Is TryHackMe free?

Not fully free — but worth the money?

Is TryHackMe free?
Photo by Ales Nesetril / Unsplash

Cybersecurity has become an increasingly important aspect of everyday life. Whether you're aware of it or not, cyberattacks happen every single day. From mundane attempts such as trying to hack into a grocery store's point-of-sale system to ransoming governments and threatening to release sensitive information. But what does it take to actually become a "hacker" or preferably, a penetration tester? That's where TryHackMe comes in.

What is TryHackMe?

Before we begin, what is TryHackMe? TryHackMe is a website where you can train or grow your cybersecurity skills. Using rooms, you will learn both theory and practical knowledge. How does it work? Simple, you just enrol in a room (or pick a learning path, e.g. Security Analyst, Penetration Tester and Security Engineer) about the topic you want to learn about. For example if you want to learn about Metasploit, Burp Suite, or CLI tools such as Nmap, you can just handpick those rooms.

The wonder of TryHackMe is that,if you pick a learning path it will gradually build up your skills, meaning that you'll actively apply knowledge you've gained in the past to complete challenges. Admittedly, there is a lot of hand-holding in the beginner rooms, which isn't a bad thing, but can get quite annoying if you want to try stuff out on your own.

Rooms

TryHackMe room overview

As you can see, a room consists of tasks and most often also a target IP address. The latter is rather important as this is often the machine you will want to break into, or discover vulnerabilities about. If you don't have a Linux based operating system, you can also make use of their AttackBox (limited to 1h/day for non subscribers), which is a Kali Linux virtual machine that you can use in the browser. It's not the best experience and I'd definitely recommend just connecting to their VPN.

What I've learnt using TryHackMe for a week

I have spent over 11 hours doing TryHackMe challenges in the past week, and waddled my way through the top 10% TryHackMe users, which sounds like an astounding feat, but isn't as I'm still ranked at 123k. Overall I absolutely love the platform. It's very intuitive, if you get stuck or anything of the sort their Discord server has your back. They also offer a student discount if you are one.

The only downside I've faced is how repetitive some tasks can be. Sure you can skip them, but it's annoying to me that some rooms show up as incomplete in that case. Not only that but if you're using Ubuntu or a Ubuntu derived OS, some tools such as John (the Ripper) or GoBuster won't have their latest versions in the default apt-repositories and you'll have to hunt for them manually or compile them from source. It's probably best to use Kali Linux and not your own OS for TryHackMe. As Kali Linux comes with wordlists and all necessary tools (mostly) preinstalled.

Overall conclusion

Honestly, spending £9 pounds a month for this service is far more than worth it. You don't even need to spend that money on TryHackMe if you really don't want to. Each and every room is completely free to access. Most rooms won't let you start the attacker machine or connect to it if you don't have a premium subscription though, so do keep that in mind. Some lovely people have made it their mission to collect the free rooms where you can start a target machine, which can be found here.