TryHackMe rebuilt the Jr Penetration Tester path from the ground up in mid-2026. The previous version had aged — exploitation techniques from 2019, scanning workflows that nobody actually used anymore, AD content that stopped at "what is a domain controller."
The 2026 rebuild is a different animal. It's now the most current pentest curriculum at this price point, and it's the right path for someone targeting junior pentester or red team adjacent roles.
This is the honest review from someone who's been around the offensive side long enough to know which certs and paths still mean something.
What the path actually covers
Jr Penetration Tester (PT1 in cert terms) is built around the workflow of an actual junior pentester — reconnaissance, vulnerability identification, exploitation, post-exploitation, and reporting.
The major modules in the 2026 version:
- Introduction to offensive security. Methodology, the engagement lifecycle, scope and rules of engagement. Skip this if you've done the broader Cyber Security 101 path; come back if you haven't.
- Reconnaissance. Passive recon, OSINT, active scanning with Nmap, service enumeration. Heavier on practical command use than legacy versions.
- Web application pentesting. Burp Suite, OWASP Top 10, SQL injection, XSS, IDOR, authentication issues, file uploads. The biggest module by hours and the most useful for actual job tasks — web findings make up the majority of most pentest engagements.
- Network services exploitation. SMB, SSH, FTP, SMTP misconfigurations and known vulnerabilities. Includes hash extraction and offline cracking with Hashcat and John.
- Vulnerability research and exploitation. CVE lookup, exploit-db use, basic exploit modification. Light intro to buffer overflow concepts but not deep exploit development.
- Active Directory attacks. This is where the 2026 rebuild really earns its place. Kerberoasting, AS-REP roasting, NTLM relay, GPP credentials, BloodHound for path analysis, lateral movement basics. Much more realistic than the previous version.
- Linux and Windows privilege escalation. Manual enumeration, common privilege escalation paths, the typical CTF-style escalation patterns.
- Reporting. Often skipped by learners; do not skip it. The ability to write a report is what separates a junior pentester from someone with a HTB rank.
Who this path is for
- People targeting junior pentester, penetration testing analyst, or red team intern roles.
- Defenders who want to understand attacker workflows in depth. Going through this path will make you a sharper SOC analyst.
- OSCP candidates who want a structured ramp before paying for PEN-200. PT1 is the smartest pre-OSCP investment of your money.
- HTB Academy users who want a more guided alternative to a specific module they're stuck on.
Who it's not for
- People who haven't done Pre-Security and Cyber Security 101 first. PT1 assumes Linux comfort, networking knowledge, and basic command-line fluency. If those aren't solid, you'll grind on every module. Start here instead.
- Experienced pentesters. The path is junior-level. You'll be bored. Move to HTB Pro Labs or Offensive Security's PEN-300.
- People who specifically want bug bounty skills. PT1 covers web pentesting but doesn't go deep on bug bounty workflows specifically. PortSwigger Web Academy is free and stronger for that direction.
How long it actually takes
THM lists Jr Pentester at around 70 hours. Reality:
- With a solid IT foundation: 60-80 hours. About 10-13 weeks at 6 hours a week.
- Coming from Cyber Security 101: 90-120 hours, including time spent breaking and rebuilding home lab boxes when you get stuck. Plan on 3-4 months at 8 hours a week.
- Already working in IT and doing CTFs: Can compress to 6-8 weeks if you're focused.
The AD module alone takes 15-25 hours to do properly. Don't rush it — AD attacks are the single most valuable skillset for both entry-level pentesting and red team adjacent SOC work.
Compared to alternatives
vs. Hack The Box Academy: HTB Academy is harder, more polished, and aimed at people who already have foundations. THM's Jr Pentester is more guided and friendlier to learners who get stuck. Best path: PT1 first, then HTB once you've finished. Full comparison: TryHackMe vs Hack The Box.
vs. Offensive Security's PEN-200 / OSCP: OSCP is the recognized industry credential. PEN-200 is the prep course, currently $1,599 for a 90-day subscription. THM's PT1 covers maybe 60% of the OSCP prerequisite knowledge at a tiny fraction of the price. Do PT1 first; then HTB; then PEN-200 only when you can solve most retired OSCP-like boxes without hints.
vs. PortSwigger Web Security Academy: Free, deeper on web app pentesting specifically, less coverage on AD or network services. Best web pentest training available period. If web is your focus, supplement PT1 with PortSwigger heavily.
vs. Coursera offensive content: Coursera's offensive offerings are weak compared to THM. The structured pentest training at Coursera maxes out around concept-level — you won't get the lab time you need. Stick with THM for hands-on, use Coursera's Google or IBM certificates for foundations and credential signaling.
Pricing
You need the subscription. Roughly $14 a month or cheaper annually. The path takes 2-4 months, so budget $30-60 total.
The honest math: this is the cheapest path-to-OSCP-prep that exists.
The certification at the end (PT1)
The Junior Penetration Tester certification (PT1) is THM's red team cert. Hands-on practical exam in a simulated environment.
Worth taking if:
- You're applying to junior pentester roles and need portfolio evidence.
- You want a stepping stone before committing to OSCP.
- You can pass it confidently — don't take it cold.
Not worth taking if:
- You're already preparing for OSCP. PT1 won't add much beyond what OSCP gives you.
- You're applying to gov contractor pentest shops with strict cert filters — they often want OSCP minimum.
For non-cleared junior pentest roles at consulting firms, PT1 plus a couple of HTB writeups plus a real CTF placement is a credible portfolio.
Honest weaknesses
- Exploit development is light. If you want serious binary exploitation skills, PT1 won't get you there. Move to LiveOverflow's content, the Modern Binary Exploitation course (free from RPI), or Pwn College.
- AD content, while improved, still leaves gaps. Real AD environments are messier than any lab. Expect to learn the rest on the job or via Pretendigo / GOAD home lab setups.
- Some legacy rooms remain. A few rooms in the broader THM library that PT1 doesn't include still use deprecated tooling. Stick to the PT1 path itself and you'll be fine.
- Reporting module is shorter than it should be. Reporting is half the job. Supplement with reading actual pentest reports from public security firm portfolios — TrustedSec, BHIS, NCC Group all publish samples.
The cleared / gov contractor angle
If you're targeting defense contractor or federal pentest roles (Peraton, ManTech, Leidos, SAIC, etc.), PT1 alone isn't enough. These shops typically require:
- Security+ minimum (DoD 8570 requirement for IAT II)
- OSCP for senior pentest roles, often preferred for junior
- Clearance eligibility
PT1 is great prep but functions as a stepping stone, not a destination, for the cleared track. The OSCP investment is non-optional if you're serious about that path.
What to do after
- Hack The Box. Specifically the Starting Point machines, then easy boxes, then medium. The single biggest leveling-up move post-PT1.
- Build a writeup portfolio. Each box you do, write it up. GitHub Pages is free. Three good writeups is worth more than two more certs.
- OSCP prep, if you're going that direction. Move to HTB Academy's Penetration Tester Job Role Path and the OSCP-like machines on HTB.
- Apply. Junior pentest roles exist. They're harder to find than SOC jobs, but they're there — consulting firms, internal red teams at large enterprises, MSPs with security practices.
The verdict
The 2026 rebuild of Jr Penetration Tester is the strongest red-team-entry path THM has had. It's not enough alone — no single path is — but as the structured foundation between Cyber Security 101 and HTB / OSCP work, it's the right move at the right price.
If you're committed to the offensive direction in 2026, this path plus HTB plus a writeup portfolio is a credible junior pentester preparation arc for a fraction of the cost of bootcamp alternatives.