Lessons Learned: My First Ethical Hack with TryHackMe's "Offensive Security Intro"
#cybersecurity#infosec#tryhackme#learning
Emanuele

Emanuele @shadownet0110

About: Cybersecurity enthusiast with a passion for process injection techniques, malware analysis, and offensive security. I explore advanced tactics, build custom tooling, and share insights on threat detec

Location:
Glasgow, Scotland
Joined:
Apr 19, 2025

Lessons Learned: My First Ethical Hack with TryHackMe's "Offensive Security Intro"

Publish Date: Jun 20
0 0

As someone diving into the world of cybersecurity, I recently completed the Offensive Security Intro room on TryHackMe—and it was a game-changer. This room is designed for absolute beginners and offers a hands-on introduction to ethical hacking in a safe, legal environment. Here's a walkthrough of my experience and the key lessons I took away.

🧭 Room Overview
The Offensive Security Intro room is a 15-minute beginner-friendly lab that simulates a real-world hacking scenario. The goal? Hack into a fake banking website called FakeBank using basic tools and techniques that ethical hackers use daily.

🛠️ Walkthrough & Key Concepts
🔍 Task 1: What is Offensive Security?
The room kicks off with a simple but powerful idea:

“To outsmart a hacker, you need to think like one.”

Offensive Security is all about simulating attacks to find vulnerabilities before malicious actors do. This task introduces the concept of penetration testing and sets the stage for the hands-on part.

💻 Task 2: Hacking Your First Machine
Here’s where the fun begins. TryHackMe spins up a virtual machine running the FakeBank website. The goal is to find hidden pages using a tool called Gobuster.

🧪 Step-by-Step:
Start the Machine: Launch the VM and open the terminal.
Run Gobuster:

gobuster -u http://fakebank.thm -w wordlist.txt dir
Enter fullscreen mode Exit fullscreen mode

gobuster

This brute-forces the website to find hidden directories.

Find the Admin Page: One of the discovered paths is /admin, which leads to a login portal.

admin

🔐 Task 3: Force a bank transfer
Once inside the /admin staff page, the next step is to force a bank transfer from another account to our 8881 account. After the confirmation we need to come back to our dashboard to discover the room flag.

room flag

🧠 Lesson:
This simulates the real-world impact of a successful attack.
It reinforces the importance of securing backend admin portals.

📚 Key Takeaways
Hands-On Learning is Powerful: Reading about hacking is one thing—doing it is another. This room made abstract concepts tangible.
Tools Matter: Gobuster is a simple yet powerful tool for directory brute-forcing.
Think Like an Attacker: Understanding how attackers operate helps you build better defenses.
Security is Layered: From weak credentials to exposed admin panels, every layer matters.

🚀 Final Thoughts
If you're new to cybersecurity, I highly recommend starting with this TryHackMe room. It’s short, practical, and gives you a real taste of what ethical hacking is all about.

Comments 0 total

    Add comment