ROADMAP PENTESTER - PENETRATION TESTING TOÀN DIỆN
1. FOUNDATIONS - NỀN TẢNG CƠ BẢN
1.1 Kiến thức nền tảng IT
- Cách hoạt động của máy tính và kiến trúc hệ thống
- Binary, Hexadecimal, ASCII
- Cách lưu trữ và xử lý dữ liệu
- Virtualization basics
- Cloud computing fundamentals
1.2 Linux Mastery - BẮT BUỘC
- Linux distributions (Kali, Parrot OS, BlackArch)
- Command line mastery
- File system và permissions
- User và group management
- Process management
- Package management
- Text manipulation (grep, sed, awk)
- Bash scripting advanced
- Cron jobs
- SSH và remote access
- Service management (systemd, init)
- Log analysis
1.3 Windows Internals
- Windows architecture
- Registry deep dive
- Active Directory fundamentals
- PowerShell scripting
- Windows services
- Event logs
- User và group policies
- NTFS permissions
- Windows authentication (NTLM, Kerberos)
- Windows API basics
1.4 Networking Fundamentals
- OSI Model mastery
- TCP/IP stack deep dive
- Subnetting và VLSM
- IPv4 và IPv6
- MAC addressing
- ARP protocol
- Routing protocols (RIP, OSPF, BGP)
- Switching concepts
- NAT và PAT
- DNS deep dive
- DHCP
- VPN technologies
2. PROGRAMMING & SCRIPTING
2.1 Python cho Pentesting
- Python basics
- Socket programming
- Network libraries (scapy, requests, urllib)
- Web scraping (BeautifulSoup, Scrapy)
- Cryptography libraries
- Exploit development với Python
- Automation scripts
- Custom tool development
- API interaction
- Multithreading
- Regex mastery
2.2 Bash Scripting
- Advanced bash scripting
- Automation workflows
- One-liners mastery
- Text processing
- Network reconnaissance scripts
- Exploit automation
- Report generation scripts
2.3 PowerShell
- PowerShell fundamentals
- Active Directory enumeration
- Windows exploitation scripts
- Post-exploitation automation
- Empire framework understanding
- Obfuscation techniques
2.4 Other Languages
- JavaScript (for web exploitation)
- PHP (for web app testing)
- Ruby (for Metasploit)
- C/C++ (for exploit development)
- Assembly basics (for reverse engineering)
- Go (for tool development)
2.5 Regular Expressions
- Regex syntax mastery
- Pattern matching
- Data extraction
- Log parsing
- Payload crafting
3. NETWORKING DEEP DIVE
3.1 Network Protocols
- HTTP/HTTPS deep dive
- FTP/SFTP/FTPS
- SSH protocol internals
- SMTP/POP3/IMAP
- SMB/CIFS
- RDP protocol
- SNMP
- LDAP
- Kerberos authentication
- NTP
- ICMP
- Telnet
- VNC
3.2 Network Security Devices
- Firewalls (ACLs, rules)
- IDS/IPS evasion
- WAF bypass techniques
- Load balancers
- Proxy servers
- VPN configurations
- Network segmentation
3.3 Wireless Networking
- WiFi standards (802.11)
- WEP/WPA/WPA2/WPA3
- WiFi authentication protocols
- Rogue AP detection
- Evil twin attacks
- Wireless encryption
- Bluetooth security
- RFID/NFC
3.4 Network Services
- Web servers (Apache, Nginx, IIS)
- Database servers (MySQL, PostgreSQL, MSSQL)
- File servers
- Email servers
- DNS servers
- FTP servers
- Authentication servers
4. WEB APPLICATION PENETRATION TESTING
4.1 Web Fundamentals
- HTTP protocol deep dive
- HTTP methods (GET, POST, PUT, DELETE, OPTIONS, etc.)
