Welcome to OffSec SEC-100! We are excited to provide a personalized learning plan tailored to bolster your learning journey, ultimately enhancing your readiness for fulfilling your job role.
The Learning Plan consists of a week-by-week journey, which encompasses a structured study approach, approximate learning hours, emphasized course topics, exercises related to those topics, challenge tasks to accomplish, and additional resources (if needed) for strengthening your learning, should you opt to use them.
Our OffSec Mentors also play a valuable role in providing guidance and support to you by facilitating dedicated OffSec Discord channels. Through these channels, you will have the opportunity to collaborate with other learners, ask questions, and build relationships to gain a deeper understanding of our curated offensive material and methodology. We strongly encourage you to take advantage of this resource and actively engage with our Mentors throughout your learning journey. Click here to join the OffSec Discord server and find answers to more frequently asked questions (FAQs).
Should you encounter technical issues or have questions about VPN connections, lab access, navigating the OffSec Learning Platform, or any other related matters, our 24/7 OffSec Technical Service Team is available to assist you. Please click here to contact us.
Getting Ready
In order to maximize the benefits of this learning plan, we encourage you to consult the quick reference guide. This guide will aid you in initiating your journey with the OffSec Learning Platform (OLP) and enriching your overall learning experience.
Please see our Course Start Guide for further onboarding details.
Learning Plan - 20 Week
Jump to Week: 1, 2, 3-4, 5-6,7-8, 9, 10-11, 12-13, 14-15, 16, 17, 18, 19, 20
Week 1
Overview and Study Approach | This week will provide a comprehensive introduction to the foundational concepts of cybersecurity and Information Technology. |
Learning Module | Introduction to CyberCore- Security Essentials Anatomy of Cybersecurity Cybersecurity Frameworks and Standards Cybersecurity Roles Introduction to General Cybersecurity Skills Linux Basics |
Learning Units | Introduction to CyberCore- Security Essentials : 1.1 - 1.6 Anatomy of Cybersecurity: 2.1 - 2.5 Cybersecurity Frameworks and Standards: 3.1 - 3.4 Cybersecurity Roles: 4.1 - 4.5 Introduction to General Cybersecurity Skills Linux Basics 6.1 - 6.5 |
Videos for Reinforcement | Introduction to CyberCore- Security Essentials |
Exercises | 6.1.3. Kali Linux 6.2.1. Command Line Interface (Shells) 6.2.3. Listing Files 6.2.5. Connecting to Remote Machines With SSH 6.3.1. Linux FHS 6.3.2. Creating and Removing Files and Directories 6.4.1. User Account Details 6.4.2. Changing User Context 6.4.3. Reading and Altering File Permissions |
Estimate Time (Hours) | 10 |
Supplemental Learning* |
Week 2
Overview and Study Approach | This week will cover the basics of the Windows operating system and PowerShell scripting, focusing on system administration, automation, and practical applications in cybersecurity. |
Learning Module | Windows Basics PowerShell Scripting Fundamentals |
Learning Units | Windows Basics: 7.1 - 7.4 PowerShell Scripting Fundamentals: 10.1 - 10.4 |
Videos for Reinforcement | None |
Exercises | 7.2.2. Navigating the File System 7.2.3. Basic File Operations 7.2.4. Locating Files 7.2.5. Searching Text in Files 7.3.2. Users and Groups 7.3.3. Windows Permissions 7.3.4. Windows Registry 10.2.1. Cmdlets 10.2.2. Expressions, Variables and Operators, Oh My! 10.2.3. Data Types and Objects 10.2.4. Properties and Methods 10.2.5. Comparisons 10.2.6. Loops 10.2.7. Custom Functions |
Estimate Time (Hours) | 10 |
