Free Cybersecurity Learning Path

📊

YOUR PROGRESS TRACKER

Check off topics as you complete them • Saved in browser

> SKILL AREAS

Networking

MUST

Linux

MUST

Web Technologies

90%

Windows OS

75%

Security Basics

80%

Practical Hacking

70%

⏱️

POMODORO STUDY TIMER

25min study + 5min break • Proven study technique

01

🎯 FREE PRACTICE PLATFORMS

Hands-on hacking practice • All completely free

💡 Pro Tip: Start with OverTheWire Bandit then move to PicoCTF. These two alone will teach you more than any course!

🏰

⭐ START HERE

OverTheWire: Bandit

Learn Linux commands through hacking games. 34 levels of increasing difficulty.

Study carefully:
• SSH connections • File navigation
• File permissions • Hidden files
• Pipes and redirection • Networking commands

→ START PLAYING

🏆

100% FREE

PicoCTF

Made by Carnegie Mellon University. Best beginner CTF platform.

Study carefully:
• General Skills first • Cryptography
• Web Exploitation • Forensics
• Binary (later) • Reverse Eng (later)

→ START CTF

🌐

WEB HACKING

OWASP WebGoat

Intentionally vulnerable web app. Learn web hacking safely.

Study carefully:
• HTTP Basics • SQL Injection
• XSS attacks • Auth flaws
• OWASP Top 10 vulnerabilities

→ VISIT OWASP

💻

FREE TIER

HackTheBox Free

Industry standard platform. For when you're ready to advance.

Study carefully:
• Starting Point machines • Enumeration
• Service exploitation • Priv escalation
• Write-up analysis after trying

→ HACK THE BOX

📁

100% FREE

VulnHub

Download vulnerable VMs. Practice locally offline.

Start with:
• Mr-Robot VM • DC Series
• Kioptrix Level 1 • Metasploitable
• Network scanning with Nmap

→ GET VMs

🎮

CTF PRACTICE

CTFlearn

Community CTF platform with hundreds of free challenges.

Study carefully:
• Forensics • Programming basics
• Web challenges • Cryptography
• Steganography • OSINT

→ START CTF

🔐

100% FREE

OverTheWire: Natas

Web security wargame. Do after Bandit.

Study carefully:
• View source tricks • HTTP headers
• Cookie manipulation • PHP inclusion
• SQL injection • Dir traversal

→ PLAY NATAS

🌍

⭐ NETWORKING

Cisco NetAcad

Official Cisco free networking courses. Industry recognized.

Study carefully:
• IT Essentials course • Networking Basics
• Cybersecurity Essentials • Network Defense
• Packet Tracer labs

→ CISCO FREE

Platform	Best For	Difficulty	Cost	Link
OverTheWire Bandit	Linux basics, SSH	🟢 Beginner	FREE	Visit →
PicoCTF	All-around security	🟢 Beginner	FREE	Visit →
CTFlearn	CTF challenges	🟡 Beginner-Mid	FREE	Visit →
OWASP WebGoat	Web app security	🟡 Intermediate	FREE	Visit →
VulnHub	Full exploitation	🟡 Intermediate	FREE	Visit →
HackTheBox	Real-world hacking	🔴 Advanced	Mostly FREE	Visit →

02

📺 FREE YOUTUBE CHANNELS

Best cybersecurity educators • Subscribe to all

🥇 NetworkChuck

Most entertaining networking + hacking channel. Start with FREE CCNA course.

NetworkingLinuxHackingPython

• "Linux for Hackers" series
• "FREE CCNA" networking course
• "Ethical Hacking" series

▶ Subscribe

🥇 Professor Messer

THE best for CompTIA certs. Free complete N+ and Security+ courses.

Network+Security+A+

• CompTIA Network+ N10-008
• CompTIA Security+ SY0-701
• All practice questions

▶ Subscribe

🥇 John Hammond

CTF walkthroughs and cybersecurity tutorials. Amazing for learning real attacks.

CTFMalwareHacking

• PicoCTF walkthroughs
• Malware analysis videos
• "Let's Hack" series

▶ Subscribe

🥇 TCM Security

The Cyber Mentor. Best practical ethical hacking. Full free courses on YouTube.