- HTTP headers
- Status codes
- Cookies và sessions
- Same-Origin Policy
- CORS (Cross-Origin Resource Sharing)
- Content Security Policy (CSP)
- WebSockets
- REST APIs
- GraphQL
- SOAP
4.2 Web Technologies
- HTML/CSS fundamentals
- JavaScript deep dive
- DOM manipulation
- AJAX và fetch API
- JSON và XML
- Web frameworks (React, Angular, Vue)
- Server-side languages (PHP, Python, Node.js, Java, .NET)
- Template engines
- CMS platforms (WordPress, Joomla, Drupal)
4.3 OWASP Top 10 Mastery
- Injection (SQL, NoSQL, LDAP, OS Command, XXE)
- Broken Authentication
- Sensitive Data Exposure
- XML External Entities (XXE)
- Broken Access Control (IDOR, Path Traversal)
- Security Misconfiguration
- Cross-Site Scripting (XSS - Reflected, Stored, DOM-based)
- Insecure Deserialization
- Using Components with Known Vulnerabilities
- Insufficient Logging và Monitoring
4.4 Advanced Web Attacks
- SQL Injection advanced (Blind, Time-based, Error-based, Union-based)
- NoSQL injection
- LDAP injection
- XPath injection
- Template injection (SSTI)
- Server-Side Request Forgery (SSRF)
- Cross-Site Request Forgery (CSRF)
- Clickjacking
- HTTP Request Smuggling
- HTTP Parameter Pollution
- Host Header attacks
- Web Cache Poisoning
- OAuth vulnerabilities
- JWT attacks
- SAML vulnerabilities
- File upload vulnerabilities
- Local File Inclusion (LFI)
- Remote File Inclusion (RFI)
- XML External Entity (XXE) advanced
- Insecure Direct Object References (IDOR)
- Business Logic flaws
- Race conditions
- Type juggling
- Mass assignment
- Prototype pollution
4.5 Authentication & Session Management
- Password attacks
- Session fixation
- Session hijacking
- Cookie security
- Token-based authentication attacks
- Multi-factor authentication bypass
- Captcha bypass
- OAuth 2.0 exploitation
- SAML exploitation
4.6 Client-Side Attacks
- XSS payloads crafting
- XSS filter bypass
- DOM-based vulnerabilities
- PostMessage vulnerabilities
- WebSocket hijacking
- Browser exploitation
- Tabnabbing
4.7 API Security Testing
- REST API testing
- GraphQL testing
- SOAP API testing
- API authentication bypass
- API rate limiting bypass
- API parameter tampering
- Mass assignment in APIs
- GraphQL introspection
- API versioning issues
5. NETWORK PENETRATION TESTING
5.1 Reconnaissance
- Passive reconnaissance (OSINT)
- Active reconnaissance
- Google dorking advanced
- Shodan, Censys, ZoomEye
- DNS enumeration (zone transfers, subdomain brute-forcing)
- WHOIS lookup
- Email harvesting
- Metadata extraction
- Social media intelligence
- Certificate transparency logs
- Wayback machine analysis
5.2 Scanning & Enumeration
- Port scanning (Nmap mastery)
- Service enumeration
- Version detection
- OS fingerprinting
- Vulnerability scanning (Nessus, OpenVAS, Nexpose)
- SMB enumeration
- SNMP enumeration
- LDAP enumeration
- NFS enumeration
- RPC enumeration
- Banner grabbing
- Network mapping
5.3 Exploitation
- Metasploit Framework mastery
- Exploit development basics
- Buffer overflow exploitation
- Return-oriented programming (ROP)
- Shellcode development
- Custom exploit modification
- Public exploit databases (Exploit-DB, NVD)
- Vulnerability research
- 0-day exploitation concepts
5.4 Post-Exploitation
- Privilege escalation (Linux và Windows)
- Maintaining access
- Backdoors và persistence
- Data exfiltration
- Lateral movement
- Pivoting và tunneling
- Credential dumping
- Pass-the-Hash
- Pass-the-Ticket
- Kerberoasting
- Golden Ticket attacks
- Silver Ticket attacks
- Mimikatz mastery
- BloodHound for AD enumeration
- Living off the land binaries (LOLBins)
5.5 Active Directory Attacks
- AD enumeration
- Kerberos attacks
- NTLM relay attacks
- DCSync attacks
- DCShadow attacks
- GPO abuse
- ACL abuse
