Hey people, here's a list of 390+ Free TryHackMe rooms to start learning hacking. I have arranged & compiled them according to different topics so that you can start hacking right now and also! All the rooms herein, are absolutely free. ATTACK!!
This repository is maintained by winterrdog . For any suggestion feel free to reach out to me.
In case you are interested in playing to win, here is something for you: Hack2Win: How you can grab extra tickets. If you do not have a TryHackMe account yet, signup here.
If you genuinely feel like this project helped you a lot, you can always send your appreciation anonymously to either one of these wallets:
- BTC:
17duzuYcv1QRDojfvmFVFowrKBe9EyQ1Bo - USDT:
TWSv2CmzZ9Xgp8j8PwfTDZ329CXJPokpHH
| Name of Topic | Number of Rooms |
|---|---|
| Introductory Rooms | 19 |
| Linux Fundamentals | 4 |
| Windows Fundamentals | 3 |
| Basic Rooms | 13 |
| Reconnaissance | 10 |
| Scripting | 7 |
| Networking | 7 |
| Tooling | 19 |
| Crypto & Hashes | 7 |
| Steganography | 6 |
| Web | 30 |
| Android | 1 |
| Forensics | 12 |
| Wifi Hacking | 1 |
| Reverse Engineering | 10 |
| Malware Analysis | 8 |
| Privilege Escalation | 13 |
| Artificial Intelligence | 1 |
| Windows | 9 |
| Active Directory | 7 |
| PCAP Analysis | 4 |
| Buffer Overflow | 4 |
| Easy CTF | 52 |
| Medium CTF | 55 |
| Hard CTF | 40 |
| Misc | 40 |
| Special Events | 10 |
| Container Security | 2 |
| Total Rooms: | >= 393 |
- TryHackMe | Bypass Really Simple Security
- TryHackMe | Web Application Basics
- TryHackMe | Cryptography Basics
- TryHackMe | CyberChef: The Basics
- TryHackMe | SOC Fundamentals
- TryHackMe | Networking Concepts
- TryHackMe | Search Skills
- TryHackMe | Windows Command Line
- TryHackMe | Hosted Hypervisors
- TryHackMe | Enumeration & Brute Force
- TryHackMe | Introduction to CryptOps
- TryHackMe | Linux File System Analysis
- TryHackMe | Threat Hunting: Foothold
- TryHackMe | Threat Hunting: Introduction
- TryHackMe | Preparation
- TryHackMe | Intro to Logs
- TryHackMe | Intro to Threat Emulation
- TryHackMe | Security Engineer Intro
- TryHackMe | Intro to Docker
- TryHackMe | SDLC
- TryHackMe | Welcome
- TryHackMe | How to use TryHackMe
- TryHackMe | Tutorial
- TryHackMe | OpenVPN
- TryHackMe | Learning Cyber Security
- TryHackMe | Starting Out In Cyber Sec
- TryHackMe | Introductory Researching
- TryHackMe | Regular expressions
- TryHackMe | Modules
- TryHackMe | Linux Fundamentals Part 1
- Basics of Linux -- added this since the fundamentals rooms were all made premium. In case you need deeper study into Linux read follow these:
- A very deep dive book -- It's around 900 pages
- A reddit community where Linux challenges are posted daily -- More like practice or keeping in loop
- TryHackMe | Windows Fundamentals 1
- TryHackMe | Windows Fundamentals 2
- TryHackMe | Windows Fundamentals 3
- TryHackMe | Writing Pentest Reports
- TryHackMe | Bypass Really Simple Security
- TryHackMe | Insecure Randomness
- TryHackMe | Hypervisor Internals
- TryHackMe | Splunk: Exploring SPL
- TryHackMe | ParrotPost: Phishing Analysis
- TryHackMe | x86 Architecture Overview
- TryHackMe | Threat Intelligence for SOC
- TryHackMe | Basic Pentesting
- TryHackMe | Pentesting Fundamentals
- TryHackMe | Principles of Security
- TryHackMe | The Hacker Methodology
- TryHackMe | Physical Security Intro
- TryHackMe | Linux Strength Training
- TryHackMe | OpenVAS
- TryHackMe | ISO27001
- TryHackMe | UltraTech
- TryHackMe | Cyber Kill Chain
- TryHackMe | Passive Reconnaissance
- TryHackMe | Active Reconnaissance
- TryHackMe | Content Discovery
- TryHackMe | OhSINT
- TryHackMe | Shodan.io
- TryHackMe | Google Dorking
- TryHackMe | WebOSINT
- TryHackMe | Sakura Room
- TryHackMe | Searchlight - IMINT
- TryHackMe | Custom Tooling Using Python
- TryHackMe | Python Basics
- TryHackMe | Python Playground
- TryHackMe | Intro PoC Scripting
- TryHackMe | Peak Hill
- TryHackMe | JavaScript Basics
- TryHackMe | Bash Scripting
- TryHackMe | Learn Rust
- TryHackMe | Network Security Essentials
- TryHackMe | Network Discovery Detection
- TryHackMe | Introductory Networking
- TryHackMe | What is Networking?
