Skip to content

ROADMAP PENTESTER - PENETRATION TESTING TOÀN DIỆN¤

1. FOUNDATIONS - NỀN TẢNG CƠ BẢN¤

1.1 Kiến thức nền tảng IT¤

  • Cách hoạt động của máy tính và kiến trúc hệ thống
  • Binary, Hexadecimal, ASCII
  • Cách lưu trữ và xử lý dữ liệu
  • Virtualization basics
  • Cloud computing fundamentals

1.2 Linux Mastery - BẮT BUỘC¤

  • Linux distributions (Kali, Parrot OS, BlackArch)
  • Command line mastery
  • File system và permissions
  • User và group management
  • Process management
  • Package management
  • Text manipulation (grep, sed, awk)
  • Bash scripting advanced
  • Cron jobs
  • SSH và remote access
  • Service management (systemd, init)
  • Log analysis

1.3 Windows Internals¤

  • Windows architecture
  • Registry deep dive
  • Active Directory fundamentals
  • PowerShell scripting
  • Windows services
  • Event logs
  • User và group policies
  • NTFS permissions
  • Windows authentication (NTLM, Kerberos)
  • Windows API basics

1.4 Networking Fundamentals¤

  • OSI Model mastery
  • TCP/IP stack deep dive
  • Subnetting và VLSM
  • IPv4 và IPv6
  • MAC addressing
  • ARP protocol
  • Routing protocols (RIP, OSPF, BGP)
  • Switching concepts
  • NAT và PAT
  • DNS deep dive
  • DHCP
  • VPN technologies

2. PROGRAMMING & SCRIPTING¤

2.1 Python cho Pentesting¤

  • Python basics
  • Socket programming
  • Network libraries (scapy, requests, urllib)
  • Web scraping (BeautifulSoup, Scrapy)
  • Cryptography libraries
  • Exploit development với Python
  • Automation scripts
  • Custom tool development
  • API interaction
  • Multithreading
  • Regex mastery

2.2 Bash Scripting¤

  • Advanced bash scripting
  • Automation workflows
  • One-liners mastery
  • Text processing
  • Network reconnaissance scripts
  • Exploit automation
  • Report generation scripts

2.3 PowerShell¤

  • PowerShell fundamentals
  • Active Directory enumeration
  • Windows exploitation scripts
  • Post-exploitation automation
  • Empire framework understanding
  • Obfuscation techniques

2.4 Other Languages¤

  • JavaScript (for web exploitation)
  • PHP (for web app testing)
  • Ruby (for Metasploit)
  • C/C++ (for exploit development)
  • Assembly basics (for reverse engineering)
  • Go (for tool development)

2.5 Regular Expressions¤

  • Regex syntax mastery
  • Pattern matching
  • Data extraction
  • Log parsing
  • Payload crafting

3. NETWORKING DEEP DIVE¤

3.1 Network Protocols¤

  • HTTP/HTTPS deep dive
  • FTP/SFTP/FTPS
  • SSH protocol internals
  • SMTP/POP3/IMAP
  • SMB/CIFS
  • RDP protocol
  • SNMP
  • LDAP
  • Kerberos authentication
  • NTP
  • ICMP
  • Telnet
  • VNC

3.2 Network Security Devices¤

  • Firewalls (ACLs, rules)
  • IDS/IPS evasion
  • WAF bypass techniques
  • Load balancers
  • Proxy servers
  • VPN configurations
  • Network segmentation

3.3 Wireless Networking¤

  • WiFi standards (802.11)
  • WEP/WPA/WPA2/WPA3
  • WiFi authentication protocols
  • Rogue AP detection
  • Evil twin attacks
  • Wireless encryption
  • Bluetooth security
  • RFID/NFC

3.4 Network Services¤

  • Web servers (Apache, Nginx, IIS)
  • Database servers (MySQL, PostgreSQL, MSSQL)
  • File servers
  • Email servers
  • DNS servers
  • FTP servers
  • Authentication servers