Supplemental Learning* | None |
Week 3-4
Overview and Study Approach | The next 2 weeks introduces Python scripting, focusing on basic syntax, control structures, and script writing, while also learning techniques for transforming and encoding data. |
Learning Module | Python Scripting Fundamentals Data Transformation Fundamentals |
Learning Units | Python Scripting Fundamentals: 9.1 - 9.3 Data Transformation Fundamentals: 8.1 - 8.3 |
Videos for Reinforcement | None |
Exercises | 9.1.1. Starting To Use Python 9.1.2. Solving a Problem 9.1.3. Working with Variables and Basic Data Types 9.1.4. Conditionals 9.1.5. Lists, Loops and Dictionaries 9.2.2. Consuming Libraries And Other Helper Functions 9.2.4. Putting It All Together - A Lab Exercise 8.1.2. Binary Encoding 8.1.3. Hexadecimal Encoding 8.1.5. Unicode and UTF 8.1.6. Base64 Encoding 8.2.1. Basic Hashing 8.2.2. Checksums 8.2.3. Password Hashing |
Estimate Time (Hours) | 15 |
Supplemental Learning* | None |
Week 5-6
Overview and Study Approach | In these 2 weeks learners will learn the fundamental concepts of networking, including understanding network protocols, architecture, and tools. |
Learning Module | Networking Fundamentals |
Learning Units | Networking Fundamentals: 11.1 - 11.7 |
Videos for Reinforcement | None |
Exercises | 11.1.1. OSI Model Details 11.2.1. TCP/IP Model Details 11.3.1. Link Layer: Ethernet 11.3.2. Internet Layer: Internet Protocol (IP) 11.3.3. Transport Layer: Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) 11.3.4. Application Layer Protocols 11.4.1. Traffic, Packet Captures, and Wireshark 11.4.2. Using Wireshark: Display Filters 11.4.3. Pcap files 11.4.4. Opening a .pcap File 11.5.1. Following TCP Streams and Exporting Objects in Wireshark 11.5.2. Tcpdump 11.5.3. Live Network Capture with Tcpdump 11.6.1. Address Resolution Protocol (ARP) 11.6.2. Internet Control Messaging Protocol (ICMP) 11.6.3. Dynamic Host Configuration Protocol (DHCP) 11.7.1. Routing Tables 11.7.2. Firewalls 11.7.4. Virtual Private Networks (VPNs) |
Estimate Time (Hours) | 18 |
Supplemental Learning* | None |
Week 7-8
Overview and Study Approach | The next 2 weeks will go over the fundamental concepts of network firewalls and enterprise networks, including their configuration, management, and role in protecting networked systems. |
Learning Module | Introduction to Network Firewalls Enterprise Network Fundamentals |
Learning Units | Introduction to Network Firewalls: 13.1 - 13.3 Enterprise Network Fundamentals: 12.1 - 12.5 |
Videos for Reinforcement | None |
Exercises | 13.1.5. Microsegmentation 13.2.8. Blocking Subnets 13.3.6. Troubleshooting Firewall Rules 12.1.4. The Role of Routers in an Enterprise 12.2.7. Virtualization Server 12.3.3. Monitoring and Detection 12.4.5. Cloud Storage |
Estimate Time (Hours) | 16 |
Supplemental Learning* | None |
Week 9
Overview and Study Approach | This week will explore the architecture and management of cloud computing, understand the foundational concepts and applications of contemporary AI in cybersecurity, and delve into cryptography basics. |
Learning Module | Cloud Computing Fundamentals Background to Contemporary AI Cryptography Fundamentals |
Learning Units | Cloud Computing Fundamentals: 14.1 - 14.2 Background to Contemporary AI: 15.1 - 15.3 Cryptography Fundamentals: 16.1 - 16.4 |
Videos for Reinforcement | None |
Exercises | 14.1.6. Accessing the AWS Management Console Lab 16.2.1. Caesar Cipher 16.2.4. Advanced Encryption Standard (AES) 16.3.3. Asymmetric Authentication with SSH 16.3.4. SSL and HTTPS |
Estimate Time (Hours) | 10 |
Supplemental Learning* |
Week 10-11