- TryHackMe | Networking
TryHackMe | Intro to LAN-- TryHackMe made this room PREMIUM. Try using this deep Khan Academy resource, it's excellent trust me!- TryHackMe | HTTP in detail
- TryHackMe | DNS in detail
- TryHackMe | Dumping Router Firmware
- TryHackMe | Snyk Open Source
- TryHackMe | Snyk Code
- TryHackMe | Intro to IaC
- TryHackMe | Metasploit: Introduction
- TryHackMe | Metasploit: Introduction
- TryHackMe | tmux
- TryHackMe | REmux The Tmux
- TryHackMe | Hydra
- TryHackMe | Toolbox: Vim
- TryHackMe | Introduction to OWASP ZAP
- TryHackMe | Phishing: HiddenEye
- TryHackMe | RustScan
- TryHackMe | Nessus
- TryHackMe | Nmap Live Host Discovery
- TryHackMe | Nmap
- TryHackMe | TShark
- TryHackMe | ffuf
- TryHackMe | Burp Suite: The Basics
- TryHackMe | Burp Suite: Repeater
- TryHackMe | K8s Runtime Security
- TryHackMe | K8s Best Security Practices
- TryHackMe | Cluster Hardening
- TryHackMe | Breaking Crypto the Simple Way
- TryHackMe | Crypto Failures
- TryHackMe | Breaking RSA
- TryHackMe | Cryptography for Dummies
- TryHackMe | Crack the hash
- TryHackMe | Crack The Hash Level 2
- TryHackMe | Agent Sudo
- TryHackMe | Brute It
- TryHackMe | Introduction to Cryptography
- TryHackMe | CC: Steganography
- TryHackMe | Cicada-3301 Vol:1
- TryHackMe | Musical Stego
- TryHackMe | Madness
- TryHackMe | Psycho Break
- TryHackMe | Unstable Twin
- TryHackMe | Chaining Vulnerabilities
- TryHackMe | Detecting Web Attacks
- TryHackMe | Web Security Essentials
- TryHackMe | Microservices Architectures
- TryHackMe | NoSQL Injection
- TryHackMe | Advanced SQL Injection
- TryHackMe | XSS
- TryHackMe | CSRF
- TryHackMe | File Inclusion, Path Traversal
- TryHackMe | HTTP Request Smuggling
- TryHackMe | HTTP/2 Request Smuggling
- TryHackMe | SSRF
- TryHackMe | OWASP Broken Access Control
- TryHackMe | HTTP in detail
- TryHackMe | Vulnerabilities 101
TryHackMe | Walking An Application-- Sadly..! This was made PREMIUM- TryHackMe | OWASP Top 10 - 2021
- TryHackMe | OWASP Top 10
- TryHackMe | OWASP Juice Shop
- TryHackMe | OWASP Mutillidae II
- TryHackMe | WebGOAT
- TryHackMe | DVWA
- TryHackMe | VulnNet
- TryHackMe | Juicy Details
- TryHackMe | Vulnversity
- TryHackMe | SQL Injection Lab
- TryHackMe | SSTI
- TryHackMe | SQL Injection
- TryHackMe | Basic Pentesting
- TryHackMe | Ignite
- TryHackMe | Overpass
- TryHackMe | Year of the Rabbit
- TryHackMe | Develpy
- TryHackMe | Jack-of-All-Trades
- TryHackMe | Bolt
- TryHackMe | Linux Threat Detection 1
- TryHackMe | AppSec IR
- TryHackMe | Linux Logging for SOC
- TryHackMe | SOC Role in Blue Team
- TryHackMe | Session Forensics
- TryHackMe | Windows Logging for SOC
- TryHackMe | Mobile Acquisition
- TryHackMe | Volatility Essentials
- TryHackMe | Memory Analysis Introduction
- TryHackMe | MS Sentinel: Just Looking
- TryHackMe | SOC L1 Alert Triage
- TryHackMe | Compromised Windows Analysis
- TryHackMe | SOC L1 Alert Reporting
- TryHackMe | macOS Forensics: Artefacts
- TryHackMe | macOS Forensics: The Basics
- TryHackMe | FAT32 Analysis
- TryHackMe | MBR and GPT Analysis
- TryHackMe | Supply Chain Attack: Lottie
- TryHackMe | Incident Response Process
- TryHackMe | Linux Incident Surface
- TryHackMe | IR Playbooks
