Ethical Hacking Roadmap for Freshers
A comprehensive 12-week learning plan to master Ethical Hacking from scratch
Overview
This roadmap sequences topics so each day builds on the last—skip ahead only after exercises feel easy.
Study approach
Block time for practice: reading without coding rarely sticks for technical skills.
Who it fits
Beginners, career switchers, and upskilling professionals can all follow at their own pace.
| Day | Topics | Learn (hrs) | Practice (hrs) | Important Topics |
|---|---|---|---|---|
| Week 1: Ethical Hacking Fundamentals | ||||
| Day 1 |
Introduction to Ethical Hacking - Black hat, White hat, Grey hat - Legal & ethical aspects - Cyber laws & responsible disclosure |
2 | 1 | Hacker Ethics |
| Day 2 |
Hacking Methodology - 5 Phases of hacking - Reconnaissance techniques - Real-world case studies |
2 | 1.5 | Kill Chain Model |
| Day 3 |
Networking Fundamentals - TCP/IP model - OSI model layers - IP addressing basics |
2 | 2 | Protocol Stack |
| Day 4 |
Network Protocols - HTTP/HTTPS, FTP - DNS, SMTP, SSH - Well-known ports |
2.5 | 2 | Port Numbers |
| Day 5 |
Linux Basics - Kali Linux setup - Basic commands - File permissions |
2.5 | 2 | chmod & sudo |
| Day 6 |
Windows Basics - Registry basics - User accounts - Services & processes |
2 | 2 | Windows Security |
| Day 7 |
Review Day - Week 1 Concepts - Virtual Lab Setup |
1 | 2 | Legal Boundaries |
| Week 2: Reconnaissance & Scanning | ||||
| Day 8 |
Footprinting - Passive vs Active recon - Whois lookup - DNS interrogation |
2.5 | 1.5 | OSINT Techniques |
| Day 9 |
Google Hacking - Google Dorks - Advanced search operators - Finding vulnerabilities |
2.5 | 1.5 | GHDB |
| Day 10 |
Social Engineering - Phishing basics - Pretexting - Defense strategies |
2.5 | 1.5 | Human Firewall |
| Day 11 |
Network Scanning - Ping sweep - Port scanning - Nmap basics |
2.5 | 1.5 | Stealth Scanning |
| Day 12 |
Enumeration - Banner grabbing - Service identification - SNMP enumeration |
2 | 2 | Service Fingerprinting |
| Day 13 |
Practice Day - Nmap exercises - Recon-ng practice |
1 | 3 | Scan Types |
| Day 14 |
Review Day - Week 2 Concepts - Q&A Session |
1 | 2 | Legal Scanning |
| Day | Topics | Learn (hrs) | Practice (hrs) | Important Topics |
|---|---|---|---|---|
| Week 3-4: System Hacking | ||||
| Day 15 |
Password Attacks - Brute force - Dictionary attacks - Rainbow tables |
2.5 | 2 | Password Hashes |
| Day 16 |
Privilege Escalation - Windows privilege escalation - Linux privilege escalation - Kernel exploits |
3 | 2 | SUID/SGID |
| Day 17 |
Malware Basics - Viruses, Worms, Trojans - Ransomware basics - Rootkits |
3 | 2 | Persistence |
| Day 18 |
Covering Tracks - Log manipulation - Clearing evidence - Anti-forensics basics |
2.5 | 2 | Event Logs |
| Day 19 |
Defense Strategies - Antivirus basics - Host-based firewalls - System hardening |
2.5 | 2 | Defense in Depth |
| Day 20 |
Practice Day - Password cracking lab - Privilege escalation lab |
1 | 3 | Hashcat |
| Day 21 |
Review Day - System hacking concepts - Q&A Session |
1 | 2 | MITRE ATT&CK |
| Week 5-6: Web Application Security | ||||
| Day 22 |
Web Technologies - HTML, JS, PHP basics - HTTP protocol - Cookies & sessions |
3 | 2 | Same-Origin Policy |
| Day 23 |
SQL Injection - Types of SQLi - SQLmap basics - Prevention techniques |
3 | 2 | Blind SQLi |
| Day 24 |
XSS & CSRF - Reflected, Stored, DOM XSS - CSRF attacks - Prevention methods |
2.5 | 2 | CORS |
| Day 25 |
Authentication Flaws - Broken authentication - Session hijacking - Multi-factor auth bypass |
2.5 | 2 | JWT Vulnerabilities |
| Day 26 |
Web App Tools - Burp Suite - OWASP ZAP - Browser dev tools |
2 | 3 | Proxy Usage |
| Day 27-28 |
Web App Labs - DVWA practice - WebGoat exercises |
1 | 4 | OWASP Top 10 |
| Day | Topics | Learn (hrs) | Practice (hrs) | Important Topics |
|---|---|---|---|---|
| Week 7-8: Wireless & Network Attacks | ||||
| Day 29 |
Wireless Security - Wi-Fi encryption types - WEP/WPA/WPA2/WPA3 - Wireless sniffing |
