How I Passed the TryHackMe PT1: My Experience, Mindset, and Tips for Success
When I sat the TryHackMe Pentester Level 1 (PT1) exam, I knew it was designed as a “junior pentester” certification — and honestly, many parts of it felt like that level. But one thing became clear as I progressed: junior does not mean basic. Pentesting, even at the entry level, demands discipline, patience, structured thinking, and strong reporting skills.
The exam is divided into three major components:
Network Pentest
Active Directory Pentest
Web Application Pentest
Each section tested a different set of skills, and each played a role in building a realistic engagement-style assessment. One thing that really elevated the realism was the integrated report-writing workflow, where every vulnerability needed to be documented clearly and professionally — with descriptions, impact, reproduction steps, and mitigation guidance.
This is my personal experience of the PT1 exam, how I approached each section, and the mindset that helped me pass.
The Exam Structure: Three Distinct Phases
1. Network Pentest
This section was a breeze for me — straightforward enumeration, clear vulnerabilities, and predictable exploitation paths. It felt very much in line with what you’d expect from a junior pentester role. The built-in reporting interface made this section efficient: every time I identified a finding, I could add a clear, concise vulnerability entry with all required components.
2. Active Directory Pentest
The AD portion was also very manageable. Solid enumeration and methodical movement through the environment were enough to progress smoothly. Again, the reporting workflow made things feel real; documenting misconfigurations or credential exposures in a clear, structured format reinforced the importance of communication in pentesting — not just compromise.
3. Web Application Pentest
This is where the exam’s difficulty spiked sharply.
The web application portion was far more challenging than the other two sections — and honestly, it surprised me. If you approach it with a CTF mindset, expecting one quick exploit or obvious low-hanging fruit, you will struggle. That was my reality early on.
But when I shifted into a true pentesting mindset, testing every input, every action, every page, and every location, the pieces started coming together. The vulnerabilities required thorough exploration, and the exam’s reporting system forced me to articulate each issue in a practical, real-world format.
The only frustration here was the vulnerability submission mechanics — you had to find the exact vulnerability in the exact location expected by the exam platform to receive a flag. Finding a similar vuln elsewhere didn’t count, which could be annoying — but again, this reinforced methodical testing.
The Difficulty: Junior — But Not Basic
The PT1 exam is marketed as a junior pentesting certification, and much of it reflects exactly that level. The Network and AD sections felt like realistic junior-level challenges. The reporting component — writing concise, actionable vulnerability descriptions complete with impact, reproduction steps, and recommended mitigations — was also very appropriate for junior testers.
But with one caveat:
The web application section can feel well above junior level if you treat it like a CTF.
If you go in expecting obvious flags or predictable exploits, it will feel hard.
However:
If you approach it like a real pentest —
✔ test everything
✔ in every location
✔ with methodical enumeration
✔ and record every finding clearly in your report
— then the difficulty becomes manageable, logical, and much more rewarding.
It’s not “too hard” — it’s just built for real-world thinking.
My Approach: Calm, Methodical, Pentester Mindset
I kept a structured method throughout the entire exam:
Enumerate, enumerate, enumerate
The best advice I can give is the same advice I followed:
Don’t attack the first thing you think is vulnerable.
That’s a CTF habit, not a pentester habit.
Real pentesting requires building a full picture of the environment before making decisions. Interestingly, enumeration I did early often became useful much later — proving that nothing is wasted.
Take regular breaks
When something didn’t make sense, I stepped away. Coming back fresh solved problems far more quickly than brute-forcing them.
If you get stuck, move on
Tunnel vision kills progress. Switching tasks gave me new context for earlier problems.
Use the Exam Documentation
The exam documentation is extremely helpful if you use it correctly. It doesn’t spoil anything, but it does guide your thinking.
The docs help you focus on relevant areas.
They reduce time wasted exploring irrelevant paths.
Check the reporting page’s vulnerability list — this is crucial.
If a vulnerability type isn’t on the list:
You’re not expected to find it.
You won’t be graded for it.
Even if you find something real, if it isn’t on their list, the system won’t accept it.
This prevents you from burning hours chasing issues that won’t count.
Treat the documentation as part of your methodology — just like a real pentest.
Stay organised and write as you go
Throughout each section, I kept structured notes, screenshots, and drafts of vulnerability descriptions. The reporting interface broke everything into clear sections, making it easy to fill out actionable findings:
Vulnerability name
Description
Impact
Reproduction steps
Recommended mitigations
This helped massively later — especially when the clock was running.
Time Management: Plan Ahead and Don’t Repeat My Mistake
The exam gives you up to 48 hours, but you do NOT need to stay awake for 48 hours. Time management begins before you even start.
Here’s how I approached it:
Got a full night’s sleep
Started at 11 AM, fresh and focused
Took breaks throughout the day
Stopped that night and rested
Returned the next morning refreshed
On the final night, worked until I completed the exam
However…
I made one mistake: I left the report writing until the end, which forced me to stay up almost the whole last night to finish it.
Had I filled in more of the report as I went, I could have saved hours and avoided the late-night scrambling.
My advice:
✔ Start the report early
✔ Keep it updated as you progress
✔ Don’t rely on memory at the end
Your future self will thank you.
Final Thoughts: A Realistic, Valuable Junior Pentesting Exam
PT1 achieves something many entry-level certifications fail to do: it creates a hands-on, realistic penetration test environment that teaches not just exploitation, but documentation, methodology, and communication.
The reporting workflow in particular made the experience feel authentic — like a real engagement where your findings must be clearly explained, not just obtained.
The Network and AD sections reflect the junior pentesting level perfectly.
The Web App section pushes you harder — but in a way that makes you grow.
If you’re considering PT1, here’s my honest conclusion:
It’s absolutely worth taking — and it will make you a better pentester.