- TryHackMe | Intro to Cold System Forensics
- TryHackMe | Forensic Imaging
- TryHackMe | IR Philosophy and Ethics
- TryHackMe | Windows Applications Forensics
- TryHackMe | Legal Considerations in DFIR
- TryHackMe | Servidae: Log Analysis in ELK
- TryHackMe | Identification & Scoping
- TryHackMe | Digital Forensics Case B4DM755
- TryHackMe | Linux Server Forensics
- TryHackMe | Forensics
- TryHackMe | Memory Forensics
- TryHackMe | Volatility
- TryHackMe | Disk Analysis & Autopsy
- TryHackMe | Intro to x86-64
- TryHackMe | Windows x64 Assembly
- TryHackMe | Reverse Engineering
- TryHackMe | Reversing ELF
- TryHackMe | JVM Reverse Engineering
- TryHackMe | CC: Radare2
- TryHackMe | CC: Ghidra
- TryHackMe | Aster
- TryHackMe | Classic Passwd
- TryHackMe | REloaded
- TryHackMe | Introduction to EDR
- TryHackMe | Malware Classification
- TryHackMe | File and Hash Threat Intel
- TryHackMe | APT28 Inception Theory
- TryHackMe | Intro to Detection Engineering
- TryHackMe | History of Malware
- TryHackMe | MAL: Malware Introductory
- TryHackMe | Basic Malware RE
- TryHackMe | MAL: Researching
- TryHackMe | Mobile Malware Analysis
- TryHackMe | Carnage
- TryHackMe | Dunkle Materie
- TryHackMe | Linux Privilege Escalation
- TryHackMe | Linux PrivEsc
- TryHackMe | Linux PrivEsc Arena
- TryHackMe | Windows PrivEsc
- TryHackMe | Windows PrivEsc Arena
- TryHackMe | Linux Agency
- TryHackMe | Sudo Security Bypass
- TryHackMe | Sudo Buffer Overflow
- TryHackMe | Blaster
- TryHackMe | Ignite
- TryHackMe | Kenobi
- TryHackMe | c4ptur3-th3-fl4g
- TryHackMe | Pickle Rick
- TryHackMe | Windows Logging for SOC
- TryHackMe | Windows Threat Detection 1
- TryHackMe | XDR: Introduction
- TryHackMe | Windows Incident Surface
- TryHackMe | Registry Persistence Detection
- TryHackMe | Investigating Windows
- TryHackMe | Investigating Windows 2.0
- TryHackMe | Investigating Windows 3.x
- TryHackMe | Blueprint
- TryHackMe | VulnNet: Active
- TryHackMe | Anthem
- TryHackMe | Blue
- TryHackMe | Active Directory Basics
- TryHackMe | AD: Basic Enumeration
- TryHackMe | Active Directory Hardening
- TryHackMe | Attacktive Directory
- TryHackMe | Post-Exploitation Basics
- TryHackMe | USTOUN
- TryHackMe | Enterprise
- TryHackMe | RazorBlack
- TryHackMe | Buffer Overflow Prep
- TryHackMe | Gatekeeper
- TryHackMe | Chronicle
- TryHackMe | Intro To Pwntools
- TryHackMe | Oracle 9
- TryHackMe | Soupedecode 01
- TryHackMe | Oracle 9
- TryHackMe | Billing
- TryHackMe | Light
- TryHackMe | Lo-Fi
- TryHackMe | Silver Platter
- TryHackMe | The Sticker Shop
- TryHackMe | Lookup
- TryHackMe | Threat Hunting With YARA
- TryHackMe | Whiterose
- TryHackMe | Pyrat
- TryHackMe | Cheese CTF
- TryHackMe | U.A. High School
- TryHackMe | Joomify
- TryHackMe | Critical
- TryHackMe | Publisher
- TryHackMe | W1seGuy
- TryHackMe | mKingdom
- TryHackMe | Linux Process Analysis
- TryHackMe | CyberLens
- TryHackMe | TryHack3M: Bricks Heist
- TryHackMe | Creative
- TryHackMe | Eviction
- TryHackMe | Probe
- TryHackMe | Dreaming
- TryHackMe | The Witch's Cauldron
- TryHackMe | Bulletproof Penguin
- TryHackMe | Hijack
- TryHackMe | Compiled
- TryHackMe | Super Secret TIp
- TryHackMe | Lesson Learned?
