Recommended Learning Path for Beginners

Nobody is born with knowledge of any of this material. If you encounter someone very skilled, know that they've likely been practicing for a long time. It didn't come to them overnight, I can promise you.

It may seem like there's a mountain of materials to learn. There are no shortcuts, so try to enjoy the climb. As long as you keep learning a little bit at a time, you will learn enough that more things will start making sense. The investment of your time will be worth it.

Systems Administration

1.  Foundational Knowledge

This is a series of brief videos that will introduce you to the technical metamorphosis of computers and their various parts. Very good stuff!

2.  Interactive Introduction to Computer Systems

Go through a gamified and engaging series of lessons that will introduce you to the hardware and software aspects of computer systems.

Introduction to IT | Codecademy

Take your first steps into the world of IT, or Information Technology! Introduction to IT will teach you about core IT subjects.

Codecademy

3.  Systems Administration Crash Course by Google

4.  Introduction to Virtual Machines and VirtualBox

5.  If You Want to Go Further...

Computer Networking

1.  Foundational Knowledge

Here you will be introduced to the history and metamorphosis of the technology that makes up computer networks and the larger Internet.

2.  Complete Networking Course by Google

3.  Hands-On Networking Labs with GNS3

Labs | Pacific Cybersecurity

Pacific CybersecurityUniversity of the Pacific

I'd recommend doing the lab in this order as some of the concepts may be difficult for complete beginners:

• Steps 1, 2, 3
• Then, steps 6, 7, 8, 9

If you're feeling ambitious, you could do the entire lab, but there are some concepts that may be best saved for later.

4.  If You Want to Go Further...

Web

1.  Foundational Knowledge

Here, you will be introduced to the history and metamorphosis of the technology that makes up the World Wide Web.

2.  How DNS Works

The Domain Name System (DNS) is a core component to the functionality of the web and web servers.

3.  HTTP and HTML 101

HTTP is the protocol used between web browser and web servers to transfer data back and forth. HTML is the markup language that instructs browsers on how that data should be displayed on the page.

4.  Learn About the Web Interactively

While TryHackMe is a cybersecurity training platform, this free module is an informational module that will help you learn about the web technologies in a gamified manner.

TryHackMe | Web Fundamentals

Learn how the web works!

TryHackMe

Programming

1.  Foundational Knowledge

Here you will have the opportunity to learn about the fundamental concepts in programming in a gamified manner. This entire module is interactive, so take it in small chunks at a time and have fun with it.

Learn How to Code | Codecademy

New to coding? Start here and learn programming fundamentals that can be helpful for any language you learn.

Codecademy

2.  Learn PowerShell Interactively

This is a mini-series on my blog that will introduce you to programming fundamentals with PowerShell. PowerShell makes a great introductory language if you have a Windows computer, cause you can just get started without having to install any additional software packages.

PowerShell as Your First Programming Language

In this post, I discuss why PowerShell makes a great first programming language

0xBEN0xBEN

3.  Learn Python Interactively

This is a very high-quality, free course on Udacity which will take you through the fundamentals of programming with Python. If you pick up here after my PowerShell course, you'll see a lot of the same concepts, just different ways of doing them with Python.

Free Intro to Python Course | Free Courses | Udacity

Take Udacity’s free Intro to Python course, designed for beginners, and get an introduction to programming and the Python language. Learn online with Udacity.

Udacity

4.  A Deeper Look into Programming

While this course is not interactive in nature, it is free and VERY informative. You'll gain a better understanding of computer numbering systems and the ways programs can control hardware, networking, and more.

Systems Administration Resources

Core Systems Concepts

• Storage
• CPU
• Memory
• Boot procedure
• System internals
• Core directories
• Filesystem hierarchy
• Windows Registry
• Event and audit logs

Terminals

Linux

• Bash
• Zsh
• PowerShell

Windows

• PowerShell
• cmd.exe (Legacy)

Common Command Line Operations

Create, delete, modify files and directories

ls , mkdir , cd , touch , nano , cp , mv , rm , vim , Get-ChildItem , New-Item , Copy-Item , Move-Item , Rename-Item , Remove-Item

Manipulating file contents and text streams

grep , cat , sed , awk , tr , cut , paste

PowerShell: -split , -replace , -join

Managing processes and services

ps , kill , systemctl , service , strace , Get-Process , Stop-Process , Get-Service , Stop-Service , Restart-Service

