Scribd
Upload
399 views11 pages

Cybersecurity Learning Resources Guide

The document provides a comprehensive guide for beginners to learn cybersecurity, outlining various resources including books, certifications, video channels, blogs, practical labs, and community involvement. It recommends foundational books like 'Cybersecurity for Dummies' and advanced texts such as 'The Web Application Hacker's Handbook', alongside YouTube channels for visual learning. Practical platforms like TryHackMe and Hack The Box are highlighted for hands-on experience, emphasizing the importance of community engagement for effective learning.

Uploaded by

Dhairya Patel
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
399 views11 pages

Cybersecurity Learning Resources Guide

The document provides a comprehensive guide for beginners to learn cybersecurity, outlining various resources including books, certifications, video channels, blogs, practical labs, and community involvement. It recommends foundational books like 'Cybersecurity for Dummies' and advanced texts such as 'The Web Application Hacker's Handbook', alongside YouTube channels for visual learning. Practical platforms like TryHackMe and Hack The Box are highlighted for hands-on experience, emphasizing the importance of community engagement for effective learning.

Uploaded by

Dhairya Patel
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Cybersecurity Learning Path - Highlights

1. Introduction to Cybersecurity
- Starting challenges, scattered resources, free online content.

2. Books (Foundation to Advanced)


- Cybersecurity for Dummies
- How Cyber Security Really Works
- The Web Application Hacker’s Handbook
- Hacking: The Art of Exploitation
- The Hacker Playbook (1 to 3)
- Blue Team Handbook
- Black Hat Python

3. Certifications
- CEH (Certified Ethical Hacker)
- CISSP, CISM, CompTIA Security+, CCSP
- Simply Learn Cybersecurity Expert Masters Program

4. Video Resources (YouTube)


- John Hammond, David Bombal, LiveOverflow, The Cyber Mentor
- Tech Chip, The Cyber Expert, Hacker Vlog (Hindi)
- IppSec, Professor Messer, OffSec

5. Blogs & Platforms


- PortSwigger, OWASP, Acunetix, Netsparker
- Hack Tricks, Hacking Articles, ZeroX-DF
- Splunk, SANS, Bugcrowd, HackerOne, Synacktiv

6. Practical Labs
- TryHackMe, Hack The Box, Proving Grounds
- PortSwigger Labs, CTFs: PicoCTF, OverTheWire, Root-Me

7. Community Involvement
- Discord Servers: OffSec, THM, HTB
- Reddit: r/netsec, r/cybersecurity
- LinkedIn Groups, OWASP Chapters, BSides, GitHub, Stack Overflow
24 May 2025 12:43

You want to start learning cybersecurity, but you're confused about what to study and where to find the
right resources. There are so many resources available, but it's hard to find the right place to start. You
want to learn technical skills, starting from the basics, in a clear and easy-to-understand language,
through self-study, and for free.
First, I want to say that you're very lucky because people have uploaded millions of resources online.
Most of the content on the internet is free; you just need to find it. It’s harder to get lost now because
when I started learning, there wasn't as much awareness, and people didn't know much about it, so it
was a struggle to learn anything. But yes, the content is very scattered and not systematic; finding good
quality content is difficult.
If you need the best resources to learn cybersecurity, watch this entire video. I'll share my personal list
of resources I used and where you can learn cybersecurity, including books, blogs, videos, playlists,
communities, and articles—all types of knowledge to start a career in this field.
This video is about general cybersecurity, not any particular domain, because there are many domains
within cybersecurity. The resources I’ll share will help you learn everything at a basic level. If you want
to go deeper, you'll find more resources and references within those resources.
First, let's talk about books. Books are one of the best resources to learn something in depth. I also
believe this, and I've learned a lot from books. Honestly, I don't read as many books now, but concepts
are best clarified through books.
I've read some books and reviewed others, so I can recommend them to you. If you want to learn in
layman's terms, from the very basics, *Cybersecurity for Dummies* is a good book. *How Cyber Security
Really Works* by Sam Grube is also in very basic, easy language.
*Cybersecurity Beginner's Guide* by Ardil is a very professional book that explains the what, why, and
how, covering AI and teaching you to build your own labs.
Now let's talk about *The Web Application Hacker's Handbook*. How could I forget this one? This is the
best book for learning web hacking or web security. Any beginner starting in this field starts with web
security because it's a relatively easier topic than other platforms.
Everyone has visited websites, used browsers, and used the internet, so we're all familiar with this topic.
Reading this book is worthwhile; it contains a lot of valuable information, even though it's long.
*Hacking: The Art of Exploitation* is an older book but keeps getting updated and is one of the best I've
read.
These are hacking-oriented books. In addition, *The Hacker Playbook 1 to 3* are also good books. For
blue teaming, *The Blue Team Handbook* by Don Murdock is the best book; it covers SOC, SIEM, and
threat hunting. Other good books for blue teamers are those on offensive countermeasures or
defensive security.
If you want to automate things in this field, which is very important and sometimes necessary,
depending on the domain and your years of experience (five to six years of experience), you should
know programming. I’ve mentioned that you should know programming. You can read *Black Hat
Python*, which will help you build your own hacking tools and understand how existing tools work.
There are many more books; it's endless. I could tell you about many more, but read these. I know
people won't read even this much, but read these. After that, if you're still alive and want to go deeper,
let me know, and I'll make another video.
You’ll learn a lot, but if you want to start a career—a job or business—some other things are essential,
such as certifications. I’ve talked a lot about the importance of certifications in my videos.
The most popular and affordable certification for beginners is the CEH, Certified Ethical Hacker.
This will also strengthen your resume. Today, I'll tell you about a training program where you can learn
cybersecurity and take the CEH exam with a voucher.
It's the Cybersecurity Expert Masters Program by Simply Learn. It teaches you basic fundamentals as
well as advanced skills to help you crack industry certifications such as CEH, CISSP, Sec+, CISM, and CCSP.
The best part of this course is that it includes a CEH exam voucher from EC-Council. At the end of the
course, you can be a certified ethical hacker. The CEH training is accredited by EC-Council, so what
you're taught will be official. You’ll receive official CEH version 12 training, EC-Council course material,
and six months of iLabs for practice.
You also get CISSP training, a gold-standard flagship certification in cybersecurity that covers every

