| Lab/Room | TryHackMe - Hacking fundamental |
|---|---|
| Type | Classroom |
| Statut | Done |
| Date | 04/03/2026 |
Explore offensive security, the hacker mindset, and hack a web app to improve security!
Offensive Security focuses on proactively testing systems by attempting to break into them, with the goal of identifying weaknesses before real attackers can exploit them.
In offensive security, you start with questions: What is exposed? What can be accessed? What assumptions does the system make? A hacker applies these questions methodically, observing how systems respond to unexpected input.
In offensive security, understanding the terminology is essential before touching any tool or technique. Each term defines a specific concept in how we simulate attacks and evaluate security.
Red Teaming refers to a structured and authorized attack simulation designed to mimic a real adversary. The objective is not just to find technical vulnerabilities, but to test the overall effectiveness of an organization’s defenses — including detection, response, and internal processes — within a clearly defined scope.
A penetration test is more focused. It is a structured security assessment where an authorized tester attempts to identify and exploit vulnerabilities in systems, applications, or networks. The goal is to understand the real-world impact of those weaknesses. Unlike red teaming, which often evaluates the entire defensive posture, a penetration test is usually narrower and more technical.
At the center of both practices is the concept of a vulnerability. A vulnerability is simply a weakness or flaw in a system, application, or configuration that could be abused by an attacker. This could be: