Skip to content
Ebn Sina
← Notes

Ethical Hacking

Penetration testing, OSINT, exploitation, CTF — zero to professional

  1. 00 Ethical Hacking — Roadmap Zero to professional penetration tester. Recon, exploitation, post-exploitation, reporting — with real labs.
  2. 01 Foundations How networks work, TCP/IP, the OSI model, and the attacker's mental model for finding weaknesses.
  3. 02 Linux for Hackers Terminal mastery, file permissions, bash scripting, and the tools that ship on Kali Linux.
  4. 03 Reconnaissance OSINT, passive recon, Google dorks, Shodan, theHarvester, Maltego — gathering intelligence without touching the target.
  5. 04 Scanning & Enumeration Nmap mastery, service fingerprinting, banner grabbing, and enumerating SMB, FTP, SNMP, and web directories.
  6. 05 Vulnerability Analysis CVE database, CVSS scoring, automated scanners, and manual vulnerability research — finding what's exploitable.
  7. 06 Exploitation Basics Metasploit framework, manual exploit development, shellcode, payloads, and listeners — turning vulnerabilities into access.
  8. 07 Web Application Hacking OWASP Top 10, Burp Suite, SQL injection, XSS, SSRF, IDOR, command injection — the complete web attacker's toolkit.
  9. 08 Network Attacks ARP spoofing, MITM, packet capture, credential sniffing, DNS poisoning — attacking the network layer.
  10. 09 Privilege Escalation Linux and Windows privesc techniques — SUID binaries, sudo misconfigs, kernel exploits, service account abuse, token impersonation.
  11. 10 Post-Exploitation Lateral movement, persistence, data exfiltration, pivoting through networks — what happens after you have root.
  12. 11 Cryptography Attacks Hash cracking, weak cipher exploitation, PKI weaknesses, JWT attacks, and password analysis.
  13. 12 Wireless Security WPA2 handshake capture, WPS attacks, evil twin APs, deauthentication, and wireless network defense.
  14. 13 Social Engineering Phishing campaigns, pretexting, vishing, physical intrusion — and the defenses that actually work.
  15. 14 CTF Strategy How to approach Capture the Flag competitions, category breakdowns, platforms, and a methodology for each challenge type.
  16. 15 Pentest Reporting Professional report structure, CVSS scoring, evidence documentation, executive summaries, and remediation guidance.
  17. 16 Active Directory Attacks BloodHound, Kerberoasting, AS-REP Roasting, Pass-the-Ticket, DCSync, Golden Tickets — dominating Windows domains.
  18. 17 Cloud Security AWS, GCP, and Azure attack techniques — IAM misconfigs, S3 exposure, metadata service abuse, container escapes, and cloud-native threats.
  19. 18 Container & Kubernetes Security Docker escape techniques, Kubernetes attacks, privileged container abuse, secrets in images, and hardening.
  20. 19 Malware Analysis Static and dynamic analysis, sandbox execution, YARA rules, deobfuscation, and reverse engineering malicious code.
  21. 20 Exploit Development Advanced buffer overflows, ROP chains, format string exploits, heap exploitation, and writing reliable shellcode.
  22. 21 Incident Response & Digital Forensics Memory forensics with Volatility, disk imaging, timeline analysis, log analysis, and the IR lifecycle from detection to remediation.
  23. 22 AV Evasion & Red Team Operations Bypassing antivirus and EDR, LOLBins, C2 frameworks, payload obfuscation, and advanced red team tradecraft.
  24. 23 API Security Testing REST and GraphQL attack techniques, broken authentication, mass assignment, rate limiting bypass, BOLA/BFLA, and automated API scanning.
  25. 24 Mobile Security Android APK analysis, iOS app testing, dynamic instrumentation with Frida, SSL pinning bypass, and mobile OWASP Top 10.
  26. 25 IoT & Embedded Security Firmware extraction and analysis, UART/JTAG debugging, default credentials, protocol attacks, and hardware hacking fundamentals.
  27. 26 Blue Team & Defense SIEM, IDS/IPS, SOC operations, detection engineering, threat hunting, hardening guides, and the defender's toolkit.
  28. 27 Threat Intelligence & MITRE ATT&CK IOCs, threat actor profiling, STIX/TAXII, ATT&CK Navigator, threat hunting with intelligence, and building a threat intel program.
  29. 28 Bug Bounty Methodology, platform selection, recon automation, high-value target selection, triaging, and earning consistently on HackerOne and Bugcrowd.
  30. 29 Fuzzing & Vulnerability Research AFL++, LibFuzzer, coverage-guided fuzzing, finding 0-days, code auditing for security, and structured vulnerability research.
  31. 30 Secure Code Review SAST tools, manual code auditing, threat modeling, finding vulnerabilities in real codebases, and building security into the SDLC.