New Section 1 Page 1


You also get CISSP training, a gold-standard flagship certification in cybersecurity that covers every
aspect of information security management, design, architecture, and controls.
You also get electives such as Certified Cloud Professional, CompTIA Network+, and CISM training.
Simply Learn creates and launches courses with top universities and faculty worldwide and has excellent
reviews. It was recently featured in Forbes as one of the most trusted platforms for learning.
Reviews are available if you want to understand how beneficial this course is for you. You can read them
on their site.
To enroll, go to the first link in the description, click "Enroll Now," fill out the form with your details, and
you're enrolled in this best-in-class training. There are limited seats, so the sooner you do it, the better.
Please check it out.
The next learning method is videos. Personally, I understand best from videos because you can see
hacking in action live. Visual learning helps you understand how things work in real time. It's the best
way for practical knowledge, but the same issue arises: there are many videos, so finding good ones that
teach the right things is essential.
I'll tell you about the best YouTube channels in this category. If you prefer learning in English, there are
many excellent YouTube channels.
John Hammond, a legend and international guru, is excellent. David Bombal's networking series is quite
good; he also uploads videos on other general hacking topics. The language is easy, and he creates
guidance videos. LiveOverflow's insights are top-notch.
He goes very deep into his videos; I don't understand many of them. I learned a lot from
Computerphile. I learned concepts from The Cyber Mentor, Network Chuck, InsiderPhD, HackerSploit,
and Lowell Yang (I apologize if I mispronounced any names; I'll put their names in the description). If you
want to do CTFs, try Ippsec.
If you want to prepare for security exams like Sec+, Network+, CompTIA Security+, etc., Professor
Messer and Sandra have some very good videos. I've also watched videos on OffSec, pwnFunction,
Powershell animation videos, and, of course, OWASP.
If you want research-based learning, check out Def Con and Black Hat's YouTube channels. Their
conference talks are available after the conferences; they are long, so you need patience. There are
others, but these are the best. You'll learn almost everything from them. There are Hindi channels, but
not many with good quality content. I’ll mention a few; if you have other good ones, please add them in
the comments so we can all know.
Let's talk about Tech Chip. How can we forget them? I've been watching their videos since childhood.
They show how hacking is done practically. Even when hacking wasn't a thing in India, I watched them.
They create such clean and professional videos, even though hacking isn't their primary profession.
They’ve created practicals on web, mobile, IoT, and software platforms. It's one of the best Hindi
hacking channels ever.
A new channel is The Cyber Expert, and this guy deserves your attention. He consistently uploads videos
from a technical point of view, showing labs and solving them without worrying about views. He created
a series that doesn't even have an audience in India, like binary exploitation, but he teaches it anyway.
He's very skilled. You'll find a lot of content on his channel; subscribe. I can vouch for him. Hacker Vlog
has a whole team, but their channel was created and maintained by a hacker couple. They've uploaded
over a thousand videos across their three or four active channels, so you’ll find content on many topics.
If you want to learn about bug bounty, there's the DeFranco Tech YouTube channel with long courses on
YouTube, showing you bug bounty live. There are many other playlists and courses. Check them out.
Pratik Dabhi also has old videos on bug bounty on YouTube—they're still helpful.
Of course, check out my channel too. There are over 700 videos. I teach what I learn in this industry as a
hacker. I've uploaded a complete roadmap on how to enter cybersecurity. It’s two years old, but I'm
planning a new roadmap this year. Subscribe if you want to see that video first. There are also many
other videos on career guidance, which you can check out.
Now, let's talk about blogs. For web security, PortSwigger Web Security Academy's blog is the best,
along with OWASP's blog, Acunetix, and Netsparker's blogs. If you want to learn penetration testing or
red teaming, Hacking Articles or Hack Tricks, ZeroX-DF (Hack The Box walkthroughs) are very technical
but excellent.
Then there are NotSoSecure, FuzzySecurity, Offensive Security or OffSec, and Rapid7. You'll find
information on research or CVs here. For blue teamers, there's the Splunk Security blog, Blue Team
Handbook, AT&T Level Blue blog, SANS Institute blogs, and The DFIR Report.
For bug bounty, there's Bugcrowd, HackerOne, and the Synacktiv blog. There's also the WikiLeaks blog.
Now, let's talk about practical labs. I always say that as long as you're just watching others do
something—in books or videos—you're only gaining knowledge; you don't have skills. Without skills, you
can't work professionally in this field. Hands-on knowledge is crucial, and you won't gain skills until you
perform yourself.
You'll forget everything you've read and every concept you've learned unless you do it yourself. If you

