Welcome to OffSec SEC-100! We are excited to provide a personalized learning plan tailored to bolster your learning journey, ultimately enhancing your readiness for fulfilling your job role.
The Learning Plan consists of a week-by-week journey, which encompasses a structured study approach, approximate learning hours, emphasized course topics, exercises related to those topics, challenge tasks to accomplish, and additional resources (if needed) for strengthening your learning, should you opt to use them.
Our OffSec Mentors also play a valuable role in providing guidance and support to you by facilitating dedicated OffSec Discord channels. Through these channels, you will have the opportunity to collaborate with other learners, ask questions, and build relationships to gain a deeper understanding of our curated offensive material and methodology. We strongly encourage you to take advantage of this resource and actively engage with our Mentors throughout your learning journey. Click here to join the OffSec Discord server and find answers to more frequently asked questions (FAQs).
Should you encounter technical issues or have questions about VPN connections, lab access, navigating the OffSec Learning Platform, or any other related matters, our 24/7 OffSec Technical Service Team is available to assist you. Please click here to contact us.
Getting Ready
In order to maximize the benefits of this learning plan, we encourage you to consult the quick reference guide. This guide will aid you in initiating your journey with the OffSec Learning Platform (OLP) and enriching your overall learning experience
Please see our Course Start Guide for further onboarding details.
Learning Plan - 12 Week
Jump to Week: 1, 2, 3, 4-5, 6, 7, 8, 9, 10, 11, 12
Week 1
Overview and Study Approach | This week will get you familiar with CyberCore, Cyber Security Frameworks, Standards, type of roles, general cyber security skills, Linux, Windows and PowerShell Scripting |
Learning Module |
Introduction to CyberCore- Security Essentials Anatomy of Cybersecurity Cybersecurity Frameworks and Standards Cybersecurity Roles Introduction to General Cybersecurity Skills Linux Basic Windows Basics |
Learning Units | Introduction to CyberCore - Security Essentials 1 – 1.6 Anatomy of Cybersecurity 2 – 2.5 Cybersecurity Frameworks and Standards 3 – 3.4 Cybersecurity Roles 4 – 4.5 Introduction to General Cybersecurity Skills 5 Linux Basic 6.1 – 6.5 Windows Basics 7 – 7.4 |
Videos for reinforcement | Introduction to CyberCore- Security Essentials |
Exercises | 6.1.1. Linux History 6.1.2. Linux Operating Systems 6.1.3. Kali Linux 6.2.1. Command Line Interface (Shells) 6.2.2. Basic Navigation 6.2.3. Listing Files 6.2.4. Reading File Contents 6.2.5. Connecting to Remote Machines With SSH 6.3. The Linux Filesystem 6.3.1. Linux FHS 6.3.2. Creating and Removing Files and Directories 6.4.1. User Account Details 6.4.2. Changing User Context 6.4.3. Reading and Altering File Permissions 7.1.1. Windows vs. Linux 7.1.2. Windows Shells 7.2.1. Following Along 7.2.2. Navigating the File System 7.2.3. Basic File Operations 7.2.4. Locating Files 7.2.5. Searching Text in Files 7.3.1. System Information 7.3.2. Users and Groups 7.3.3. Windows Permissions 7.3.4. Windows Registry |
Estimated Time | 13 |
Supplemental Learning* | None |
Week 2
Overview and Study Approach | This week will get you familiar with Python, and Data Transformation |
Learning Module | Python Scripting Fundamentals Data Transformation Fundamentals PowerShell Scripting Fundamentals |
Learning Units | Data Transformation Fundamentals 8 – 8.3 Introduction to Python and Its Environment 9 – 9.3 PowerShell Scripting Fundamentals 10 – 10.4 |
