prep strategy
What to study, in what order, and why. Full breakdown coming — here’s the TL;DR.
the ordered stack
- Foundations — Linux CLI, networking basics, bash + Python
- Web — OWASP top 10, Burp Suite, PortSwigger labs
- Enumeration — nmap, gobuster, methodology obsession
- Exploitation — public exploits, Metasploit (and then without Metasploit)
- Privilege escalation — Linux and Windows. Separately. Deeply.
- Active Directory — Kerberos attacks, BloodHound, lateral movement
- Buffer overflows — not on the modern exam, but worth understanding
the 80/20
If you only do one thing: own a lot of boxes, take obsessive notes. PG Practice + HTB retired boxes got me further than any course.