This is my TryHackMe walkthrough, created to document my learning journey and share solutions with the community. The writeups include a mix of hints, step-by-step explanations, and final answers to help players who get stuck, while still encouraging independent problem-solving.
Pentesting Fundamentals Room - Learn the important ethics and methodologies behind every pentest.
Overview
- Room URL: https://tryhackme.com/room/pentestingfundamentals
- Difficulty: Easy
- Category: Pentesting Fundamentals
Learning Objectives
- Key skills learned in this room:
- Fundamentals behind pentesting
- Pentesting Methodologies
Walkthrough (Hints & Notes)
1. What is Penetration Testing?
No hints needed!
2. Penetration Testing Ethics
- You are given permission to perform a security audit on an organisation; what type of hacker would you be?
=> Answer: White Hat
- You attack an organisation and steal their data, what type of hacker would you be?
=> Answer: Black Hat
- What document defines how a penetration testing engagement should be carried out?
=> Answer: Rules of Engagement
3. Penetration Testing Methodologies
- What stage of penetration testing involves using publicly available information?
=> Answer: Information Gathering
- If you wanted to use a framework for pentesting telecommunications, what framework would you use? Note: We’re looking for the acronym here and not the full name.
=> Answer: OSSTMM
- What framework focuses on the testing of web applications?
=> Answer: OWASP
4. Black box, White box, Grey box Penetration Testing
- You are asked to test an application but are not given access to its source code - what testing process is this?
=> Answer: Black Box
- You are asked to test a website, and you are given access to the source code - what testing process is this?
=> Answer: White Box
5. Practical: ACME Penetration Test
- Complete the penetration test engagement against ACME’s infrastructure.
=> Answer: THM{PENTEST_COMPLETE}