Installing and uninstalling packages

apt , yum , pkg , pacman , zypper , winget , Install-Package , Uninstall-Package

Downloading files and interacting with the web

wget , curl , Invoke-WebRequest , Invoke-RestMethod , [System.Net.WebClient]::DownloadFile()

Cheat Sheets

tldr InBrowser.App

tldr InBrowser.App is an offline-capable PWA for tldr-pages. Fully runs in your browser. Zero API latency.

explainshell.com - match command-line arguments to their help text

match command-line arguments to their help text

explainshell.comIdan Kamara

PowerShell Commands Library | PDQ

We’re passionate about PowerShell. We believe it’s quickly becoming a necessity for carrying out day-to-day systems administrative tasks. To help our users write scripts to automate their daily work, we’ve compiled a list of common PowerShell commands.

PDQ

PowerShell commands - PowerShell - SS64.com

SS64.com

Linux, Bash, and System Administration Cheat Sheet

cheat sheet for Linux/Bash/System Administration

Cheatographybeersj02

Crontab.guru - The cron schedule expression editor

An easy to use editor for crontab schedules.

The cron schedule expression editor

Free Systems Training

Hands-On Labs

Proxmox VE 7: Converting a Laptop into a Bare Metal Server

In this post, we will take a look at an in-detail process of setting up a Proxmox home lab on a bare metal server.

0xBEN0xBEN

Building a Security Lab in VirtualBox

In this post, we we will take a look at an in-detail process of setting up an entry-level cybersecurity lab using VirtualBox

0xBEN0xBEN

Linux

Linux Essentials

Linux Professional Institute Learning Logo.

Home | Linux Journey

Linux Journey

Linux Server Management and Security

Offered by University of Colorado System. Whether you are accessing a bank website, Netflix or your home router, chances are that your ... Enroll for free.

Coursera

GitHub - trimstray/test-your-sysadmin-skills: A collection of Linux Sysadmin Test Questions and Answers. Test your knowledge and skills in different fields with these Q/A.

A collection of Linux Sysadmin Test Questions and Answers. Test your knowledge and skills in different fields with these Q/A. - GitHub - trimstray/test-your-sysadmin-skills: A collection of Linux S...

GitHubtrimstray

Windows

Windows Server deployment, configuration, and administration - Training

Windows Server deployment, configuration, and administration

Microsoft Learnwwlpublish

General Systems Overview

GitHub - kahun/awesome-sysadmin: A curated list of amazingly awesome open source sysadmin resources inspired by Awesome PHP.

A curated list of amazingly awesome open source sysadmin resources inspired by Awesome PHP. - GitHub - kahun/awesome-sysadmin: A curated list of amazingly awesome open source sysadmin resources ins...

GitHubkahun

GitHub - decalage2/awesome-security-hardening: A collection of awesome security hardening guides, tools and other resources

A collection of awesome security hardening guides, tools and other resources - GitHub - decalage2/awesome-security-hardening: A collection of awesome security hardening guides, tools and other reso...

GitHubdecalage2

Networking Resources

Core Networking Concepts

• IP addressing
• Subnetting
• Routing (ping, layer 3)
• Switching (ARP, layer 2)
• Firewalls
• TCP/UDP protocols & ports
• VLANs
• Tunnels
• Proxies
• DNS
• OSI model
• TCP/IP model
• Computer Networking Flowchart

Networking Tools

IP Configuration

• ip address , ip neighbor , ip link
• Get-NetAdapter
• Get-NetIPConfig or ipconfig
• Get-NetIPAddress
• Get-NetNeighbor
• IP Subnet Calculator

Host Discovery

• ping
• arp-scan
• nmap

Packet Capture and Analysis

• Wireshark and tshark
• tcpdump

Sockets

• netcat or nc
• socat
• netstat or ss

DNS Troubleshooting

• nslookup or dig
• /etc/resolv.conf
• Resolve-DnsName
• Get-DnsClientServerAddress
• Get-DnsClientCache
• DNS Dumpster
• MXToolbox

Remote Connectivity

• OpenVPN
• Wireguard
• IPsec
• ssh
• scp
• plink.exe

Firewalls

• netsh
• iptables
• pf

Proxies

• proxychains
• Burp (or ZAP)

Free Networking Training

Hands-On Labs

Labs | Pacific Cybersecurity

Pacific CybersecurityUniversity of the Pacific

NAT

Subnetting

Quick Subnetting - All in your head!