New Section 1 Page 2


You'll forget everything you've read and every concept you've learned unless you do it yourself. If you
do it yourself, you'll learn to hack. Luckily, there are many good platforms in our field with many labs
created by people with a lot of effort. Large startups have sprung up around this because everyone
knows the importance.
There are different categories and labs for red and blue teams. However, I'll mention some general
platforms where you'll find labs for almost all domains.
First, TryHackMe is the best for beginners. If you want to start doing labs, CTFs are the best way to learn,
so you can start there with walkthrough labs. Many free labs show you how to use basic tools, what
cybersecurity is, and basic ethical hacking concepts with diagrams and how to use basic tools—Burp
Suite, Nmap, SQLMap.
You can watch a separate video I made on what CTFs are. Step-by-step tutorials are available here.
Once you’ve completed these, you’ll see that paid labs are also worthwhile. Investing in your career is
always worthwhile.
Once you have good practice or are familiar with CTFs, you can move to Hack The Box, an intermediate
platform with expert-level labs, excellent labs, and top-notch innovation. If you complete this, you can
finally enter the industry.
The complexity and variety are good. You get pro labs and a dedicated network for attacking. AD, cloud,
and AI—all modern topics are available. It's a subscription, but it's definitely worthwhile.
I use it regularly, so I can say that. Now, let's talk about Proving Grounds from OffSec. There are
excellent labs here. If you're preparing for OSCP, you'll find the best labs here because they have the
most OSCP-like machines.
You should solve these. They're also listed in TJ Null’s list, and solving these machines will definitely help
you pass. I’ve also made a comparison video of TryHackMe, Hack The Box, and Proving Grounds. If you
want to know more about it, watch that. If we talk specifically about blue team, there aren't many
dedicated blue team labs, but you’ll find some good ones on TryHackMe. Otherwise, you can look at
[Link] or [Link] (it might be paid, but check it out).
If you want to learn web security or bug bounty, nothing is better than the PortSwigger Web Security
Academy. The bugs you'll find in the real world are very similar to those here. Every type of vulnerability
is covered at every level—basic, intermediate, and expert.
There are 100+ interesting labs. After completing these, you can start bug bounty. All the labs are free.
What more do you need? If you get stuck, solutions and community solutions are available for every
lab. Learn by doing. Other CTF platforms include PicoCTF, OverTheWire, Root-Me, HackThisSite,
RingZer0 CTF, W3Challs, and Hacker101.
I regularly upload CTF videos to my channel, explaining every concept technically. You'll learn a lot
practically. Watch those videos. You can't learn just from motivational videos. Another good learning
method is the community.
Joining a community lets you interact with people in this field, ask questions, get answers, and get
guidance from those who have already worked in this field and are in good positions. You can ask them
your doubts. Learning directly from others is the best way to learn. You won't find the answers to every
question in books.
Talk to people and join communities. My YouTube channel is my community; I interact with you, do live
sessions, and have social media platforms, YouTube, and Discord channels. Many people are active,
have healthy discussions, have gotten jobs, passed certifications, and strengthened their resumes—
we've built on each other's achievements.
OffSec has a Discord community, as do TryHackMe, Hack The Box, TCM Security, and Infosec Prep. Join
their Discord servers.
Reddit has r/netsec and r/cybersecurity subreddits. Join them. There are many groups on LinkedIn; join
those as well.
There are local OWASP chapters. Go to their website and join. There are Null community talks, locally
and OWASP and BSides talks and communities.
If you're stuck on a technical doubt, you'll find every answer on Stack Overflow. Follow GitHub; you
don't need me to tell you that. You'll find word lists, loads of documentation, guides, walkthroughs,
cheat sheets—everything. Follow professionals on Twitter and LinkedIn; you’ll automatically get more
resources. That's it for this video. Read this much; it’s enough; you’ll learn a lot.

