Penetration Testing Learning Path

It is a long journey. We need to prepare ourselves for adjusting ourselves to learn new methods and technique. If someone is beginner, they can follow this path to start the learning on penetration Testing. This is just a short syllabus. There are more advanced topics but it is a good start for newbie!

Many Guys asked me if there is any learning path to follow I can tell them. So to favore them, i publishied this here, which published on my GitHub already, and also some youtube video!

Videos: Follow on Youtube

Original Post: On Github

Programming

We should be good in writing code in any of one scripting language.

1. Understanding Bash
2. Understanding Python
3. Learn Basic of Powershell

Note Taking

Always take notes for future reference.

4. Using Joplin
5. Using CherryTerry

Information Gathering

Most beginner will ignore this phase, as a result success rate is very low. I spend lots of time here!

6. Passive Information Gathering
7. Active Information Gathering

Vulnerability Assessment

Enumerate Everything. Anything can be vulnerable!

8. Finding Vulnerability Manually
9. Nmap
10. Burp Suites

Exploitation

It can’t be a hard core knowledge. We need skills to research on anything. To get used to it, We can practice as follows:

11. Working with Public Exploits
12. Compiling exploits in Linux
13. OneLiner Reverse Shell
14. Exploiting Various Services

	1. Exploiting FTP
	2. Exploiting SSH
	3. Exploit SMB
	4. Exploiting Network File System
	5. Exploiting SMTP
	6. Exploiting Other Running Service

15. Exploiting Web(Getting Reverse Shell)

	1. SQL Injection
	2. OS Command Injection
	3. File Inclusion
	4. File Upload
	5. Code Execution

16. Password Cracking using various tools
17. Troubleshooting

Stack Based Buffer Overflow

18. Stack overflow without protection.
19. SEH Bypass
20. EGG Hunting
21. Basic of DEP Bypass

File Transfer

File Transfer should be easy for quick transfer!

22. Transfering exploit in Linux in various way.
23. Transfering exploit in Windows in various way.

Tunneling

It is needed for lateral movement and accessing the private services.

24. SSH
25. plink
26. sshtunnel
27. chisel
28. Metasploit
29. Cobalt Strike

Privilege Escalation

If we have initial access, Then what? Usually attempt to escalate to higher privileges.. right?

30. Automated Analysis
	1. Linpeas
	2. LinEnum
	3. WinPeas
	4. PowerUp
	5. iCacls,etc.

31. Manually
	1. Password Dumping
	2. Service Exploit
	3. SUID Exploit
	4. Weak File Permission
	5. DLL Hijacking
	6. Kernel Exploit
	7. Schedule Jobs, etc.

Practice on LAB

Where can we practice?

32. HTB(Best if we subscribe)
33. Proving Ground(Real world Machine after subscription)
34. TryHackMe(Best for beginner who love to follow walkthrough)

Your turn

I am always practicing, what are you waiting for? Google also Can teach us! I am fan of Try Harder methods i have learned from the offensive-secrutiy.

Not Giving Up

Thinking to give up? Okay, Never come back! :)

Conclusion

It is a long journey. There is no course either it is free or paid can teach us everything. We just need to learn to research. We always need to learn the new techniques and try much more harder!

Programming#

Note Taking#

Information Gathering#

Vulnerability Assessment#

Exploitation#

Stack Based Buffer Overflow#

File Transfer#

Tunneling#

Privilege Escalation#

Practice on LAB#

Your turn#

Not Giving Up#

Conclusion#