- Trust relationship exploitation
- Domain controller compromise
- Forest escalation
6. WIRELESS PENETRATION TESTING
6.1 WiFi Attacks
- WiFi reconnaissance (airodump-ng, Kismet)
- WEP cracking
- WPA/WPA2 cracking (Dictionary, Brute-force)
- WPS attacks (Pixie Dust, Reaver)
- Evil twin attacks
- Rogue AP setup
- Deauthentication attacks
- KRACK attack
- Captive portal bypass
- WPA3 attacks
6.2 Bluetooth Attacks
- Bluetooth enumeration
- Bluejacking
- Bluesnarfing
- BlueBorne vulnerabilities
- BLE (Bluetooth Low Energy) attacks
6.3 RFID/NFC
- RFID cloning
- NFC relay attacks
- Access card cloning
- Proximity card attacks
7. MOBILE PENETRATION TESTING
7.1 Android Security
- Android architecture
- APK reverse engineering
- Smali code analysis
- Android debugging (ADB)
- Frida framework
- Objection
- SSL pinning bypass
- Root detection bypass
- Android malware analysis
- Intent vulnerabilities
- Content provider exploitation
- Insecure data storage
- Insecure communication
7.2 iOS Security
- iOS architecture
- IPA analysis
- Jailbreak detection bypass
- SSL pinning bypass iOS
- Objective-C/Swift basics
- iOS app testing tools
- Keychain analysis
- iOS malware analysis
7.3 Mobile OWASP Top 10
- Improper Platform Usage
- Insecure Data Storage
- Insecure Communication
- Insecure Authentication
- Insufficient Cryptography
- Insecure Authorization
- Client Code Quality
- Code Tampering
- Reverse Engineering
- Extraneous Functionality
8. SOCIAL ENGINEERING
8.1 Social Engineering Techniques
- Pretexting
- Phishing
- Spear phishing
- Whaling
- Vishing (voice phishing)
- Smishing (SMS phishing)
- Baiting
- Quid pro quo
- Tailgating
- Impersonation
8.2 Social Engineering Tools
- Social-Engineer Toolkit (SET)
- Gophish
- King Phisher
- HiddenEye
- Email spoofing
- Credential harvesting
- Fake login pages
- Malicious document creation
8.3 Physical Security
- Lock picking basics
- Badge cloning
- RFID skimming
- Dumpster diving
- Shoulder surfing
- USB drop attacks
- Rogue device planting
8.4 OSINT (Open Source Intelligence)
- Information gathering frameworks (Maltego, Recon-ng, SpiderFoot)
- Social media profiling
- People search engines
- Company intelligence
- Data breach databases
- Dark web monitoring
- Metadata analysis (FOCA, ExifTool)
- Google dorking mastery
- Email OSINT
- Username enumeration
9. CLOUD PENETRATION TESTING
9.1 AWS Security Testing
- AWS architecture
- S3 bucket enumeration
- IAM misconfigurations
- EC2 instance attacks
- Lambda function testing
- API Gateway security
- RDS security
- CloudTrail analysis
- AWS CLI mastery
- AWS exploitation tools (Pacu, ScoutSuite)
9.2 Azure Security Testing
- Azure architecture
- Azure AD attacks
- Blob storage enumeration
- Azure VM exploitation
- Azure Function testing
- Key Vault attacks
- Azure CLI
- Azure exploitation tools (ROADtools, Stormspotter)
9.3 GCP Security Testing
- GCP architecture
- GCS bucket enumeration
- IAM privilege escalation
- Compute Engine attacks
- Cloud Functions testing
- GCP CLI (gcloud)
- GCP exploitation tools (GCPBucketBrute)
9.4 Container Security
- Docker security assessment
- Kubernetes penetration testing
- Container escape techniques
- Registry vulnerabilities
- Orchestration attacks
- Secrets management testing
9.5 Cloud-Specific Attacks
- Server-Side Request Forgery (SSRF) to metadata
- Instance metadata service abuse
- Storage misconfigurations
- Serverless function exploitation
- API key exposure
- Cloud credential theft
10. EXPLOITATION & EXPLOIT DEVELOPMENT
10.1 Assembly Language
- x86/x64 assembly
- ARM assembly
- Registers và memory
- Stack operations
- Instruction set
- Calling conventions
10.2 Reverse Engineering
- Static analysis (IDA Pro, Ghidra, Radare2)