New Section 1 Page 3


----------------------------------------------------------------------------------------------------------------------------- -------------

# YouTube Summary
The video covers comprehensive guidance on learning cybersecurity, particularly for beginners. The
speaker presents multiple learning resources and pathways, organized into several key categories. They
discuss various books ranging from beginner-friendly titles like 'Cybersecurity for Dummies' to advanced
texts like 'The Web Application Hacker's Handbook'. The speaker recommends several YouTube
channels, including John Hammond, David Bombal, and LiveOverflow for English content, and Tech Chip
and The Cyber Expert for Hindi content. For practical experience, they emphasize platforms like
TryHackMe, Hack The Box, and PortSwigger Web Security Academy. The speaker also highlights the
importance of certifications, particularly mentioning CEH (Certified Ethical Hacker) and discusses Simply
Learn's Cybersecurity Expert Masters Program. They stress the significance of hands-on practice and
community involvement through various platforms like Discord servers, Reddit communities, and local
OWASP chapters.
# Highlights
## Introduction and Context
The speaker addresses the common challenge of starting in cybersecurity, acknowledging the
abundance of resources but noting the difficulty in finding the right starting point. They emphasize that
while most content is freely available online, the scattered nature of resources can make systematic
learning challenging.
## Book Recommendations
The speaker recommends several key books for different skill levels and specializations: 'Cybersecurity
for Dummies' and 'How Cyber Security Really Works' for beginners, 'The Web Application Hacker's
Handbook' for web security, 'Hacking: The Art of Exploitation' for advanced topics, 'The Blue Team
Handbook' for defensive security, and 'Black Hat Python' for automation and tool development.
## Certification Discussion
The speaker discusses the importance of certifications for career development, focusing on CEH
(Certified Ethical Hacker) as an affordable and popular option for beginners. They introduce Simply
Learn's Cybersecurity Expert Masters Program, which includes CEH exam voucher, CISSP training, and
additional certifications like Certified Cloud Professional and CompTIA Network+.
## Video Learning Resources
The speaker recommends various YouTube channels, categorizing them by language and specialization.
English channels include John Hammond, David Bombal, LiveOverflow, and The Cyber Mentor. Hindi
channels include Tech Chip, The Cyber Expert, and Hacker Vlog. They emphasize the value of visual
learning for practical understanding.
## Blog Resources and Online Platforms
The speaker lists essential blogs and platforms for different cybersecurity aspects: PortSwigger Web
Security Academy, OWASP, and Acunetix for web security; Hack Tricks and ZeroX-DF for penetration
testing; Splunk Security and SANS Institute for blue team operations; and Bugcrowd and HackerOne for
bug bounty programs.
## Practical Labs and Hands-on Learning
The speaker emphasizes the crucial importance of hands-on practice, recommending platforms like
TryHackMe for beginners, Hack The Box for intermediate learners, and Proving Grounds for OSCP
preparation. They stress that practical experience is essential for developing real skills beyond
theoretical knowledge.
## Community Engagement
The speaker emphasizes the value of joining cybersecurity communities for learning and networking.
They recommend various Discord servers (OffSec, TryHackMe, Hack The Box), Reddit communities
(r/netsec, r/cybersecurity), LinkedIn groups, and local OWASP chapters. They also suggest following
professionals on social media and participating in community events.

New Section 1 Page 4


----------------------------------------------------------------------------------------------------------------------------- ------------