4. WEB APPLICATION PENETRATION TESTING¤

4.1 Web Fundamentals¤

  • HTTP protocol deep dive
  • HTTP methods (GET, POST, PUT, DELETE, OPTIONS, etc.)
  • HTTP headers
  • Status codes
  • Cookies và sessions
  • Same-Origin Policy
  • CORS (Cross-Origin Resource Sharing)
  • Content Security Policy (CSP)
  • WebSockets
  • REST APIs
  • GraphQL
  • SOAP

4.2 Web Technologies¤

  • HTML/CSS fundamentals
  • JavaScript deep dive
  • DOM manipulation
  • AJAX và fetch API
  • JSON và XML
  • Web frameworks (React, Angular, Vue)
  • Server-side languages (PHP, Python, Node.js, Java, .NET)
  • Template engines
  • CMS platforms (WordPress, Joomla, Drupal)

4.3 OWASP Top 10 Mastery¤

  • Injection (SQL, NoSQL, LDAP, OS Command, XXE)
  • Broken Authentication
  • Sensitive Data Exposure
  • XML External Entities (XXE)
  • Broken Access Control (IDOR, Path Traversal)
  • Security Misconfiguration
  • Cross-Site Scripting (XSS - Reflected, Stored, DOM-based)
  • Insecure Deserialization
  • Using Components with Known Vulnerabilities
  • Insufficient Logging và Monitoring

4.4 Advanced Web Attacks¤

  • SQL Injection advanced (Blind, Time-based, Error-based, Union-based)
  • NoSQL injection
  • LDAP injection
  • XPath injection
  • Template injection (SSTI)
  • Server-Side Request Forgery (SSRF)
  • Cross-Site Request Forgery (CSRF)
  • Clickjacking
  • HTTP Request Smuggling
  • HTTP Parameter Pollution
  • Host Header attacks
  • Web Cache Poisoning
  • OAuth vulnerabilities
  • JWT attacks
  • SAML vulnerabilities
  • File upload vulnerabilities
  • Local File Inclusion (LFI)
  • Remote File Inclusion (RFI)
  • XML External Entity (XXE) advanced
  • Insecure Direct Object References (IDOR)
  • Business Logic flaws
  • Race conditions
  • Type juggling
  • Mass assignment
  • Prototype pollution

4.5 Authentication & Session Management¤

  • Password attacks
  • Session fixation
  • Session hijacking
  • Cookie security
  • Token-based authentication attacks
  • Multi-factor authentication bypass
  • Captcha bypass
  • OAuth 2.0 exploitation
  • SAML exploitation

4.6 Client-Side Attacks¤

  • XSS payloads crafting
  • XSS filter bypass
  • DOM-based vulnerabilities
  • PostMessage vulnerabilities
  • WebSocket hijacking
  • Browser exploitation
  • Tabnabbing

4.7 API Security Testing¤

  • REST API testing
  • GraphQL testing
  • SOAP API testing
  • API authentication bypass
  • API rate limiting bypass
  • API parameter tampering
  • Mass assignment in APIs
  • GraphQL introspection
  • API versioning issues

5. NETWORK PENETRATION TESTING¤

5.1 Reconnaissance¤

  • Passive reconnaissance (OSINT)
  • Active reconnaissance
  • Google dorking advanced
  • Shodan, Censys, ZoomEye
  • DNS enumeration (zone transfers, subdomain brute-forcing)
  • WHOIS lookup
  • Email harvesting
  • Metadata extraction
  • Social media intelligence
  • Certificate transparency logs
  • Wayback machine analysis

5.2 Scanning & Enumeration¤

  • Port scanning (Nmap mastery)
  • Service enumeration
  • Version detection
  • OS fingerprinting
  • Vulnerability scanning (Nessus, OpenVAS, Nexpose)
  • SMB enumeration
  • SNMP enumeration
  • LDAP enumeration
  • NFS enumeration
  • RPC enumeration
  • Banner grabbing
  • Network mapping

5.3 Exploitation¤

  • Metasploit Framework mastery
  • Exploit development basics
  • Buffer overflow exploitation
  • Return-oriented programming (ROP)
  • Shellcode development
  • Custom exploit modification
  • Public exploit databases (Exploit-DB, NVD)
  • Vulnerability research
  • 0-day exploitation concepts