Overview and Study Approach | This week will introduce offensive cybersecurity skills, cover the penetration testing process, methods for information gathering and enumeration, web attacks, and strategies for attacking endpoints. |
Learning Module |
Introduction to Offensive Cybersecurity Skills Penetration Testing Process Information Gathering and Enumeration Understanding Web Attacks Attacking Endpoints |
Learning Units | Introduction to Offensive Cybersecurity Skills Penetration Testing Process: 18.1 - 18.3 Information Gathering and Enumeration: 19.1 - 19.3 Understanding Web Attacks: 20.1 - 20.4 Attacking Endpoints: 21.1 - 21.3 |
Videos for Reinforcement | Introduction to Offensive Cybersecurity Skills |
Exercises | 19.1.1. Mapping the Target Environment 19.1.2. Manual Snooping 19.1.4. Online Services 19.2.1. DNS Enumeration 19.2.2. Introduction to Host Discovery and Basic Port Scanning 19.2.3. Port Scanning with Nmap 19.2.4. Automating Information Gathering 20.4.3. Exploiting SQL Injection 21.1.1. Locating and Using Public Exploits 21.1.2. Endpoint Hacking Frameworks 21.1.3. Client-Side Attacks 21.2.1. Living Off the Land 21.2.2. Windows Privilege Escalation 21.2.3. Linux Privilege Escalation 21.2.4. Password Cracking |
Estimate Time (Hours) | 16 |
Supplemental Learning* | None |
Week 12-13
Overview and Study Approach | This week will focus on defense evasion, the fundamentals of offensive cloud security, the processes for defensive security operations, and strategies for effective vulnerability management |
Learning Module | Defense Evasion Offensive Cloud Fundamentals Introduction to Defensive Cybersecurity Skills Defensive Security Processes Vulnerability Management |
Learning Units | Defense Evasion: 22.1 - 22.3 Offensive Cloud Fundamentals: 23.1 - 23.5 Introduction to Defensive Cybersecurity Skills Defensive Security Processes: 26.1 - 26.4 Vulnerability Management: 27.1 - 27.4 |
Videos for Reinforcement | Introduction to Defensive Cybersecurity Skills |
Exercises | 22.1.1. Introduction to Firewalls and IDS 22.1.2. Understanding Antivirus Software 22.2.1. Network Evasion for Firewalls and IDS 22.2.2. Antivirus Evasion 26.2.1. Threat Hunting Process 26.2.2. Types Of Hunting 26.3.1. Incident Response Frameworks 26.3.2. Preparing For An Incident 26.3.3. Responding To An Incident 26.3.4. Initial Impact Assessment 26.3.5. Fundamentals Of Evidence Handling 27.1.1. Vulnerability Overview 27.1.2. The Vulnerability Management Lifecycle 27.2.1. Examining Vulnerability Scan Output 27.2.2. Common Vulnerabilities and Exposures (CVEs) 27.2.3. Common Vulnerability Scoring System (CVSS) 27.2.4. Common Weakness Enumeration (CWE) 27.3.1. Defining Scope 27.3.2. Compliance and Regulatory Frameworks 27.3.3. Vulnerability Assessment Methods 27.3.4. Triaging Vulnerabilities 27.3.5. Improving the Vulnerability Management Program |
Estimate Time (Hours) | 18 |
Supplemental Learning* | None |
Week 14-15
Overview and Study Approach | The next 2 weeks will explore the management processes of a Security Operations Center (SOC) |
Learning Module | SOC Management Processes |
Learning Units | SOC Management Processes: 25.1 - 25.6 |
Videos for Reinforcement | None |
Exercises | 25.1.6. SOC Reporting 25.2.3. Logging and the SOC 25.2.10. Threat Intelligence 25.3.6. Patch Management 25.4.8. Third-Party Remote Access 25.5.2. Zero Trust Networking 25.6.3. Managing the Physical Environment |
Estimate Time (Hours) | 15 |
Supplemental Learning* | None |
Week 16
Overview and Study Approach | This week will delve into the basics of malware analysis techniques, social engineering and phishing tactics, ransomware, and Wi-Fi Security. |
Learning Module | Malware Analysis Social Engineering and Phishing Ransomware, DDoS, and Availability Wi-Fi Security |
