- (ISC)² Certified in Cybersecurity (CC)
- CompTIA Cybersecurity Analyst (CySA+)
- Nmap
- Gobuster
- SQLmap
- LinPEAS & WinPEAS
- Linux & Windows privilege escalation using kernel exploits, misconfigurations, and automated scripts
- Networking & Security Fundamentals:
- OSI Model
- TCP/IP
- Firewalls
- SIEMs
- Pre-security path
- Jr. Penetration Tester path
- Basic Enumeration
- Network Enumeration with Nmap
- DNS Enumeration Using Python
- Active Directory Enumeration & Attacks
- Privilege Escalation
- Linux Privilege Escalation
- Windows Privilege Escalation
- Easy: Archetype, Lame, Buff, Active
- Medium: Legacy, Sauna, Nest
- HTB Writeups on Medium, 0xdf’s blogs, or IppSec’s YouTube Channel
- OverTheWire (Linux command-line & privilege escalation):
- Bandit lab
- Narnia lab
- CompTIA PenTest+
- eCPPT or PNPT (Pick one, better than CEH)
- At the moment, 02/15/2025, I think PNPT is the better option
- eCPPT
- Covers real-world penetration testing: web apps, networks, and privilege escalation
- AD Attacks
- Pivoting & Tunneling
- Requires report writing
- PNPT
- OSINT & Initial Access
- AD Attacks
- Lateral Movement & Pivoting
- Bypassing Firewalls & EDR (Endpoint Detection Response)
- Comprehensive reporting
- Enumeration
- Password Spraying
- Kerberoasting
- Local File Inclusion (LFI): Exploit vulnerable web applications to read arbitrary files on the server, leading to potential credential leaks or code execution.
- SQL Injection (SQLi): Manipulate SQL queries to gain unauthorized access, extract sensitive information, or escalate privileges.
- Server-Side Request Forgery (SSRF): Exploit web applications to make unauthorized requests to internal resources, often leading to internal network enumeration or metadata exposure.
- Forest, Resolute, Reel, Sauna
- Start HTB Active Directory Challenges
- Help, Ophiuchi, Cache
- BloodHound to map AD environments
- PowerView, CrackMapExec, and Impacket for lateral movement
- Offensive Pentesting
- Red Team
- OSCP (Good for hands-on penetration testing jobs)
- CRTP (Certified Red Team Professional) - Active Directory exploitation
- CRTO (Certified Red Team Operator) - Real-world red teaming
- Introduction to Windows Evasion Techniques
- Windows Lateral Movement
- Intro to C2 Operations with Sliver
- Dante - Red Team engagements with stealth, persistence, and evasion tactics
- RastaLabs - AD attack & persistence scenarios
- Offshore - Realistic corporate network pentesting with multi-layer pivoting
- Sysmon & Sigma rules to understand detection and evasion
- Follow Pentester Academy’s Red Team Lab
- Windows Privilege Escalation
- Active Directory, Kali Linux, and C2 Frameworks (Cobalt Strike, Sliver, Empire, etc.)
- OSCE3 (Advanced Exploit Development)
- AWS Security Specialty / Azure Security (AZ-500)
- Attempt CTF-style machines under time constraints
- Create write-ups for completed boxes and challenges to showcase knowledge
- Join HTB CTFs & challenges
- Contribute to HTB forums & Discord
- Master Evasion Tactics - Bypass AV & EDR while staying stealthy
- Document and Publish techniques and methodologies
- Prepare for Red Team job interviews
- HackerOne
- Bugcrowd
- Metasploit
- BloodHound
- Defcon
- Black Hat
- Red Team Village
- Wild West Hackin’ Fest