- TryHackMe | Grep
- TryHackMe | Red
- TryHackMe | Snapped "Phish"-ing Line
- TryHackMe | Cat Pictures 2
- TryHackMe | Flip
- TryHackMe | Valley!
- TryHackMe | Capture!
- TryHackMe | Opacity
- TryHackMe | LookBack
- TryHackMe | Bugged
- TryHackMe | GamingServer
- TryHackMe | Confidential
- TryHackMe | OverlayFS - CVE-2021-3493
- TryHackMe | Psycho Break
- TryHackMe | Bounty Hacker
- TryHackMe | Fowsniff CTF
- TryHackMe | RootMe
- TryHackMe | AttackerKB
- TryHackMe | Pickle Rick
- TryHackMe | c4ptur3-th3-fl4g
- TryHackMe | Library
- TryHackMe | Thompson
- TryHackMe | Simple CTF
- TryHackMe | LazyAdmin
- TryHackMe | Anonforce
- TryHackMe | Ignite
- TryHackMe | Wgel CTF
- TryHackMe | Kenobi
- TryHackMe | Dav
- TryHackMe | Ninja Skills
- TryHackMe | Ice
- TryHackMe | Lian_Yu
- TryHackMe | The Cod Caper
- TryHackMe | Blaster
- TryHackMe | Encryption - Crypto 101
- TryHackMe | Brooklyn Nine Nine
- TryHackMe | Year of the Rabbit
- TryHackMe | Jack-of-All-Trades
- TryHackMe | Madness
- TryHackMe | KoTH Food CTF
- TryHackMe | Easy Peasy
- TryHackMe | Tony the Tiger
- TryHackMe | CTF collection Vol.1
- TryHackMe | Smag Grotto
- TryHackMe | Couch
- TryHackMe | Source
- TryHackMe | Overpass
- TryHackMe | Gotta Catch'em All!
