03 - The Learning Path π―
The ONLY roadmap you need - tested by 1000+ successful hackers
π¨ Stop Right Here!
There are 100+ "learning paths" online.
99% are confusing, outdated, or written by people who never actually made money hacking.
This is different.
This is the EXACT path that works. Period.
π― Your Learning Journey (3-6 Months)
| Phase | Focus | Time | Skills Gained |
|---|---|---|---|
| Month 1 | Foundations | 2-3 hours/day | Basic hacking concepts |
| Month 2 | Web Hacking | 2-3 hours/day | Find web vulnerabilities |
| Month 3 | Network Hacking | 2-3 hours/day | Hack networks & systems |
| Month 4 | Practice & Specialize | 3-4 hours/day | Choose your specialty |
| Month 5 | Bug Bounties | 4+ hours/day | Start making money |
| Month 6 | Job Ready | Variable | Land your first role |
π Phase 1: Foundations (Month 1)
Week 1-2: Understanding the Basics
Platform: TryHackMe (free tier is enough)
Rooms to Complete (in order):
- Tutorial - Learn how TryHackMe works (30 min)
- Linux Fundamentals 1 - Basic Linux commands (2 hours)
- Linux Fundamentals 2 - More Linux magic (2 hours)
- Linux Fundamentals 3 - Advanced Linux (2 hours)
Why Linux First? - 90% of hacking happens on Linux - All servers run Linux - Master this = Master everything else
Week 3-4: Network Basics
TryHackMe Rooms:
- What is Networking - How internet works (1 hour)
- Introductory Networking - Protocols & ports (3 hours)
- Network Services - Common services (2 hours)
- Network Services 2 - More services (2 hours)
YouTube Supplement: - "Networking Explained" by PowerCert (watch all videos)
Test Yourself: - Can you explain how a website loads in your browser? - Do you know what ports 80, 443, 22, 21 do?
If YES = Move to Phase 2 If NO = Repeat this phase
π Phase 2: Web Application Hacking (Month 2)
This is where you'll make your first money
Week 1-2: Web App Basics
TryHackMe Rooms:
- How Websites Work - Web fundamentals (1 hour)
- HTTP in Detail - Understanding HTTP (2 hours)
- Burp Suite Basics - Your main tool (3 hours)
- OWASP Top 10 - Critical vulnerabilities (4 hours)
Week 3-4: Finding Vulnerabilities
TryHackMe Rooms:
- SQL Injection - Database attacks (3 hours)
- Cross-Site Scripting - XSS attacks (3 hours)
- Command Injection - Execute commands (2 hours)
- File Inclusion - Access files (2 hours)
Practice Projects: - Find 5 XSS vulnerabilities on DVWA - Successfully perform SQL injection - Upload a shell via file upload
Money Milestone: By end of month 2, you should find your first real bug
π₯οΈ Phase 3: System & Network Hacking (Month 3)
Week 1-2: System Fundamentals
TryHackMe Rooms:
- Active Directory Basics - Corporate networks (4 hours)
- Windows Fundamentals 1 - Windows basics (2 hours)
- Windows Fundamentals 2 - Advanced Windows (2 hours)
- Windows PrivEsc - Privilege escalation (4 hours)
Week 3-4: Network Penetration
TryHackMe Rooms:
- Nmap - Network scanning (3 hours)
- Metasploit - Exploitation framework (4 hours)
- Network Security Solutions - Bypassing defenses (3 hours)
- Post Exploitation Basics - After you're in (3 hours)
Real Practice: - Set up intentionally vulnerable VMs - Practice full penetration tests - Document everything you do
π― Phase 4: Specialization (Month 4)
Now choose your path:
Option A: Web Application Specialist
Best for: Quick money, remote work, freelancing
Focus Areas: - Advanced SQL injection techniques - Client-side attacks - API security testing - Mobile application security
Resources: - PortSwigger Web Security Academy (free) - Bug bounty programs (start with easy targets)
Option B: Network Penetration Tester
Best for: Corporate jobs, high salary, consulting
Focus Areas: - Active Directory attacks - Post-exploitation techniques - Red team operations - Infrastructure assessments
Resources: - TryHackMe Active Directory path - HackTheBox machines - OSCP preparation materials
Option C: Bug Bounty Hunter
Best for: Freedom, unlimited income, travel
