Tools
Tools: TryHackMe - Fresher's guide to rule become top 20% easily.
Confused Where to Start on TryHackMe? Here Are 30 Free Rooms — Sequenced for CEH Prep
What This Guide Is
Why TryHackMe for CEH Prep?
The 7-Phase Roadmap
Phase 1 — Orientation & Setup (~45 min)
Phase 2 — Linux & Networking Core (~6 hr)
Phase 3 — Reconnaissance & Scanning (~6 hr)
Phase 4 — Web Application Hacking (~10 hr)
Phase 5 — Exploitation & Post-Exploitation (~9.5 hr)
Phase 6 — Beginner Practice Machines (~9 hr)
Phase 7 — Intermediate Machines (post-CEH territory)
Realistic Timeline
Download the PDF Version
One Last Thing I've been preparing for the CEH exam (sitting May 2026) while working in SOC operations, and I noticed the same problem coming up constantly in every cybersecurity Discord and subreddit: "I just signed up for TryHackMe. Where do I even start?" Most answers are vague. "Just do rooms." "Follow a path." Nobody maps it out clearly, tells you which rooms are actually free, or sequences them in a way that aligns to a specific goal like CEH. A curated list of 30 free TryHackMe rooms across 7 progressive phases — every room mapped to a CEH domain, with a time estimate and direct URL. The CEH exam tests 20 knowledge domains — footprinting, scanning, exploitation, web app hacking, cryptography, and more. Most candidates study theory but arrive at the exam having never: TryHackMe puts you inside a live vulnerable environment, guided by tasks that mirror exactly what CEH tests — in the order CEH tests them. Get comfortable with the THM interface before diving in. Your Linux coursework helps here — but the attack context is completely different from academic learning. Do all 8 rooms. CEH's biggest domains. Nmap alone accounts for 3–5 exam questions. Do not rush these. If you have a dev background — React, Node, Django, Laravel, anything — you'll move faster here than 90% of people. You already understand request-response cycles, session handling, and how SQL queries get built. Now you exploit them. The OWASP Top 10 room is the crown jewel of this phase. Each task is a separate OWASP category with a live lab. Don't rush it. Metasploit is explicitly tested in CEH. This is not optional. No guidance. Just you and the machine. Spend 30 minutes trying before you look at any walkthrough — the stuck feeling is where learning actually happens. These expect you to enumerate independently and research on your own. This is where HTB-level skills start building. Advent of Cyber archives are free year-round. 25 challenges covering every domain. The best free structured content THM offers. I packaged this into a printable PDF with checkboxes beside every room — tick them off as you complete each one. [Download PDF → GitHub link here - https://github.com/SoumyaKhaskel/TRY_HACK_ME] The most common mistake I see: people complete rooms but don't document anything. Every room you finish, write two sentences about what you learned. Paste it into a Notion doc, a private GitHub repo, anywhere. Those notes become your interview answers six months from now. If this helped you, share it with someone else who's been staring at the THM homepage not knowing where to start. Good luck. The struggle is the lesson. — Soumya | LinkedIn | GitHub | THM Profile Templates let you quickly answer FAQs or store snippets for re-use. as well , this person and/or - Students actively prepping for CEH v12
- CS / MCA / BCA students who want hands-on skills alongside theory- Developers transitioning into cybersecurity (your web dev background = unfair advantage on the web hacking phases)- Anyone who opened TryHackMe and had no idea where to click first - Run a real Nmap scan against a live target- Intercepted an HTTP request with Burp Suite- Cracked a hash in a terminal- Used Metasploit against an actual vulnerable machine