CTFs (Capture the Flag) Find the detailed version of this roadmap

along with resources and other roadmaps

HackTheBox

Cyber Security https://roadmap.sh

TryHackMe

VulnHub

picoCTF
Fundamental IT Skills

SANS Holiday Hack Challenge

Computer Hardware Components

Connection Types and their function NFC WiFi Bluetooth Infrared

Certifications

Beginner Certifications OS-Independent Troubleshooting

CompTIA A+ CompTIA Linux+ Understand Basics of Popular Suites iCloud Google Suite Microsoft O!ce Suite

CompTIA Network+ CCNA Basics of Computer Networking

CompTIA Security+ Windows Linux MacOS

Advanced Certifications
Operating Systems
CISSP CISA CISM Basics of Subnetting

GSEC GPEN GWAPT Public vs Private IP Addresses Learn following for Each

GIAC OSCP CREST IP Terminology Installation and Configuration

CEH localhost loopback CIDR

Di"erent Versions and Di"erences

subnet mask default gateway

Navigating using GUI and CLI

Understand the Terminology Understand Permissions

VMWare VirtualBox esxi proxmox VLAN DMZ ARP VM Installing Software and Applications

Common Virtualization Technologies NAT IP DNS DHCP Performing CRUD on Files

Hypervisor VM GuestOS HostOS Router Switch VPN Troubleshooting

Understand basics of Virtualization Common Commands

MAN LAN WAN WLAN

Troubleshooting Tools
Understand these

nslookup iptables Packet Sni"ers

DHCP DNS NTP IPAM
Understand the OSI model
ipconfig netstat Port Scanners
Function of Each

ping dig arp Protocol Analyzers

Network Topologies Networking Knowledge

nmap route tcpdump tracert

Star Ring Mesh Bus
Common Protocols and their Uses
Authentication Methodologies Understand Common Protocols
Common Ports and their Uses
Kerberos LDAP SSO SSH RDP FTP SFTP
SSL and TLS Basics
Certificates Local Auth RADIUS HTTP / HTTPS SSL / TLS
Basics of NAS and SAN

Understand Common Hacking Tools

Core Concepts of Zero Trust

Understand Common Exploit Frameworks
Blue Team vs Red Team vs Purple Team
Roles of Compliance and Auditors
Understand Concept of Defense in Depth
False Negative / False Positive
Understand the Definition of Risk True Negative / True Positive
Understand Concept of Runbooks

Understand Backups and Resiliency Basics of Threat Intel, OSINT

Understand Basics of Forensics

Basics and Concepts of Threat Hunting Cyber Kill Chain MFA and 2FA Understand Handshakes

Basics of Vulnerability Management Operating System Hardening Understand CIA Triad

Basics of Reverse Engineering Understand the Concept of Isolation Privilege escalation / User based Attacks

Penetration Testing Rules of Engagement Basics of IDS and IPS Honeypots Web Based Attacks and OWASP 10

Perimiter vs DMZ vs Segmentation Authentication vs Authorization Learn how Malware Operates and Types

Security Skills and Knowledge

Tools for Incident Response and Discovery Basics of Cryptography Attack Types and Di"erences

nmap tracert nslookup dig curl Salting Hashing Key Exchange

Phishing vs Vishing vs Whaling vs Smishing

ipconfig hping ping arp cat dd PKI Pvt Key vs Pub Key Obfuscation Spam vs Spim Shoulder Surfing

head tail grep wireshark winhex Dumpster Diving Tailgating Zero Day
Understand Secure vs Unsecure Protocols

memdump FTK Imager autopsy Social Engineering Reconnaissance

FTP vs SFTP SSL vs TLS IPSEC

Understand Frameworks DNSSEC LDAPS SRTP S/MIME Impersonation Watering Hole Attack

ATT&CK Kill chain Diamond Model Drive by Attack Typo Squatting

Understand the following Terms

Brute Force vs Password Spray

Understand Common Standards Antivirus Antimalware EDR DLP

ISO NIST RMF CIS CSF Firewall and Nextgen Firewall HIPS Common Network Based Attacks

Understand Common Distros for Hacking NIDS NIPS Host Based Firewall DoS vs DDoS MITM ARP Poisoning

SIEM SOAR ParrotOS Kali Linux Sandboxing ACL EAP vs PEAP Evil Twin DNS Poisoning Spoofing

WPA vs WPA2 vs WPA3 vs WEP WPS Deauth Attack VLAN Hopping

Using tools for unintended purposes

LOLBAS Rogue Access Point War-driving/dialing

Understand the Incident Response Process

Preparation Identification
Learn how to find and use these logs Bu"er Overflow Memory Leak XSS

Event Logs syslogs netflow Containment Eradication

SQL Injection CSRF Replay Attack

Packet Captures Firewall Logs Recovery Lessons Learned

Pass the Hash Directory Traversal

Understand Hardening Concepts Understand Threat Classification Understand Audience

MAC-based NAC-based Port Blocking Zero Day Known vs Unknown APT Stakeholders HR Legal Compliance

Group Policy ACLs Sinkholes Patching Management

Understand Common Tools

Jump Server Endpoint Security

VirusTotal Joe Sandbox any.run urlvoid urlscan WHOIS

Cloud skills and Knowledge

Understand concepts of security in the cloud Understand Cloud Services Common Cloud Environments

SaaS PaaS IaaS AWS GCP Azure

Understand the basics and general flow of deploying in the cloud

Understand the di"erences between cloud and on-premises

Cloud Models Common Cloud Storage
Understand the concept of infrastructure as code
Private Public Hybrid S3 Dropbox Box

Understand the concept of Serverless

OneDrive Google Drive

Understand the concept of CDN

iCloud

Programming Skills and Knowledge (Optional But Recommended) Python

Go

JavaScript

C++

Keep Learning Bash

Power Shell