prep strategy#

What to study, in what order, and why. Full breakdown coming — here’s the TL;DR.

the ordered stack#

1. Foundations — Linux CLI, networking basics, bash + Python
2. Web — OWASP top 10, Burp Suite, PortSwigger labs
3. Enumeration — nmap, gobuster, methodology obsession
4. Exploitation — public exploits, Metasploit (and then without Metasploit)
5. Privilege escalation — Linux and Windows. Separately. Deeply.
6. Active Directory — Kerberos attacks, BloodHound, lateral movement
7. Buffer overflows — not on the modern exam, but worth understanding

the 80/20#

If you only do one thing: own a lot of boxes, take obsessive notes. PG Practice + HTB retired boxes got me further than any course.

Full post drops soon with timelines, resources, and anti-patterns to avoid.