Learning resources I use (take into account I have a VIP student account on HTB):
Note: I had no idea how to organize machines, so that's up to you, you can spend the whole weekly plan owning retired machines, or, decide when to pick up your first easy-medium or even hard machine. Is not about being able to solve a machine but learning, so, it doesn't really matter if it's easy or insane.
Some advices
- Build your own labs for each topics, you can use any hypervisor, docker containers or network emulators if you want to train the networking side.
- Use Wireshark, and try to do MANUAL stuff, use tools of course, but try to learn hacking techniques without them.
- Anything can be an attacker machine if you know how to use it, even Windows (I recommend WSL), so, it doesn't matter what you use as long as you study.
- Take MEANINGFUL notes, and if you are planning to get a certification, take even more notes.
- If you are an autodidact person, notes are not going to make you understand, make write ups and labs to explain yourself the concepts!
- Practice some stuff with real websites, what about HackerOne?
Before taking any of the below modules, it is preferred that you have Linux, Windows, Networking and Web Development concepts fresh, so I recommend doing a couple of stuff before reaching the first week:
- Bandit Levels (Overthewire Linux Training)
- Windows fundamentals and AD HTB modules (I also recommend John Hammond's AD playlist)
- The Odin Project HTML, JS and SQL modules (Web Develpment Training)
- For Networking, you can take the Introduction to Networking HTB module, but the deepest your networking background is, the better.
- SQL injection (portswigger)
- Authentication (portswigger)
- Path Traversal (portswigger)
- Penetration Testing Process (HTB Module)
- Random machine (HTB machine)
- Random machine (offsec machine)
- Command Injection (portswigger)
- Business Logic Vulnerabilities (portswigger)
- Information Disclosure (portswigger)
- Network Enumeration with Nmap (HTB Module)
- Random machine (HTB machine)
- Random machine (offsec machine)
- Access Control (portswigger)
- File Upload Vulnerabilities (portswigger)
- Race Conditions (portswigger)
- Footprinting (HTB Module)
- Random machine (HTB machine)
- Random machine (offsec machine)
- SSRF (portswigger)
- XXE Injection (portswigger)
- NoSQL injection (portswigger)
- Information Gathering (HTB Module)
- Random machine (HTB machine)
- Random machine (offsec machine)
- API testing (portswigger)
- Web Cache Deception (portswigger)
- XSS (portswigger)
- Vulnerability Assessment (HTB Module)
- Random machine (HTB machine)
- Random machine (offsec machine)
- CSRF (portswigger)
- CORS (portswigger)
- ClickJacking (portswigger)
- File Transfers (HTB Module)
- Random machine (HTB machine)
- Random machine (offsec machine)
- DOM-based vulnerabilities (portswigger)
- WebSockets (portswigger)
- Insecure Deserialization (portswigger)
- Shells & Payloads (HTB Module)
- Random machine (HTB machine)
- Random machine (offsec machine)
- Web LLM attacks (portswigger)
- GraphQL API vulnerabilites (portswigger)
- Server-Side template Injection(portswigger)
- Using the Metasploit Framework (HTB Module)
- Random machine (HTB machine)
- Random machine (offsec machine)
- Web cache poisoning (portswigger)
- HTTP Host header attacks (portswigger)
- HTTP request smuggling (portswigger)
- Password Attacks (HTB Module)
- Random machine (HTB machine)
- Random machine (offsec machine)
- OAuth Authentication (portswigger)
- JWT attacks (portswigger)
- Prototype pollution (portswigger)
- Pivoting, Tunneling, and Port Forwarding (HTB Module)
- Random machine (HTB machine)
- Random machine (offsec machine)
- Essential skills (portswigger LAST ONE)
- Active Directory Enumeration & Attacks (HTB Module)
- Random machine (HTB machine)
- Random machine (offsec machine)
- Using Web Proxies (HTB Module)
- Attacking Web Applications with Ffuf (HTB Module)
- Random machine (HTB machine)
- Random machine (offsec machine)
- Login Brute Forcing (HTB Module)
- SQL Injection Fundamentals (HTB Module)
- Random machine (HTB machine)
- Random machine (offsec machine)
- SQLMap Essentials (HTB Module)
- Random machine (HTB machine)
- Random machine (offsec machine)
- XSS (HTB Module)
- File Inclusion (HTB Module)
- Random machine (HTB machine)
- Random machine (offsec machine)
- Command Injections (HTB Module)
- Web Attacks (HTB Module)
- Random machine (HTB machine)
- Random machine (offsec machine)
- Attacking Common Applications (HTB Module)
- Linux Privilege Escalation (HTB Module)
- Random machine (HTB machine)
- Random machine (offsec machine)
- Windows Privilege Escalation (HTB Module)
- Documentation and Reporting (HTB Module)
- Random machine (HTB machine)
- Random machine (offsec machine)
- Attacking Enterprise Networks
At this point, you should be ready to take the CPTS HTB certification, obviously, modules are not enough, if you hacked tons of machines and applied what you learned on all modules, you will be even more than ready.
- HackTheBox
Probably the best platform to practice, realistic machines and very high quality (some of them are more like a ctf machine, or some are impossibly hard, but the majority of them are very good and realistic machines). Usually HTB machines are the hardest of the below options.
- Proving Grounds
High quality machines selected from VulnHub and very close to the OSCP certification.
- VulnHub
VunHub contains some nice machines, but they are not as good as the above options, still, you can find very high quality material comparable to some certifications.
- TryHackMe
I have found very few nice machines, but they are not that awesome, very bad quality and so close to weird CTF machines with very weird solutions.