💀

Intermediate16 hours estimated

Penetration Tester

Think like an attacker to defend better. This path covers the structured methodology, core techniques, and reporting skills required for professional penetration testing.

📚 4 topic areas🔗 12 curated resources📝 10 quiz questions

What you'll cover

Reconnaissance & OSINT

Passive and active information gathering: DNS, WHOIS, certificate transparency, social media, and job postings.

📄

Domain Report Tool

Passive reconnaissance: SSL, headers, subdomains, WHOIS

📄

SSL/TLS Checker with CT Logs

Certificate transparency log lookup for subdomain discovery

🔗

OSINT Framework

Curated collection of OSINT tools and techniques

Web Application Vulnerabilities

Master OWASP Top 10: SQL injection, XSS, IDOR, SSRF, authentication flaws, and more.

🔗

OWASP Top 10 — 2021

The definitive list of web application security risks

🔗

PortSwigger Web Security Academy (free)

Free, hands-on labs for every web vulnerability type

🔗

HackTheBox — Web Challenges

Gamified penetration testing practice platform

Privilege Escalation

Escalate from low-privilege access to root/SYSTEM on Linux and Windows systems.

🔗

GTFOBins — Linux Privesc

Unix binaries that can bypass security restrictions

🔗

LOLBAS — Windows Privesc

Living Off The Land Binaries and Scripts for Windows

🔗

TryHackMe — Privilege Escalation

Hands-on labs for Linux and Windows privilege escalation

Pentest Reporting

Write reports that executives and developers actually act on: executive summary, findings, risk ratings, and remediation guidance.

🔗

PTES — Penetration Testing Execution Standard

Industry standard methodology and reporting framework

🔗

Sample Pentest Report — Offensive Security

Real-world penetration test report example from OffSec

🔗

CVSS Calculator

Calculate risk scores for findings using CVSS 3.1

Knowledge Check

Path Summary

Level: Intermediate
Estimated time: 16 hours
Topics: 4
Resources: 12
Quiz questions: 10
Passing score: 70% (7/10)

Take the Quiz

Browse all paths

View all 10 paths →