I am not writing this for myself. I am not writing this as a "learning journal" or whatever so it is going to feel a lot more like a gradeschool study guide. Everything is my own opinion, and prone to error. At the time of writing this I have been in the security industry for about 10+ years. Of those 10+ years I have done about 2 years in research roles, about 7 years in pentesting roles, and the remainder in a blue-team/sysadmin role. All of the associated learning pages are living documents, they may change often, or never. My plan, if I have one, is to keep this down to a list of topics and then those that are intrested can go hunt down those topics themselves. There are multiple reasons for this approach: - As a pentester you often have to "figure it out" anyways so you might as well start now. - Things might have changed and you can different perspectives on certain topics that I do not have. - This really is an autodidact/passion-driven sort of endeavor so it can make things awkward switching back and forth from "traditional learning" and "figuring things out". So with that said, I'll drop some useful tips for "figuring things out" below. - chatGPT is basically how teachers (wrongfully) treated wikipedia in 2008, unreliable and error-prone. Double check facts you get from there. - Look up google dorks, they can help you tremendously. - Google censors a lot of results out, try duckduckgo if you think that may be happening. - Try and read the code before you run it or at least make sure it's pretty reputable. - If you're going to run some windows executable you found, maybe try uploading it to VirusTotal and/or run it in a separate Windows Virtual Machine - Consider the date on information you read - Don't get discouraged some things just take a bit of time to grok. (p.s. grok is nerd for "understand") Questions can be emalied to me, see main page of site for that email.