5.4 Post-Exploitation¤

  • Privilege escalation (Linux và Windows)
  • Maintaining access
  • Backdoors và persistence
  • Data exfiltration
  • Lateral movement
  • Pivoting và tunneling
  • Credential dumping
  • Pass-the-Hash
  • Pass-the-Ticket
  • Kerberoasting
  • Golden Ticket attacks
  • Silver Ticket attacks
  • Mimikatz mastery
  • BloodHound for AD enumeration
  • Living off the land binaries (LOLBins)

5.5 Active Directory Attacks¤

  • AD enumeration
  • Kerberos attacks
  • NTLM relay attacks
  • DCSync attacks
  • DCShadow attacks
  • GPO abuse
  • ACL abuse
  • Trust relationship exploitation
  • Domain controller compromise
  • Forest escalation

6. WIRELESS PENETRATION TESTING¤

6.1 WiFi Attacks¤

  • WiFi reconnaissance (airodump-ng, Kismet)
  • WEP cracking
  • WPA/WPA2 cracking (Dictionary, Brute-force)
  • WPS attacks (Pixie Dust, Reaver)
  • Evil twin attacks
  • Rogue AP setup
  • Deauthentication attacks
  • KRACK attack
  • Captive portal bypass
  • WPA3 attacks

6.2 Bluetooth Attacks¤

  • Bluetooth enumeration
  • Bluejacking
  • Bluesnarfing
  • BlueBorne vulnerabilities
  • BLE (Bluetooth Low Energy) attacks

6.3 RFID/NFC¤

  • RFID cloning
  • NFC relay attacks
  • Access card cloning
  • Proximity card attacks

7. MOBILE PENETRATION TESTING¤

7.1 Android Security¤

  • Android architecture
  • APK reverse engineering
  • Smali code analysis
  • Android debugging (ADB)
  • Frida framework
  • Objection
  • SSL pinning bypass
  • Root detection bypass
  • Android malware analysis
  • Intent vulnerabilities
  • Content provider exploitation
  • Insecure data storage
  • Insecure communication

7.2 iOS Security¤

  • iOS architecture
  • IPA analysis
  • Jailbreak detection bypass
  • SSL pinning bypass iOS
  • Objective-C/Swift basics
  • iOS app testing tools
  • Keychain analysis
  • iOS malware analysis

7.3 Mobile OWASP Top 10¤

  • Improper Platform Usage
  • Insecure Data Storage
  • Insecure Communication
  • Insecure Authentication
  • Insufficient Cryptography
  • Insecure Authorization
  • Client Code Quality
  • Code Tampering
  • Reverse Engineering
  • Extraneous Functionality

8. SOCIAL ENGINEERING¤

8.1 Social Engineering Techniques¤

  • Pretexting
  • Phishing
  • Spear phishing
  • Whaling
  • Vishing (voice phishing)
  • Smishing (SMS phishing)
  • Baiting
  • Quid pro quo
  • Tailgating
  • Impersonation

8.2 Social Engineering Tools¤

  • Social-Engineer Toolkit (SET)
  • Gophish
  • King Phisher
  • HiddenEye
  • Email spoofing
  • Credential harvesting
  • Fake login pages
  • Malicious document creation

8.3 Physical Security¤

  • Lock picking basics
  • Badge cloning
  • RFID skimming
  • Dumpster diving
  • Shoulder surfing
  • USB drop attacks
  • Rogue device planting

8.4 OSINT (Open Source Intelligence)¤

  • Information gathering frameworks (Maltego, Recon-ng, SpiderFoot)
  • Social media profiling
  • People search engines
  • Company intelligence
  • Data breach databases
  • Dark web monitoring
  • Metadata analysis (FOCA, ExifTool)
  • Google dorking mastery
  • Email OSINT
  • Username enumeration

9. CLOUD PENETRATION TESTING¤

9.1 AWS Security Testing¤

  • AWS architecture
  • S3 bucket enumeration
  • IAM misconfigurations
  • EC2 instance attacks
  • Lambda function testing
  • API Gateway security
  • RDS security
  • CloudTrail analysis
  • AWS CLI mastery
  • AWS exploitation tools (Pacu, ScoutSuite)