- TryHackMe | Bolt
- TryHackMe | Overpass 2 - Hacked
- TryHackMe | kiba
- TryHackMe | Poster
- TryHackMe | Chocolate Factory
- TryHackMe | Startup
- TryHackMe | Chill Hack
- TryHackMe | ColddBox: Easy
- TryHackMe | GLITCH
- TryHackMe | All in One
- TryHackMe | Archangel
- TryHackMe | Cyborg
- TryHackMe | Lunizz CTF
- TryHackMe | Badbyte
- TryHackMe | Team
- TryHackMe | VulnNet: Node
- TryHackMe | VulnNet: Internal
- TryHackMe | Atlas
- TryHackMe | VulnNet: Roasted
- TryHackMe | Cat Pictures
- TryHackMe | Mustacchio
- TryHackMe | Industrial Intrusion
- TryHackMe | Volt Typhoon
- TryHackMe | Logless Hunt
- TryHackMe | Security Footage
- TryHackMe | Mayhem
- TryHackMe | Robots
- TryHackMe | Hackfinity Battle
- TryHackMe | Rabbit Store
- TryHackMe | Smol
- TryHackMe | Backtrack
- TryHackMe | Extracted
- TryHackMe | The London Bridge
- TryHackMe | Breakme
- TryHackMe | Block
- TryHackMe | APIWizards Breach
- TryHackMe | New York Flankees
- TryHackMe | Airplane
- TryHackMe | Profiles
- TryHackMe | Clocky
- TryHackMe | Hack Smarter Security
- TryHackMe | Kitty
- TryHackMe | Umbrella
- TryHackMe | AVenger
- TryHackMe | WhyHackMe
- TryHackMe | Stealth
- TryHackMe | Hunt Me I: Payment Collectors
- TryHackMe | Hunt Me II: Typo Squatters
- TryHackMe | Athena
- TryHackMe | Crylo
- TryHackMe | Forgotten Implant
- TryHackMe | Race Conditions
- TryHackMe | Weasel
- TryHackMe | Prioritise
- TryHackMe | Boogeyman 1
- TryHackMe | Mr Robot CTF
- TryHackMe | Unattended
- TryHackMe | GoldenEye
- TryHackMe | StuxCTF
- TryHackMe | Boiler CTF
- TryHackMe | HA Joker CTF
- TryHackMe | Biohazard
- TryHackMe | Break it
- TryHackMe | Willow
- TryHackMe | The Marketplace
- TryHackMe | Nax
- TryHackMe | Mindgames
- TryHackMe | Anonymous
- TryHackMe | Blog
- TryHackMe | Wonderland
- TryHackMe | 0day
- TryHackMe | Develpy
- TryHackMe | CTF collection Vol.2
- TryHackMe | CMesS
- TryHackMe | Deja Vu
- TryHackMe | hackerNote
- TryHackMe | dogcat
- TryHackMe | ConvertMyVideo
- TryHackMe | KoTH Hackers
- TryHackMe | Revenge
- TryHackMe | harder
- TryHackMe | HaskHell
- TryHackMe | Undiscovered
- TryHackMe | Break Out The Cage
- TryHackMe | The Impossible Challenge
- TryHackMe | Looking Glass
- TryHackMe | Recovery
- TryHackMe | Relevant
- TryHackMe | Ghizer
- TryHackMe | Mnemonic
- TryHackMe | WWBuddy
- TryHackMe | The Blob Blog
- TryHackMe | Cooctus Stories
- TryHackMe | One Piece
- TryHackMe | toc2
- TryHackMe | NerdHerd
- TryHackMe | Kubernetes Chall TDI 2020
- TryHackMe | The Server From Hell
- TryHackMe | Jacob the Boss
- TryHackMe | Unbaked Pie
- TryHackMe | Bookstore
- TryHackMe | Overpass 3 - Hosting
- TryHackMe | battery
- TryHackMe | Madeye's Castle
- TryHackMe | En-pass
- TryHackMe | Sustah
- TryHackMe | KaffeeSec - SoMeSINT
- TryHackMe | Tokyo Ghoul
- TryHackMe | Watcher
- TryHackMe | broker
- TryHackMe | Inferno
- TryHackMe | VulnNet: dotpy
- TryHackMe | Wekor
- TryHackMe | pyLon
- TryHackMe | The Great Escape
- TryHackMe | SafeZone
- TryHackMe | NahamStore
- TryHackMe | Sweettooth Inc.
