Takeaway: Enumeration is often the first and most critical phase of any attack. A poorly configured system can leak more than expected.
π οΈ Introduction to Metasploit
β
TryHackMe: Metasploit Intro
Metasploit is a powerful framework used for developing and executing exploit code. This room walked me through scanning, exploiting, and post-exploitation steps. I got hands-on experience launching exploits against vulnerable services and learned how to use Meterpreter for interactive access.
Key Takeaway: Metasploit simplifies exploitation but also teaches the importance of understanding vulnerabilities at a deeper level.
π Host and Service Discovery
β
TryHackMe: Lookup & Dig Dug
These rooms focused on DNS enumeration using tools like dig, nslookup, and whois. I explored how domain-related misconfigurations can reveal subdomains or sensitive records β key pieces of the puzzle for attackers.
Key Takeaway: DNS is often overlooked, but itβs a goldmine for open-source intelligence (OSINT).
β‘ Fuzzing & Directory Discovery
β
TryHackMe: FFUF
In this room, I learned how to use FFUF, a fast web fuzzer, to discover hidden directories and files on web servers. It was eye-opening to see how simple wordlists can reveal poorly secured web endpoints.
Key Takeaway: Even well-designed websites can be exposed through hidden paths if not secured or monitored properly.
π° Exploiting Web Applications
β
TryHackMe: Publisher
This was one of the most exciting rooms. I explored how vulnerable web applications can be exploited using a combination of information disclosure, directory traversal, and more. It was a great way to tie together enumeration, fuzzing, and exploitation.
Key Takeaway: Web apps are rich attack surfaces. A simple misconfiguration or outdated plugin can open the doors to attackers.
π HTB Academy: Theory Meets Practice
β
Module 39 & 54 (Linux Fundamentals & Enumeration)
The HTB Academy modules gave me strong theoretical foundations that supported my TryHackMe labs. I brushed up on Linux basics, file permissions, privilege escalation, and enumeration strategies across networks and services.
Key Takeaway: Knowing your operating system inside out is key β especially when you're trying to defend (or attack) it.
π‘ Final Thoughts
This bootcamp gave me more than just practical skills β it helped me develop a hacker mindset. I learned to think critically, look deeper, and always question whatβs running under the hood.
If you're someone who enjoys solving puzzles, thinking like an attacker, or just wants to learn how to protect digital systems β cybersecurity is for you.
Feel free to reach out if you're on a similar journey. Letβs connect and grow together in this exciting field! π
π§ Tools I used:
Hydra, Gobuster, FFUF
Metasploit Framework
dig, nslookup, whois
Burp Suite (lightly)
Linux CLI (a lot!)
Top comments (0)