Highlights
Introduction and Context [Link]
The speaker addresses the common challenge of starting in cybersecurity, acknowledging the
abundance of resources but noting the difficulty in finding the right starting point. They emphasize that
while most content is freely available online, the scattered nature of resources can make systematic
learning challenging.
Book Recommendations [Link]
The speaker recommends several key books for different skill levels and specializations: 'Cybersecurity
for Dummies' and 'How Cyber Security Really Works' for beginners, 'The Web Application Hacker's
Handbook' for web security, 'Hacking: The Art of Exploitation' for advanced topics, 'The Blue Team
Handbook' for defensive security, and 'Black Hat Python' for automation and tool development.
Certification Discussion [Link]
The speaker discusses the importance of certifications for career development, focusing on CEH
(Certified Ethical Hacker) as an affordable and popular option for beginners. They introduce Simply
Learn's Cybersecurity Expert Masters Program, which includes CEH exam voucher, CISSP training, and
additional certifications like Certified Cloud Professional and CompTIA Network+.
Video Learning Resources [Link]
The speaker recommends various YouTube channels, categorizing them by language and specialization.
English channels include John Hammond, David Bombal, LiveOverflow, and The Cyber Mentor. Hindi
channels include Tech Chip, The Cyber Expert, and Hacker Vlog. They emphasize the value of visual
learning for practical understanding.
Blog Resources and Online Platforms [Link]
The speaker lists essential blogs and platforms for different cybersecurity aspects: PortSwigger Web
Security Academy, OWASP, and Acunetix for web security; Hack Tricks and ZeroX-DF for penetration
testing; Splunk Security and SANS Institute for blue team operations; and Bugcrowd and HackerOne for
bug bounty programs.
Practical Labs and Hands-on Learning [Link]
The speaker emphasizes the crucial importance of hands-on practice, recommending platforms like
TryHackMe for beginners, Hack The Box for intermediate learners, and Proving Grounds for OSCP
preparation. They stress that practical experience is essential for developing real skills beyond
theoretical knowledge.
Community Engagement [Link]
The speaker emphasizes the value of joining cybersecurity communities for learning and networking.
They recommend various Discord servers (OffSec, TryHackMe, Hack The Box), Reddit communities
(r/netsec, r/cybersecurity), LinkedIn groups, and local OWASP chapters. They also suggest following
professionals on social media and participating in community events.

New Section 1 Page 5


24 May 2025 12:43

You want to start learning cybersecurity, but you're confused about what to study and where to find the
right resources. There are so many resources available, but it's hard to find the right place to start. You
want to learn technical skills, starting from the basics, in a clear and easy-to-understand language,
through self-study, and for free.
First, I want to say that you're very lucky because people have uploaded millions of resources online.
Most of the content on the internet is free; you just need to find it. It’s harder to get lost now because
when I started learning, there wasn't as much awareness, and people didn't know much about it, so it
was a struggle to learn anything. But yes, the content is very scattered and not systematic; finding good
quality content is difficult.
If you need the best resources to learn cybersecurity, watch this entire video. I'll share my personal list
of resources I used and where you can learn cybersecurity, including books, blogs, videos, playlists,
communities, and articles—all types of knowledge to start a career in this field.
This video is about general cybersecurity, not any particular domain, because there are many domains
within cybersecurity. The resources I’ll share will help you learn everything at a basic level. If you want
to go deeper, you'll find more resources and references within those resources.
First, let's talk about books. Books are one of the best resources to learn something in depth. I also
believe this, and I've learned a lot from books. Honestly, I don't read as many books now, but concepts
are best clarified through books.
I've read some books and reviewed others, so I can recommend them to you. If you want to learn in
layman's terms, from the very basics, *Cybersecurity for Dummies* is a good book. *How Cyber Security
Really Works* by Sam Grube is also in very basic, easy language.
*Cybersecurity Beginner's Guide* by Ardil is a very professional book that explains the what, why, and
how, covering AI and teaching you to build your own labs.
Now let's talk about *The Web Application Hacker's Handbook*. How could I forget this one? This is the
best book for learning web hacking or web security. Any beginner starting in this field starts with web
security because it's a relatively easier topic than other platforms.
Everyone has visited websites, used browsers, and used the internet, so we're all familiar with this topic.
Reading this book is worthwhile; it contains a lot of valuable information, even though it's long.
*Hacking: The Art of Exploitation* is an older book but keeps getting updated and is one of the best I've
read.
These are hacking-oriented books. In addition, *The Hacker Playbook 1 to 3* are also good books. For
blue teaming, *The Blue Team Handbook* by Don Murdock is the best book; it covers SOC, SIEM, and
threat hunting. Other good books for blue teamers are those on offensive countermeasures or
defensive security.
If you want to automate things in this field, which is very important and sometimes necessary,
depending on the domain and your years of experience (five to six years of experience), you should
know programming. I’ve mentioned that you should know programming. You can read *Black Hat
Python*, which will help you build your own hacking tools and understand how existing tools work.
There are many more books; it's endless. I could tell you about many more, but read these. I know
people won't read even this much, but read these. After that, if you're still alive and want to go deeper,
let me know, and I'll make another video.
You’ll learn a lot, but if you want to start a career—a job or business—some other things are essential,
such as certifications. I’ve talked a lot about the importance of certifications in my videos.
The most popular and affordable certification for beginners is the CEH, Certified Ethical Hacker.
This will also strengthen your resume. Today, I'll tell you about a training program where you can learn
cybersecurity and take the CEH exam with a voucher.
It's the Cybersecurity Expert Masters Program by Simply Learn. It teaches you basic fundamentals as
well as advanced skills to help you crack industry certifications such as CEH, CISSP, Sec+, CISM, and CCSP.
The best part of this course is that it includes a CEH exam voucher from EC-Council. At the end of the
course, you can be a certified ethical hacker. The CEH training is accredited by EC-Council, so what
you're taught will be official. You’ll receive official CEH version 12 training, EC-Council course material,
and six months of iLabs for practice.
You also get CISSP training, a gold-standard flagship certification in cybersecurity that covers every

