Table of Contents
| Step | Tutorial |
|---|---|
| 1. | Introductory Networking |
| 2. | What is Networking? |
| 3. | DNS in detail |
| 4. | Intro to Lan |
| 5. | Linux Fundamentls |
| 6. | Python Basic |
| 7. | OWASP Top 10 |
| 8. | OWASP Juice Shop |
| 9. | Network exploitation |
| 10. | Web Exploitation |
| 11. | Metasploit |
| 12. | Vulnversity |
| 13. | Basic Pentesting |
| 14. | Rooms |
You can skip any of the tutorials if you don't wanna learn them.
Learn Linux because it's better than Windows.
| Tutorial | Tags |
|---|---|
| Linux Fundamentals Part 1 | Filesystem, Search File, Shell Operators |
| Linux Fundamentals Part 2 | Flags, Switches, Permissions, Common Directories |
| Linux Fundamentals Part 3 | Terminal Text Editor, General Utilities, Process 101, Automation, Package Manager, Logs |
Learning network exploitation is a fundamental but if you want to skip it its cool.
| Tutorial | Tags |
|---|---|
| DNS in detail | What is DNS, Domain Hierarchy, Record Types, Making A Request |
| DNS Manipulation | DNS, How to manipulate DNS records |
| Intro to Lan | LAN Topologies, Subnetting, ARP, DHCP |
| Nmap | Switches, TCP Connect, SYN, UDP, NULL, FIN, Xmas, Scripts, Firewall Evasion |
| Nmap Live Host Discovery | Security, Mapping, Network |
| RustScan | Security, PortScanner, Extensible, Fast |
| Wireshark: The Basics | Tool to analyze network traffic |
| Traffic Analysis Essentials | Wireshark, Network Security, PCAP, Network Analysis |
| TShark | Tool and usage |
Exploiting the web is the best part and mostly the easiest so learning this skill will help you out in all ways possible.
| Tutorial | Tags |
|---|---|
| HTTP in detail | HTTPS, Request, Response, HTTP Methods, HTTP Status Codes, Headers, Cookies |
| Walking An Application | Exploring the website, Developer Tools (Inspector, Debugger, Network) |
| Web Application Security | Web Application Security Risks, Example of Web App Security |
| Intro To Offensive Security | Offensive Security |
| Content Discovery | Security, Web |
| ffuf | Directory bruteforcing, fuzzing |
| Burp Suite: The Basics | Introduction, Installation, Dashboard, Navigation, Options, Burp Proxy, FoxyProxy, BurpSuite Browser |
| Burp Suite: Repeater | Repeater, Basic Usage, Inspector |
| Hydra | Bruteforcing, Commands, Command Flags |
| SQL Injection | Databases, SQL, SQLi, Authentication Bypass, Boolean Based, Time Based, Out-of-Bound SQLi |
| SQLMAP | Usage, Commands, Command Flags |
| SQL Injection Lab | Security, SQLI, SQLMap, Web |
| NoSQL injection Basic | Basics, Bypassing, Logging in as other Users, Extracting Passwords |
| SSTI | Detection, Identification, Syntax, Exploitation |
| Javascript Basics | Javascript, Variables, itd. |
Metasploit is a great tool for penetration testing and it should be learnt.
| Tutorial | Tags |
|---|---|
| Metasploit: Introduction | |
| Wreath | Pivoting, Empire, AV evasion, Network |
Here you will learn how to exploit windows, Windows AD, and Windows Servers
| Tutorial | Tags |
|---|---|
| Windows Fundamentals 1 | Windows, Fundamentals |
| Windows Fundamentals 2 | Windows, Fundamentals, UAC, MSConfig |
| Windows Fundamentals 3 | Windows, BitLocker, Windows Security |
| Attacktive Directory Basics | AD, Windows |
| AD Certificate Templates | AD Certificates, Misconfiguration |
| Attacktive Directory | Active Directory, Kerberos, SMB |
| Enumerating Active Directory | AD, Sharphound |
| Breaching Active Directory | AD |
| Windows PrivEsc | Privilege escalation |
Don't learn crypto
| Tutorial | Tags |
|---|---|
| Encryption-Crypto 101 | Security, Crypto, 101, Encryption |
| Cryptography For Dummies | Cryptography, Easy |
OSINT is a way of passively getting information from the web about a user.
| Tutorial | Tags |
|---|---|
| OhSINT | OSINT, Internet, Dorks |
Recon is a way of gathering information about a system.
| Tutorial | Tags |
|---|---|
| Passive Reconnaissance | Security, Reconnaissance, Footprinting |
| Active Reconnaissance | Networking, Linux, Security |
| Read Team Recon | Security, Recon-ng, Maltego, dig |
Learn digital forensics and related processes and experiment with practical examples.
| Tutorial | Tags |
|---|---|
| Intro to Digital Forensics | Security, Digital Forensics, Metadata |
| Windows Forensics 1 | Forensics, Registry, Blue |
| Disk Analysis | Autopsy, Medium |
These are other tutorials which you can do to deepen your knowledge.
| Tutorial | Tags |
|---|---|
| Pentesting Fundamentals | Cybersecurity, Framework, Penetration Testing, Ethics |
| Blue | Windows, Eternal Blue, MS17-010, CVE2017-0144 |
| Intro to Docker | What is docker, How is it used |
| The Great Escape | Escaping Docker |
| Android Hacking 101 | Android Hacking, Exploiting |
| REmux The Tmux | Terminal multiplexer |
| Introduction To Flask | Python, Flask, Web |
Rooms are mostly like CTF challenges where you hack it. Pick some of them to sharpen your skills in different fields of hacking.
| Room | Tags |
|---|---|
| Intermediate Nmap | Nmap, netcat |
| Pickle Rick | CTF, Dirbuster, Linux |
| Kenobi | Samba, Path Var Manipulation, SUID, SMB |
| RootMe | Security, Web, Linux, Privilege Escalation |
| VulnNet | Linux, Web, PHP, Privilege Escalation |
| VulnNet: dotjar | Linux, Web, Java, Privilege Escalation |
| VulnNet: Internal | Linux, Enumeration, Pivoting, Privilege Escalation |
| VulnNet: Active | Windows Server, Enumeration, PowerShell, Command Injection |
| VulnNet: dotpy | Python, Linux, Web, Privilege Escalation |
| VulnNet: Roasted | Windows Server, Active Directory, Enumeration, Roasting |
| VulnNet: Node | Linux, Web, Javascript, NodeJS, Privilege Escalation |
| VulnNet: Endgame | Security, Penetration Testing, Linux, Web |
| Templates | Pug Template engine |
| That's The Ticket | Security, Web, XSS, DNS |
| Linux PrivEsc | Privilege Escalation, Linux |
| Linux Agency | Linux, Privilege Escalation, Sudo, Docker |