Ethical HackingPentestingPython

• "Ethical Hacking in 15 Hours"
• "Linux 101" series
• OSINT fundamentals

▶ Subscribe

🥇 David Bombal

Networking expert turned cybersecurity educator. Great interviews with top hackers.

NetworkingPythonHacking

• GNS3 networking labs
• "Hacker interviews" series
• Kali Linux tutorials

▶ Subscribe

🥇 HackerSploit

Penetration testing and Linux admin. Very detailed tutorials for beginners.

Kali LinuxMetasploitWeb Hacking

• Metasploit fundamentals
• Web App Hacking series
• Nmap complete tutorial

▶ Subscribe

🥈 Practical Networking

BEST channel for networking. OSI model, subnetting, routing explained perfectly.

OSI ModelSubnettingTCP/IP

• "Networking Fundamentals" series
• "Subnetting Mastery" series
• OSI Model explained

▶ Subscribe

🥈 LiveOverflow

Deep technical content. How vulnerabilities really work at low level.

BinaryCTFWeb Security

• "How to get into CTF"
• Web security deep dives
• Binary exploitation basics

▶ Subscribe

03

🎓 FREE COMPLETE COURSES

Full structured courses • Free to access

🔴

⭐ #1 PICK

Google Cybersecurity Certificate

World-class by Google on Coursera. Audit ALL for FREE.

• Cybersecurity foundations
• Networks and Linux
• Assets and threats
• Detection and response
• Python automation
• Job preparation

→ AUDIT FREE

🏛️

⭐ HARVARD FREE

CS50: Intro to Computer Science

Harvard's most popular course. Foundation for everything.

• How computers work
• C and Python programming
• SQL databases
• Web basics
• Memory management
• Algorithms

→ START CS50

📡

⭐ NETWORKING

Professor Messer Network+

Complete free N10-008 course. Industry standard networking.

• OSI and TCP/IP models
• IP addressing and subnetting
• Routing protocols
• Wireless networking
• Network security
• Troubleshooting

→ FREE VIDEOS

🛡️

FREE

Professor Messer Security+

Free Security+ SY0-701 course. Gold standard entry cert.

• Threats and attacks
• Architecture and design
• Cryptography
• Identity management
• Operations and IR
• Governance and risk

→ FREE VIDEOS

🐧

100% FREE

Linux Journey

Interactive Linux learning with exercises at each step.

• Command line basics
• Text manipulation (grep, awk)
• Permissions and users
• Process management
• Packages
• Networking commands

→ START LINUX

🕵️

YOUTUBE COURSE

TCM: Ethical Hacking 15 Hours

Full ethical hacking course on YouTube. Completely free.

• Setting up hacking lab
• Networking refresher
• Python for hacking
• Reconnaissance
• Scanning and enum
• Exploitation basics

→ WATCH FREE

🌍

100% FREE

Cisco NetAcad Courses

Official Cisco free courses. Create free account to access all.

• Networking Basics
• IT Essentials
• Cybersecurity Essentials
• Network Defense
• Packet Tracer simulator
• All labs included

→ FREE SIGNUP

🔒

FREE TIER

Cybrary Free Courses

Platform with many free cybersecurity courses.

• Intro to Cybersecurity
• Linux basics
• Networking fundamentals
• Ethical hacking intro
• SOC analyst basics
• Incident response

→ FREE SIGNUP

04

🗺️ COMPLETE LEARNING PATH

Follow IN ORDER • Don't skip steps

⚠️ Important: Follow this path IN ORDER. Each step builds on the previous. Spend real time on each phase — consistency over speed!