Learning Units | Malware Analysis: 28.1 - 28.4 Social Engineering and Phishing: 29.1 - 29.4 Ransomware, DDoS, and Availability: 30.1 - 30.4 Wi-Fi Security: 31.1 - 31.3 |
Videos for Reinforcement | None |
Exercises | 28.1.1. Basic Static Analysis 28.2.2. Basic Dynamic Analysis 28.3.1. Automated Analysis with VirusTotal 29.2.1. Types of Social Engineering 29.2.2. User Awareness Training 29.2.4. Spotting Phishing Attacks 29.2.5. You've Been Phished 29.2.6. How AI is Changing Social Engineering 31.1.1. IEEE 802.11 and Collision Avoidance 31.1.2. Wireless Network Topologies 31.1.3. Monitor Mode 31.1.4. Wireless Security |
Estimate Time (Hours) | 10 |
Supplemental Learning* | None |
Week 17
Overview and Study Approach | This week will explore the security challenges for embedded systems and industrial control systems along with strategies for effective risk management |
Learning Module | Security of Embedded Systems Industrial Control Systems and OT Risk Management in Cybersecurity |
Learning Units | Security of Embedded Systems: 32.1 - 32.5 Industrial Control Systems and OT: 33.1 - 33.4 Risk Management in Cybersecurity: 34.1 - 34.6 |
Videos for Reinforcement | None |
Exercises | 32.1.1. Embedded Systems 32.1.2. Embedded Modules 32.1.3. Embedded Devices 32.2.1. CPU 32.2.2. RAM 32.2.3. Storage 32.2.4. Peripherals 32.2.5. Microcontrollers and System-on-Chips 32.2.6. Development Boards and Datasheets 32.3.1. Hardware Abstraction Layer 32.3.2. Kernel 32.3.3. Firmware 32.4.1. Bare-Metal 32.4.2. Real-Time 32.4.3. *nix 32.4.4. Android 33.1.3. Industrial IoT (IIoT) 33.2.3. OT Devices 33.3.1. Specific ICS/OT Security Challenges 34.1.3. Availability 34.3.5. LINDDUN 34.4.1. Follow Along 34.4.3. Quantitative Risk Analysis |
Estimate Time (Hours) | 12 |
Supplemental Learning* | None |
Week 18
Overview and Study Approach | The next week will focus on the basic principles of input validation. |
Learning Module | Foundational Input Validation Concepts |
Learning Units | Foundational Input Validation Concepts: 37.1 - 37.3 |
Videos for Reinforcement | None |
Exercises | 37.1.2. Accepting User Input 37.1.3. File Uploads 37.2.2. Blocklists and Allowlists |
Estimate Time (Hours) | 12 |
Supplemental Learning* | None |
Week 19
Overview and Study Approach | This week will be an introduction to assurance testing. |
Learning Module | Introduction to Assurance Testing |
Learning Units | Introduction to Assurance Testing: 39.1 - 39.4 |
Videos for Reinforcement | |
Exercises | 39.1.3. Security Testing Processes 39.2.4. LAST Principles 39.3.2. Writing Security Test Plans 39.3.4. Executing Security Tests |
Estimate Time (Hours) | 10 |
Supplemental Learning* | None |
Week 20
Overview and Study Approach | This week will build essential cybersecurity skills, learn secure software engineering practices, understand cloud architecture fundamentals, and receive guidance on starting and developing a career in the cybersecurity field. |
Learning Module | Introduction to Build Skills for Cybersecurity Software Engineering Security Cloud Architecture Fundamentals Starting and Developing a Career in Cybersecurity |
Learning Units | Introduction to Build Skills for Cybersecurity Software Engineering Security: 36.1 - 36.4 Cloud Architecture Fundamentals: 38.1 - 38.4 Starting and Developing a Career in Cybersecurity: 40.1 - 40.6 |
Videos for Reinforcement | None |
Exercises | None |
Estimate Time (Hours) | 10 |
Supplemental Learning* | None |
*Note: the Supplemental Learning section described above offers an opportunity to enhance your understanding of the specific topics covered during the assigned week. They are Supplemental Learning and are not required.