Cybersecurity & Ethical Hacking Roadmap (12 Weeks Plan)

Tools You’ll Need from Day 1:

• VirtualBox or VMware

• Kali Linux (or Parrot OS)

• Windows OS in VM

• Notion or Obsidian for notes

• GitHub account for keeping projects

• Terminal & Networking mindset

Week 1: Cyber Basics + Networking

Goal: Strong foundation in how the internet & systems communicate.

• Topics:

o What is Cybersecurity?

o CIA Triad (Confidentiality, Integrity, Availability)

o Types of Cyber Attacks

o OSI Model (7 Layers) & TCP/IP Model

o IP, MAC, Ports, Protocols (TCP, UDP, HTTP/S, DNS, FTP)

o What is DNS Spoofing, ARP Poisoning?

• Practice:

o Use ping, tracert, ipconfig, netstat, nslookup

o Draw OSI & TCP/IP layers from memory

• Questions:

o Explain how a request goes from browser to server.

o What is the difference between IP and MAC?

Week 2: Linux Mastery (for Hackers)

Goal: Get comfy with Linux commands & Kali Linux

• Topics:

o File system structure: /bin, /etc, /home

o Important commands: ls, cd, chmod, grep, awk, find, cat

o Bash scripting basics

o User permissions, sudo, root access

• Practice:

o Install Kali Linux in VM

o Navigate directories, create users

o Bash script: automate file creation

• Questions:

o How to give executable permission to a file?

o How to find all .txt files in a folder?

Week 3: Windows Basics + System Internals

Goal: Learn Windows OS structure, registry, PowerShell

• Topics:

o CMD vs PowerShell

o Windows file paths, hidden files

o Windows Services, Registry basics

o Commonly exploited Windows features

• Practice:

o Create & hide folders using CMD

o PowerShell: List processes, services

o Explore Task Manager deeply

• Questions:
 o What’s the Windows Registry and why is it important?

o How to find running services?

Week 4: Virtualization + Kali Tools Intro

Goal: Learn how to set up attack & victim machines.

• Topics:

o How to use VirtualBox/VMWare

o Installing Kali, Windows, Metasploitable

o Snapshot, NAT, Host-only adapter

o Kali tools overview: Nmap, Nikto, whois

• Practice:

o Ping between Kali & Windows

o Scan using Nmap

o Basic vulnerability scan with Nikto

• Questions:

o What’s the difference between NAT & Bridged?

o What are open ports?

Week 5: Reconnaissance (Information Gathering)

Goal: Learn how hackers gather public data

• Topics:

o Passive Recon: Google Dorking, WHOIS, NSlookup

o Active Recon: Nmap (Types of scan), Netcat

o Shodan, the hacker search engine

• Practice:

o Google Dorks to find login pages

 o Whois lookups for popular domains

o Use Nmap to scan local network

• Questions:

o How can you find subdomains?

o What is an OS scan in Nmap?

Week 6-12 include:

• Week 6: Vulnerability Analysis

• Week 7: Exploitation Basics (Metasploit)

• Week 8: Gaining Access + Privilege Escalation

• Week 9: Web App Hacking (OWASP Top 10)

• Week 10: SQLi, XSS, CSRF, File Uploads

• Week 11: Password Attacks, Hashes, Cracking

• Week 12: Bug Bounty Intro + Final Projects

Would you like me to send you Weeks 6–12 now, or weekly one-by-one so you stay focused?

Also, should I create a Notion template or PDF version for this roadmap with daily tasks?