Offensive Security Intro

Tasks

Task 1 — What is Offensive Security?

TryHackMe explains the concept in one line that I actually like. “To outsmart a hacker, you need to think like one.”

Offensive security is exactly that. Instead of sitting back and defending, you’re the one actively trying to break in. Finding the bugs, the loopholes, the weak points. All legally, all with permission.

One question to answer.

Question: Which better represents simulating a hacker’s actions to find vulnerabilities? Offensive Security

Task 2 — Hacking Your First Machine

They spin up a fake bank called FakeBank directly in the browser, no setup needed, just hit Start Machine and it loads.

The goal is to find a hidden page using Gobuster. I opened the terminal and ran:

Got this back:

/images        (Status: 301)
/bank-transfer (Status: 200)

/bank-transfer is the one we want. I navigated to it and found a completely open transfer page. No login, no verification, nothing.

I transferred $2000 from account 2276 to 8881.

Refreshed the account page and the flag was there.

Answer: BANK-HACKED

Task 3 — Careers in Cyber Security

TryHackMe talks about the different offensive security roles. Penetration Tester, Red Teamer, Security Engineer. They also share stories of people who completely switched careers to get into cyber. You’ll learn more about every role as you go through the rooms anyway.