TryHackMe: Pentesting Fundamentals

Key Takeaways :

Distinction of hackers by Hat:

White Hat

The “good people/hacker”, who remain within the law and use their skills to benefit others. For example, a penetration tester performing an authorized engagement on a company.

Grey Hat

These people use their skills to benefit others often; however, they do not respect/follow the law or ethical standards at all times. For example, someone taking down a scamming site.

Black Hat

Criminals and often seek to damage organizations or gain some form of financial benefit at the cost of others.


Rules of engagement: It is a doc created at the initial stages of penetration testing engagement. It has 3 main sections:

Permission: This section of the document gives explicit permission for the engagement to be carried out. This permission is essential to legally protect individuals and organisations for the activities they carry out.

Test Scope: This section of the document will annotate specific targets to which the engagement should apply. For example, the penetration test may only apply to certain servers or applications but not the entire network.

Rules: The rules section will define exactly the techniques that are permitted during the engagement. For example, the rules may specifically state that techniques such as phishing attacks are prohibited, but MITM (Man-in-the-Middle) attacks are okay.

Pentesting Methodology :

The steps a penetration tester takes during an engagement is known as Methodology.


  1. Information gathering — collecting as much information as possible about the target (OSINT, Research).
  2. Enumeration/ Scanning — Discovering applications and services running on the system.
  3. Exploitation — Leveraging vulnerabilities discovered on a system or application(exploit).
  4. Privilege Escalation — Once you have successfully exploited a system or application (known as a foothold), this stage is the attempt to expand your access to a system. You can escalate horizontally and vertically, where horizontally is accessing another account of the same permission group (i.e. another user), whereas vertically is that of another permission group (i.e. an administrator).
  5. Post Exploitation -

This stage involves a few sub-stages:

  • What other hosts can be targeted (pivoting)
  • What additional information can we gather from the host now that we are a privileged user
  • Covering your tracks
  • Reporting


  1. OSSTMM: The open source security testing methodology manual. It focuses on Telecommunications, Wired networks, wireless communication
  2. OWASP: Open Web Application Security Project — test security of web application and services
  3. NIST Cybersecurity Framework ( National Institute of Standards and Technology)- The framework provides guidelines on security controls & benchmarks for success for organisations from critical infrastructure (power plants, etc.) all through to commercial.
  4. NCSC CAF (National Cyber Security Centre Cyber Assessment Framework) — it has 14 principles. It focuses on

Data security System security Identity and access control Resiliency Monitoring Response and recovery planning

Black Box, White Box, Grey Box Penetration Testing

BBT — No knowledge. tester — regular user, no knowledge of programming is necessary.

GBT — Partial Knowledge — Most poplular for penetration testing — (BBT + WBT) — tester has limited knowledge of the internal components.

WBT — Full knowledge — usually done at software developer level who knows programming and application logic.

Black Hat These people are criminals and often seek to damage organisations or gain some form of financial benefit at the cost of others. For example, ransomware authors infect devices with malicious code and hold data for ransom.




Content Creator

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Who is building metatopia?


Is your web site breaking EU law?

Smart Contract Verification, Simplified

5 Ways to Reduce your Credit Card Processing Fees

The Power of Active Collaboration in ISACs, ISAOs and Security Interest Groups

Antivirus That Will Keep Your Small Business Safe

The Crypto Fun Chuck is visiting the Alienworlds Metaverse!

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Content Creator

More from Medium

Walking An Application | TryHackMe

TryHackMe: Network Fundamentals — Intro to LAN a Walkthrough

Pentesting Fundamentals TryHackMe

Bashed | HackTheBox writeup