Intro :

Are you also among those who are interested in various domains of cybersecurity and are keen to build a career out of this interest. Well then what is stopping you to acheive that.
OH YES!!.

I know this feeling. Everyone talking about so many things, giving loads & loads of advices, trying to sell you courses. I get that, I was at that place too at some point, which is why I am creating this post in order to help other people figure out what field (or subfield) in cybersecurity they want to pursue.

DISCLAIMER:— THIS ANSWER MIGHT BE A BIT LONG BUT DEFINITELY WORTH IT.

So let me help you by dividing your NOOB to CYBERSEC PROFESSIONAL journey into 5 levels.

---

Order of Levels

Level-1 :— RESEARCH AND RESOURCES

• The Art of Googling
• Never give up Attitude, Patience and Consistency.
• Know How to Find Resources
• Read Articles and Blogs about Cybersec, Watch videos on new Tech and their Vulnerabilities.
• Keep up with News and Updates in Cybersec field, what type of new attacks are happening.
• Find Courses and Books that will teach you specific topics in-depth.

LEVEL-2 :— FUNDAMENTALS

1. LINUX BASICS

• Linux Directory Structure
• Familiarity of Environment
• Basic Linux Terminal Commands
• Manage Permission
• Manage Linux Users and Groups
• Manage and Monitor the Linux Services and Processes

2. WINDOWS BASICS

• Groups and Policies
• Active Directory
• Basics of Powershell
• Windows Services and Vulnerabilities

3. WEB APPLICATION BASICS

• Understanding of URL
• Role of Client and Server
• How Request and Response Works
• Request Header and Response Header
• Catching Service and Catche
• Web App Technology
• Web App Vulnerabilities

4. PYTHON FUNDAMENTALS

• Basic Syntax
• Working of Loop
• Working of if-else
• List, Tuple and Dictionaries
• Basics of Functions
• Files I/O
• Exception Heading
• Socket Programming

5. BASICS OF SERVER

• What is Server
• Types of Server
• How Passwords are Stored
• How Server Works

6. BASICS OF NETWORKING

• Protocol Services and Port no.
• 3-way Handshake
• TCP Headers and UDP Headers
• Secure Socket Layer
• OSI Layers
• Network Topologies
• TCP/IP Protocol
• Subnetting
• Tunneling
• Network Sevice Vulnerabilities

Level-3 :— TOOLS

These are called Ethical Hacking Tools.

Ethical Hacking Tools can detect vulnerabilities in computer systems, servers, web applications, and networks with the help of computer programs and scripts. There are several open-source and commercial tools available in the market that are widely used to prevent unauthorized access to a computer system.

LEARN EVERYTHING ABOUT THESE TOOLS, FROM IN & OUT OF THEM, AND MASTER USING THEM.

PRACTICE LABS USING EVERY ONE OF THEM, YOU WILL BE WORKING CLOSELY WITH THEM IN FUTURE

There are many tools for different purposes. I will list top 10 beginner tools to start with.

• Metasploit
• Nmap
• Burp suite
• Wappalyzer
• Cain and Abel
• Cyberchef
• Pydictor
• Maltego
• OWASP ZAP
• theHarvester

These tools are not listed in any order of specification and neither are these the only ones you are going to use. As you progress your learning journey with the different use case, you will need to learn different technologies and tools.

Level-4 :— VULNERABLE MACHINE

OverTheWire

You will learn and practice many Linux Commands here.

There are 33 levels on OverTheWire’s website, on every level you will be given problems to solve for which you have to use different Linux Commands and then when you solve those problems YOU WILL ACHIEVE A FLAG.

Its really helpful for beginners who are just starting out.

DVWA

There are vulnerable application on DVWA’s site.

You can try brute force attack on these applications, CSRF attacks, XSS attacks.

I will also solve and post lab demonstrations on DVWA in my further blogposts. Maybe a series of practical demonstration to tell exactly how an attacker could use a vulnerability to hack into the network.

PicoCTF

Now here on PicoCTF’s website you’ll get small tasks that- This flag is hidden maybe in the image or anywhere and you have to CAPTURE THE FLAG(CTF).

You’ll get points for solving these tasks- 10, 20, 40 points.

AFTER DOING ALL THESE YOU WOULD HAVE GAINED A LOT CONFIDENCE. NOW YOU CAN MOVE TO NEXT MACHINES.

NOTE:— IF YOU STILL DON'T FEEL CONFIDENT ENOUGH PRACTICE MORE ON PREVIOUS MACHINES.

VulnHub

You will get “Boot to Root” type of machines here.

Boot to Root means you have to open the machine from start then become SUPERUSER and then bring the flag.

You can download CTFs from VulnHub’s website and choose level accordingly- Easy, Hard and Advance.

You should solve and practice atleast 100–150 machines.

HackTheBox

Till here you were exploiting offline machines by downloading them to your local system. But now here you will get access to a VPN and then you have to solve it online.

Price for VIP is somewhere around 800–1000 Rs which you have to give every month.

You will get every level of machines and points after solving those machines.

You should solve Minimum of 100 machines.

Level-5 :— A+ TOPICS

• Buffer Overflow
• Linux Commands and Privilege Escalation
• Windows Commands and Privilege Escalation
• Windows Kernel Exploits
• Linux Kernel Exploits

I will be writing more blogs related to beginner mindset for cybersecurity, exploring different cybersecurity families in which you can make a career and we will also look into how these different subfields inside of cybersecurity works together to secure everything from Web, Network, IOT and Cloud.

Have patience throughout this process of becoming a Cybersecurity Professional. Its not going to happen in 1 day.

You reaching out to internet for clearing your doubts about this is good sign. Just be persistent and practise a lot.

You will need theoretical knowledge but not as much as practical experience.

I hope that helped.

Have a great day 😊.