This probably isn’t new for most of you guys, but I thought I’d share what my book taught me. It makes subnetting quick and easy to figure out in seconds.

TechExams Communitysmashedpumpkins

DNS

Encapsulation

What is the OSI Model? Computer Networking for Beginners

In this article, you will learn about the core concepts of the Open Systems Interconnections (OSI) model in a simple and easy way. As a developer, it’s a good idea to learn how things work “under the hood”. That way you understand what your code and the tools you use

freeCodeCamp.orgTamerlan Gudabayev

Proxies

Cryptography

Tor

General Networking Overview

Computer Networking: a Top Down Approach

Networking for Web Developers | Free Courses | Udacity

Take Udacity’s Networking for Web Developers course and learn how the internet works. Explore the underpinnings of the net with tools like traceroute, tcpdump, and nc.

Udacity

Computer Networking | Free Courses | Udacity

Sign up for Udacity’s Computer Networking course, an advanced Computer Networking program that delves into the latest concepts and tools used by the CN industry.

Udacity

Well-Known TCP/IP Port Numbers, Service Names & Protocols [Comprehensive Reference]

A comprehensive list of commonly used network port numbers and a description of service provided by each.

GitHub - nyquist/awesome-networking: Curated list of awesome computer networking resources

Curated list of awesome computer networking resources - GitHub - nyquist/awesome-networking: Curated list of awesome computer networking resources

GitHubnyquist

GitHub - friskfrysefrugt/awesome-networking: A curated inexhaustive list of network utilities

A curated inexhaustive list of network utilities. Contribute to friskfrysefrugt/awesome-networking development by creating an account on GitHub.

GitHubfriskfrysefrugt

Web Resources

Core Web Concepts

• HTTP methods and headers
• Web servers
• Proxies
• Directories and files
• HTML
• CSS
• JavaScript
• Databases
• Inputs and parameters

Web Tools

CLI HTTP Clients

• curl
• wget
• Invoke-WebRequest
• Invoke-RestMethod

DOM Inspection

• Browser developer tools (F12 key)

Content Discovery

• gobuster
• feroxbuster

Brute Force

• hydra
• ffuf

HTTP Proxies

• Burp
• ZAP

Web Stack Analyzers

• Wappalyzer

Free Web Training

Web Development

Learn HTML | Codecademy

Start at the beginning by learning HTML basics — an important foundation for building and editing web pages.

Codecademy

HTML & CSS Courses & Tutorials | Codecademy

HTML is the foundation of all web pages. It defines the structure of a page, while CSS defines its style. HTML and CSS are the beginning of everything you need to know to make your first web page! Learn both and start creating amazing websites.

Codecademy

Learn JavaScript | Codecademy

Learn how to use JavaScript — a powerful and flexible programming language for adding website interactivity.

Codecademy

Learn SQL | Codecademy

In this SQL course, you’ll learn how to manage large datasets and analyze real data using the standard data management language.

Codecademy

Learn Node.js | Codecademy

Learn about the different components of a web application’s back-end and explore the Node.js JavaScript runtime environment.

Codecademy

Web Server Administration

GitHub - trimstray/nginx-admins-handbook: How to improve NGINX performance, security, and other important things.

How to improve NGINX performance, security, and other important things. - GitHub - trimstray/nginx-admins-handbook: How to improve NGINX performance, security, and other important things.

GitHubtrimstray

Web Security

Web Security Academy: Free Online Training from PortSwigger

The Web Security Academy is a free online training center for web application security, brought to you by PortSwigger. Create an account to get started.

OffSec’s Exploit Database Archive

The GHDB is an index of search queries (we call them dorks) used to find publicly available information, intended for pentesters and security researchers.

Exploit Database

Search Engine Cheat Sheets

Google Search Operators: 40 Commands to Know in 2023 (Improve Research, Competitive Analysis, and SEO)

Google search operators are your secret tools to get enhanced info you can use for SEO, content research, & more. Get the full list here!

KinstaMatteo Duò

General Web Overview

The Web In Depth

Hacker101 is a free class for web security. Whether you’re a programmer with an interest in bug bounties or a seasoned security professional, Hacker101 has something to teach you.