3 | 2 | 4-Way Handshake |
| Day 30 |
Wireless Attacks - Rogue AP - Evil Twin - Aircrack-ng suite |
3 | 2 | Deauthentication |
| Day 31 |
MITM Attacks - ARP poisoning - DNS spoofing - SSL stripping |
3 | 2 | Packet Injection |
| Day 32 |
Sniffing Tools - Wireshark - Tcpdump - Bettercap |
3 | 2 | Packet Analysis |
| Day 33 |
Network Defense - IDS/IPS basics - Firewall rules - Network segmentation |
3 | 2 | Snort Basics |
| Day 34 |
Practice Day - Wireshark exercises - MITM lab |
1 | 3 | Filter Expressions |
| Day 35 |
Review Day - Network security concepts - Q&A Session |
1 | 2 | Defense Strategies |
| Week 9-12: Pen Testing & Career Prep | ||||
| Day 36-42 |
Metasploit Framework - Exploit modules - Payloads - Post-exploitation |
3 | 3 | Meterpreter |
| Day 43-49 |
Cryptography Basics - Encryption types - Hashing algorithms - PKI basics |
3 | 3 | Man-in-the-Middle |
| Day 50-56 |
Pen Testing Methodology - Planning & reconnaissance - Vulnerability assessment - Reporting & documentation |
2 | 4 | PTES Standard |
| Day 57-60 |
Certification Prep - CEH exam objectives - Practice questions - Mock exams |
2 | 3 | Career Paths |
Key Recommendations
- Lab Setup: Create a dedicated virtual lab environment (VirtualBox/VMware)
- Practice: Use platforms like Hack The Box, TryHackMe, and Vulnhub
- Certifications: Aim for CEH (Certified Ethical Hacker) or eJPT
- Community: Join cybersecurity communities and CTF events
- Legal Compliance: Always get proper authorization before testing systems
Ethical Hacking Learning Roadmap for Beginners
This comprehensive 12-week ethical hacking roadmap is designed specifically for freshers and beginners who want to break into the field of Cybersecurity. The roadmap provides a structured approach to learning ethical hacking from the ground up, covering essential topics in:
- Hacking Fundamentals - Ethics, legal aspects, and methodology
- Networking & Systems - Protocols, operating systems, and vulnerabilities
- Web Application Security - OWASP Top 10 vulnerabilities and defenses
- Penetration Testing - Tools, techniques, and reporting
- Career Preparation - Certifications and job opportunities
Why Follow This Ethical Hacking Roadmap?
This roadmap is optimized for beginners with no prior experience in cybersecurity. The day-by-day breakdown ensures you build a strong foundation before moving to advanced concepts. Each week focuses on practical implementation with hands-on labs in safe environments.
Career Opportunities in Ethical Hacking
After completing this roadmap, you'll be prepared for entry-level positions like:
- Penetration Tester
- Security Analyst
- Vulnerability Assessor
- Security Consultant
- Red Team Member
Comprehensive Ethical Hacking Learning Path
This Ethical Hacking roadmap on Nikhil Learn Hub provides a structured learning path: Learn ethical hacking concepts, cybersecurity tools, penetration testing, networking, and security practices step by step.
Use the schedule, weekly tables, and practice notes on this page to pace your progress. Keep the Cheatsheets hub open for syntax and API reminders during exercises.
Foundation phase
- Core concepts and terminology for this stack
- Guided exercises and small coding drills
- Hands-on labs aligned with each milestone
- Review checkpoints before moving forward
Advanced phase
- Multi-topic projects and integration tasks
- Performance, security, or scalability basics
- Tooling and workflow patterns used in industry
- Interview, certification, or portfolio preparation
Who Should Follow This Roadmap
Students, career switchers, and developers upskilling in Ethical Hacking can follow this roadmap for credible study order instead of scattered tutorials.
Related Resources on Nikhil Learn Hub
- Cheatsheets hubquick reference while you follow this roadmap
- Technology roadmaps hubbrowse all structured learning paths
- Technology hubbroader programming and AI resources