9.2 Azure Security Testing¤

  • Azure architecture
  • Azure AD attacks
  • Blob storage enumeration
  • Azure VM exploitation
  • Azure Function testing
  • Key Vault attacks
  • Azure CLI
  • Azure exploitation tools (ROADtools, Stormspotter)

9.3 GCP Security Testing¤

  • GCP architecture
  • GCS bucket enumeration
  • IAM privilege escalation
  • Compute Engine attacks
  • Cloud Functions testing
  • GCP CLI (gcloud)
  • GCP exploitation tools (GCPBucketBrute)

9.4 Container Security¤

  • Docker security assessment
  • Kubernetes penetration testing
  • Container escape techniques
  • Registry vulnerabilities
  • Orchestration attacks
  • Secrets management testing

9.5 Cloud-Specific Attacks¤

  • Server-Side Request Forgery (SSRF) to metadata
  • Instance metadata service abuse
  • Storage misconfigurations
  • Serverless function exploitation
  • API key exposure
  • Cloud credential theft

10. EXPLOITATION & EXPLOIT DEVELOPMENT¤

10.1 Assembly Language¤

  • x86/x64 assembly
  • ARM assembly
  • Registers và memory
  • Stack operations
  • Instruction set
  • Calling conventions

10.2 Reverse Engineering¤

  • Static analysis (IDA Pro, Ghidra, Radare2)
  • Dynamic analysis (GDB, WinDbg, x64dbg)
  • Binary analysis
  • Decompilation
  • Obfuscation techniques
  • Packing/unpacking
  • Anti-debugging techniques
  • Anti-reversing techniques

10.3 Buffer Overflow¤

  • Stack-based buffer overflow
  • Heap-based buffer overflow
  • Return-to-libc
  • ROP chains (Return-Oriented Programming)
  • Format string vulnerabilities
  • Integer overflow
  • Use-after-free
  • Double-free vulnerabilities

10.4 Exploit Development¤

  • Fuzzing (AFL, libFuzzer, Honggfuzz)
  • Shellcode development
  • Egg hunters
  • Exploit mitigation bypass (DEP, ASLR, Stack Canaries)
  • Heap spraying
  • JIT spraying
  • Kernel exploitation basics
  • Windows exploitation
  • Linux exploitation
  • MacOS exploitation

10.5 Malware Development¤

  • Trojan development
  • Backdoor creation
  • Rootkit basics
  • Persistence mechanisms
  • Anti-analysis techniques
  • Code obfuscation
  • Packing và crypting
  • C2 (Command and Control) frameworks

11. RED TEAM OPERATIONS¤

11.1 Red Team Methodology¤

  • Kill Chain methodology
  • MITRE ATT&CK framework
  • Initial access techniques
  • Execution techniques
  • Persistence mechanisms
  • Privilege escalation
  • Defense evasion
  • Credential access
  • Discovery
  • Lateral movement
  • Collection
  • Exfiltration
  • Impact

11.2 Advanced Evasion¤

  • AV/EDR evasion
  • Signature evasion
  • Behavioral evasion
  • Sandbox evasion
  • IDS/IPS evasion
  • Firewall bypass
  • WAF bypass techniques
  • DLP evasion
  • Logging evasion

11.3 C2 Frameworks¤

  • Cobalt Strike
  • Empire/Starkiller
  • Covenant
  • Merlin
  • Mythic
  • Sliver
  • Koadic
  • Custom C2 development

11.4 Living off the Land¤

  • PowerShell exploitation
  • WMI abuse
  • Windows binaries (LOLBins)
  • Linux binaries (GTFOBins)
  • Fileless malware
  • Registry-only persistence
  • Memory-only attacks

11.5 Adversary Simulation¤

  • APT emulation
  • Threat modeling
  • Custom attack scenarios
  • Purple team collaboration
  • Attack simulation frameworks (Atomic Red Team, Caldera)

