4 min read

Ethical Hacking Roadmap and Resources

Ethical Hacking Roadmap and Resources

Hi, I am Inderjeet Singh. A bug bounty hunter, ethical hacker, penetration tester, and also a cybersecurity investigator privately. I have 2 years of experience now, and with this article, I will share a pathway that anyone can follow to get into the subspace of ethical hacking.

The RoadMap

1. Learn Programming

Some people say programming doesn’t matter for hacking. But in reality, let me tell you something straightforward, in order to hack something you need to learn how that thing is made. Like how a web server is made, how a website is made, how an app is made, how a database connection is being done, how the developers are managing their code at a central facility.

I would highly suggest everyone start their hacking journey by learning programming because of the following reasons: you can code your own tools, you can make malware, your own XSS, SQLi, and etc. payloads. While doing reverse engineering you need this skill. Without programming, you won’t even understand how these payloads are working. It will be like a hit and trial.

Enough of use cases and philosophy, but How can you start learning to program? Choose any language but I would suggest starting with C. This is because this language has the concept of pointers, by which you can actually understand memory addressing.

Don’t learn languages, learn concepts of programming.
Concepts that you have to learn: Input/Output Handling, Variables, Mathematical Operations, if-else, switch, Loops, Functions, Pointers, Arrays, Data Structures, Algorithms, and there's so much to go on.

2. Learn Linux

Linux is an extremely important skill for hackers. Windows claims 82.56% of the world’s OS market. 96.3% of the world’s top 1 million servers run on Linux. 90% of all cloud infrastructure operates on Linux and practically all the best cloud hosts use it. Linux is an operating system exactly like Windows or macOS, but it’s open-source, free and you can customize it as per your choice.

Checklist for the things that one has to learn while learning Linux:
Shell, Navigation, File System, Redirection, Permissions, Processes, Environment, Text Editors, Package Management, Storage Media, Archiving, Networking, and Backup, File Searching, Regex, etc.

3. Learn Networking

Networking is the core part of hacking. You need to understand how packets flow, how your data flows from your device to a web server, and what happens at intermediary nodes. This will make you eligible to understand Wifi attacks, DNS attacks, network packet capture dumps, various website attacks, etc.

Checklist for the things that one can follow while learning Networking:
Network Devices, TCP/IP, OSI Model, Various Protocols and Services like DNS, SNMP, SMB, HTTP, FTP, SSH, etc., Network Traffic Analysis with Wireshark, Web Servers, Wireless Network, Bluetooth Networks, CAN Protocol (for Car Hacking).

4. Learn Cryptography

Today, we all mostly surf HTTPS sites, most of the traffic is encrypted. What it means, is that if you even are inside the network and hacked it completely. You won’t be able to see what’s happening within the network because of encryption.

According to kaspersky.com, “Cryptography is the study of secure communications techniques that allow only the sender and intended recipient of a message to view its contents.”
That’s why it’s too important to dive into cryptography. It’s a big topic, but for hackers just understanding it is enough. Learn about these fundamentals:
Encryption and Decryption, Types of Cryptography, Ciphers or Encryptions like ROT13, Caesar Cipher, Morse Code, Hexadecimal, Base32, Base64, etc., Hashing and hashes like SHA256, NTML, SHA512 (where they are used), etc.

5. Learn Website Attacks

After you are done with all the stuff which is just a pre-requisite for hacking, now it’s time to learn attacks. You can learn Android App attacks too. But, learning web attacks first will give a base for Android Penetration testing and iOS Penetration Testing. So, I will suggest starting with WebApp Penetration Testing.

There are so many attacks that you can do on websites like 2FA bypass, Database Attacks, Account Takeovers, Cookie Stealing, etc. To do these attacks, you have to first learn some web app bugs and some techniques:
Learn reconnaissance, SQL (Structured Query Language, used for databases)Injection, NoSQL Injection, XSS (Cross Site Scripting), CSRF, SSRF, LFI, RFI, XML Injection, HTTP Host Header Attacks, Web Cache Poisoning, Learn about CVEs, Learn about BurpSuite, automation, and there’s so much after this :-).

6. What After This?

This is just the beginning of this journey, after this, you will deep dive into a particular field and explore different regions of this subspace of cybersecurity. You can choose WebApp Penetration Testing, Android App Penetration Reverse Engineering, Hardware Security, OSINT expert, Social Engineer, CyberSecurity Investigator, iOS Penetration Tester, Network Security Expert, etc. Choose a field and explore. You are done with one field, pick another.

Here, you can never stop learning and that’s the best part that I see being a hacker.

Resources for Hacking

Youtube Channels

  1. Bitten Tech
  2. Clever Programmer
  3. codingo
  4. Cristi Vlad
  5. David Bombal
  6. DC CyberSec
  7. Farah Hawa
  8. freeCodeCamp.org
  9. HackerSploit
  10. Hak5
  11. InsiderPhD
  12. John Hammond
  13. Kalle Hallden
  14. LiveOverFlow
  15. Lio Liang Yang
  16. Null Byte
  17. Stok Fredrick
  18. SysAdmGirl
  19. The XSS Rat
  20. TomNomNom


  1. The Linux Command Line
  2. Networking for Dummies
  3. Hacking The Art of Exploitation
  4. WebApp Hackers Handbook 2
  5. Kali Linux Revealed
  6. Linux Basics for Hackers
  7. Penetration Testing: A Hands-On Introduction to Hacking
  8. The Hacker Playbook 2
  9. The Hacker Playbook 3
  10. Practical Windows Forensics
  11. Practical Linux Forensics for Digital Investigators
  12. Ghost in the Wires
  13. Black Hat Python
  14. Metasploit: The Practical Tester’s Guide
  15. Real-World Bug Hunting
  16. Practical Malware Analysis
  17. Wireshark 101
  18. Black Hat Go
  19. RTFM: Red Team Field Manual
  20. How to Hack Like A Pornstar

GitHub Repositories






Still, so many things are left to add to this write-up. If I wrote somewhere incorrect thing or some typo, please correct me in the comments.

You can also follow me on following social media platforms for being always updated to new things.

You can follow me on Twitter, Telegram, LinkedIn, Youtube, Instagram to always be up-to-date on newer things happening in this space.


Thank You.