New Section 1 Page 1


You also get CISSP training, a gold-standard flagship certification in cybersecurity that covers every
aspect of information security management, design, architecture, and controls.
You also get electives such as Certified Cloud Professional, CompTIA Network+, and CISM training.
Simply Learn creates and launches courses with top universities and faculty worldwide and has excellent
reviews. It was recently featured in Forbes as one of the most trusted platforms for learning.
Reviews are available if you want to understand how beneficial this course is for you. You can read them
on their site.
To enroll, go to the first link in the description, click "Enroll Now," fill out the form with your details, and
you're enrolled in this best-in-class training. There are limited seats, so the sooner you do it, the better.
Please check it out.
The next learning method is videos. Personally, I understand best from videos because you can see
hacking in action live. Visual learning helps you understand how things work in real time. It's the best
way for practical knowledge, but the same issue arises: there are many videos, so finding good ones that
teach the right things is essential.
I'll tell you about the best YouTube channels in this category. If you prefer learning in English, there are
many excellent YouTube channels.
John Hammond, a legend and international guru, is excellent. David Bombal's networking series is quite
good; he also uploads videos on other general hacking topics. The language is easy, and he creates
guidance videos. LiveOverflow's insights are top-notch.
He goes very deep into his videos; I don't understand many of them. I learned a lot from
Computerphile. I learned concepts from The Cyber Mentor, Network Chuck, InsiderPhD, HackerSploit,
and Lowell Yang (I apologize if I mispronounced any names; I'll put their names in the description). If you
want to do CTFs, try Ippsec.
If you want to prepare for security exams like Sec+, Network+, CompTIA Security+, etc., Professor
Messer and Sandra have some very good videos. I've also watched videos on OffSec, pwnFunction,
Powershell animation videos, and, of course, OWASP.
If you want research-based learning, check out Def Con and Black Hat's YouTube channels. Their
conference talks are available after the conferences; they are long, so you need patience. There are
others, but these are the best. You'll learn almost everything from them. There are Hindi channels, but
not many with good quality content. I’ll mention a few; if you have other good ones, please add them in
the comments so we can all know.
Let's talk about Tech Chip. How can we forget them? I've been watching their videos since childhood.
They show how hacking is done practically. Even when hacking wasn't a thing in India, I watched them.
They create such clean and professional videos, even though hacking isn't their primary profession.
They’ve created practicals on web, mobile, IoT, and software platforms. It's one of the best Hindi
hacking channels ever.
A new channel is The Cyber Expert, and this guy deserves your attention. He consistently uploads videos
from a technical point of view, showing labs and solving them without worrying about views. He created
a series that doesn't even have an audience in India, like binary exploitation, but he teaches it anyway.
He's very skilled. You'll find a lot of content on his channel; subscribe. I can vouch for him. Hacker Vlog
has a whole team, but their channel was created and maintained by a hacker couple. They've uploaded
over a thousand videos across their three or four active channels, so you’ll find content on many topics.
If you want to learn about bug bounty, there's the DeFranco Tech YouTube channel with long courses on
YouTube, showing you bug bounty live. There are many other playlists and courses. Check them out.
Pratik Dabhi also has old videos on bug bounty on YouTube—they're still helpful.
Of course, check out my channel too. There are over 700 videos. I teach what I learn in this industry as a
hacker. I've uploaded a complete roadmap on how to enter cybersecurity. It’s two years old, but I'm
planning a new roadmap this year. Subscribe if you want to see that video first. There are also many
other videos on career guidance, which you can check out.
Now, let's talk about blogs. For web security, PortSwigger Web Security Academy's blog is the best,
along with OWASP's blog, Acunetix, and Netsparker's blogs. If you want to learn penetration testing or
red teaming, Hacking Articles or Hack Tricks, ZeroX-DF (Hack The Box walkthroughs) are very technical
but excellent.
Then there are NotSoSecure, FuzzySecurity, Offensive Security or OffSec, and Rapid7. You'll find
information on research or CVs here. For blue teamers, there's the Splunk Security blog, Blue Team
Handbook, AT&T Level Blue blog, SANS Institute blogs, and The DFIR Report.
For bug bounty, there's Bugcrowd, HackerOne, and the Synacktiv blog. There's also the WikiLeaks blog.
Now, let's talk about practical labs. I always say that as long as you're just watching others do
something—in books or videos—you're only gaining knowledge; you don't have skills. Without skills, you
can't work professionally in this field. Hands-on knowledge is crucial, and you won't gain skills until you
perform yourself.
You'll forget everything you've read and every concept you've learned unless you do it yourself. If you