- TryHackMe | CMSpit
- TryHackMe | Super-Spam
- TryHackMe | That's The Ticket
- TryHackMe | Debug
- TryHackMe | Red Stone One Carat
- TryHackMe | Cold VVars
- TryHackMe | Metamorphosis
- TryHackMe | SQHell
- TryHackMe | Fortress
- TryHackMe | CyberCrafted
- TryHackMe | Road
- TryHackMe | Contrabando
- TryHackMe | Event Horizon
- TryHackMe | Contrabando
- TryHackMe | Directory
- TryHackMe | Honeynet Collapse CTF
- TryHackMe | Moebius
- TryHackMe | Rabbit Hole
- TryHackMe | Mountaineer
- TryHackMe | CERTain Doom
- TryHackMe | Capture Returns
- TryHackMe | Chrome
- TryHackMe | Reset
- TryHackMe | Motunui
- TryHackMe | Spring
- TryHackMe | Brainpan 1
- TryHackMe | Borderlands
- TryHackMe | hc0n Christmas CTF
- TryHackMe | Daily Bugle
- TryHackMe | Retro
- TryHackMe | Jeff
- TryHackMe | Racetrack Bank
- TryHackMe | Dave's Blog
- TryHackMe | CherryBlossom
- TryHackMe | CCT2019
- TryHackMe | Iron Corp
- TryHackMe | Carpe Diem 1
- TryHackMe | Ra
- TryHackMe | Year of the Fox
- TryHackMe | For Business Reasons
- TryHackMe | Anonymous Playground
- TryHackMe | Misguided Ghosts
- TryHackMe | Theseus
- TryHackMe | Internal
- TryHackMe | Year of the Dog
- TryHackMe | You're in a cave
- TryHackMe | Year of the Owl
- TryHackMe | Year of the Pig
- TryHackMe | envizon
- TryHackMe | GameBuzz
- TryHackMe | Fusion Corp
- TryHackMe | Crocc Crew
- TryHackMe | Uranium CTF
- TryHackMe | Year of the Jellyfish
- TryHackMe | Rocket
- TryHackMe | Squid Game
- TryHackMe | EnterPrize
- TryHackMe | Different CTF
- TryHackMe | VulnNet: dotjar
- TryHackMe | M4tr1x: Exit Denied
- TryHackMe | Shaker
- TryHackMe | Roundcube: CVE-2025-49113
- TryHackMe | Erlang/OTP SSH: CVE_2025_32433
- TryHackMe | Next.js: CVE-2025-29927
- TryHackMe | Training Impact on Teams
- TryHackMe | PaperCut: CVE-2023-27350
- TryHackMe | Moniker Link (CVE-2024-21413)
- TryHackMe | Confluence CVE-2023-22515
- TryHackMe | GitLab CVE-2023-7028
- TryHackMe | Cactus
- TryHackMe | Looney Tunables
- TryHackMe | Threat Intel & Containment
- TryHackMe | CVE-2023-38408
- TryHackMe | Introduction to Django
- TryHackMe | Git Happens
- TryHackMe | Meltdown Explained
- TryHackMe | Splunk
- TryHackMe | Linux Backdoors
- TryHackMe | Jupyter 101
- TryHackMe | Geolocating Images
- TryHackMe | Tor
- TryHackMe | tomghost
- TryHackMe | DLL HIJACKING
- TryHackMe | Intro to IoT Pentesting
- TryHackMe | Attacking ICS Plant #1
- TryHackMe | Attacking ICS Plant #2
- TryHackMe | Printer Hacking 101
- TryHackMe | DNS Manipulation
- TryHackMe | Introduction to Flask
- TryHackMe | MITRE
- TryHackMe | magician
- TryHackMe | JPGChat
- TryHackMe | Baron Samedit
- TryHackMe | CVE-2021-41773/42013
- TryHackMe | Binary Heaven
- TryHackMe | Git and Crumpets
- TryHackMe | Polkit: CVE-2021-3560
- TryHackMe | Hip Flask
- TryHackMe | Bypass Disable Functions
- TryHackMe | Wordpress: CVE-2021-29447
- TryHackMe | Linux Function Hooking
- TryHackMe | REvil Corp
- TryHackMe | Sudo Buffer Overflow
- TryHackMe | Sudo Security Bypass
- TryHackMe | Solar, exploiting log4j
- TryHackMe | Conti
- TryHackMe | Dirty Pipe: CVE-2022-0847
- TryHackMe | The find command
- TryHackMe | 25 Days of Cyber Security
- TryHackMe | Advent of Cyber 1 [2019]
- TryHackMe | Advent of Cyber 2 [2020]
- TryHackMe | Advent of Cyber 3 (2021)
- TryHackMe | Advent of Cyber 2022
- TryHackMe | Advent of Cyber 2023
- TryHackMe | Advent of Cyber 2024
- TryHackMe | Advent of Cyber '23 Side Quest
- TryHackMe | Cyber Scotland 2021
- TryHackMe | Hacker of the Hill #1
- TryHackMe | Learn and win prizes
- TryHackMe | Learn and win prizes #2