CollinsInfosec Takes on a 30-Day Cybersecurity Challenge on Try HackMe

🎬 NEW VIDEO FROM @collinsinfosec

In this new video, CollinsInfosec embarks on a 30-day cybersecurity challenge using the Try HackMe platform. The main objective is to explore learning paths, tackle challenges, and acquire various skills in information security. The challenge is structured into several phases, each aiming to delve into specific aspects of cybersecurity.

The first part of the challenge focuses on the security engineering learning path. CollinsInfosec starts with the free modules, covering the basics of security in the context of engineering, different architectures, operating systems, network and cloud security, as well as security hardening. One of the preferred modules is the OWASP Top 10, where he was able to manipulate various types of web vulnerabilities via a virtual machine. The small games at the end of the modules are also appreciated for reinforcing the learned concepts.

After completing the free modules in security engineering, CollinsInfosec moves on to the level 1 SOC (Security Operations Center) path. This path covers the basics of SOC, different cyber defense frameworks, and the use of tools like Splunk, Sysinternals, and Snort. The preferred module here is Windows Forensic 1, which allows him to explore Windows forensics, a new skill for him. He particularly appreciates the ability to use virtual machines directly in the browser, which simplifies the learning process.

For the last 10 days of the challenge, CollinsInfosec focuses on the CTF (Capture The Flag) challenges of Try HackMe. He starts with the easy challenges, which usually take between 5 and 10 minutes. Although these challenges are simple, they allow him to refresh his workflows and familiarize himself with the attacker's methodology. He initially uses the Try HackMe Attack Box, but for more advanced challenges, he prefers to provision his own Kali Linux virtual machine with a dedicated OpenVPN connection.

Among the easy challenges, his favorite is Oracle 9, an LM injection attack on Olama. He also explores other challenges like M2 PDF, a web injection attack, and Wise Guy, a cryptography-based attack. For the final days of the challenge, he decides to attempt some medium and high difficulty challenges, such as Why Hack Me, Vault Typhoon, and Reval Corp. These challenges allow him to practice log analysis and familiarize himself with the TTPs (Tactics, Techniques, and Procedures) of real threat groups.

In conclusion, CollinsInfosec particularly appreciates the learning paths of Try HackMe, which allow him to acquire relevant skills for his career. He recommends taking detailed notes and working in small, digestible portions each day. He also emphasizes the importance of using a dedicated virtual machine for longer challenges. Although he was unable to complete the challenge in 30 consecutive days due to various personal and professional commitments, he found the experience enriching and instructive.

To learn more and follow this exciting challenge, watch the full video at the following address: https://www.youtube.com/watch?v=FZLy_SkHkzw