Learn the Basics
π 1. Information Gathering (Reconnaissance)
- Passive & active recon
- WHOIS, nslookup, dig, theHarvester, Google Dorking
π‘ 2. Scanning & Enumeration
- Nmap scanning (ports, services, OS detection)
- Banner grabbing
- Enum4linux / SMB enumeration
- DNS and SNMP enumeration
π οΈ 3. Exploitation Basics
- Manual testing vs automated tools (e.g., Metasploit)
- Understanding CVEs
- Reverse shells & bind shells
π 4. Web Exploitation
- Basic understanding of HTTP, cookies, forms
- XSS (Cross-Site Scripting)
- SQL Injection (SQLi)
- Command Injection
- File Inclusion (LFI/RFI)
π 5. Password Attacks
- Brute force vs dictionary attacks
- Hash cracking (John the Ripper, Hashcat)
- Common wordlists (rockyou.txt, SecLists)
π§ 6. Linux & Windows Fundamentals
- Basic commands and navigation
- File permissions and ownership
- Understanding services and daemons
- Windows command line (PowerShell, CMD)
𧩠7. Binary Exploitation (Optional for Beginners)
- Understanding basic buffer overflows
- Using GDB or pwndbg
π¦ 8. Using Common CTF Tools
- Burp Suite (for web testing)
- Nmap
- Netcat
- Gobuster / Dirb
- Wireshark
- CyberChef (for encoding/decoding)
π― 9. CTF-Specific Skills
- Reading challenge descriptions carefully
- Looking for hints and odd patterns
- Basic steganography (image/audio metadata)
- OSINT techniques (finding clues online)