12. PENTESTING TOOLS MASTERY¤

12.1 Reconnaissance Tools¤

  • Nmap
  • Masscan
  • RustScan
  • Amass
  • Subfinder
  • Assetfinder
  • DNSRecon
  • Fierce
  • theHarvester
  • Recon-ng
  • Maltego
  • Shodan
  • SpiderFoot

12.2 Web Application Tools¤

  • Burp Suite Professional (mastery required)
  • OWASP ZAP
  • Nikto
  • WPScan
  • Wfuzz
  • ffuf
  • Gobuster
  • Dirbuster
  • SQLMap
  • Commix
  • XSStrike
  • Nuclei
  • Arjun
  • ParamSpider

12.3 Network Tools¤

  • Metasploit Framework
  • Wireshark/tcpdump
  • Responder
  • Impacket suite
  • CrackMapExec
  • Evil-WinRM
  • BloodHound
  • PowerSploit
  • Nishang
  • Chisel
  • Proxychains
  • SSHuttle

12.4 Password Attacks¤

  • Hashcat
  • John the Ripper
  • Hydra
  • Medusa
  • Patator
  • CeWL
  • Crunch
  • Mentalist
  • Cain & Abel
  • Ophcrack
  • Rainbow tables

12.5 Wireless Tools¤

  • Aircrack-ng suite
  • Wifite
  • Reaver
  • Bully
  • Kismet
  • Fern WiFi Cracker
  • WiFi Pumpkin
  • Cowpatty
  • Pyrit

12.6 Mobile Tools¤

  • MobSF (Mobile Security Framework)
  • Frida
  • Objection
  • APKTool
  • Jadx
  • Dex2jar
  • Android Studio
  • Xcode
  • Burp Suite Mobile Assistant

12.7 Exploitation Frameworks¤

  • Metasploit Framework
  • ExploitDB
  • SearchSploit
  • Social-Engineer Toolkit (SET)
  • BeEF (Browser Exploitation Framework)
  • RouterSploit
  • Commix

12.8 Post-Exploitation Tools¤

  • Mimikatz
  • BloodHound
  • PowerView
  • SharpHound
  • Rubeus
  • Certify
  • ADRecon
  • PowerUp
  • LinPEAS
  • WinPEAS
  • PEASS-ng suite

13. REPORTING & DOCUMENTATION¤

13.1 Report Writing¤

  • Executive summary
  • Technical findings
  • Vulnerability assessment
  • Risk rating (CVSS scoring)
  • Proof of concept
  • Remediation recommendations
  • Evidence collection
  • Screenshots và logs
  • Reproduction steps
  • Attack narratives

13.2 Documentation Tools¤

  • CherryTree
  • KeepNote
  • Dradis
  • Obsidian
  • Notion
  • Joplin
  • Markdown mastery
  • LaTeX basics
  • Screenshot tools (Flameshot, Greenshot)

13.3 Reporting Frameworks¤

  • PTES (Penetration Testing Execution Standard)
  • OWASP Testing Guide
  • NIST SP 800-115
  • OSSTMM
  • Penetration Testing Framework

13.4 Communication Skills¤

  • Technical writing
  • Stakeholder communication
  • Presentation skills
  • Debriefing sessions
  • Finding prioritization
  • Remediation guidance

14. COMPLIANCE & FRAMEWORKS¤

14.1 Compliance Standards¤

  • PCI DSS penetration testing requirements
  • HIPAA security assessments
  • ISO 27001
  • SOC 2
  • GDPR
  • NIST Cybersecurity Framework
  • FISMA

14.2 Testing Methodologies¤

  • OWASP Testing Guide
  • PTES (Penetration Testing Execution Standard)
  • OSSTMM (Open Source Security Testing Methodology Manual)
  • NIST SP 800-115
  • CEH methodology
  • SANS penetration testing methodology

14.3 Scope Definition¤

  • Rules of engagement
  • Legal considerations
  • Authorization documents
  • Scope boundaries
  • Testing windows
  • Communication protocols
  • Emergency contacts

