Ethical Hacking Roadmap (Beginner to Advanced)

This roadmap will take you from a beginner to a professional ethical hacker, covering
networking, operating systems, security tools, and real-world penetration testing.

1. Prerequisites (1 Month)
Before diving into hacking, master the foundational concepts:

A. Computer Networking Basics

●​ OSI & TCP/IP Models (Layers, Protocols)

●​ IP Addressing & Subnetting
●​ DNS, HTTP/S, FTP, SSH
●​ Firewall & VPN Basics
●​ Tools: Wireshark, Nmap

📌 Resources:
●​ Cisco’s Networking Basics Course
●​ Wireshark for Network Analysis

2. Learn Operating Systems (2 Months)

A. Linux (Main OS for Hackers)

●​ Learn Kali Linux / Parrot OS

●​ Terminal Commands (ls, cd, cat, grep, chmod, chown)
●​ Bash Scripting for automation
●​ User Privileges, File Permissions

📌 Resources:
●​ Linux Command Line Basics (Udemy, YouTube)
●​ TryHackMe: Linux Fundamentals

B. Windows Security & Exploitation

 ●​ Windows File System & Registry
●​ PowerShell Scripting
●​ Windows Active Directory & Privilege Escalation

📌 Practice:
●​ Play with Metasploitable (Intentionally Vulnerable OS)

3. Programming for Hackers (2-3 Months)

Programming helps automate exploits and understand vulnerabilities.

A. Recommended Languages

1.​ Python - Writing hacking scripts

2.​ Bash - Automating Linux tasks
3.​ JavaScript - Web-based attacks
4.​ C/C++ - Exploit development
5.​ Assembly (Optional) - Reverse engineering

📌 Projects:
●​ Write a simple keylogger in Python
●​ Automate Nmap scanning with Bash

4. Ethical Hacking Basics (2-3 Months)

A. Penetration Testing Phases

1.​ Reconnaissance (Gathering information)

○​ OSINT Tools: Shodan, Maltego, Google Dorking
○​ Whois Lookup, DNS Enumeration
2.​ Scanning & Enumeration
○​ Nmap, Netcat, Nikto, Gobuster
○​ Identifying open ports, services, and vulnerabilities
3.​ Gaining Access
○​ Exploiting known vulnerabilities (SQL Injection, XSS)
○​ Using Metasploit
 4.​ Maintaining Access
○​ Reverse Shells, Persistence Techniques
5.​ Covering Tracks
○​ Log Clearing, Anti-Forensics

📌 Practice Labs:
●​ TryHackMe & Hack The Box
●​ DVWA (Damn Vulnerable Web App)

5. Web Hacking & Exploitation (1-2 Months)

●​ Common Web Attacks:
○​ SQL Injection
○​ Cross-Site Scripting (XSS)
○​ Cross-Site Request Forgery (CSRF)
○​ File Upload Vulnerabilities

📌 Tools:
●​ Burp Suite (Web App Testing)
●​ SQLmap (Automated SQL Injection)

📌 Practice:
●​ PortSwigger Web Security Academy

6. Advanced Topics (3-6 Months)

A. Wireless Hacking

●​ Wi-Fi Cracking (Aircrack-ng, Reaver)

●​ Man-in-the-Middle Attacks

B. Reverse Engineering & Malware Analysis

●​ Disassemblers: IDA Pro, Ghidra

●​ Debugging: OllyDbg
 ●​ Writing Custom Exploits

C. Bug Bounty Hunting

●​ Platforms: HackerOne, Bugcrowd

●​ Vulnerability Disclosure Programs (VDPs)

📌 Practice:
●​ Join a Bug Bounty Program and hunt real-world vulnerabilities

7. Certifications & Career Growth

A. Beginner Certifications

1.​ CompTIA Security+ (Basic Cybersecurity)

2.​ CEH (Certified Ethical Hacker)

B. Advanced Certifications

3.​ OSCP (Offensive Security Certified Professional)

4.​ PNPT (Practical Network Penetration Tester)

C. Start Ethical Hacking as a Career

●​ Apply for penetration tester, security analyst, or SOC analyst roles

●​ Join Capture The Flag (CTF) competitions
●​ Write reports on vulnerabilities you find

Estimated Timeline
●​ 6-12 Months for a strong foundation
●​ 1-2 Years to become an advanced penetration tester

Would you like guidance on specific courses or platforms to practice? 🚀