Focus Areas: - Reconnaissance techniques - Automation & scripting - Mobile app testing - API security
Resources: - Real bug bounty programs - Twitter bug bounty community - YouTube: NahamSec, StΓΆk, InsiderPhD
π° Phase 5: Start Making Money (Month 5)
Bug Bounty Preparation
Week 1: Setup - Complete bug bounty platforms signup - Learn reconnaissance tools (subfinder, httpx, ffuf) - Build your testing methodology
Week 2-3: Practice - Hunt on easy programs (Swag-only) - Submit your first 5 reports (expect duplicates) - Learn from public reports
Week 4: Scale Up - Target medium-difficulty programs - Automate your reconnaissance - Aim for first valid bug
Expected Results: - 10-20 reports submitted - 1-3 valid findings - $500-2000 earned
πΌ Phase 6: Job Ready (Month 6)
Resume Building
- Document all your skills
- Create GitHub portfolio
- Get LinkedIn optimized
- Obtain basic certifications
Certification Priority Order:
- Security+ - Entry level requirement
- CEH - HR loves this one
- OSCP - Technical gold standard
- CISSP - Management track
Interview Preparation
- Practice technical questions
- Prepare real-world examples
- Know common frameworks (NIST, OWASP)
- Practice explaining attacks to non-technical people
β‘ Study Schedule That Actually Works
Weekdays (2-3 hours)
- 6:00-7:00 AM: TryHackMe rooms
- 7:00-8:00 AM: YouTube videos/reading
- Evening: 1 hour hands-on practice
Weekend (4-6 hours each day)
- Morning: Long practice sessions
- Afternoon: Work on projects
- Evening: Community engagement
Daily Non-Negotiables:
β At least 1 TryHackMe room completed
β 30 minutes of hands-on practice
β Read 3 security news articles
β Engage with hacking community online
π₯ How to Stay Motivated
Track Your Progress
- Use GitHub to document everything
- Maintain a learning journal
- Celebrate small wins
Join Communities
- Discord servers (InfoSec Prep, TryHackMe)
- Twitter InfoSec community
- Local meetups and conferences
Find Accountability
- Study with friends
- Share progress online
- Join study groups
π¨ Common Mistakes That Kill Progress
β Mistake 1: Tutorial Hell
Symptoms: Watching videos all day, never practicing Fix: 70% hands-on, 30% theory
β Mistake 2: Tool Collecting
Symptoms: Installing every tool, never mastering any Fix: Master 5 tools deeply > know 50 tools poorly
β Mistake 3: No Direction
Symptoms: Random learning, no clear path Fix: Follow this guide exactly, no deviations
β Mistake 4: Giving Up Too Early
Symptoms: Quitting after 2-3 weeks Fix: Commit to 6 months minimum
π Progress Milestones
Month 1 Success:
β Complete 20+ TryHackMe rooms
β Comfortable with Linux terminal
β Understand basic networking
Month 2 Success:
β Find vulnerabilities in practice apps
β Use Burp Suite effectively
β Understand OWASP Top 10
Month 3 Success:
β Complete full network penetration test
β Root 5+ vulnerable machines
β Understand Active Directory basics
Month 4 Success:
β Choose specialization
β Complete advanced rooms in chosen area
β Start building portfolio
Month 5 Success:
β Submit 10+ bug bounty reports
β Earn first $500 from bugs
β Build professional network
Month 6 Success:
β Interview-ready resume
β Pass technical interviews
β Land first cybersecurity role OR earn $2000+/month from bugs
π― Your Action Plan
Right now: 1. Bookmark this page 2. Create TryHackMe account 3. Start "Linux Fundamentals 1" 4. Set daily study schedule 5. Join InfoSec community
This week: 1. Complete Linux fundamentals series 2. Start networking rooms 3. Set up study environment 4. Find accountability partner
This month: 1. Complete Phase 1 entirely 2. Document everything learned 3. Start building GitHub presence 4. Connect with 10 InfoSec professionals
π What's Next?
You now have the complete roadmap.
Next, let's talk about the specific tools and skills you'll need to master.
NEXT: Chapter 4 - Essential Tools & Skills β
"Success is not final, failure is not fatal: it is the courage to continue that counts." - Winston Churchill
Your journey starts with a single step. Take it now.