Free TryHackMe Rooms for

SOC Analysts

Venkatesh Sathya
Free TryHackMe Rooms for SOC Analysts
A comprehensive list of 54 free TryHackMe rooms organized by skill areas and difficulty levels to help SOC
analysts develop essential cybersecurity skills.

📧 Phishing Analysis

Beginner Level

1. Phishing Emails 1

o Description: Analyze email headers, detect spoofing, and inspect malicious attachments

o Link: https://tryhackme.com/room/phishingemails1

2. ParrotPost: Phishing Analysis

o Description: Investigate phishing techniques using real-world scenarios

o Link: https://tryhackme.com/room/parrotpost

Intermediate Level

1. Phishing: HiddenEye

o Description: Learn about phishing tools and social engineering

o Link: https://tryhackme.com/room/phishinghiddeneye

2. Snapped Phish-ing Line

o Description: Real-world phishing email analysis case study

o Link: https://tryhackme.com/room/snappedphishingline

📊 Log Analysis

Beginner Level

1. Intro to Logs
 o Description: Understand log formats, aggregation, and basic parsing

o Link: https://tryhackme.com/room/introtologs

2. Splunk: Basics

o Description: Query logs, build dashboards, and analyze security events

o Link: https://tryhackme.com/room/splunk101

Intermediate Level

1. Splunk: Exploring SPL

o Description: Advanced Splunk search processing language techniques

o Link: https://tryhackme.com/room/splunkexploringspl

2. Servidae: Log Analysis in ELK

o Description: Analyze compromised workstation logs using Kibana interface

o Link: https://tryhackme.com/room/servidae

3. ItsyBitsy

o Description: ELK stack investigation of potential malware infection

o Link: https://tryhackme.com/room/itsybitsy

🦠 Malware Analysis

Beginner Level

1. MAL: Malware Introductory

o Description: Static/dynamic analysis using PEStudio and sandbox tools

o Link: https://tryhackme.com/room/malmalintroductory

2. Basic Malware RE

o Description: Basic reverse engineering of malware samples

o Link: https://tryhackme.com/room/basicmalwarere
 3. History of Malware

o Description: Learn about malware evolution and classification

o Link: https://tryhackme.com/room/historyofmalware

Intermediate Level

1. MAL: Researching

o Description: Research techniques for malware analysis

o Link: https://tryhackme.com/room/malresearching

2. Mobile Malware Analysis

o Description: Analyze malware targeting mobile platforms

o Link: https://tryhackme.com/room/mobilemalwareanalysis

3. Carnage

o Description: Malware analysis through network traffic investigation

o Link: https://tryhackme.com/room/c2carnage

4. Dunkle Materie

o Description: Advanced malware analysis challenge

o Link: https://tryhackme.com/room/dunklematerie

🎯 Threat Hunting

Beginner Level

1. Threat Hunting: Introduction

o Description: Introduction to threat hunting concepts and methodologies

o Link: https://tryhackme.com/room/threathuntingintroduction

2. Threat Hunting: Foothold

o Description: Hunt for initial access and foothold techniques

Intermediate Level

1. MITRE

o Description: Use MITRE ATT&CK framework for threat hunting

o Link: https://tryhackme.com/room/mitre

2. Pyramid Of Pain

o Description: Understand indicators and their impact on adversaries

o Link: https://tryhackme.com/room/pyramidofpainax

3. Cyber Kill Chain

o Description: Learn the stages of cyber attacks

o Link: https://tryhackme.com/room/cyberkillchainzmt

4. Unified Kill Chain

o Description: Modern unified approach to kill chain analysis

o Link: https://tryhackme.com/room/unifiedkillchain

5. Threat Hunting with YARA

o Description: Using YARA rules to identify indicators of compromise

o Link: https://tryhackme.com/room/threathuntingwithyara

🔍 DFIR (Digital Forensics & Incident Response)