New Section 1 Page 2


You'll forget everything you've read and every concept you've learned unless you do it yourself. If you
do it yourself, you'll learn to hack. Luckily, there are many good platforms in our field with many labs
created by people with a lot of effort. Large startups have sprung up around this because everyone
knows the importance.
There are different categories and labs for red and blue teams. However, I'll mention some general
platforms where you'll find labs for almost all domains.
First, TryHackMe is the best for beginners. If you want to start doing labs, CTFs are the best way to learn,
so you can start there with walkthrough labs. Many free labs show you how to use basic tools, what
cybersecurity is, and basic ethical hacking concepts with diagrams and how to use basic tools—Burp
Suite, Nmap, SQLMap.
You can watch a separate video I made on what CTFs are. Step-by-step tutorials are available here.
Once you’ve completed these, you’ll see that paid labs are also worthwhile. Investing in your career is
always worthwhile.
Once you have good practice or are familiar with CTFs, you can move to Hack The Box, an intermediate
platform with expert-level labs, excellent labs, and top-notch innovation. If you complete this, you can
finally enter the industry.
The complexity and variety are good. You get pro labs and a dedicated network for attacking. AD, cloud,
and AI—all modern topics are available. It's a subscription, but it's definitely worthwhile.
I use it regularly, so I can say that. Now, let's talk about Proving Grounds from OffSec. There are
excellent labs here. If you're preparing for OSCP, you'll find the best labs here because they have the
most OSCP-like machines.
You should solve these. They're also listed in TJ Null’s list, and solving these machines will definitely help
you pass. I’ve also made a comparison video of TryHackMe, Hack The Box, and Proving Grounds. If you
want to know more about it, watch that. If we talk specifically about blue team, there aren't many
dedicated blue team labs, but you’ll find some good ones on TryHackMe. Otherwise, you can look at
[Link] or [Link] (it might be paid, but check it out).
If you want to learn web security or bug bounty, nothing is better than the PortSwigger Web Security
Academy. The bugs you'll find in the real world are very similar to those here. Every type of vulnerability
is covered at every level—basic, intermediate, and expert.
There are 100+ interesting labs. After completing these, you can start bug bounty. All the labs are free.
What more do you need? If you get stuck, solutions and community solutions are available for every
lab. Learn by doing. Other CTF platforms include PicoCTF, OverTheWire, Root-Me, HackThisSite,
RingZer0 CTF, W3Challs, and Hacker101.
I regularly upload CTF videos to my channel, explaining every concept technically. You'll learn a lot
practically. Watch those videos. You can't learn just from motivational videos. Another good learning
method is the community.
Joining a community lets you interact with people in this field, ask questions, get answers, and get
guidance from those who have already worked in this field and are in good positions. You can ask them
your doubts. Learning directly from others is the best way to learn. You won't find the answers to every
question in books.
Talk to people and join communities. My YouTube channel is my community; I interact with you, do live
sessions, and have social media platforms, YouTube, and Discord channels. Many people are active,
have healthy discussions, have gotten jobs, passed certifications, and strengthened their resumes—
we've built on each other's achievements.
OffSec has a Discord community, as do TryHackMe, Hack The Box, TCM Security, and Infosec Prep. Join
their Discord servers.
Reddit has r/netsec and r/cybersecurity subreddits. Join them. There are many groups on LinkedIn; join
those as well.
There are local OWASP chapters. Go to their website and join. There are Null community talks, locally
and OWASP and BSides talks and communities.
If you're stuck on a technical doubt, you'll find every answer on Stack Overflow. Follow GitHub; you
don't need me to tell you that. You'll find word lists, loads of documentation, guides, walkthroughs,
cheat sheets—everything. Follow professionals on Twitter and LinkedIn; you’ll automatically get more
resources. That's it for this video. Read this much; it’s enough; you’ll learn a lot.

New Section 1 Page 3


----------------------------------------------------------------------------------------------------------------------------- -------------