Videos for reinforcement | None |
Exercises | 8.1.1. About the labs 8.1.2. Binary Encoding 8.1.3. Hexadecimal Encoding 8.1.4. American Standard Code for Information Interchange (ASCII) 8.1.5. Unicode and UTF 8.1.6. Base64 Encoding 8.2.1. Basic Hashing 8.2.2. Checksums 8.2.3. Password Hashing 8.2.4. Hash Salting 9.1.1. Starting To Use Python 9.1.2. Solving a Problem 9.1.3. Working with Variables and Basic Data Types 9.1.4. Conditionals 9.1.5. Lists, Loops and Dictionaries 9.2.1. Writing Functions 9.2.2. Consuming Libraries And Other Helper Functions 9.2.3. Putting It All Together 9.2.4. Putting It All Together - A Lab Exercise 10.1.1. Windows PowerShell 10.1.2. Following Along 10.2.1. Cmdlets 10.2.2. Expressions, Variables and Operators, Oh My! 10.2.3. Data Types and Objects 10.2.4. Properties and Methods 10.2.5. Comparisons 10.2.6. Loops 10.2.7. Custom Functions 10.3.1. Using Windows PowerShell ISE 10.3.2. The PowerShell Execution Policy 10.3.3. Writing and Running a Script 10.3.4. Modules |
Estimate Time (Hours) | 13 |
Supplemental Learning* | None |
Week 3
Overview and Study Approach | This week will get you familiar with Networking Fundamental. |
Networking Fundamentals | |
Learning Module | Networking Fundamentals 11 – 11.7 |
Learning Units | None |
Videos for reinforcement | None |
Exercises | 11.1. The OSI Model 11.1.1. OSI Model Details 11.2.1. TCP/IP Model Details 11.3.1. Link Layer: Ethernet 11.3.2. Internet Layer: Internet Protocol (IP) 11.3.3. Transport Layer: Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) 11.3.4. Application Layer Protocols 11.4.1. Traffic, Packet Captures, and Wireshark 11.4.2. Using Wireshark: Display Filters 11.4.3. Pcap files 11.4.4. Opening a .pcap File 11.5.1. Following TCP Streams and Exporting Objects in Wireshark 11.5.2. Tcpdump 11.5.3. Live Network Capture with Tcpdump 11.6.1. Address Resolution Protocol (ARP) 11.6.2. Internet Control Messaging Protocol (ICMP) 11.6.3. Dynamic Host Configuration Protocol (DHCP) 11.7.1. Routing Tables 11.7.2. Firewalls 11.7.3. Network Address Translation (NAT) and Port Address Translation (PAT) 11.7.4. Virtual Private Networks (VPNs) |
Estimate Time (Hours) | 12 |
Week 4-5
Overview and Study Approach | This week will focus on familiarizing with Network Firewall, Enterprise Network, Cloud Computing, Contemporary AI and Cryptography. |
Learning Module |
Introduction to Network Firewalls Enterprise Network Fundamentals Cloud Computing Fundamentals Background to Contemporary AI Cryptography Fundamentals |
Learning Units | Introduction to Network Firewalls 13 – 13.3.6 Enterprise Network Fundamentals 12 – 12.5 Cloud Computing Fundamentals 14 – 14.2 Background to Contemporary AI 15 – 15.3 Cryptography Fundamentals 16 – 16.4 |
Videos for reinforcement | None |
Exercises | 12.1.1. Enterprises and Their Technologies 12.1.2. How Enterprise Technology is Managed 12.1.3. Typical Enterprise Network Zoning 12.1.4. The Role of Routers in an Enterprise 12.2.1. Web Server 12.2.2. Database Server 12.2.3. File Server 12.2.4. Mail Server 12.2.5. DNS and DHCP Server 12.2.6. Identity and Access Management Servers 12.2.7. Virtualization Server 12.3.1. The Role of Firewalls 12.3.2. Web Application Firewall 12.3.3. Monitoring and Detection 12.4.1. Direct Attached Storage 12.4.2. Network Attached Storage 12.4.3. Storage Area Network 12.4.4. Storage Virtualization 12.4.5. Cloud Storage 13.1.1. Following Along 13.1.2. Network Firewalls 101 13.1.3. Next-Generation Firewalls 13.1.4. Understand the Zoning Architecture 13.1.5. Microsegmentation 13.2.1. Firewall Rule Basics 13.2.2. Iptables Host Firewall 13.2.3. Building the Firewall Ruleset 13.2.4. Setting up Ingress Rules 13.2.5. Making