Assalam Alikum, today I meditated for the first time, for 10 minutes, what I found compelling about the ritual is not that one gets a notion of how time passes and what he’s missing if he goes through life at the speed of light. Once you stay put and observe , not only what’s outside ones self, but what’s inside, the vibration in your fingertips, the buzzing sound in your ears, the light coming into your eyes . I believe it’s a good exercise, I’ll implement it daily, afterwards I reconsidered the pathway I am currently following. For instance, my example right now is of the person who tries to learn everything and wants to become a prodigy , he wants to move from point A to Point B so badly, without considering the cost of it that he doesn’t stop and think out what’s the strategy that’ll take him there. I pondered on that thought and I don’t want to be the reckless freak who bangs his head in the wall while he, if he would’ve taken 2 steps back, would’ve seen a door leading him outside. Therefore I have made some changes to the level 1 , I am going to follow more Problem based tasks while learning, along with doing TryHackMe, the complete new roadmap for the next 2 - 3 months ( which also might change ) is going to be posted at the end, of which I have completed about half or 1/4th already.

From TryHackMe’s problem solving skills and the University Network simulation that I did as a side project in Packet tracer, I managed to complete today’s Lab Final on Campus, in about 20 minutes with documentation. It was basically a scenario where 4 routers should be connected to each other with dynamic routing, each with their own networks and external networks between each router, two of the LANs in the two of these routers, should be configured to a DHCP server , which would be present in one of those LANs locally , and for the next 2 routers and LANs , we had to configure DHCP on their own routers for their PCs, the allowed time was about 1:40 minutes. I’m proud of myself.

I also finished Advent of Cyber 2024, I a m doing picoCTF challenges and making their writeups consistently , I am actually getting Networking now, a month ago, I thought of it as the most difficult thing there is to learn in Cybersecurity, but now it’s the easiest for me.

THIS IS THE NEW PATH, MADE FROM RIGOROUS PROMPTS TO AISTUDIO.GOOGLE.COM

Phase 1: Supercharged Foundational Skills & Focused Learning (3-4 Months) - DETAILED

Goal: Achieve a deep and practical understanding of core cybersecurity concepts, develop rapid technical skills, apply them in complex exercises, and significantly accelerate your CTF readiness.

Weekly Breakdown (Adjust based on your learning style and energy levels):

Week 1-4: Masterful Networking & Linux Command Line

  • Learning Resources:
    • TryHackMe:
      • “Networking” Path: Complete all rooms, including bonus content. Focus on practical application rather than just ticking boxes.
        • Supplement: Read “Computer Networking: A Top-Down Approach” by Kurose and Ross for deeper theoretical knowledge.
      • “Linux Fundamentals” Path: Complete all, and research further concepts.
        • Supplement: Explore “Linux Bible” by Christopher Negus for detailed Linux system administration.
    • External Resources:
      • Cisco Networking Academy: For courses on CCNA topics for deeper concepts. (Optional but very helpful).
      • Wireshark Official Documentation: For understanding Wireshark more thoroughly.
      • OverTheWire Bandit: For practicing Linux command line via a CTF like format.
  • Practical Exercises:
    • Complex Linux Scripting: Automate sysadmin tasks, log analysis, and create a personalized Linux tool (e.g., a script to analyze system logs).
    • Advanced Wireshark Analysis: Focus on dissecting specific protocols and identifying abnormal traffic patterns (e.g., using display filters).
    • Create a Virtual Lab: Set up a simple network with different virtual machines and start practicing.
  • Weekly Breakdown:
    • Week 1: Dive deep into the OSI model, TCP/IP, and their practical implications. Start with Wireshark. Master the Linux file system and common commands ( find, grep, awk, and sed ). Goal: You should be able to troubleshoot network problems via command-line and analyze traffic data via Wireshark
    • Week 2: Deep dive into HTTP, DNS, DHCP, and related network services. Master user and group management. Automate Linux administration with advanced commands ( e.g. watch, nohup). Goal: You should be able to set up a webserver, and understand user management.
    • Week 3: Focus on firewalls, subnets, and routing. Learn scripting for Linux with Bash. Goal: you should be able to set up a basic firewall and understand routing.
    • Week 4: Use nmap, netcat and other network tools, start using python for network scanning, use Python to make small network tools. Goal: You should be able to scan networks, and discover open ports.