# YouTube Summary
The video covers comprehensive guidance on learning cybersecurity, particularly for beginners. The
speaker presents multiple learning resources and pathways, organized into several key categories. They
discuss various books ranging from beginner-friendly titles like 'Cybersecurity for Dummies' to advanced
texts like 'The Web Application Hacker's Handbook'. The speaker recommends several YouTube
channels, including John Hammond, David Bombal, and LiveOverflow for English content, and Tech Chip
and The Cyber Expert for Hindi content. For practical experience, they emphasize platforms like
TryHackMe, Hack The Box, and PortSwigger Web Security Academy. The speaker also highlights the
importance of certifications, particularly mentioning CEH (Certified Ethical Hacker) and discusses Simply
Learn's Cybersecurity Expert Masters Program. They stress the significance of hands-on practice and
community involvement through various platforms like Discord servers, Reddit communities, and local
OWASP chapters.
# Highlights
## Introduction and Context
The speaker addresses the common challenge of starting in cybersecurity, acknowledging the
abundance of resources but noting the difficulty in finding the right starting point. They emphasize that
while most content is freely available online, the scattered nature of resources can make systematic
learning challenging.
## Book Recommendations
The speaker recommends several key books for different skill levels and specializations: 'Cybersecurity
for Dummies' and 'How Cyber Security Really Works' for beginners, 'The Web Application Hacker's
Handbook' for web security, 'Hacking: The Art of Exploitation' for advanced topics, 'The Blue Team
Handbook' for defensive security, and 'Black Hat Python' for automation and tool development.
## Certification Discussion
The speaker discusses the importance of certifications for career development, focusing on CEH
(Certified Ethical Hacker) as an affordable and popular option for beginners. They introduce Simply
Learn's Cybersecurity Expert Masters Program, which includes CEH exam voucher, CISSP training, and
additional certifications like Certified Cloud Professional and CompTIA Network+.
## Video Learning Resources
The speaker recommends various YouTube channels, categorizing them by language and specialization.
English channels include John Hammond, David Bombal, LiveOverflow, and The Cyber Mentor. Hindi
channels include Tech Chip, The Cyber Expert, and Hacker Vlog. They emphasize the value of visual
learning for practical understanding.
## Blog Resources and Online Platforms
The speaker lists essential blogs and platforms for different cybersecurity aspects: PortSwigger Web
Security Academy, OWASP, and Acunetix for web security; Hack Tricks and ZeroX-DF for penetration
testing; Splunk Security and SANS Institute for blue team operations; and Bugcrowd and HackerOne for
bug bounty programs.
## Practical Labs and Hands-on Learning
The speaker emphasizes the crucial importance of hands-on practice, recommending platforms like
TryHackMe for beginners, Hack The Box for intermediate learners, and Proving Grounds for OSCP
preparation. They stress that practical experience is essential for developing real skills beyond
theoretical knowledge.
## Community Engagement
The speaker emphasizes the value of joining cybersecurity communities for learning and networking.
They recommend various Discord servers (OffSec, TryHackMe, Hack The Box), Reddit communities
(r/netsec, r/cybersecurity), LinkedIn groups, and local OWASP chapters. They also suggest following
professionals on social media and participating in community events.

New Section 1 Page 4


----------------------------------------------------------------------------------------------------------------------------- ------------

Highlights
Introduction and Context [Link]
The speaker addresses the common challenge of starting in cybersecurity, acknowledging the
abundance of resources but noting the difficulty in finding the right starting point. They emphasize that
while most content is freely available online, the scattered nature of resources can make systematic
learning challenging.
Book Recommendations [Link]
The speaker recommends several key books for different skill levels and specializations: 'Cybersecurity
for Dummies' and 'How Cyber Security Really Works' for beginners, 'The Web Application Hacker's
Handbook' for web security, 'Hacking: The Art of Exploitation' for advanced topics, 'The Blue Team
Handbook' for defensive security, and 'Black Hat Python' for automation and tool development.
Certification Discussion [Link]
The speaker discusses the importance of certifications for career development, focusing on CEH
(Certified Ethical Hacker) as an affordable and popular option for beginners. They introduce Simply
Learn's Cybersecurity Expert Masters Program, which includes CEH exam voucher, CISSP training, and
additional certifications like Certified Cloud Professional and CompTIA Network+.
Video Learning Resources [Link]
The speaker recommends various YouTube channels, categorizing them by language and specialization.
English channels include John Hammond, David Bombal, LiveOverflow, and The Cyber Mentor. Hindi
channels include Tech Chip, The Cyber Expert, and Hacker Vlog. They emphasize the value of visual
learning for practical understanding.
Blog Resources and Online Platforms [Link]
The speaker lists essential blogs and platforms for different cybersecurity aspects: PortSwigger Web
Security Academy, OWASP, and Acunetix for web security; Hack Tricks and ZeroX-DF for penetration
testing; Splunk Security and SANS Institute for blue team operations; and Bugcrowd and HackerOne for
bug bounty programs.
Practical Labs and Hands-on Learning [Link]
The speaker emphasizes the crucial importance of hands-on practice, recommending platforms like
TryHackMe for beginners, Hack The Box for intermediate learners, and Proving Grounds for OSCP
preparation. They stress that practical experience is essential for developing real skills beyond
theoretical knowledge.
Community Engagement [Link]
The speaker emphasizes the value of joining cybersecurity communities for learning and networking.
They recommend various Discord servers (OffSec, TryHackMe, Hack The Box), Reddit communities
(r/netsec, r/cybersecurity), LinkedIn groups, and local OWASP chapters. They also suggest following
professionals on social media and participating in community events.

New Section 1 Page 5

You might also like