| 01 |
OSI Model, TCP/IP, Subnetting Basics |
Understand OSI layers, TCP/IP stack, IPv4/IPv6, subnet masks, CIDR notation, IP classes. |
| 02 |
Common Ports, Protocols, NAT, DNS |
Learn default ports, NAT operation, DNS resolution, UDP vs TCP, ICMP basics. |
| 03 |
Packet Flow, TCP Handshake, ARP |
Understand 3-way handshake, ARP request/response, and packet life cycle in a network. |
| 04 |
Nmap Basics: Host Discovery, Ping Scan |
Nmap installation, ping scan (-sn), host discovery (-Pn, -n), troubleshooting host detection. |
| 05 |
Nmap: Port Scanning Techniques |
TCP SYN (-sS), TCP Connect (-sT), UDP scan (-sU), stealth scanning, aggressive scanning (-A). |
| 06 |
Nmap: OS & Service Detection, NSE |
OS detection (-O), version detection (-sV), using default NSE scripts for vulnerability scan. |
| 07 |
Banner Grabbing, Netcat, Masscan |
Manual banner grabbing (Netcat), fast scanning with Masscan, service fingerprinting. |
| 08 |
Passive Reconnaissance |
WHOIS, nslookup, theHarvester, DNSDumpster, online recon techniques without touching the target. |
| 09 |
Web Recon: Wappalyzer, WhatWeb, Wayback |
Identify tech stack, CMS, exposed endpoints, older versions of web apps using archive tools. |
| 10 |
Threat Intelligence: Shodan, VirusTotal |
Use Shodan to find vulnerable devices; check URLs/files on VirusTotal for malware detection. |
| 11 |
Common Network Vulnerabilities & CVEs |
Study CVE database, CVSS scores, top vulnerabilities in SMB, FTP, HTTP, etc. |
| 12 |
Lab Setup & Tool Recap |
Build your lab (VMs, network topology), recap tools used so far, and create quick notes. |
| — |
Rest or Notes Review |
Self-review: Summarize everything, write questions, reinforce core networking/pentesting ideas. |
| 13 |
SMB Enumeration with Enum4linux |
Use enum4linux to find shares, OS info, users from SMB-enabled hosts. |
| 14 |
SNMP, FTP, SSH Enumeration |
Enumerate SNMP (onesixtyone, snmpwalk), FTP (anonymous login), SSH banners. |
| 15 |
DNS Zone Transfer, Dig, Nslookup |
Attempt zone transfers, learn DNS records, forward/reverse lookups with dig/nslookup. |
| 16 |
LDAP & NetBIOS Enumeration |
Use Nmap/Nikto for NetBIOS, LDAP tools like ldapsearch for domain and user enumeration. |
| 17 |
Wireshark Basics: Packet Analysis |
Analyze live capture or pcap files, filter TCP, HTTP, DNS traffic, follow streams. |
| 18 |
ARP Spoofing with Bettercap/Ettercap |
MITM attacks using ARP spoofing, sniffing credentials, and exploiting insecure communications. |
| 19 |
DNS Spoofing, SSL Stripping |
Redirect DNS requests, force HTTP from HTTPS, intercept traffic with MITMproxy. |
| 20 |
Tcpdump & MITMproxy |
Command-line packet capture and proxy setup to intercept and manipulate HTTP traffic. |
| 21 |
Vulnerability Scanning (Nmap NSE) |
Use NSE scripts for vulners, smb-vuln*, ftp-anon, http-enum, etc. |
| 22 |
OpenVAS/Nessus Basics |
Scan networks with GUI tools, understand report metrics, risk ratings, and false positives. |
| 23 |
Searchsploit, ExploitDB, CVE Hunting |
Find exploits locally or online, map them to vulnerable software versions. |
| 24 |
Nikto & Manual Vulnerability Analysis |
Use Nikto to identify outdated software, XSS, headers, perform manual validation. |
| 25 |
Metasploit Basics, Payload Types |
Setup Metasploit, use exploits, understand payload types, exploit config, and post modules. |
| 26 |
Exploiting SMB (EternalBlue) |
Practice MS17-010 exploitation using Metasploit or manual methods. |
| 27 |
FTP, SSH Exploits, Reverse Shells |
Exploit misconfigured services, weak creds, upload backdoors, get reverse shells. |
| 28 |
MSFVenom + Manual Payloads |
Generate payloads for Windows/Linux, encode and inject, use bind/reverse shells. |
| 29 |
Netcat, Socat, Bind/Reverse Shells |
Create listeners, transfer files, spawn TTY shells, and port redirection with Netcat/Socat. |
| 30 |
Exploit Writing Basics (optional) |
Learn buffer overflow, fuzzing, shellcode basics using Python or C. |
| 31 |
Meterpreter Commands, System Info |
Use Meterpreter to gather system info, pivot, log keystrokes, capture screenshots. |
| 32 |
Privilege Escalation (Windows) |
Check misconfigurations, weak permissions, tools like winPEAS, PowerUp. |
| 33 |
Privilege Escalation (Linux) |
Sudo/suid binaries, kernel exploits, tools like LinPEAS, GTFOBins. |
| 34 |
Pivoting, Port Forwarding |
SSH tunneling, dynamic port forwarding, proxychains with pivoted shells. |
| 35 |
Mimikatz, Credential Dumping |
Extract passwords, hashes, tickets, and dump credentials from memory. |
| 36 |
Password Cracking: Hashcat, JtR |
Crack common hash types, wordlists, rules, brute-force, and dictionary attacks. |
| 37 |
Brute-Force with Hydra |
Brute-force login portals, FTP, SSH, RDP using Hydra with custom user/pass lists. |
| 38 |
Wordlists, CeWL, Crunch |
Create custom wordlists, use CeWL on websites, and generate patterns with Crunch. |
| 39 |
Proxychains, VPNs, Tunneling Basics |
Use VPN for anonymity, Proxychains for routing through proxies and SOCKS tunnels. |
| 40 |
Decoy Scans, Nmap Evasion Techniques |
Use -D, --spoof-mac, -f to avoid IDS/IPS detection during scanning. |
| 41 |
Active Directory Intro, BloodHound |
Understand AD structure, enumerate relationships and attack paths with BloodHound. |
| 42 |
CrackMapExec, Kerberos Enumeration |
Use CME for SMB/AD attack surface; Kerberos enumeration like ASREPRoast, SPN hunting. |
| 43 |
Report Structure, CVSS, PoC Writing |
Learn CVSS scoring, write vulnerability reports with PoCs, risk rating, and impact analysis. |
| 44 |
Sample Report Practice (Web + Net) |
Build mock pentest reports with screenshots, logs, recommendations. |
| 45 |
Practice: Internal Network Challenge |
Test skills on internal lab (TryHackMe/HTB or custom lab). |
| 46 |
Practice: External Network Challenge |
Attempt a black-box or internet-facing simulation. |
| 47 |
TryHackMe: Network Security |
Complete THM modules focused on networking, scanning, and enumeration. |
| 48 |
TryHackMe: Offensive Pentesting |
Complete offensive labs (Metasploit, privilege escalation, pivoting). |
| 49 |
Final Review: Notes + Weak Areas |
Review weak topics, update notes, prepare for challenge day. |
| 50 |
Final Test Challenge + Chill 🎉 |
Attempt a full challenge and reflect on entire learning journey. |