Week 5-8: Python/Bash Mastery & Aggressive Web Hacking

  • Learning Resources:
    • Codecademy Python 3 Course: Finish all modules, and start working on projects, explore object-oriented programming.
    • “Automate the Boring Stuff with Python” by Al Sweigart: Complete all chapters and create your projects from it.
    • TryHackMe:
      • Complete “Python for Pentesters” and do all labs.
      • “Bash Scripting” path, focus on using bash for system administration and automation.
    • PortSwigger Web Security Academy: Start with the fundamentals, work up to the advanced concepts and make sure to solve all the labs.
    • OWASP Top 10 Project: Research the specific vulnerabilities and find related writeups for each one.
    • External Resources:
      • “Black Hat Python” by Justin Seitz: Learn how to use Python for security tools.
      • “The Tangled Web” by Michal Zalewski: Deep dive into web security (optional but recommended).
      • MDN Web Docs: Dig deep into web technologies for a more profound understanding.
  • Practical Exercises:
    • Advanced Python tools: Create custom scanners, HTTP clients, and automate API testing.
    • Build robust bash scripts: Implement logic, error handling, and interact with the system.
    • Manual web application security testing: Focus on using the developer tools for manual testing.
    • Automate web exploitation with Python: Create scripts to exploit web vulnerabilities using the requests library.
  • Weekly Breakdown:
    • Week 5: Deep Dive into Python object-oriented programming, handling exceptions and errors and working with data formats (JSON, XML). Goal: you should be able to create modular and reusable code, and handle diverse data formats.
    • Week 6: Master Python libraries like requests, BeautifulSoup4 , and Scrapy. Use them for web automation and data extraction. Start using Bash to automate Linux systems. Goal: You should be able to create web scrapers and crawlers, and automate repetitive tasks in Linux via bash.
    • Week 7: Start learning web technologies, HTML, CSS, and JavaScript thoroughly. Begin testing for web vulnerabilities using the PortSwigger labs. Goal: You should be able to use developer tools to test for web application vulnerabilities
    • Week 8: Focus on web cookies, HTTP headers, and perform advanced attacks like XSS and SQL Injection. Implement web vulnerability tools using Python. Goal: You should be able to exploit web vulnerabilities and automate them via Python.

Week 9-12: Deep Crypto & Immersive CTF Prep

  • Learning Resources:
    • TryHackMe: Complete “Cryptography” with all challenges and bonus content.
      • Supplement: “Serious Cryptography” by Jean-Philippe Aumasson for deeper theory.
    • Cryptohack.org: Solve a wide range of challenges with a focus on the mathematical concepts of cryptography.
    • CTF Time: Explore CTFs similar to Black Hat MEA, analyze writeups, and identify common themes/techniques.
    • Reverse Engineering Challenges: Start learning with resources like the open-source Rizin book.
    • External Resources:
      • “A Programmer’s Guide to Computer Science” by William J. Pardi to learn about data structures.
      • LiveOverflow YouTube channel: Provides content about reverse engineering and exploit development.
      • Writeups from past CTFs: For a clear understanding of strategies.
  • Practical Exercises:
    • Implement cryptographic algorithms from scratch in Python.
    • Solve CTF challenges that involve practical cryptography implementations and attacks.
    • Reverse engineering challenges: Solve simple crackmes, and binaries.
    • Start creating your own challenges.
  • Weekly Breakdown:
    • Week 9: Learn complex cryptographic algorithms like RSA, AES, and elliptic curve cryptography, start understanding number theory and modular arithmetic. Goal: You should be able to understand cryptography in depth.
    • Week 10: Focus on cryptography attacks, and their mathematical principles. Begin with reverse engineering, learn about disassembly. Goal: You should be able to perform attacks on cryptography, and be able to understand disassembly
    • Week 11: Solve diverse CTF challenges: web, crypto, reverse engineering, forensics, and binary exploitation. Goal: You should be able to approach diverse challenges and apply your learned techniques to them.
    • Week 12: Practice CTF methodology, focus on efficiency, and start writing writeups and reviewing all concepts. Goal: You should be able to create solutions to CTF challenges efficiently, and create meaningful and educational writeups.

Daily/Weekly Routine (Intensified):

  • Daily:
    • 3-5 hours of focused study (split into blocks with specific objectives).
    • Solve at least 2-3 CTF challenges, of varying difficulty.
    • Implement newly learned concepts daily via a small project or script.
    • Review notes from the past week and revise areas you struggled with.
    • Write a small summary of your findings
  • Weekly:
    • Engage in community forums, start networking and making connections.
    • Review ALL notes, writeups, and past exercises.
    • Dedicate 4-6 hours to learning a specific topic in depth.
    • Start collaborating with a team.
    • Take a 30-60 minute walk outside.
  • Weekends:
    • Participate in a CTF event (if possible).
    • Work on your projects for 2 hours
    • Take breaks and recharge for the next week.

Tools:

  • All previous tools, plus:
    • Burp Suite Professional: For advanced web testing.
    • Ghidra/IDA Pro: For reverse engineering.
    • GDB: For debugging binaries.
    • A code editor: Vim, VS Code, or Sublime Text.

Adjustments:

  • Pace: Adjust the pace to your learning style, but stay consistent.
  • Specialization: Start to identify your passion, and begin to specialize, but don’t neglect your weaknesses.
  • Depth: Continue to research and practice for a more thorough understanding.

Success Metrics:

  • Mastery of networking, Linux, Python, and Bash.
  • Advanced web application security testing.
  • Strong understanding of cryptography.
  • Ability to solve complex CTF challenges, reverse engineering binaries.
  • Active and engaging presence in the community, with a dedicated team.