Learning Path

Suggested reading order based on skill level and topic progression.

🟢 Beginner Path

Start here if you're new to penetration testing.

Week 1-2: Foundations

1. Public Info Gathering - OSINT basics

2. Subdomain Enumeration - DNS and discovery

3. Network Scanning - Nmap fundamentals

4. Host Scanning - Service identification

Week 3-4: Web Basics

1. Web Attacks Overview - Introduction

2. Crawl/Fuzz - Directory discovery

3. XSS - Cross-site scripting

4. CSRF - Request forgery

Week 5-6: First Exploitation

1. Reverse Shells - Getting shells

2. File Transfer - Moving files

3. Payloads - Common payloads

4. Webshells - Web-based access

Resources for Beginners

• Pentesting Web Checklist

• Wordlist Reference

• Tool Index

🟡 Intermediate Path

For those comfortable with basics, ready to deepen skills.

Web Application Testing

1. SQLi - SQL injection mastery

2. SSRF - Server-side request forgery

3. XXE - XML attacks

4. LFI/RFI - File inclusion

5. Deserialization - Object attacks

6. SSTI - Template injection

Authentication & Authorization

1. Bruteforcing - Credential attacks

2. JWT - Token attacks

3. OAuth - OAuth flaws

4. IDOR - Access control bypass

5. API Security - API testing

Post-Exploitation Basics

1. Linux Post-Exploitation - Linux privesc

2. Pivoting - Network movement

3. Privilege Escalation - Overview

Cloud Fundamentals

1. Cloud Overview - Cloud concepts

2. AWS - AWS attacks

3. Docker & Kubernetes - Container basics

🔴 Advanced Path

For experienced testers looking to master advanced techniques.

Advanced Exploitation

1. Buffer Overflow - Binary exploitation

2. Web Exploits - RCE chains

3. Request Smuggling - HTTP desync

4. Supply Chain - Dependency attacks

Windows & Active Directory

1. Windows Post-Exploitation - Windows techniques

2. Active Directory - AD attacks

3. Kerberos Attacks - Kerberos abuse

Cloud Security

1. Azure - Azure attacks

2. GCP - GCP attacks

3. Serverless - Function exploitation

Evasion & Stealth

1. RT/EDR Evasion - Defense bypass

2. Purple Team - Detection engineering

Mobile Security

1. Android - Android testing

2. iOS - iOS testing

Specialized Topics

1. Wireless Testing - WiFi/Bluetooth

2. Hardware Hacking - Physical security

3. Social Engineering - Human factors

📋 Certification Paths

OSCP-Focused

1. Network Scanning → Host Scanning → Ports

2. Web Attacks (SQLi, LFI, Command Injection)

3. Reverse Shells → File Transfer

4. Linux Privesc → Windows Privesc

5. Pivoting

6. Buffer Overflow basics

Web Application Focus (BSCP/eWPT)

1. All Web Attacks sections

2. API Security

3. JWT, OAuth, OIDC

4. Web Technologies (all subsections)

5. Request Smuggling, Cache Poisoning

Cloud Security Focus

1. AWS → Azure → GCP

2. Docker & Kubernetes

3. Serverless

4. Cloud Info Gathering

Red Team Focus

1. All Post-Exploitation

2. AD & Kerberos

3. RT/EDR Evasion

4. Purple Team

5. Social Engineering

6. C2 Framework basics (Web Exploits)

🎯 Quick Reference by Task