15. ADVANCED TOPICS¤

15.1 IoT/ICS/SCADA Security¤

  • IoT device testing
  • Firmware analysis
  • Hardware hacking basics
  • UART/JTAG debugging
  • ICS protocols (Modbus, DNP3, BACnet)
  • SCADA system testing
  • OT network security
  • PLC exploitation

15.2 Blockchain Security¤

  • Smart contract auditing
  • Cryptocurrency wallet testing
  • Blockchain network analysis
  • DeFi security testing
  • NFT vulnerabilities
  • Consensus mechanism attacks

15.3 Thick Client Testing¤

  • Desktop application testing
  • .NET application testing
  • Java application testing
  • Electron app testing
  • Binary analysis
  • Memory analysis
  • Network traffic analysis

15.4 VoIP Security¤

  • SIP protocol exploitation
  • VoIP enumeration
  • Eavesdropping attacks
  • VoIP fuzzing
  • Asterisk testing

15.5 Database Security¤

  • SQL Server exploitation
  • MySQL exploitation
  • PostgreSQL exploitation
  • Oracle exploitation
  • MongoDB exploitation
  • Redis exploitation
  • NoSQL injection techniques

15.6 Mainframe Security¤

  • Mainframe basics
  • z/OS security
  • RACF exploitation
  • TSO testing
  • CICS exploitation

16. BUG BOUNTY & RESPONSIBLE DISCLOSURE¤

16.1 Bug Bounty Platforms¤

  • HackerOne
  • Bugcrowd
  • Intigriti
  • YesWeHack
  • Synack
  • Open Bug Bounty
  • Platform rules và etiquette

16.2 Bug Bounty Methodology¤

  • Asset discovery
  • Scope analysis
  • Vulnerability prioritization
  • Report writing for bounties
  • Communication with programs
  • Disclosure timelines
  • Payment processes

16.3 Automation for Bug Bounties¤

  • Recon automation
  • Nuclei templates
  • Custom workflow automation
  • Continuous monitoring
  • Notification systems
  • Mass scanning ethics

16.4 Responsible Disclosure¤

  • Disclosure policies
  • CVE process
  • Coordinated disclosure
  • Vendor communication
  • Public disclosure timing
  • Legal protections
  • Computer Fraud and Abuse Act (CFAA)
  • DMCA
  • GDPR implications
  • Local cybersecurity laws
  • Authorization requirements
  • Contracts và NDAs
  • Liability insurance

17.2 Ethical Hacking¤

  • Code of ethics
  • Professional conduct
  • Data handling
  • Client confidentiality
  • Conflict of interest
  • Scope adherence
  • Responsible disclosure

17.3 Authorization¤

  • Written authorization
  • Scope documentation
  • IP range verification
  • Third-party services
  • Out-of-scope handling
  • Emergency procedures

18. CERTIFICATIONS¤

18.1 Entry Level¤

  • CompTIA Security+
  • CompTIA PenTest+
  • eLearnSecurity eJPT (Junior Penetration Tester)
  • TCM Security PNPT (Practical Network Penetration Tester)

18.2 Intermediate¤

  • CEH (Certified Ethical Hacker)
  • GIAC GPEN (Penetration Tester)
  • eLearnSecurity eCPPT
  • CREST CRT/CCT
  • CompTIA CySA+

18.3 Advanced¤

  • OSCP (Offensive Security Certified Professional) - MANDATORY
  • GIAC GXPN (Exploit Researcher and Advanced Penetration Tester)
  • eLearnSecurity eCPTX
  • CREST CCT INF/APP

18.4 Expert Level¤

  • OSEP (Offensive Security Experienced Penetration Tester)
  • OSED (Offensive Security Exploit Developer)
  • OSWE (Offensive Security Web Expert)
  • OSCE³ (Offensive Security Certified Expert)
  • GIAC GREM (Reverse Engineering Malware)
  • SANS SEC660 GXPN

18.5 Specialized¤

  • GWAPT (Web Application Penetration Tester)
  • GMOB (Mobile Security)
  • GCIH (Incident Handler)
  • Cloud certifications (AWS Security, Azure Security)
  • CREST certifications