Hacker101HackerOne

HTTP request methods - HTTP | MDN

HTTP defines a set of request methods to indicate the desired action to be performed for a given resource. Although they can also be nouns, these request methods are sometimes referred to as HTTP verbs. Each of them implements a different semantic, but some common features are shared by a group of t…

MDN Web Docs

List of HTTP header fields - Wikipedia

Wikimedia Foundation, Inc.Contributors to Wikimedia projects

Programming Resources

Core Programming Concepts

• Object-oriented programming (OOP)
• Data types
• Variables
• Flow logic (if/else)
• Loops
• Functions
• Source code review
• Modifying exploits

REPL

• Read
  • An interpreter reads your input
• Evaluate
  • An interpreter executes (evaluates) your instructions
• Print
  • An interpreter prints any output or errors
• Loop
  • An interpreter loops back to repeat the process

Programming Languages with a REPL:

• Python
• PowerShell
• JavaScript (Node.js)

Free Programming Training

Compiled & Scripting Languages

Example Scripting Languages

• Bash
• JavaScript
• PowerShell
• Python
• Ruby

Example Compiled Languages

• C
• C++
• C#
• Java

Hands-On Learning

Exercism

Learn, practice and get world-class mentoring in over 50 languages. 100% free.

Exercism

Language-Specific Training

Bash

Shell Scripting Tutorial

This tutorial is written to help people understand some of the basics of shell script programming (aka shell scripting), and hopefully to introduce some of the possibilities of simple but powerful programming available under the Bourne shell. As such, it has been written as a basis for one-on-one or…

Learn Shell - Free Interactive Shell Tutorial

learnshell.org is a free interactive Shell tutorial for people who want to learn Shell, fast.

learnshell.org

PowerShell

PowerShell as Your First Programming Language

In this post, I discuss why PowerShell makes a great first programming language

0xBEN0xBEN

Automate administrative tasks by using PowerShell - Training

PowerShell provides a large set of commands with which you can automate your tasks, like user management, CI/CD, managing cloud resources and much more. There’s also testing capabilities via Pester and third-party modules you can install on your system, to extend your list of commands.

Microsoft Learnsoftchris

Wargames – UTW

UTW

Python

Free Intro to Python Course | Free Courses | Udacity

Take Udacity’s free Intro to Python course, designed for beginners, and get an introduction to programming and the Python language. Learn online with Udacity.

Udacity

Learn Python - Free Interactive Python Tutorial

learnpython.org is a free interactive Python tutorial for people who want to learn Python, fast.

learnpython.org

L337 Coding Challenges

Codewars - Achieve mastery through coding practice and developer mentorship

A coding practice website for all programming levels – Join a community of over 3 million developers and improve your coding skills in over 55 programming languages!

CodewarsJake HoffnerMarch 9, 2023

HackerRank - Online Coding Tests and Technical Interviews

HackerRank is the market-leading technical assessment and remote interview solution for hiring developers. Start hiring at the pace of innovation!

HackerRank

Cybersecurity Resources

Red

Offense Cheat Sheets

HackTricks - HackTricks

Welcome to the page where you will find each hacking trick/technique/whatever I have learnt from CTFs, real life apps, reading researches, and news.

HackTricks

Introduction - The Hacker Recipes

The Hacker Recipes

GTFOBins

LOLBAS

WADComs

GitHub - S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet: A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory. - GitHub - S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet: A cheat sheet that contains common ...

GitHubS1ckB0y1337

GitHub - swisskyrepo/PayloadsAllTheThings: A list of useful payloads and bypass for Web Application Security and Pentest/CTF

A list of useful payloads and bypass for Web Application Security and Pentest/CTF - GitHub - swisskyrepo/PayloadsAllTheThings: A list of useful payloads and bypass for Web Application Security and ...

GitHubswisskyrepo

Offense Collections

Infosec_Reference | An Information Security Reference That Doesn’t Suck!

Free resource for anyone interested in learning more about Information Security.

An Information Security Reference That Doesn't Suck!Robert Musser

GitHub - yeyintminthuhtut/Awesome-Red-Teaming: List of Awesome Red Teaming Resources

List of Awesome Red Teaming Resources. Contribute to yeyintminthuhtut/Awesome-Red-Teaming development by creating an account on GitHub.

GitHubyeyintminthuhtut

Offense Training Platforms

Hacking Training For The Best

From beginners to experts, this is where hackers level up! Join today and learn how to hack.

