Learning
Curated platforms, labs, and resources for security learning and certifications.
Structured paths from beginner to OSCP-level, plus free resources and a suggested certification roadmap.
Learning Platforms
| Platform | Best For | Link |
|---|
| HTB Academy | Structured learning, certification paths, BEST content depth | |
| TryHackMe | Beginners, guided rooms, browser-based | |
| PortSwigger Academy | Web security, 240+ labs, BSCP prep | |
| TCM Security | PNPT prep, practical courses | |
| PentesterLab | Web app security, progressive | |
Practice Labs
| Platform | Best For | Link |
|---|
| Hack The Box Labs | Real machines, competitive, OSCP prep | |
| HTB Pro Labs | Enterprise environments (Dante, Zephyr, Offshore) | |
| Proving Grounds | OffSec machines, OSCP prep | |
| VulnHub | Downloadable VMs, offline practice | |
Bug Bounty Platforms
| Platform | Best For | Link |
|---|
| HackerOne | Largest platform, most programs | |
| Bugcrowd | Good programs, VDP | |
| Intigriti | European, good payouts | |
| YesWeHack | European alternative | |
Free Learning Resources
YouTube Channels
| Channel | Focus | Link |
|---|
| IppSec | HTB walkthroughs, methodology gold | |
| John Hammond | CTF, malware, tutorials, HTB | |
| The Cyber Mentor | PNPT prep, practical hacking | |
| 0xdf | HTB writeups, detailed | |
| LiveOverflow | Deep technical, exploit dev | |
| Nahamsec | Bug bounty, web hacking | |
| STÖK | Bug bounty lifestyle | |
| HackerSploit | Pentesting tutorials | |
| David Bombal | Networking, certs, interviews | |
| PinkDraconian | HTB, CPTS content | |
Essential Books
| Book | Author | Focus | Link |
|---|
| The Web Application Hacker's Handbook | Stuttard & Pinto | Web security bible | |
| Penetration Testing | Georgia Weidman | Practical pentesting intro | |
| The Hacker Playbook 3 | Peter Kim | Red team tactics | |
| Red Team Field Manual (RTFM) | Ben Clark | Quick reference | |
| Bug Bounty Bootcamp | Vickie Li | Bug bounty guide | |
| Black Hat Python | Justin Seitz | Python for hackers | |
Reference Sites
| Resource | Focus | Link |
|---|
| HackTricks | Pentesting encyclopedia | |
| PayloadsAllTheThings | All the payloads | |
| GTFOBins | Linux priv esc | |
| LOLBAS | Windows living-off-the-land | |
| WADComs | AD cheat sheet | |
| MITRE ATT&CK | Adversary tactics | |
Suggested certifications
1Phase 1 (Months 1-3)
- ├TryHackMe Complete Beginner path
- ├OverTheWire Bandit
- ├HTB Academy fundamentals
2Phase 2 (Months 4-8)
- ├HTB Academy Penetration Tester path
- ├Complete all 28 modules + skill assessments
- ├HTB machines for practice
3Phase 3 (Months 9-10)
- ├HTB Pro Labs: Dante → Zephyr (pivoting practice)
- ├CPTS Exam — harder-than-OSCP skills
4Phase 4 (Months 11-14)
- ├OSCP — industry recognition
- ├Most content already covered by CPTS