🖥️

PHASE 1 • WEEKS 1-2 • FOUNDATION

How Computers Work

Binary and hexadecimal — Convert between number systems
CPU, RAM, Storage — What each component does
Operating system basics — What an OS does and why
File systems — FAT32, NTFS, ext4 differences
Processes and memory — How programs run
Command Line Interface — Why hackers prefer CLI

CS50 Week 0 Khan Academy NetworkChuck YT

📡

PHASE 2 • WEEKS 3-5 • NETWORKING ⭐ MOST IMPORTANT

Networking Fundamentals

OSI Model 7 layers — Memorize ALL layers and functions
TCP/IP Model — How internet actually works
IP Addressing — IPv4, IPv6, how addresses work
Subnetting — CRITICAL skill, practice until fast
DNS — How domain names resolve to IPs
HTTP and HTTPS — Request/Response cycle, status codes
TCP vs UDP — When each is used and why
Common ports — Memorize: 80, 443, 22, 21, 25, 53, 3389
Firewalls and NAT — How traffic is filtered
Wireshark basics — Capture and analyze traffic

Prof. Messer N+ Practical Networking Cisco NetAcad

🐧

PHASE 3 • WEEKS 6-8 • LINUX ⭐ ESSENTIAL

Linux Fundamentals

File navigation — pwd, ls, cd, find, locate
File manipulation — cp, mv, rm, mkdir, cat, nano, vim
Permissions — chmod, chown, rwx for user/group/other
Users and groups — adduser, sudo, /etc/passwd
Process management — ps, top, kill, background jobs
Text processing — grep, awk, sed, sort, cut
Networking commands — ifconfig, netstat, ping, traceroute
Package management — apt, apt-get, dpkg
Bash scripting — Write automation scripts
SSH — Connect remotely, key auth, scp

Linux Journey OTW Bandit ⭐ Ryan's Tutorial HackerSploit YT

🪟

PHASE 4 • WEEKS 9-10 • WINDOWS

Windows Fundamentals

Windows file system — C:\Windows, System32 structure
Registry — HKLM, HKCU, run keys for persistence
Active Directory basics — Domain, users, groups, GPO
Windows services — Start, stop, configure
Task Manager — Processes, performance, startup
CMD commands — ipconfig, netstat, tasklist
PowerShell basics — Get-Process, Get-Service
Windows Event Logs — Security, system, application log
UAC — Privilege levels, admin vs user

Microsoft Learn Prof. Messer

🌐

PHASE 5 • WEEKS 11-12 • WEB TECHNOLOGIES

How The Web Works

HTTP deep dive — GET, POST, PUT, DELETE methods
HTTP Headers — Request/response headers importance
Status codes — 200, 301, 400, 401, 403, 404, 500
Cookies and Sessions — How auth state is maintained
HTML basics — Web page structure, forms, inputs
JavaScript basics — Client-side scripting
APIs and REST — How apps communicate
Browser DevTools — Network tab, console, storage
SSL/TLS — How HTTPS encrypts traffic
Same Origin Policy — Browser security model

MDN Web Docs CS50 Web OWASP WebGoat

🔐

PHASE 6 • WEEKS 13-15 • SECURITY BASICS

Cybersecurity Fundamentals

CIA Triad — Confidentiality, Integrity, Availability
Cryptography — Symmetric, Asymmetric, Hashing
Common attacks — Phishing, MITM, DoS, SQLi, XSS
Firewalls and IDS/IPS — How traffic filtering works
VPNs — How virtual private networks work
Authentication — Passwords, MFA, certificates
OWASP Top 10 — Most critical web vulnerabilities
Malware types — Virus, worm, trojan, ransomware
Social engineering — Human is weakest link
Incident response — Basic IR process steps

Prof. Messer S+ Google Cybersec OWASP Top 10

⚔️

PHASE 7 • WEEKS 16-20 • HANDS-ON HACKING

Practical Practice & CTFs

Set up home lab — VirtualBox + Kali + vulnerable VMs
Nmap scanning — Host discovery, port scan, services
Metasploit basics — Search exploits, modules, meterpreter
Burp Suite Community — Intercept and modify web traffic
John the Ripper/Hashcat — Password cracking basics
Gobuster — Web directory enumeration
OverTheWire all games — Bandit → Natas → Leviathan
PicoCTF challenges — Complete as many as possible
VulnHub easy VMs — Mr-Robot, DC-1, Kioptrix

OverTheWire PicoCTF VulnHub VMs TCM Hacking YT

05

🏠 FREE HOME LAB SETUP

Build your hacking lab • 100% free software

01

Install VirtualBox

Free virtualization by Oracle. Run multiple OS on your PC. Works on Windows, Mac, Linux. Learn NAT, Host-Only, Bridged networking modes.