Beginner Level

1. DFIR: An Introduction

o Description: Introduction to Digital Forensics and Incident Response

o Link: https://tryhackme.com/room/introductoryroomdfirmodule

2. Forensics
 o Description: Basic digital forensics techniques and tools

o Link: https://tryhackme.com/room/forensics

3. Memory Forensics

o Description: Introduction to memory forensics concepts

o Link: https://tryhackme.com/room/memoryforensics

4. Forensic Imaging

o Description: Learn proper forensic imaging techniques

o Link: https://tryhackme.com/room/forensicimaging

5. Intro to Cold System Forensics

o Description: Dead system forensic analysis techniques

o Link: https://tryhackme.com/room/introtocoldsystemforensics

Intermediate Level

1. Volatility

o Description: Analyze memory dumps using Volatility framework

o Link: https://tryhackme.com/room/volatility

2. Disk Analysis & Autopsy

o Description: Digital forensics using Autopsy tool

o Link: https://tryhackme.com/room/autopsy2ze0

3. Digital Forensics Case B4DM755

o Description: Real-world digital forensics case simulation

o Link: https://tryhackme.com/room/caseb4dm755

4. Linux Server Forensics

o Description: Forensic analysis of compromised Linux servers

o Link: https://tryhackme.com/room/linuxserverforensics

5. Windows Applications Forensics

o Link: https://tryhackme.com/room/windowsapplications

6. IR Playbooks

o Description: Learn how to develop effective incident response playbooks

o Link: https://tryhackme.com/room/irplaybooks

🌐 Network Analysis

Beginner Level

1. Network Fundamentals

o Description: Learn basic networking concepts and protocols

o Link: https://tryhackme.com/room/networkfundamentals

2. Introductory Networking

o Description: Introduction to networking principles for cybersecurity

o Link: https://tryhackme.com/room/introtonetworking

3. Nmap

o Description: Network scanning and host discovery with Nmap

o Link: https://tryhackme.com/room/furthernmap

4. Nmap Live Host Discovery

o Description: Techniques for discovering live hosts on networks

o Link: https://tryhackme.com/room/nmap01

Intermediate Level

1. TShark

o Description: Command-line network analysis with TShark

o Link: https://tryhackme.com/room/tsharkbasics
 2. h4cked

o Description: Analyze a PCAP file to understand a hack in progress

o Link: https://tryhackme.com/room/h4cked

3. Overpass 2 - Hacked

o Description: PCAP analysis to investigate a compromised system

o Link: https://tryhackme.com/room/overpass2hacked

🔎 OSINT (Open Source Intelligence)

Beginner Level

1. OSINT Fundamentals

o Description: Introduction to Open Source Intelligence gathering

o Link: https://tryhackme.com/room/osintfundamentals

2. Google Dorking

o Description: Advanced Google search techniques for OSINT

o Link: https://tryhackme.com/room/googledorking

3. OhSINT

o Description: Basic OSINT challenges using a single image

o Link: https://tryhackme.com/room/ohsint

Intermediate Level

1. Shodan.io

o Description: Learn to use Shodan for discovering vulnerable systems

o Link: https://tryhackme.com/room/shodan

2. WebOSINT

o Description: Web-based OSINT techniques and tools

3. Searchlight - IMINT

o Description: Image intelligence gathering techniques

o Link: https://tryhackme.com/room/searchlightosint

🚨 Incident Response

Beginner Level

1. Preparation

o Description: Prepare for security incidents with proper logging

o Link: https://tryhackme.com/room/preparation

2. Junior Security Analyst Intro

o Description: Introduction to the SOC analyst role

o Link: https://tryhackme.com/room/jrsecanalystintrouxo

3. IR Philosophy and Ethics

o Description: Ethical considerations in incident response

o Link: https://tryhackme.com/room/irphilosophyandethics

4. Threat Intelligence for SOC

o Description: Leveraging threat intel in Security Operations

o Link: https://tryhackme.com/room/threatintelligenceforsoc

Intermediate Level

1. Identification & Scoping

o Description: Learn how to identify and scope security incidents

o Link: https://tryhackme.com/room/identificationandscoping

2. Windows Incident Surface

o Link: https://tryhackme.com/room/windowsincidentsurface

3. Linux Incident Surface

o Description: Understand incident response in Linux environments

o Link: https://tryhackme.com/room/linuxincidentsurface

📈 Summary

Total Free Rooms: 54

Skill Category Beginner Intermediate Total

Phishing Analysis 2 2 4

Log Analysis 2 3 5

Malware Analysis 3 4 7

Threat Hunting 2 5 7

DFIR 5 6 11

Network Analysis 4 3 7

OSINT 3 3 6

Incident Response 4 3 7

💡 Learning Path Recommendations

For New SOC Analysts:

1. Start with Junior Security Analyst Intro

2. Complete Network Fundamentals and Introductory Networking

3. Learn Intro to Logs and Splunk: Basics

4. Practice with Phishing Emails 1

For Intermediate SOC Analysts:

1. Master advanced log analysis with ELK and Splunk SPL

2. Develop threat hunting skills with MITRE, YARA, and Pyramid of Pain

3. Practice malware analysis with Volatility and Carnage

4. Enhance network analysis with TShark and PCAP analysis rooms

Study Tips:

• Complete rooms in order of difficulty (Beginner → Intermediate)

• Practice regularly to retain skills

• Take notes on tools and techniques learned

• Join the TryHackMe community for discussions

• Consider pursuing TryHackMe learning paths for structured progression

This list was compiled in June 2025 and includes only confirmed free rooms. Some room availability may
change over time. Always verify room access before starting.