- Dynamic analysis (GDB, WinDbg, x64dbg)
- Binary analysis
- Decompilation
- Obfuscation techniques
- Packing/unpacking
- Anti-debugging techniques
- Anti-reversing techniques
10.3 Buffer Overflow
- Stack-based buffer overflow
- Heap-based buffer overflow
- Return-to-libc
- ROP chains (Return-Oriented Programming)
- Format string vulnerabilities
- Integer overflow
- Use-after-free
- Double-free vulnerabilities
10.4 Exploit Development
- Fuzzing (AFL, libFuzzer, Honggfuzz)
- Shellcode development
- Egg hunters
- Exploit mitigation bypass (DEP, ASLR, Stack Canaries)
- Heap spraying
- JIT spraying
- Kernel exploitation basics
- Windows exploitation
- Linux exploitation
- MacOS exploitation
10.5 Malware Development
- Trojan development
- Backdoor creation
- Rootkit basics
- Persistence mechanisms
- Anti-analysis techniques
- Code obfuscation
- Packing và crypting
- C2 (Command and Control) frameworks
11. RED TEAM OPERATIONS
11.1 Red Team Methodology
- Kill Chain methodology
- MITRE ATT&CK framework
- Initial access techniques
- Execution techniques
- Persistence mechanisms
- Privilege escalation
- Defense evasion
- Credential access
- Discovery
- Lateral movement
- Collection
- Exfiltration
- Impact
11.2 Advanced Evasion
- AV/EDR evasion
- Signature evasion
- Behavioral evasion
- Sandbox evasion
- IDS/IPS evasion
- Firewall bypass
- WAF bypass techniques
- DLP evasion
- Logging evasion
11.3 C2 Frameworks
- Cobalt Strike
- Empire/Starkiller
- Covenant
- Merlin
- Mythic
- Sliver
- Koadic
- Custom C2 development
11.4 Living off the Land
- PowerShell exploitation
- WMI abuse
- Windows binaries (LOLBins)
- Linux binaries (GTFOBins)
- Fileless malware
- Registry-only persistence
- Memory-only attacks
11.5 Adversary Simulation
- APT emulation
- Threat modeling
- Custom attack scenarios
- Purple team collaboration
- Attack simulation frameworks (Atomic Red Team, Caldera)
12. PENTESTING TOOLS MASTERY
12.1 Reconnaissance Tools
- Nmap
- Masscan
- RustScan
- Amass
- Subfinder
- Assetfinder
- DNSRecon
- Fierce
- theHarvester
- Recon-ng
- Maltego
- Shodan
- SpiderFoot
12.2 Web Application Tools
- Burp Suite Professional (mastery required)
- OWASP ZAP
- Nikto
- WPScan
- Wfuzz
- ffuf
- Gobuster
- Dirbuster
- SQLMap
- Commix
- XSStrike
- Nuclei
- Arjun
- ParamSpider
12.3 Network Tools
- Metasploit Framework
- Wireshark/tcpdump
- Responder
- Impacket suite
- CrackMapExec
- Evil-WinRM
- BloodHound
- PowerSploit
- Nishang
- Chisel
- Proxychains
- SSHuttle
12.4 Password Attacks
- Hashcat
- John the Ripper
- Hydra
- Medusa
- Patator
- CeWL
- Crunch
- Mentalist
- Cain & Abel
- Ophcrack
- Rainbow tables
12.5 Wireless Tools
- Aircrack-ng suite
- Wifite
- Reaver
- Bully
- Kismet
- Fern WiFi Cracker
- WiFi Pumpkin
- Cowpatty
- Pyrit
12.6 Mobile Tools
- MobSF (Mobile Security Framework)
- Frida
- Objection
- APKTool
- Jadx
- Dex2jar
- Android Studio
- Xcode
- Burp Suite Mobile Assistant
12.7 Exploitation Frameworks
- Metasploit Framework
- ExploitDB
- SearchSploit
- Social-Engineer Toolkit (SET)
- BeEF (Browser Exploitation Framework)
- RouterSploit
- Commix
12.8 Post-Exploitation Tools
- Mimikatz
- BloodHound
- PowerView
- SharpHound
- Rubeus
- Certify
- ADRecon
- PowerUp
- LinPEAS
- WinPEAS
- PEASS-ng suite
13. REPORTING & DOCUMENTATION
13.1 Report Writing
- Executive summary
- Technical findings
- Vulnerability assessment
- Risk rating (CVSS scoring)
- Proof of concept
- Remediation recommendations
- Evidence collection
- Screenshots và logs
- Reproduction steps
- Attack narratives
13.2 Documentation Tools
- CherryTree
- KeepNote
- Dradis
- Obsidian
- Notion
- Joplin
- Markdown mastery
- LaTeX basics
- Screenshot tools (Flameshot, Greenshot)
13.3 Reporting Frameworks