→ Download FREE

02

Install Kali Linux

The hacker's OS. 600+ pre-installed security tools. Download VirtualBox image (not ISO), import it. This is your attack machine.

→ Download FREE

03

Get Vulnerable VMs

Start with: Metasploitable 2 (beginner), Mr-Robot VM, DC:1, Kioptrix Level 1. Download from VulnHub and import to VirtualBox.

→ VulnHub

04

Windows Trial VM

Microsoft free Windows evaluation VMs. Set up Active Directory, practice Windows admin and defensive security techniques.

→ MS Eval Center

05

Install Wireshark

Free network analyzer. Capture real traffic. See DNS queries, HTTP requests, TCP handshakes. Essential for understanding protocols.

→ Download FREE

06

Configure Network

Set Kali + Vulnerable VMs on Host-Only network. They can talk to each other but isolated from real internet. Never bridge to real network!

→ Tutorial Videos

06

📚 FREE BOOKS & PDFs

Best books available free legally online

"The Linux Command Line" 2nd Edition

by William E. Shotts Jr.

Best free Linux book. Covers everything from basics to shell scripting. Author releases it free online legally.

→ Read FREE

"Automate the Boring Stuff with Python"

by Al Sweigart

Learn Python through projects. Essential for security automation. Full book free online by the author himself.

→ Read FREE

"OWASP Testing Guide"

by OWASP Foundation

Official free guide for web security testing. Industry standard for web pentesting. Updated regularly, completely free.

→ Read FREE

"Computer Networks" 5th Edition

by Andrew S. Tanenbaum

Classic networking textbook used worldwide in universities. Covers all networking deeply. Find on Internet Archive.

→ Archive.org

"Penetration Testing"

by Georgia Weidman

Excellent beginner pentesting book. Lab setup, scanning, exploitation, post-exploitation. Check Library Genesis.

→ Library Genesis

"Hacking: The Art of Exploitation"

by Jon Erickson

Deep dive into how exploits work. C programming, assembly, memory hacking. For advanced learners. Available on Library Genesis.

→ Library Genesis

07

🏆 TOP 3 TO START RIGHT NOW

If you could only pick 3 — start with these

🥇

Professor Messer Network+

For: Networking Foundation

Watch complete free N10-008 course. THE foundation of all cybersecurity. Without networking you cannot understand hacking. Watch → Notes → Practice Questions → Repeat.

START HERE →

🥈

OverTheWire Bandit + Linux Journey

For: Linux Mastery

Use Linux Journey for theory → immediately practice on OverTheWire Bandit. 34 levels of increasing Linux difficulty through real hacking challenges. Most fun way to learn Linux!

PLAY BANDIT →

🥉

Google Cybersecurity on Coursera

For: Complete Structured Path

Go to Coursera → Find Google Cybersecurity → Click "Audit" NOT enroll. ALL content FREE. 8 complete courses. No credit card needed. World class Google content.

AUDIT FREE →

> FINAL SUCCESS TIPS

⏰ DAILY CONSISTENCY

1-2 hours EVERY day beats 7 hours once a week. Use the Pomodoro timer above. Build the habit first.

📝 TAKE NOTES

Keep notes in Notion or text files. Write commands, concepts, confusing things. Review weekly.

🔨 BUILD & BREAK

Set up home lab and BREAK things. Breaking and fixing is real learning. Don't just watch!

🤝 JOIN COMMUNITY

Join r/cybersecurity on Reddit. TCM Security Discord. Ask questions. Share progress. Help others.

🎯 NO SHORTCUTS

Everyone wants to hack immediately. Networking + Linux MUST come first. Real skills take real time.

📄 DOCUMENT EVERYTHING

Write CTF writeups. Document your lab. Build GitHub profile. This becomes your job portfolio.

⚡ FREE CYBERSECURITY LEARNING PATH ⚡