Structured role-based learning paths that guide you from fundamentals to job-ready skills. Each path combines curated courses with a clear progression — track your progress as you go.
Master web application exploitation from fundamentals to advanced bypasses
A complete offensive web security path — start with HTTP fundamentals, progress through OWASP Top 10, and master SQL injection, XSS, file upload bypasses, and API exploitation.
From reconnaissance to full domain compromise
Build end-to-end offensive security skills. Learn passive and active recon, network scanning, exploitation with Metasploit, and post-exploitation techniques used in real red team engagements.
Harden, audit, and operate Linux systems with confidence
Master Linux from a security perspective — command-line mastery, privilege management, system hardening, firewall configuration, log analysis, and incident response.
Secure cloud-native environments and audit IAM configurations
Understand how cloud infrastructure is attacked and defended. Covers IAM misconfigurations, insecure APIs, S3 bucket policies, and certification prep for AWS/Azure security domains.
Not sure where to start?
The most comprehensive path — covers all OWASP fundamentals and is the foundation for every other role.
Start Web Hacker Path