/sec/'s learning guide V1

1. Welcome to /cyb/+/sec/. You wanna get a head start but dont know how? thats alright. Your not alone.
2.  
3. Lets say you dont care about certs and your more concerned with the material? sure that works too
4.  
5. TryHackMe Complete beginner -> TryHackMe Junior penetration tester -> TheCyberMentor's PEH -> HTB Academy CPTS path.
6.  
7. After doing the CPTS path you "SHOULD" be OSCP level in terms of theory, keyword THEORY. all thats left is for you to spend time practicing and training by doing boxes.
8.  
9. What are the alternative paths?
10.  
11. Have a background in networking already:
12. TryHackMe Junior penetration tester -> TheCyberMentor's PEH -> HTB Academy CPTS path.
13.  
14.  
15. You want to get to the end game quick:
16. (In this chase your gonna be relying alot more on the HTB academy material, which is EXTREMELY good and in-terms of quality and quantity surpasses everything.)
17. TryHackMe Junior penetration tester -> TheCyberMentor's PEH -> HTB Academy CPTS path.
18.  
19.  
20.  
21. You just want one Provider and you want to move on:
22. TheCyberMentor's PEH + WPE + LPE + OSINT + EPP -> HTB Academy CPTS path.
23.  
24.  
25. Certificates path from beginner to Mid level
26.  
27. PNPT (Optional) -> OSCP -> CRTP -> CRTO
28.  
29. Quick disclaimer before anything, before you do the OSCP. You will need alot. ALOT of practice. The OSCP is basically a bunch of easy HackTheBox's boxes with afew medium, You will definitely find it difficult due to the time crunch NOT because of the actual box difficulty.
30.  
31. Please refer to the TJNull list on the OSCP PEN 200 V3 tab:
32. https://docs.google.com/spreadsheets/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/edit?usp=sharing
33.  
34.  
35. After CRTO this is where your hitting close to (3/4) Mid level, what's left is for you to find out what you want to do in the field. Either it be Web, Exploit Development, Red teaming, Creating In-house tools for the operators you have to find it and take its certificate and spend another year or two in that specific field.
36.  
37. Web -> AWAE (Offensive security Web Path)
38. -> Ports swigger academy Cert (Popular amongst people in the workforce + you will be respected, Getting to HR folk that this is a good cert)
39. -> CBBH (HTB bug bounty path, Its in the same. Bug bounty but it still teaches some REALLY good web techniques, I cant speak on the quality since I have not tried it myself)
40.  
41. Red teaming -> CRTL (Zer0 Point security) + CRTE (Altered security course)
42. -> Phishing
43. -> Learning some malware evasion techniques
44.  
45. Exploit development -> All EXP-XXX courses from Offensive security
46. -> Good in coding too
47. -> This is very closely tied to the inhouse developers so take advantage learn from them
48.  
49.  
50. In house development -> Nothing in terms of HR. Your gonna need to talk to the best operator they have and prove yourself, Coding skills must be god like + good at pentesting in some cases.
51. -> Your responsibilities (Obviously) will completely shift, It will no longer be trying to find a way to get in but rather finding the best way to equip the operators to not get caught. Basically cutting through AV/EDR like butter.
52. -> This role still is very unknown to me and I'm gonna need some more time before I am able to give proper insights
53. -> You will probably adopt the responsibilities of the Exploit developer if none are present, shouldnt be too difficult, just more responsibilities sadly.
54.  
55.  
56. These paths of course vary, everyone's learning experience is different. Their knowledge is different and their lives, responsibilities and free time is different. Pick what suits you best.
57.  
58. What about Certificates + Material?
59.  
60. Tryhackme Paths Complete beginner -> Tryhackeme Junior penetration tester -> PNPT -> Alot of practice doing boxes -> OSCP -> Move on to the first Cert pathway
61.  
62. Any of these courses are modular.
63.  
64.