Firewall Rules Persist 13.2.6. Egress Firewall Rules 13.2.7. Reject Rules 13.2.8. Blocking Subnets 13.3.1. Firewall Appliances 13.3.2. Brief pfSense Walkthrough 13.3.3. pfSense Firewall Editor 13.3.4. Building Firewall Rules 13.3.5. Managing Firewall Rules 13.3.6. Troubleshooting Firewall Rules 16.1. Introduction to Encryption 16.2.1. Caesar Cipher 16.2.2. Vigenere Cipher 16.2.3. XOR Cipher 16.2.4. Advanced Encryption Standard (AES) 16.3.1. Asymmetric Encryption Theory 16.3.2. Asymmetric Encryption Lab 16.3.3. Asymmetric Authentication with SSH 16.3.4. SSL and HTTPS 16.4. Wrapping Up |
Estimate Time (Hours) | 25 |
Supplemental Learning* | None |
Week 6
Overview and Study Approach | This week you will learn about Cybersecurity Skills, the process of Penetration Testing, Enumeration and Information Gathering, Common Web Attacks, Defensive Evasion, Offensive Cloud and Defensive Security Processes. |
Learning Module |
Introduction to Offensive Cybersecurity Skills Penetration Testing Process Information Gathering and Enumeration Understanding Web Attacks Attacking Endpoints Defense Evasion |
Learning Units | Introduction to Offensive Cybersecurity Skills 17 Penetration Testing Process 18 – 18.3 Information Gathering and Enumeration 19 – 19.3 Understanding Web Attacks 20 – 20.5 Attacking Endpoints 21 – 21.3 Defense Evasion 22 – 22.3 |
Videos for reinforcement | Introduction to Offensive Cybersecurity Skills |
Exercises | 19.1.1. Mapping the Target Environment 19.1.2. Manual Snooping 19.1.3. Google Hacking 19.1.4. Online Services 19.2.1. DNS Enumeration 19.2.2. Introduction to Host Discovery and Basic Port Scanning 19.2.3. Port Scanning with Nmap 19.2.4. Automating Information Gathering 20.1.1. Web Application Architecture Overview 20.1.2. Web Stacks and Technologies 20.1.3. Routing Basics 20.1.4. Database Basics 20.2.1. Types of Threats 20.2.2. OWASP Top Ten 20.3.1. Web Application Enumeration 20.3.2. Vulnerability Discovery 20.3.3. Exploitation 20.3.4. Post-Exploitation 20.3.5. Reporting 20.4.1. Follow Along 20.4.2. Discovering SQL Injection 20.4.3. Exploiting SQL Injection 21.1.1. Locating and Using Public Exploits 21.1.2. Endpoint Hacking Frameworks 21.1.3. Client-Side Attacks 21.2.1. Living Off the Land 21.2.2. Windows Privilege Escalation 21.2.3. Linux Privilege Escalation 21.2.4. Password Cracking 22.1. Fundamentals of Network Security and Antivirus Software 22.1.1. Introduction to Firewalls and IDS 22.1.2. Understanding Antivirus Software 22.2.1. Network Evasion for Firewalls and IDS 22.2.2. Antivirus Evasion |
Estimate Time (Hours) | 13 |
Supplemental Learning* | None |
Week 7
Overview and Study Approach | This week you will learn the basics of Defensive Cybersecurity Skills, and SOC Management Processes. |
Learning Module |
Introduction to Defensive Cybersecurity Skills SOC Management Processes |
Learning Units | Introduction to Defensive Cybersecurity Skills 24 SOC Management Processes 25 – 25.6.3 |
Videos for reinforcement | Introduction to Defensive Cybersecurity Skills |
Exercises | 25.1.1. Follow Along 25.1.2. ISMS - The Big Picture 25.1.3. Planning for a SOC 25.1.4. SOC and the Security Management Framework 25.1.5. Model of a SOC 25.1.6. SOC Reporting 25.2.1. Introduction 25.2.2. Cyber Kill Chain 25.2.3. Logging and the SOC 25.2.4. Log Collection 25.2.5. Log Searching and Analysis 25.2.6. Alert Monitoring 25.2.7. Incident Response 25.2.8. Forensics Management 25.2.9. Cyber Hunting 25.2.10. Threat Intelligence 25.3.1. Introduction to Operational Security Assurance 25.3.2. Protection Against Malware 25.3.3. Managing Security Platforms 25.3.4. Vulnerability Management 25.3.5. System Hardening 25.3.6. Patch Management 25.4.1. What is Security Administration? 25.4.2. Identity Administration 25.4.3. Access Administration 25.4.4. Privilege Administration 25.4.5. Media Sanitization 25.4.6. Personnel Security 25.4.7. Certificate Management 25.4.8. Third-Party Remote Access 25.5.1. Network Zoning 25.5.2. Zero Trust Networking 25.6.1. Data Backup and Recovery 25.6.2. Change Control 25.6.3. Managing the Physical Environment |