Hack The Box

TryHackMe | Cyber Security Training

An online platform for learning and teaching cyber security, all through your browser.

TryHackMe

Proving Grounds: Virtual Pentesting Labs | Offensive Security

Explore the virtual penetration testing training practice labs offered by Offensive Security. Now available for individuals, teams, and organizations.

OffSec

Vulnerable By Design ~ VulnHub

VulnHub provides materials allowing anyone to gain practical hands-on experience with digital security, computer applications and network administration tasks.

Jay Beale

picoCTF - CMU Cybersecurity Competition

picoCTF is a free computer security education program with original content built on a capture-the-flag framework created by security and privacy experts at Carnegie Mellon University.

CMU Cybersecurity Competition

247CTF - The game never stops

247CTF is a security learning environment where hackers can test their abilities across a number of different Capture The Flag (CTF) challenge categories including web, cryptography, networking, reversing and exploitation.

247CTF

Web Security Academy: Free Online Training from PortSwigger

The Web Security Academy is a free online training center for web application security, brought to you by PortSwigger. Create an account to get started.

Hacker101 CTF

The Hacker101 CTF is a game designed to let you learn to hack in a safe, rewarding environment. Hacker101 is a free educational site for hackers, run by HackerOne.

Hacker101 CTF

unescape() room

Blue

Defense Frameworks

MITRE ATT&CK®

@MITREattack Contact

Cybersecurity Framework Components

The Introduction to the Components of the Framework page presents readers with an overview of the main components of the Framework for Im

NIST

Cyber Kill Chain®

Developed by Lockheed Martin, the Cyber Kill Chain® framework is part of the Intelligence Driven Defense® model for identification and prevention of cyber intrusions activity. The model identifies what the adversaries must complete in order to achieve their objective.

Lockheed Martin

Defense Cheat Sheets

GitHub - chrisjd20/Blue-Team-Cheat-Sheets: Blue Team Cheat Sheats

Blue Team Cheat Sheats. Contribute to chrisjd20/Blue-Team-Cheat-Sheets development by creating an account on GitHub.

GitHubchrisjd20

Blue Team Tips

What are the best recommendations to a completely vulnerable, easily pwnable network? Where do you start? what tools? what logging? #DFIR #BlueTeamTips

you sneakymonkey!Mark R

Threat Hunting & Detection techniques

Enabling your Windows logs

Threat Hunting & Detection techniques

Defense Collections

Infosec_Reference | An Information Security Reference That Doesn’t Suck!

Free resource for anyone interested in learning more about Information Security.

An Information Security Reference That Doesn't Suck!Robert Musser

SANS Blue Team Operations

GitHub - fabacab/awesome-cybersecurity-blueteam: 🛡️ A curated collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.

:computer:🛡️ A curated collection of awesome resources, tools, and other shiny things for cybersecurity blue teams. - GitHub - fabacab/awesome-cybersecurity-blueteam: 🛡️ A curated collection of awe...

GitHubfabacab

GitHub - decalage2/awesome-security-hardening: A collection of awesome security hardening guides, tools and other resources

A collection of awesome security hardening guides, tools and other resources - GitHub - decalage2/awesome-security-hardening: A collection of awesome security hardening guides, tools and other reso...

GitHubdecalage2

GitHub - SoulSec/resource-threat-hunting: Repository resource for threat hunter

Repository resource for threat hunter. Contribute to SoulSec/resource-threat-hunting development by creating an account on GitHub.

GitHubSoulSec

GitHub - hslatman/awesome-threat-intelligence: A curated list of Awesome Threat Intelligence resources

A curated list of Awesome Threat Intelligence resources - GitHub - hslatman/awesome-threat-intelligence: A curated list of Awesome Threat Intelligence resources

GitHubhslatman

Free Resources - Blue Team Blog

Large list of free cybersecurity resources regurarly updated

Blue Team Blog

Defense Training Platforms

CyberDefenders - Blue Team Training Platform

Blue team training platform for SOC analysts, threat hunters, DFIR, and security blue teams to advance CyberDefense skills.

CyberDefendersCyberDefenders

LetsDefend - Blue Team Training Platform

Online soc analyst and incident response training platform for blue team members

Letsdefend logo

Blue Team Labs Online

A gamified platform for cyber defenders to test and showcase their skills

Cyber Range