- PTES (Penetration Testing Execution Standard)
- OWASP Testing Guide
- NIST SP 800-115
- OSSTMM
- Penetration Testing Framework
13.4 Communication Skills
- Technical writing
- Stakeholder communication
- Presentation skills
- Debriefing sessions
- Finding prioritization
- Remediation guidance
14. COMPLIANCE & FRAMEWORKS
14.1 Compliance Standards
- PCI DSS penetration testing requirements
- HIPAA security assessments
- ISO 27001
- SOC 2
- GDPR
- NIST Cybersecurity Framework
- FISMA
14.2 Testing Methodologies
- OWASP Testing Guide
- PTES (Penetration Testing Execution Standard)
- OSSTMM (Open Source Security Testing Methodology Manual)
- NIST SP 800-115
- CEH methodology
- SANS penetration testing methodology
14.3 Scope Definition
- Rules of engagement
- Legal considerations
- Authorization documents
- Scope boundaries
- Testing windows
- Communication protocols
- Emergency contacts
15. ADVANCED TOPICS
15.1 IoT/ICS/SCADA Security
- IoT device testing
- Firmware analysis
- Hardware hacking basics
- UART/JTAG debugging
- ICS protocols (Modbus, DNP3, BACnet)
- SCADA system testing
- OT network security
- PLC exploitation
15.2 Blockchain Security
- Smart contract auditing
- Cryptocurrency wallet testing
- Blockchain network analysis
- DeFi security testing
- NFT vulnerabilities
- Consensus mechanism attacks
15.3 Thick Client Testing
- Desktop application testing
- .NET application testing
- Java application testing
- Electron app testing
- Binary analysis
- Memory analysis
- Network traffic analysis
15.4 VoIP Security
- SIP protocol exploitation
- VoIP enumeration
- Eavesdropping attacks
- VoIP fuzzing
- Asterisk testing
15.5 Database Security
- SQL Server exploitation
- MySQL exploitation
- PostgreSQL exploitation
- Oracle exploitation
- MongoDB exploitation
- Redis exploitation
- NoSQL injection techniques
15.6 Mainframe Security
- Mainframe basics
- z/OS security
- RACF exploitation
- TSO testing
- CICS exploitation
16. BUG BOUNTY & RESPONSIBLE DISCLOSURE
16.1 Bug Bounty Platforms
- HackerOne
- Bugcrowd
- Intigriti
- YesWeHack
- Synack
- Open Bug Bounty
- Platform rules và etiquette
16.2 Bug Bounty Methodology
- Asset discovery
- Scope analysis
- Vulnerability prioritization
- Report writing for bounties
- Communication with programs
- Disclosure timelines
- Payment processes
16.3 Automation for Bug Bounties
- Recon automation
- Nuclei templates
- Custom workflow automation
- Continuous monitoring
- Notification systems
- Mass scanning ethics
16.4 Responsible Disclosure
- Disclosure policies
- CVE process
- Coordinated disclosure
- Vendor communication
- Public disclosure timing
- Legal protections
17. LEGAL & ETHICAL CONSIDERATIONS
17.1 Legal Framework
- Computer Fraud and Abuse Act (CFAA)
- DMCA
- GDPR implications
- Local cybersecurity laws
- Authorization requirements
- Contracts và NDAs
- Liability insurance
17.2 Ethical Hacking
- Code of ethics
- Professional conduct
- Data handling
- Client confidentiality
- Conflict of interest
- Scope adherence
- Responsible disclosure
17.3 Authorization
- Written authorization
- Scope documentation
- IP range verification
- Third-party services
- Out-of-scope handling
- Emergency procedures
18. CERTIFICATIONS
18.1 Entry Level
- CompTIA Security+
- CompTIA PenTest+
- eLearnSecurity eJPT (Junior Penetration Tester)
- TCM Security PNPT (Practical Network Penetration Tester)
18.2 Intermediate
- CEH (Certified Ethical Hacker)
- GIAC GPEN (Penetration Tester)
- eLearnSecurity eCPPT
- CREST CRT/CCT
- CompTIA CySA+
18.3 Advanced
- OSCP (Offensive Security Certified Professional) - MANDATORY
- GIAC GXPN (Exploit Researcher and Advanced Penetration Tester)
- eLearnSecurity eCPTX
- CREST CCT INF/APP
18.4 Expert Level