19. CONTINUOUS LEARNING¤

19.1 Practice Platforms¤

  • HackTheBox
  • TryHackMe
  • PentesterLab
  • Offensive Security Proving Grounds
  • VulnHub
  • Root-Me
  • OverTheWire
  • PicoCTF
  • CTFtime
  • PentesterAcademy

19.2 Resources¤

  • Books (Web Application Hacker's Handbook, Metasploit, Real-World Bug Hunting)
  • Blogs (PortSwigger, PentestMonkey, PayloadsAllTheThings)
  • YouTube channels (IppSec, Nahamsec, STÖK, LiveOverflow)
  • Podcasts (Darknet Diaries, Security Weekly)
  • Twitter security community
  • Discord servers
  • Reddit (r/netsec, r/AskNetsec, r/HowToHack)

19.3 Conferences¤

  • DEF CON
  • Black Hat
  • BSides events
  • OWASP conferences
  • Nullcon
  • 44Con
  • SecTor

19.4 Staying Current¤

  • CVE databases
  • Exploit databases
  • Security advisories
  • Vulnerability research papers
  • New tool releases
  • Attack technique evolution
  • Framework updates

20. CAREER PATH¤

20.1 Entry Positions¤

  • Junior Penetration Tester
  • Security Analyst (offensive focus)
  • Vulnerability Assessor
  • Bug Bounty Hunter

20.2 Mid-Level¤

  • Penetration Tester
  • Security Consultant
  • Application Security Tester
  • Red Team Operator

20.3 Senior Positions¤

  • Senior Penetration Tester
  • Lead Penetration Tester
  • Security Research Engineer
  • Red Team Lead
  • Exploit Developer

20.4 Expert/Leadership¤

  • Principal Security Consultant
  • Security Architect (offensive)
  • Head of Red Team
  • Security Research Director
  • Independent Consultant/Freelancer

20.5 Specializations¤

  • Web Application Specialist
  • Mobile Security Specialist
  • Cloud Security Specialist
  • IoT/ICS Security Specialist
  • Exploit Developer
  • Malware Analyst
  • Wireless Security Specialist

LỘ TRÌNH HỌC ĐỀ XUẤT¤

Tháng 1-3: Foundations (Linux, Windows, Networking, Programming basics) Tháng 4-6: Web Application Testing (OWASP Top 10, Burp Suite mastery) Tháng 7-9: Network Penetration Testing (Nmap, Metasploit, Post-exploitation) Tháng 10-12: Active Directory, Privilege Escalation, Lateral Movement Tháng 13-15: Wireless, Mobile, Cloud Penetration Testing Tháng 16-18: Exploit Development basics, Assembly, Reverse Engineering Tháng 19-21: Red Team Operations, C2 frameworks, Advanced Evasion Tháng 22-24: OSCP preparation, Advanced topics, Specialization Ongoing: Bug bounties, CTFs, Certifications, Continuous learning

TIPS ĐỂ THÀNH CÔNG¤

Practice Daily¤

  • Làm labs hàng ngày (HTB, THM)
  • Write-ups sau mỗi box
  • Document mọi kỹ thuật mới học

Build Portfolio¤

  • GitHub với tools và scripts
  • Blog write-ups
  • YouTube videos (optional)
  • CTF achievements
  • Bug bounty hall of fame

Mindset¤

  • Think like an attacker
  • Never stop at first finding
  • Always dig deeper
  • Automate repetitive tasks
  • Share knowledge với community

Networking¤

  • Join Discord servers
  • Twitter infosec community
  • Local meetups
  • Conference attendance
  • Mentor và được mentor
  • Always get written authorization
  • Respect scope boundaries
  • Practice trên legal platforms only
  • Understand local laws
  • Professional ethics first

Exam Preparation¤

  • OSCP là gold standard
  • Làm nhiều boxes tương tự OSCP (TJNull's list)
  • Try Harder mindset
  • Time management
  • Report writing practice

Real-World Experience¤

  • Internships
  • Junior positions
  • Bug bounties
  • Open source contributions
  • Personal projects

Chúc bạn thành công trên con đường trở thành Penetration Tester chuyên nghiệp!