A comprehensive, hands-on learning path from absolute zero to job-ready ethical hacker.
Certified Ethical Hacking I is a complete curriculum designed to take someone with no prior security experience through the entire penetration testing methodology. By the end, you'll have the skills to perform professional security assessments and pursue industry certifications.
This course emphasizes:
- Hands-on practice over theory memorization
- Ethical foundations before technical skills
- Professional methodology from day one
- Real-world applicability in every lesson
"You cannot effectively attack networks you don't understand."
This curriculum builds knowledge layer by layer:
- Legal and ethical foundations first β Understand the rules before you play
- Networking fundamentals β Know how data travels before intercepting it
- Reconnaissance β Find targets before attacking them
- Scanning and enumeration β Understand systems before exploiting them
- Exploitation β Apply knowledge systematically
- Post-exploitation β Demonstrate real impact
- Professional practice β Report findings that drive change
| Metric | Value |
|---|---|
| Total Stages | 11 (including overview) |
| Estimated Hours | 300-400 |
| Hands-on Exercises | 50+ |
| Assessment Types | Written + Practical |
| Final Project | Complete Penetration Test + Report |
| Stage | Title | Description | Hours |
|---|---|---|---|
| 00 | Course Overview & Foundations | Lab setup, methodology intro, legal framework | 15-20 |
| 01 | Ethical Hacking Fundamentals | CFAA, authorization, ROE, ethics, first engagement | 25-35 |
| 02 | Networking for Pen Testers | OSI/TCP-IP, protocols, Wireshark, services | 30-40 |
| Stage | Title | Description | Hours |
|---|---|---|---|
| 03 | Reconnaissance | OSINT, Google dorking, DNS, subdomains, email harvesting | 35-45 |
| 04 | Scanning & Enumeration | Nmap mastery, NSE, service enumeration | 40-50 |
| 05 | Vulnerability Analysis | CVE/CVSS, scanners, validation, prioritization | 25-35 |
| Stage | Title | Description | Hours |
|---|---|---|---|
| 06 | System Hacking | Password attacks, hash cracking, privilege escalation | 35-40 |
| 07 | Web Application Security | OWASP Top 10, Burp Suite, SQLi, XSS | 40-50 |
| 08 | Exploitation Fundamentals | Metasploit, payloads, shells, Meterpreter | 35-45 |
| Stage | Title | Description | Hours |
|---|---|---|---|
| 09 | Post-Exploitation | Persistence, credentials, lateral movement, pivoting | 25-35 |
| 10 | Professional Practice | Reporting, communication, career prep, capstone | 30-40 |
This curriculum prepares you for major industry certifications:
| Certification | Coverage | Notes |
|---|---|---|
| CompTIA PenTest+ | ~85% | Primary alignment target |
| eLearnSecurity eJPT | ~90% | Excellent first certification |
| EC-Council CEH | ~80% | Theoretical + practical |
| Offensive Security OSCP | ~60% | Strong foundation for future study |
β οΈ Certification objectives change. Always verify current requirements at official vendor websites.
theHarvester Β· Maltego Β· Recon-ng Β· Shodan Β· Amass Β· Sublist3r Β· dnsrecon
Nmap Β· Masscan Β· Nikto Β· Gobuster Β· enum4linux Β· smbclient Β· snmpwalk
OpenVAS Β· Nessus Β· searchsploit Β· Nmap NSE scripts
Metasploit Β· Msfvenom Β· Burp Suite Β· SQLMap Β· Hydra Β· Netcat
John the Ripper Β· Hashcat Β· CeWL Β· Crunch
Meterpreter Β· LinPEAS Β· WinPEAS Β· Mimikatz Β· BloodHound
This course uses an isolated virtual lab for safe, legal practice:
- Host Machine: 16GB+ RAM, 100GB+ storage, virtualization support
- Hypervisor: VirtualBox (free) or VMware
- Attack Machine: Kali Linux (latest)
- Target Machine: Metasploitable 2
βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β ISOLATED LAB NETWORK β
β (Host-Only Network) β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β βββββββββββββββ βββββββββββββββββββββββ β
β β Kali Linux ββββββββββΊβ Metasploitable 2 β β
β β (Attack) β β (Target) β β
β β 192.168.56.Xβ β 192.168.56.101 β β
β βββββββββββββββ βββββββββββββββββββββββ β
β β
β β NO INTERNET CONNECTION β β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
# Clone the repository
git clone https://github.com/YOUR-USERNAME/certified-ethical-hacking-1.git
# Navigate to the course
cd certified-ethical-hacking-1
# Start with Stage 00
cat course_material/Stage_00_Course_Overview_and_Foundations.md
# Set up your lab environment following the instructions
# Then proceed through each stage sequentially- Computer: Capable of running 2 virtual machines simultaneously
- Time: 10-15 hours per week recommended
- Mindset: Patience, curiosity, and ethical commitment
- Prior security experience
- Programming knowledge (helpful but not required)
- Networking certifications
- Previous Linux experience
This course starts from absolute zero.
β οΈ IMPORTANT: READ BEFORE PROCEEDING β οΈ
This course teaches offensive security techniques that can cause
real damage if misused. You MUST agree to the following:
1. Only test systems you OWN or have WRITTEN PERMISSION to test
2. Never use these skills for unauthorized access
3. Understand that unauthorized hacking is a CRIMINAL OFFENSE
4. Report vulnerabilities responsibly if discovered
5. Maintain professional ethics at all times
The authors are not responsible for misuse of this material.
By using this course, you accept full responsibility for your actions.
certified-ethical-hacking-1/
βββ README.md # This file
βββ CURRICULUM_INDEX.md # Complete curriculum roadmap
βββ docs/
β βββ index.html # Web landing page
β
βββ course_material/
βββ Stage_00_Course_Overview_and_Foundations.md
βββ Stage_01_Ethical_Hacking_Fundamentals.md
βββ Stage_02_Networking_Fundamentals.md
βββ Stage_03_Reconnaissance_Information_Gathering.md
βββ Stage_04_Scanning_Enumeration.md
βββ Stage_05_Vulnerability_Analysis.md
βββ Stage_06_System_Hacking.md
βββ Stage_07_Web_Application_Security.md
βββ Stage_08_Exploitation_Fundamentals.md
βββ Stage_09_Post_Exploitation.md
βββ Stage_10_Professional_Practice.md
- Clear objectives β Know what you'll learn
- Conceptual explanations β Understand the "why"
- Hands-on exercises β Build practical skills
- ASCII diagrams β Visualize concepts
- Cheat sheets β Quick reference guides
- Written assessments β Test understanding
- Practical assessments β Prove capability
- Completion checklists β Track progress
- Read the conceptual material thoroughly
- Type all commands (don't copy-paste)
- Document as you go
- Complete all exercises before advancing
- Review notes at session end
- Commit your work regularly
Contributions are welcome! Please:
- Fork the repository
- Create a feature branch
- Submit a pull request with clear description
Focus areas for contribution:
- Typo and error corrections
- Additional exercises
- Tool updates
- Clarity improvements
This work is licensed under Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0).
You are free to:
- Share β Copy and redistribute in any medium or format
- Adapt β Remix, transform, and build upon the material
Under the following terms:
- Attribution β Give appropriate credit
- NonCommercial β Not for commercial purposes
- ShareAlike β Distribute under the same license
- The cybersecurity community for shared knowledge
- Open-source tool developers
- Offensive Security, EC-Council, CompTIA for certification frameworks
- OWASP for web security standards
- PTES for penetration testing methodology
Learn Ethically β’ Practice Safely β’ Protect Systems
Remember: With great power comes great responsibility.