- OSEP (Offensive Security Experienced Penetration Tester)
- OSED (Offensive Security Exploit Developer)
- OSWE (Offensive Security Web Expert)
- OSCE³ (Offensive Security Certified Expert)
- GIAC GREM (Reverse Engineering Malware)
- SANS SEC660 GXPN
18.5 Specialized
- GWAPT (Web Application Penetration Tester)
- GMOB (Mobile Security)
- GCIH (Incident Handler)
- Cloud certifications (AWS Security, Azure Security)
- CREST certifications
19. CONTINUOUS LEARNING
19.1 Practice Platforms
- HackTheBox
- TryHackMe
- PentesterLab
- Offensive Security Proving Grounds
- VulnHub
- Root-Me
- OverTheWire
- PicoCTF
- CTFtime
- PentesterAcademy
19.2 Resources
- Books (Web Application Hacker’s Handbook, Metasploit, Real-World Bug Hunting)
- Blogs (PortSwigger, PentestMonkey, PayloadsAllTheThings)
- YouTube channels (IppSec, Nahamsec, STÖK, LiveOverflow)
- Podcasts (Darknet Diaries, Security Weekly)
- Twitter security community
- Discord servers
- Reddit (r/netsec, r/AskNetsec, r/HowToHack)
19.3 Conferences
- DEF CON
- Black Hat
- BSides events
- OWASP conferences
- Nullcon
- 44Con
- SecTor
19.4 Staying Current
- CVE databases
- Exploit databases
- Security advisories
- Vulnerability research papers
- New tool releases
- Attack technique evolution
- Framework updates
20. CAREER PATH
20.1 Entry Positions
- Junior Penetration Tester
- Security Analyst (offensive focus)
- Vulnerability Assessor
- Bug Bounty Hunter
20.2 Mid-Level
- Penetration Tester
- Security Consultant
- Application Security Tester
- Red Team Operator
20.3 Senior Positions
- Senior Penetration Tester
- Lead Penetration Tester
- Security Research Engineer
- Red Team Lead
- Exploit Developer
20.4 Expert/Leadership
- Principal Security Consultant
- Security Architect (offensive)
- Head of Red Team
- Security Research Director
- Independent Consultant/Freelancer
20.5 Specializations
- Web Application Specialist
- Mobile Security Specialist
- Cloud Security Specialist
- IoT/ICS Security Specialist
- Exploit Developer
- Malware Analyst
- Wireless Security Specialist
LỘ TRÌNH HỌC ĐỀ XUẤT
Tháng 1-3: Foundations (Linux, Windows, Networking, Programming basics) Tháng 4-6: Web Application Testing (OWASP Top 10, Burp Suite mastery) Tháng 7-9: Network Penetration Testing (Nmap, Metasploit, Post-exploitation) Tháng 10-12: Active Directory, Privilege Escalation, Lateral Movement Tháng 13-15: Wireless, Mobile, Cloud Penetration Testing Tháng 16-18: Exploit Development basics, Assembly, Reverse Engineering Tháng 19-21: Red Team Operations, C2 frameworks, Advanced Evasion Tháng 22-24: OSCP preparation, Advanced topics, Specialization Ongoing: Bug bounties, CTFs, Certifications, Continuous learning
TIPS ĐỂ THÀNH CÔNG
Practice Daily
- Làm labs hàng ngày (HTB, THM)
- Write-ups sau mỗi box
- Document mọi kỹ thuật mới học
Build Portfolio
- GitHub với tools và scripts
- Blog write-ups
- YouTube videos (optional)
- CTF achievements
- Bug bounty hall of fame
Mindset
- Think like an attacker
- Never stop at first finding
- Always dig deeper
- Automate repetitive tasks
- Share knowledge với community
Networking
- Join Discord servers
- Twitter infosec community
- Local meetups
- Conference attendance
- Mentor và được mentor
Stay Legal
- Always get written authorization
- Respect scope boundaries
- Practice trên legal platforms only
- Understand local laws
- Professional ethics first
Exam Preparation
- OSCP là gold standard
- Làm nhiều boxes tương tự OSCP (TJNull’s list)
- Try Harder mindset
- Time management
- Report writing practice
Real-World Experience
- Internships
- Junior positions
- Bug bounties
- Open source contributions
- Personal projects
Chúc bạn thành công trên con đường trở thành Penetration Tester chuyên nghiệp!