hackingpath
learning path

From beginner to your first findings.

Everything here is open. Lessons are ordered, but nothing is locked, read in order if you're starting out, or jump straight to what you need.

your progress
0 / 22lessons complete
Start: CIA Triad & Threat Framing
phase · 1

Security Foundations & How the Web Works

The mental model and the moving parts: how to think about security, and how a single web request travels from your browser to a server and back.

Week 1
Security Fundamentals

The core ideas every later lesson builds on: the CIA triad, identity, and how attacks unfold.

  1. 01CIA Triad & Threat FramingCore idea, covered in full.
  2. 02Authentication, Identity & Non-repudiationConceptual lesson, no terminal needed.
  3. 03Anatomy of a Cyber Attack & Security ProgramsConceptual lesson, no terminal needed.
Week 2
How a Website Works

Trace one page load end to end, and learn the addressing underneath it.

  1. 01How the Internet Works, TCP/IP & PortsCore foundation, hands-on. Practical port fluency; deep routing excluded.
  2. 02IP Addresses, Subnetting & CIDRHands-on. Practical subnet reading; deep VLSM math kept light.
  3. 03The Request Journey & Where Attacks LiveHands-on. Ties each step to a class of attack.
Week 3
Protocols, Ports & Human Attacks

The languages machines speak, the doors they listen on, and how attackers target people.

  1. 01Protocols, Ports & TCP vs UDPHands-on. Builds port and protocol fluency.
  2. 02DNS on Linux, localhost & URL AnatomyHands-on. Where names map to IPs on your own machine.
  3. 03Social Engineering & PhishingInteractive: judge real-looking emails in the phishing quiz beside the lesson.
phase · 2

Linux & Networking

Get fluent at the Linux shell every tool runs on, then understand how networks are built, divided, and defended.

Week 4
Linux Essentials

Hands-on shell skills: navigating files, permissions, processes, and network commands.

  1. 01Linux: Files, Folders & NavigationHands-on. Live every command in the terminal beside you.
  2. 02Linux: Searching, Permissions & ProcessesHands-on. Searching, file permissions, and running processes.
  3. 03Linux: Network CommandsHands-on. The everyday network commands a tester lives in.
Week 5
Networking & Defense

How traffic is routed, how networks are segmented, and how firewalls hold the line.

  1. 01Proxies, Traffic & RoutingConceptual lesson, no terminal needed.
  2. 02Network Segmentation & VLANsConceptual lesson, no terminal needed.
  3. 03Firewalls: Stateless, Stateful & WAFConceptual lesson, no terminal needed.
Week 6
Enumeration & Scanning

Reconnaissance and port scanning: mapping networks and identifying attack surface with nmap.

  1. 01Enumeration & Port Scanning with nmapHands-on lesson: run nmap scans in the terminal and interpret the results.
  2. 02Subdomain Enumeration: Passive & Active ReconHands-on: run subfinder, gobuster, httpx, dig axfr in the sandbox terminal.
Week 7
Remote Access & File Transfer

Administer a server the real way: SSH login and hardening, scp/sftp transfers, tunnels, and FTP.

  1. 01Configuring SSH & FTP: Login, Transfer, TunnelsHands-on: two sandbox terminals (client + server). Connect, transfer files, tunnel.
phase · 3

Traffic Analysis & Encryption

Open up encrypted connections and the packets on the wire: how TLS and certificates build trust, and how to read traffic with Wireshark-style filters.

Week 6
TLS, Certificates & Trust

What the padlock really means: the TLS handshake and the chain of trust behind it.

  1. 01TLS, SSL & the HandshakeConceptual lesson, no terminal needed.
  2. 02Certificates & the Chain of TrustConceptual lesson, no terminal needed.
Week 7
Reading Traffic with Wireshark

Capture, read, and filter packets in an in-browser Packet Lab, no install required.

  1. 01Meet Wireshark: Packets, Sniffers & AnalyzersHands-on in the Packet Lab beside you (no real Wireshark needed).
  2. 02Wireshark Display FiltersHands-on. Type each filter into the Packet Lab and watch it work.
More phases on the way.
Recon, host attacks, web app testing, Active Directory, reporting, they all connect back to the foundations you're learning right now.
Practice in a lawful, authorized lab only.