The room review process

The Room Review Process

G
Written by Gonzo
Updated over a week ago

What is room testing, and who tests them?

TryHackMe uses two test phases to review a room: Room Testing and User Acceptance Testing (UAT). The overall goal of this process is to keep room content on the site accessible, consistent, appropriate, high quality, and engaging to our users.

Rooms are tested by TryHackMe QA Staff, who validate the quality of room content against a carefully defined Quality Standard.

After a room has gone through Room Testing, your room might be selected for UAT, where community UAT volunteers will review it from a user perspective.

Stages of room testing

Every room made "Public" is submitted to the room submission queue. When the room status changes, you will be notified by email. You can look at the progress of your room within the "General" view when managing your room (on the THM site: /room/manage/your_room_name):

The status of your room reflects at what stage of Room Testing your room currently resides. The following table provides an overview of the status:

Status

Meaning

Submitted

Your room is in the room submission queue, but Room Testing has not started yet. It will remain in the queue until TryHackMe QA Staff selects it for evaluation. Depending on various factors, your room may stay in the submitted state for a while. There is no defined amount of time after which your room gets evaluated.

Evaluating

TryHackMe QA Staff has started evaluating your room. We might contact you through Site Messages (or the THM Discord) and have questions regarding your room during this time. After Room Testing, we might select your room for the final User Acceptance Testing (UAT) phase. This is excellent news! Please note that, for UAT, you will be invited to a Thread on the TryHackMe Discord server to collaborate with UAT volunteers.

Ready

Your room has been thoroughly tested and approved. It is now waiting to be given a release date by the Release Coordinator. Scheduling your room might take some time, depending on how busy the room release schedule is. Rest assured, your room is destined for release greatness!

Rejected

Unfortunately, at this time, your room has been rejected. The TryHackMe QA Staff will have left comments/ideas for improvements. Please take some time to review these comments carefully before re-submitting.

Approved

Your room has been made public and is considered released! Congratulations, and thank you for contributing to the TryHackMe learning platform!

General guidelines:

Regardless of room type, room testers will check against the following when testing:

  • Check that the room isn't a "No-Go" topic.

  • Please ensure that any brute-forcing such as password hashes or enumeration does not take longer than 5 minutes. Although the time taken depends on hardware, please use entries located high up in wordlists. We suggest you use the THM AttackBox as a benchmark for hash cracking and similar, as this is accessible to all.

  • Rooms should have a maximum of 15 questions unless you have a lengthy walkthrough AND explicit approval from the QA team. Please email qa@tryhackme.com regarding this.

  • Ensure that the room content (and any downloadable media or attached VMs) is PG-13 and appropriate for the site. We're an educational platform used in classes, workshops, and corporate environments.

  • Rooms should not only have text but should have some interactive elements to them.

  • Room tasks should be consistently and sensibly formatted, written with good grammar, and presented in English; if any part of the content includes a different language (including any writeup material), please state so within the room so that the room testing team can discuss this.

  • Rooms should have PG-13 and appropriate room icons that are not the generated placeholders.

  • The room icon image should not have a white background, and the room's banner should be high quality.

  • Task questions that require an answer should be in the form of a question. For example: "What is the user.txt flag?" instead of "user.txt."

  • Task questions that don't require an answer should not be blank. Include instructional text, for example: "Read the above."

  • Use appropriate tags for your room, for example, the type of content covered.

    • We expect at least four tags for a room.

    • We are lenient on tags for challenge/CTFs in line with their difficulty to avoid spoilers, i.e., We would expect an "easy" challenge room to be more revealing in the room tags than that of a medium or hard.

  • The author has the rights to the content they're providing (or have credited appropriately).

    • Images, quotes, or bodies of text that aren't yours must be appropriately accredited. Room testers vigorously check for plagiarism.

    • The room creator must provide a reference to the licensing agreement or T&Cs of any source code that isn't theirs. The source code must allow commercial use to be hosted on TryHackMe. Source code without any licensing agreement is considered as "All rights reserved" to the original author and cannot be used.

    • No uploading boxes from sites such as VulnHub unless you are the author or have explicit permission from them. Room testers may ask for proof alongside their research to ensure this. Boxes created using SecGen are strictly prohibited.

  • Re-submissions are welcome, but please implement any necessary changes the room tester suggests before re-submitting.

Please do not ban room testers from your submitted rooms.

"No-Go" topics

Rooms with a heavy presence or focus on the following will be rejected, where exceptions to this rule are on a per-room and topic basis. This is to help avoid the repetition of content on the site:

  • Steganography rooms:

    • The only exception to this should be anthology rooms where it's part of a more significant collection or series, but steganography shouldn't be a focus of the room.

  • Unrealistic or CTF rooms on cryptography or ciphering:

    • This includes substitution ciphers, i.e., ROT13 and similarly

    • The exception is unless it's been seen in the wild or is realistic such as the CICCADA 3301 room or content involving AES/RSA encryption, for example.

  • Anything Illegal or considered encouraging "Black Hat" activity.

    • Rooms that are "Grey Hat" will be discussed with the admins.

  • Rooms with pirated content or content taken directly from certifications, i.e., PWK labs.

    • Challenge rooms inspired by certifications are acceptable. However, there is a difference between "inspired" and ripped.

  • Questionnaire/quiz-style rooms

    • Exceptions apply to heavily theory topics, which will be considered case-by-case.

  • Undisclosed 0days

General exceptions and caveats:

  • We may give realistic content a second chance in testing.

  • We may bypass some of these rules, given particular merit. A decision is made case-by-case and will be discussed by the TryHackMe QA Staff.

Who should I contact about my room?

The TryHackMe QA Staff member responsible for your room will leave their THM username with feedback. However, if not, please ask a Lead Room Reviewer in the THM Discord or email qa@tryhackme.com with your query so they can forward it. During the UAT phase, you may ask questions in the Discord Thread for your room.

Did this answer your question?