Welcome to the ultimate guide for becoming an Ethical Hacker – all for free! Feel free to share this roadmap with your friends and fellow enthusiasts.
If you're a complete beginner and not sure where to start, don't worry. I've prepared a comprehensive roadmap for you, complete with learning resources and free courses. There are many paths to choose from, but this roadmap is specifically tailored for those aiming to become professional bug bounty hunters and penetration testers.
- TryHackMe - Best place to start Ethical Hacking
- CEH V11
- HackTheBox Academy - use this as referrence
- EC-Council Free Courses
- TCM Security Courses
- Portswigger Academy - for Web Security Learning and Practise
- Game Hacking
This road-map does not suitable for all people.This Road map will suitable for People who want to start there journey with network Hacking and web Application / API Hacking. If you want to learn Game Hacking , Mobile Hacking , Malware Analysis ,etc . Please feel free to do some research.
Sometimes this roadmap looks so overwhelming .This roadmap will take up to 1-2 years. so take your time and enjoy the process.not the final destination.
- Network with other Hackers / Cyber security Researchers via Twitter and LinkedIn.
- Watch Other Hackers Podcasts.You can learn lot's of things that you cannot learn in a paid course also.Still I Do these things.
- Be curious about new technologies,New Updates
- Create accounts in tryhackme.com ,academy.hackthebox.com and portswigger.com If you are comfortable with Tryhackme content.just continue that learning paths
- To become a Great Hacker.You want that curious Little baby that always have questions about all the things. Yes! Everyone has that baby.Don't let it killed.
- Some people say that "You don't need programming for Cyber Security" . I am in the opposite side.You need some kind of Programming Languages to Automate things and make new tools that suitable for the work.Actually Programming help me to speed up my learning journey.
- But Don't worry, we are going to learn Programming when that is needed.until that we don't.
- You don't need to spend thousands of $ for paid courses.do some research and you can find many courses that are available for completely free.
- Stay active in LinkedIn because some people share free courses and tips and tricks in LinkedIn as well.
- Constancy is needed .But it doesn't mean you want to Learn Hacking all day all time.
- When you feel the burn out.It is OK to pause the learning.Just do some fun activities for couple of days and get back to work.
there are some rooms that only for premium subscribers .just google search the lesson's title name and you can find some write ups of that. that's how I do those for free. If you can spend some bucks to tryhackme .It is absolutely worth for money.(by the way , I am not affiliated with any of those organizations .I learn by them ,I'm just suggesting for you)
- Introduction To Cyber Security
- Pre Security
- Web Fundamentals | Complete Beginner | Jr Penetration Tester < Choose a one
This field is a huge and every second updating.so it is hard to give you a complete road map to start to end.you have to learn things daily until you retired.
- If you stuck in some point.Try these steps :
- Search on google
- Use ChatGPT or some kind of AI
- Search in youtube. most of the time a good google search can always give you the answer.Searching is a part of this game.
- Introductory Researching
- Networking Basics
- Linux Basics
- How The Web Works
- DBMS Basics (Database Management System) - { Optional } learn something like mySQL ,this will helpful when we learn about Database Injections Like SQL injection
I would say ,learn these things simultaneously while you learning fundamentals. If you want ,It is OK to learn after the fundamentals.
- Basics of cyber security
- CIA triad
- Types of malware
- Types of Penetration testing
- Black Box Penetration testing
- Gray Box Penetration testing
- White Box Penetration testing
- Steps of Penetration Testing
- Information Gathering
- Reconnaissance
- Scanning and Discovery
- Active Scanning
- Passive Scanning
- Vulnerability Assessment
- Exploitation & Gaining access
- Penetration Testing Methodologies
I suggest you to learn the Network hacking and Web Hacking Simultaneously.Because that is the easy way to start CTFs. It's all up to you.
- Network Protocols
- TCP/IP
- UDP/IP
- HTTP
- FTP
- Networking Tools
- Ping
- Traceroute
- WHOIS
- Dig
- Netstat
- Network Services Enumeration
- FTP
- SSH
- Telnet
- SMB
- IMAP
- NFS
- RDP
- Hacking Web Applications - TCM Security (new)
- Hacking Web Applications - TCM Security Full Course
- Tryhackme Complete Beginner Module's-> Web Hacking Fundamentals
Some videos might be old ,but it is worth than gold.Old videos doesn't mean the content is outdated.You can Still learn those concepts.
- You don't need to pay for the premium course. just use these free YouTube tutorials.
- Now we came to the real fun part , you can start CTFs (Capture the flag) while you learning .
- And Remember ,when you start CTF's It's Hard to complete any single box without write ups and videos.
- So Learn by Them. I suggest you to try these. you don't need to get the flags. just try and have fun.To play these boxes ,you need accounts in :
- app.hackthebox.com
- tryhackme.com
Remember : There is a privileged escalation part in some boxes .you can't understand that.but it's OK .Just Follow the video.If you feel like it is damn hard to do ,just stop the box.
- Hackthebox Starting point Boxes -> {Do the Free boxes with CryptoCat Videos}
- Tryhackme - PickleRick -> {use john hammond video for this}
- Basic Penetration Testing-> {john hammond video}
- Vulnversity -> {john hammond video}
You may ask me that ,why didn't you included the windows part before.As before I said.this road map is made in my way. so I planned to learn windows part after finished the Linux privileged escalation course.
-
Linux Privilege Escalation use this resources as well
-
Active Directory Hacking:
-
Web Hacking 201 - Follow the portwigger Learning Path
- Cryptography Basics.
- OSINT
OSINT is a Recon skill .Try this Google dork and you can find some challenges.
OSINT challenges site:twitter.com
obviously this will not suitable for all.so make your own one.
-
watch hackers podcasts and interviews ,that's how I made my own one. I recommend you to watch these all Videos
-
Do some chatGPT prompting.It can generate a course for you.
If you planned to Buy some courses.These are my suggestions.As usual I Don't get any single buck by recommending these.
- TCM Security 25+ hours Hacking Course.
- TCM Security Bug Bounty Course.
- TCM Security Linux Privilege Escalation Course .
- TCM Security Windows Privilege Escalation Course .
Now TCM Security offer a monthly subscription plan that can access all of the courses for 30$ /month.I am a huge fan of TCM-Security Courses because I learn By them so I Can't even think about a better place for paid or free courses.
-
Twitter: https://twitter.com/4Krishanthan/
-
LinkedIn: www.linkedin.com/in/ramakrishnan-krishanthan-8a6864241
I wish you the best of luck on your incredible journey. Happy Hacking! 😊