This is my write-up for the TryHackMe room on Dive Into Pentesting. Written in 2026, I hope this write-up helps others learn and practice cybersecurity.

Task 1: Introduction

Penetration testing is a proactive and authorized security practice used to uncover system, application, and network weaknesses before attackers do. This foundational module covers the differences between ethical hacking and malicious attacks, core focus areas, the relationship between vulnerabilities and risks, root causes of vulnerabilities, and the essential mindset and ethical principles required of a professional tester.

Prerequisites

Introduction to Offensive Security

Let's dive into pentesting!

No answer needed

Task 2: Penetration Testing vs. Malicious Hacking

Penetration testing is a highly structured, authorized assessment aimed at finding and prioritizing weaknesses to protect data and ensure compliance. While both pentesters and malicious hackers may use similar tools, they are separated by four core factors: Authorization (pentesters have explicit consent), Scope (pentesters stay within defined boundaries), Coverage (pentesters look broadly, whereas attackers look for the quickest win), and Responsibility (pentesters are accountable and professional).

What is the common shortened term for penetration testing?

pentesting

Which actor aim for broad coverage and assesses multiple areas of a system?

Penetration tester

Which actor focuses on the quickest path to success?

Attacker

Task 3: Penetration Testing Focus Areas

A comprehensive assessment evaluates both web applications and network infrastructure. Web app pentesting evaluates user interaction, APIs, authentication, authorization, session management, and input validation. Network pentesting assesses infrastructure from two perspectives: external (internet-facing servers, firewalls, and VPNs) and internal (an "assumed breach" scenario testing lateral movement, segmentation, and access controls).

What type of network penetration test focuses on internet-facing infrastructure from the perspective of an unauthorised user?

External

During testing, you discovered that session cookies remain valid after a user logs out of the application. Which testing focus area does this issue fall under?

Session management

Task 4: Vulnerability, Threat, and Risk

Understanding security relies on a core formula: Vulnerability x Threat = Risk. A vulnerability is an underlying weakness (like outdated software), a threat is what might exploit it (like an attacker or automated AI script), and risk is the potential business impact. Managing this risk requires a four-stage cycle: Identification, Analysis, Mitigation, and Monitoring. In some scenarios, organizations may choose to formally accept a low-impact risk or transfer it (e.g., via cyber insurance).

An organisation patched a high-severity issue that you reported. What stage of the risk management cycle does this activity fall under?

Mitigation

Would an SQL-injection vulnerability present a higher risk on an external-facing application or an internal-facing application?

External-facing application

Task 5: Why Vulnerabilities Exist

Vulnerabilities are rarely intentional; they usually stem from human error or systemic oversight. Common root causes include human assumptions (e.g., expecting users to only upload harmless files), software bugs (e.g., poor input validation leading to SQL injection), system complexity (e.g., misconfigured APIs in a web of microservices), over-customization (e.g., flawed custom authentication logic), and fundamental design flaws (e.g., issuing session tokens before MFA is complete).

A developer implemented an "Upload Resume" feature in a career portal without implementing guardrails. What is the reason that would cause an unrestricted file-upload vulnerability?

Human assumptions

Task 6: The Pentester Mindset

Technical skills must be paired with the right methodology. An effective mindset involves deep curiosity, contextual thinking, attention to detail, and a focus on critical business impacts over pure technical execution. Conversely, rushing, tunnel vision, over-reliance on automated tools, or blindly following checklists often lead to missed findings. Best practices during an engagement include keeping detailed notes, proactively gathering evidence, managing time wisely (like reporting as you go), and maintaining clear, professional communication with stakeholders.

What characteristic includes attacking without understanding how a functionality or system works?

Rushing to exploitation

What common best practice helps in reproducing findings later?

Maintaining good notes

What common best practice could help prevent blockers from impacting the coverage of a penetration test?

Proactive communication

Task 7: Ethics, Permission, and Trust

Professionalism is the backbone of the penetration testing industry. Ethics dictate that testers responsibly handle sensitive data, avoid system disruption, and respect organizational boundaries. Permission mandates formal, written authorization and strict adherence to the agreed-upon scope. Building trust requires transparent communication, accurate reporting that highlights real-world business impacts, and providing actionable recommendations to stakeholders.

What defines boundaries during a penetration test?

Scope

What type of impact should findings demonstrate clearly?

Business impact

What type of data must be removed from reports to prevent unintentional disclosure?

Sensitive data

Task 8: Knowledge Recap

This room emphasizes that pentesting is more than just finding vulnerabilities; it is a professional discipline rooted in risk assessment, ethical methodology, and critical thinking. Successful testing relies heavily on understanding the target's specific context and clearly communicating the business impact of discovered vulnerabilities.

Figure 1: Knowledge recap and ethical decision-making scenarios.

Figure 2: Importance of obtaining proper authorization.

Always wait until written authorization is received before performing any testing.

Figure 3: Clarifying scope with the client.

Request clarification from the client before interacting with any domain or system that is not clearly defined in the scope.

Figure 4: Coordinating testing windows and intensity.

Confirm approved testing windows and scan intensity with the client to avoid disrupting business operations.

Figure 5: Responsible evidence collection.

Capture only the minimal evidence required to prove administrative access and stop further interaction to protect sensitive data.

Figure 6: Handling unexpected findings.

If a potential vulnerability is found outside of the agreed scope, pause testing and seek client approval before continuing.

Figure 7: Notifying the client of critical findings.

Document the finding and notify the client immediately without accessing the system further if a critical vulnerability is identified.

Figure 8: Accurate documentation of findings.

Document every finding clearly, even if it is only partially validated due to testing limitations or time constraints.

Figure 9: Assisting the client with remediation.

Provide clarification and assist the client in understanding the remediation recommendations to help them improve their security posture.

Figure 10: Successful completion of the Dive Into pentesting module.

Complete the task and submit the flag.

THM{DEPRECATED}

Thanks for reading. See you in the next lab.