This learning path covers the core technical skills that will allow you to succeed as a junior penetration tester. Upon completing this path, you will have the practical skills necessary to perform security assessments against web applications and enterprise infrastructure.
Prerequisites:
You need a basic understanding of fundamental computing principles and a broad understanding of the different areas of cyber security to complete this pathway. If you do not already have these prerequisites, complete the Pre-Security Pathway and Intro To Cyber Security Pathway.
Learn the necessary skills to start a career as a penetration tester.
- Pentesting methodologies and tactics
- Enumeration, exploitation and reporting
- Realistic hands-on hacking exercises
- Learn security tools used in the industry
Understand what is offensive and defensive security, and learn about careers available in cyber.
. day-XXX Offensive Security Intro
. day-XXX Defensive Security Intro
. day-XXX Careers in Cyber
Understand what a penetration test involves, including testing techniques and methodologies every pentester should know.
. day-XXX Pentesting Fundamentals
. day-XXX Principles of Security
Get hands-on, learn about and exploit some of the most popular web application vulnerabilities seen in the industry today.
. day-XXX Walking an Application
. day-143 Content Discovery
. day-143 Subdomain Enumeration
. day-143 Authentication Bypass
. day-142 IDOR
. day-142 File Inclusion
. day-142 Intro to SSRF
. day-143 Intro to Cross-site-Scripting
. day-140 Command Injection
. day-139 SQL Injection
Burp Suite is the industry standard tool for web application hacking, and is essential in any web penetration test.
. day-125 Burp Suite: The Basics
. day-125 Burp Suite: Repeater
. day-143 Burp Suite: Intruder
. day-143 Burp Suite: Other Modules
. day-143 Burp Suite: Extensions
Learn the basics of passive and active network reconnaissance. Understand how common protocols work and their attack vectors.
. day-XXX Passive Reconnaissance
. day-XXX Active Reconnaissance
. day-XXX Nmap Live Host Discovery
. day-022 Nmap Basic Port Scans
. day-XXX Nmap Advanced Port Scans
. day-152 Nmap Post Port Scans
. day-153 Protocol and Servers
. day-153 Protocol and Servers 2
. day-146 Net Sec Challenge
Familiarise yourself with the skills, research methods, and resources used to exploit vulnerable applications and systems.
. day-153 Vulnerabilities 101
. day-153 Exploit Vulnerabilities
. day-153 Vulnerability Capstone
Metasploit is the most widely used exploitation framework. Learn how to use it and unlock its full potential.
. day-XXX Metasploit: Introduction
. day-XXX Metasploit: Exploitation
. day-XXX Metasploit: Meterpreter
Learn the fundamental techniques that will allow you to elevate account privileges in Linux and windows systems.
. day-135 What the Shell?
. day-137 Linux Privilege Escalation
. day-124 Windows Privilege Escalation