From Zero to Ethical Hacker: 

10 Weeks to Becoming an Ethical Hacker and Bug Hunter

Welcome to From Zero to Ethical Hacker: 10 Weeks to Becoming an Ethical Hacker and Bug Hunter by Omar Santos. This Learning Path will take you on a 10-week journey to becoming an ethical hacker and bug hunter. Each module details what you will find for that week’s training, helping you build your skills so you can learn and practice as you move through the course. By the time this course is finished you will be on your way to achieving your goal of becoming an Ethical Hacker and Bug Hunter.

Start Now

Week 1

Introduction to WebSploit

An introduction to WebSploit - WebSploit is a learning environment created by Omar Santos for different Cybersecurity Ethical Hacking (Web Penetration Testing) training sessions. WebSploit includes several intentionally vulnerable applications running in Docker containers on top of Kali Linux, several additional tools, and over 7,000 cybersecurity resources. WebSploit comes with over 400 distinct exercises!

Week 2

Building Your Hacking Lab with Proxmox

Learn how to build your own lab using Proxmox (a very powerful virtualization technology).

Week 3

Hacking the OWASP Juice Shop (part 1)

Juice-shop is a flagship OWASP project. "OWASP Juice Shop is probably the most modern and sophisticated insecure web application! It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools! Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications!"

Week 4

Hacking the OWASP Juice Shop (part 2)

A continuation of many exercises in the OWASP Juice Shop. Learn how to hack modern applications!

Week 5

Web Application Security Exercises: OWASP WebGoat

Learn how to hack the OWASP WebGoat! The OWASP WebGoat is another intentionally vulnerable application that includes several tutorials and exercises. 

Week 6

Web Application Security Exercises: Damn Vulnerable Web Application (DVWA)

The Damn Vulnerable Web Application (DVWA) is another intentionally vulnerable application that has been used by many cybersecurity professionals to practice their skills in a safe environment. This session will walk you through several of the vulnerabilities found in DVWA.

Week 7

Installing and Configuring Security Onion to Detect Security Threats

Learn how to deploy the Security Onion - an open source Linux distribution for incident response, threat hunting, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort, Suricata, Zeek (formerly known as Bro), Wazuh, Sguil, Squert, CyberChef, NetworkMiner, and many other security tools.

Week 8

Installing and deploying RedHunt OS for Threat Hunting

Learn how to deploy RedHunt OS to perform threat hunting. Explore different tools such as Caldera, Atomic Red Team, CrackMapExec, Metasploit, Responder, Zap, ADRecon, Kolide Fleet, ELK (Elasticsearch, Logstash, and Kibana) Stack, Yeti, Harpoon, and many others.

Week 9

Kali Linux and Ghidra for Reverse Engineering

Ghidra is a very popular reverse engineering tool authored by the United State National Security Agency (NSA). It is used by many security professionals to reverse engineer malware and also to create proof of concept exploits by analyzing binaries.

Week 10

Running Kali and WebSploit in Raspberry Pi's

Learn how to deploy Kali Linux and several of the intentional vulnerable applications in the WebSploit learning environment!