Estimate Time (Hours) | 14 |
Supplemental Learning* | None |
Week 8
Overview and Study Approach | This week you will learn the Offensive Cloud Fundamental, Defensive Security Processes, Malware Analysis, Social Engineering and Phishing. |
Learning Module |
Offensive Cloud Fundamentals Defensive Security Processes Vulnerability Management Malware Analysis Social Engineering and Phishing |
Learning Units | Offensive Cloud Fundamentals 23 – 23.5 Defensive Security Processes 26 – 26.4 Vulnerability Management 27 – 27.4 Malware Analysis 28 – 28.4 Social Engineering and Phishing 29 – 29.4 |
Videos for reinforcement | None |
Exercises | 23.1.1. Cloud Pentesting Process Overview 23.1.2. Tactics, Techniques and Procedures (TTPs) 23.2.1. External Reconnaissance 23.2.2. Accessing the Cloud Offensive AWS Lab 23.2.3. External Reconnaissance AWS Lab 23.2.4. Initial Access 23.2.5. Internal Enumeration 23.2.6. Privilege Escalation 26.1.1. NIST Cyber Security Framework (CSF) 26.1.2. Process Model For Cyber Security 26.2.1. Threat Hunting Process 26.2.2. Types Of Hunting 26.3.1. Incident Response Frameworks 26.3.2. Preparing For An Incident 26.3.3. Responding To An Incident 26.3.4. Initial Impact Assessment 26.3.5. Fundamentals Of Evidence Handling 27.1.1. Vulnerability Overview 27.1.2. The Vulnerability Management Lifecycle 27.2.1. Examining Vulnerability Scan Output 27.2.2. Common Vulnerabilities and Exposures (CVEs) 27.2.3. Common Vulnerability Scoring System (CVSS) 27.2.4. Common Weakness Enumeration (CWE) 27.3.1. Defining Scope 27.3.2. Compliance and Regulatory Frameworks 27.3.3. Vulnerability Assessment Methods 27.3.4. Triaging Vulnerabilities 27.3.5. Improving the Vulnerability Management Program 28.1.1. Basic Static Analysis 28.1.2. Overview of Advanced Static Analysis Techniques 28.2.1. Using an Isolated Environment 28.2.2. Basic Dynamic Analysis 28.2.3. Overview of Advanced Dynamic Analysis Techniques 28.3.1. Automated Analysis with VirusTotal 28.3.2. Other Automation Solutions 29.2.1. Types of Social Engineering 29.2.2. User Awareness Training 29.2.3. Preventing Social Engineering 29.2.4. Spotting Phishing Attacks 29.2.5. You've Been Phished 29.2.6. How AI is Changing Social Engineering 29.3.1. Twitter - 2020 29.3.2. Uber - 2022 and 2016 29.3.3. Sony Pictures – 2014 |
Estimate Time (Hours) | 12 |
Supplemental Learning* | None |
Week 9
Overview and Study Approach | This week you will learn the basics of Ransomware, DDoS, Wi-Fi Security, Security of Embedded Systems, Industrial Control Systems and OT, Risk Management in Cybersecurity, Introduction to Build Skills for Cybersecurity and Software Engineering Security. |
Learning Module |
Ransomware, DDoS, and Availability Wi-Fi Security Security of Embedded Systems Industrial Control Systems and OT Risk Management in Cybersecurity Introduction to Build Skills for Cybersecurity Software Engineering Security |
Learning Units | Ransomware, DDoS, and Availability 30 – 30.4 Wi-Fi Security 31 – 31.3 Security of Embedded Systems 32 – 32.5 Industrial Control Systems (ICS) 33 – 33.4 Risk Management in Cybersecurity 34 – 34.6 Introduction to Build Skills for Cybersecurity 35 Software Engineering Security 36 |
Videos for reinforcement | Introduction to Build Skills for Cybersecurity |
