I took Tryhackme SAL 1! So you don't have to! Honest Review! #TryHackMe #SAL1Certification

An honest not sponsored review!!
I landed a Tier 2 Support Job in DoD 2 weeks ago. I got an interim clearance and have just been processing a bunch of credentials / admin token for me etc
Hopefully move onto a cyber security role with time 👍

Blazerrrrrrrrr

Thanks for the review, first of all. Im watching this 1 day after I failed the exam for exactly the same reason. I've been on THM for more than 3 years and also working in SOC. I had the "SOC Chaos" as my last scenario and its like you said, confusing, alerts overlapping, lots of "if this happens, then do this" stuff and so on. I went back few times to correct my alerts and reports and even change from FP to TP, change the escalation according to what I observed in Splunk, but none of that mattered and I was completely lost in their weird logic. Anyway, got another free retake until March 31., hopefully they fix some of the things

jogurtpavlaka

Thanks for the honest review. I've been a SOC analyst for a little over a yar, and I have Sec+ and CySA+. I'm studying for Pentest+ and TCM Security's PJPT and looking to take Pentest+ next month. THM gave me a free chance at the SAL1, and I'm gonna take it on Monday as a break from red team studies. I won't pass on a free cert lol

ArthurRamirezJ

I Just took the exam today. I failed because I didn't finish closing the True Positive alerts in the Third scenario and I was graded 0. Which I find really unfair considering I closed all other alerts. They should have deducted the points at least.

gertrudensaku

Thank you for this content. First time watching you do a cert, i mostly watch your educational tryhackme videos.

ydotmstizzy

This is a great review. I would say your description on part 2 really sums up the typical problems I have on THM. The instructions a lot of times make no sense, but after a lot of digging I slap myself and realize they meant something else which I knew. I guess it's like you have a team of ghost writers writing rooms instead of blogs so it's a mixed bag. Some of the rooms are written very well. I think they could hire some technical writers to at least review rooms and tests prior to releasing them. Just my 2c. Overall it's an amazing platform and I've learned a lot. I'm about a week away from finishing every path on the platform so it's worth doing.

cri

Really appreciate this video. I'm currently considering taking the free attempt since I have CySA+ and wanted a break from studying the red side. Your level of detail shows what I would be in for and provides great insight. Keep up the great content!

ChewyGhost

I got the exam and haven't started it yet so I'm glad I came across this video. Sounds like I need to wait for a couple updates before trying to take it. I'm glad they give you a year to take the exam so I'll continue to learn everything i can before coming back to it.,

Liftheavy

Absolutely awesome review. Great work on this

TylerRamsbey

I took the exam yesterday, I passed, and am happy with it, but my feelings are very similar to yours.
The difficulty of the questions varies greatly, and they put the hardest ones at the end, when I was most tired.
The first simulator was also more difficult for me; honestly, I didn't fully understand it. I don't know if it's the same one you took, but it was called SOC Chaos (not SOC Chaos B1), and I failed. Also, the moment you close the last alert, the simulator ends, leaving no time to correct any reports.
I enjoyed the second simulator more, based on the name, it's not the same one you took.
Overall, I'd say I like the feeling of being in a simulated work situation, but I think they still need to fix a lot of things.
I also took BTL1 and I recommend it over SAL1, even though it doesn't have the SOC simulation, it requires more SIEM use and real forensic tools.

Gjoaquin

Your feedback is very valuable. It does really make sense about the escalation process and repeated case if one is correct, three more also correct but if not. Super confusing and not necessary.

meneksesaglam

Thank you for taking the time to post this video! Many others are simply praising this cert without taking the exam. Crazy how that nobody is talking about that.. Anyways, I passed SAL1 last night and my experience was very similar. I aced the 1st and 3rd section but failed the 2nd. Luckily I had enough points combined to still pass. The 2nd scenario is VERY boring and repetitive as you mentioned. The guidelines weren't extremely clear as to what should be escalated during a chained attack. I will say the 1st section questions were a bit long as well. 80 questions in 60 minutes isn't hard but requires some stamina. The questions were overall good but there were a few strange ones. Some as basic as 'what does an OS do' to 'identify the type of XSS used in the provided example'. I have both CySA+ & BTL1 and I would highly recommend BTL1 over this SAL1 cert.

Alex-fevv

SAL1 not being proctored is the same reason why none of the TCM/BTL certs are proctored. People don't have the bandwidth to schedule exams ahead of time that last damn near all day. Either prices go up to pay the proctor or exams get shorter to not have to pay proctors so much, that's not even factoring the break aspect of these lengthy exams.

cloudhobbyist

Totally agree with your take. I also recently completed this and was surprised at how much sponsored (and unsponsored) content that was giving this certification the benefit of the doubt. I personally wouldn't recommend this certification. I took BTL1 a while ago and I really enjoyed that exam way more and think even though its not working out of a SOC like environment, the tools and pivots you do to answer the questions are much more beneficial to equip an entry level analyst with to be successful in a SOC. I also failed scenario 2 but squeaked by with a pass. The grading of peoples ability to call FP's/TP''s/Escalations is gonna change organization to organization. Feels like a cash grab.

filli

The trick is you need to wait for all alert to be occurred to finish the report at once which is not realistic. Imagine, you already identify the malicious software which has been downloaded and report for immediate response, then you got score deduction for not explaning the further attack in the report. Why the hell do I need to wait for malware to carry its WTF. Not make sense.

My first attempt on SOC simulation, I inspect the .lnk using notepad and immediately know that this is reverse shell using powercat with ngrok domain. I immediately mark as true positive and submit the report. I got score deduction WTF???? AI said I need to wait for attack to be carried. THE hell.

PattharadanaiSanitjairak

I really wish there were a way to group correlated alerts and report them together. The escalation and policy part also needs a bit more clarity.
That being said I appreciate the video.

JfromTheGhetto

In multiple choice, are you allowed to run the questions through AI like Copilot or will they detect it and disqualify you?

malitman

Made me chuckle, when I was taking it. It mimics my day to day as an L1 😂😂😂😂😂

clooless

Failed both attempts because of the escalation part, really was confusing.

I understand youre point. It's very frustrating when exam is not clear and have loopholes and i agree with it. But the "exam is not fun enough" and "it feels like a work" statements i cant agree. Exams shouldn't be fun or boring. If the exam is boring it means it's not difficult enough for YOU. About the fun factor, exams should be taken serious and not for fun.
Btw at the last page you see there is a "Pass Mark" it actually means if you didnt pass on 1 you will not pass the exam even if you go above 750 points, which means you cant skip the first part!

mr.grifn