u/Consistent_Walk_2407

Hey everyone,
I’ve been grinding TryHackMe pretty hard lately — putting in a lot of hours, learning a ton of new stuff (XSS, SQLi, IDOR, SSRF, Command Injection, you name it), and honestly I’ve been really enjoying the progress.
But here’s the thing: every now and then I hit these weird slumps. Like, 2-3 days where I just can’t bring myself to open a room. I’d way rather play some games or just do literally nothing. Sometimes I’ll go 2 full days without touching THM at all.
And then — out of nowhere — I sit back down, get into it, and the passion is just back. Once I’m in the flow it’s fine, great even. But getting myself to START during those low periods is genuinely hard.
My question: is this normal? Does this happen to other people here too?
Because part of me is worried — does this mean I’m not “cut out” for cybersecurity? Like, if I were truly passionate about it, would I even have these slumps at all? Or is this just how learning a complex skill works and I shouldn’t read too much into it?
Would love to hear from people further along in their journey. Is this something that goes away? Or do you just learn to push through it?

Ps:i dont know if thats relevant but i have very strong adhd

Thanks😁

Hey everyone,

I’m a complete beginner in cybersecurity and I’ve been using TryHackMe for about a month now. Right now I’m going through the Web Fundamentals path, and I’ve reached the Burp Suite Repeater room.

I keep running into the same situation and I’m honestly not sure if it’s normal or not:

I usually understand the goal in theory. For example, I know what I want to achieve in my head — like telling the server to go into a database, select a table, pick a column, and return specific data.

But when it comes to actually writing the syntax or building the request myself, I struggle a lot.

What frustrates me is that I keep telling myself: “this time I’ll do it fully on my own, without looking anything up.” But then I get stuck, forget the exact structure, or don’t know how to translate my idea into proper SQL / Burp syntax.

Even in the Burp Suite Repeater “Extra Mile Challenge”, I had to look things up or get help. I do try to understand everything afterwards though — I go back, research what each part means, and try to figure out what actually happened behind the scenes instead of just copying it.

So my questions are basically:

- Is this normal after only about a month of learning?
- If I’m already at Burp Suite Repeater in Web Fundamentals, should I realistically be able to solve these kinds of challenges completely independently at this stage?
- Or is it expected that beginners still rely on looking things up and getting help while learning syntax and structure?

I’m a bit worried that if I constantly “peek” or rely on help, I’m not actually learning properly. But at the same time I am actively trying to understand everything I get shown afterwards instead of just copying it.

Would really appreciate honest feedback from people further along in the journey.

Best Regards

I've been doing TryHackMe for about a month now and while browsing a random site I actually found an XSS vulnerability on a page that embeds YouTube videos.

I want to do the right thing and report it to the developer, but I have no idea how to fix it myself, so I can't really offer any suggestions. Does that matter? Is it still worth reaching out even without a solution?

Also wondering if it makes more sense to keep poking around first to see if there's more, and then report everything at once — or should I just report what I found now?

What's the right move here for someone who's still a complete beginner?

Best regards 😁

Hey, I'm completely new to all of this. I've been at it for about 4 weeks now – started with the free version of THM but felt like I wasn't really learning anything that way, so I upgraded to premium. Honestly, I'm loving it. Looking back at where I was just four weeks ago, I've come a long way already.

Every morning THM is the first thing I open – it's become part of my daily routine. Even on days when I really don't feel like it, I still sit down and try to get at least a little learning in.

Recently I came across the term "script kiddie" and I'm kind of worried about falling into that trap. What should I keep in mind to make sure I'm actually learning cybersecurity properly instead of just running tools I don't understand?

Best regards 😄