Exercises | 30.1. Protecting Availability 30.1.1. High Availability 30.1.2. Fault Tolerance 30.1.3. Availability in Depth 30.1.4. Access Control 30.1.5. Human Error 30.2.1. Business Impact of Ransomware 30.2.2. Hot and Cold Backups 30.2.3. Backup Storage Considerations 30.3.1. Business Impact of DDoS 30.3.2. Routing and Bandwidth 30.3.3. Application and Compute 31.1.1. IEEE 802.11 and Collision Avoidance 31.1.2. Wireless Network Topologies 31.1.3. Monitor Mode 31.1.4. Wireless Security 31.2. Exercise: Home Network Security Audit 32.1.1. Embedded Systems 32.1.2. Embedded Modules 32.1.3. Embedded Devices 32.2.1. CPU 32.2.2. RAM 32.2.3. Storage 32.2.4. Peripherals 32.2.5. Microcontrollers and System-on-Chips 32.2.6. Development Boards and Datasheets 32.3.1. Hardware Abstraction Layer 32.3.2. Kernel 32.3.3. Firmware 32.4.1. Bare-Metal 32.4.2. Real-Time 32.4.3. *nix 32.4.4. Android 33.1.1. Origins of Industrial Control Systems 33.1.2. Supervisory Control and Data Acquisition (SCADA) 33.1.3. Industrial IoT (IIoT) 33.2.1. OT Transports 33.2.2. OT Protocols 33.2.3. OT Devices 33.3.1. Specific ICS/OT Security Challenges 34.1.1. Confidentiality 34.1.2. Integrity 34.1.3. Availability 34.2.1. Assets 34.2.2. Threats 34.2.3. Controls 34.3.1. Threat Modeling Frameworks 34.3.2. Attack Trees 34.3.3. STRIDE 34.3.4. DREAD 34.3.5. LINDDUN 34.4.1. Follow Along 34.4.2. Risk Management Frameworks and Standards 34.4.3. Quantitative Risk Analysis 34.5.1. Meta and the General Data Protection Regulation (2023) 34.5.2. SolarWinds Supply Chain Attack (2020) |
Estimate Time (Hours) | 15 |
Supplemental Learning* | None |
Week 10
Overview and Study Approach | This week you will learn the Foundational Input Validation Concepts Cloud Architecture Fundamentals where you get understanding on the user input validation and Cloud Architecture. |
Learning Module |
Foundational Input Validation Concepts Cloud Architecture Fundamentals |
Learning Units | Foundational Input Validation Concepts 37 – 37.3 Cloud Architecture Fundamentals 38 – 38.2.6 |
Videos for reinforcement | None |
Exercises | 37.1.1. Follow Along 37.1.2. Accepting User Input 37.1.3. File Uploads 37.2.1. Validating Data Types 37.2.2. Blocklists and Allowlists 37.2.3. Client-Side and Server-Side Validations 37.2.4. When Validation is not Enough |
Estimate Time (Hours) | 13 |
Supplemental Learning* | None |
Week 11
Overview and Study Approach | This week you will learn about Assurance Testing and Start to develop a Cyber Security career. |
Learning Module |
Introduction to Assurance Testing Starting and Developing a Career in Cybersecurity |
Learning Units |
Introduction to Assurance Testing 39 – 39.4 Starting and Developing a Career in Cybersecurity 40 – 40.6 |
Videos for reinforcement | None |
Exercises | 39.1.1. Assurance through Security Testing 39.1.2. Where to Find Guidance on Security Testing 39.1.3. Security Testing Processes 39.2.1. Testing Roles and Certifications 39.2.2. Formal Training for Security Testers 39.2.3. Business Goals and Objectives 39.2.4. LAST Principles 39.3.1. Documentation Used in Security Testing 39.3.2. Writing Security Test Plans 39.3.3. Creating Security Test Cases 39.3.4. Executing Security Tests |
Estimate Time (Hours) | 12 |
Supplemental Learning* | None |
Week 12
Overview and Study Approach | This week you will start to schedule your exam. |
Learning Module | None |
Learning Units | None |
Videos for reinforcement | None |
Exercises | None |
Estimate Time (Hours) | None |
Supplemental Learning* | None |
*Note: the Supplemental Learning section described above offers an opportunity to enhance your understanding of the specific topics covered during the assigned week. They are Supplemental Learning and are not required.