Skip to main content
Legal and Ethical ConsiderationsOnly practice ethical hacking on systems you own or have explicit written permission to test. Unauthorized access to computer systems is illegal and can result in criminal prosecution. Always ensure you’re working in authorized environments like Hack The Box, VulnHub, or your own lab setup.

Overview

Days 85-90 focus on practical penetration testing and ethical hacking skills. This phase allows you to apply everything you’ve learned throughout the 90-day journey—networking, Linux, Python, traffic analysis, and cloud security—to real-world security challenges. You’ll practice on purpose-built vulnerable machines and CTF (Capture The Flag) challenges that simulate real attack scenarios in a safe, legal environment.

Practice Platforms

Hack The Box

Interactive cybersecurity training platform with vulnerable machines, challenges, and a vibrant community. Features guided paths for beginners and advanced penetration testing scenarios.

VulnHub

Provides downloadable vulnerable virtual machines to practice security testing in your own lab environment. Great for offline practice and building your home lab.

Video Training Resources

Practical Ethical Hacking - Part 1

By The Cyber MentorComprehensive introduction to ethical hacking concepts, reconnaissance, enumeration, and exploitation techniques.

Practical Ethical Hacking - Part 2

By The Cyber MentorAdvanced penetration testing techniques, post-exploitation, privilege escalation, and real-world attack scenarios.

Getting Started with CTF Challenges

1

Set Up Your Environment

Install essential tools on your Kali Linux or similar penetration testing distribution:
  • Nmap for network scanning
  • Metasploit Framework for exploitation
  • Burp Suite for web application testing
  • John the Ripper and Hashcat for password cracking
  • Wireshark for traffic analysis
2

Choose Your Platform

Start with Hack The Box’s beginner-friendly machines or download an easy box from VulnHub. Look for machines tagged as “Easy” or “Beginner” difficulty.
3

Follow the Methodology

Apply a structured penetration testing approach:
  1. Reconnaissance - Gather information about the target
  2. Scanning & Enumeration - Identify open ports and services
  3. Vulnerability Assessment - Find potential security weaknesses
  4. Exploitation - Gain initial access
  5. Post-Exploitation - Escalate privileges and maintain access
  6. Reporting - Document your findings
4

Document Everything

Keep detailed notes of:
  • Commands you run and their outputs
  • Vulnerabilities you discover
  • Exploitation techniques that work
  • Lessons learned from failed attempts
This documentation becomes valuable for your portfolio and future reference.
5

Watch Walkthroughs After Completion

After solving a challenge (or getting stuck), watch video walkthroughs to see alternative approaches and learn new techniques. IppSec and The Cyber Mentor have excellent walkthrough content.
Safe Practice EnvironmentsAlways practice in controlled, legal environments:
  • Use isolated virtual machines that aren’t connected to your main network
  • Consider setting up a dedicated home lab with vulnerable VMs on an isolated network segment
  • Utilize cloud-based labs from platforms like Hack The Box Academy or TryHackMe that provide sandboxed environments
  • Never test on production systems or networks you don’t own or have explicit permission to test

Key Skills to Develop

During Days 85-90, focus on building these core competencies:

Reconnaissance & Information Gathering

  • Passive reconnaissance using OSINT techniques
  • Active scanning with Nmap and similar tools
  • Service enumeration and banner grabbing
  • Web application fingerprinting

Vulnerability Assessment

  • Identifying common vulnerabilities (SQLi, XSS, RCE, etc.)
  • Using automated scanners effectively
  • Manual vulnerability validation
  • Understanding CVE databases and exploit-db

Exploitation Techniques

  • Using Metasploit Framework
  • Writing and modifying exploit code
  • Web application exploitation
  • Network service exploitation
  • Buffer overflow basics

Post-Exploitation

  • Linux and Windows privilege escalation
  • Lateral movement techniques
  • Credential harvesting
  • Persistence mechanisms
  • Covering tracks and cleanup
Watch both parts of The Cyber Mentor’s Practical Ethical Hacking series. Take notes on key concepts, tools, and techniques. Set up your penetration testing environment and install necessary tools.
Practice on 2-3 “Easy” rated machines on Hack The Box or VulnHub. Focus on applying the methodology learned from the video courses. Don’t be discouraged if you need to reference hints or walkthroughs.
Attempt a “Medium” difficulty challenge to push your skills further. Review all the techniques you’ve learned and document your methodology. Start thinking about how to present this work in your portfolio.

Additional Resources

  • TryHackMe: Another excellent platform with guided learning paths (tryhackme.com)
  • OverTheWire: Classic wargames for learning security concepts (overthewire.org)
  • PentesterLab: Web penetration testing exercises (pentesterlab.com)
  • HackerOne CTF: Free beginner-friendly web hacking challenges

Building Your Portfolio

As you complete challenges, document your work:
  • Write detailed writeups explaining your methodology
  • Create video walkthroughs of your process
  • Maintain a GitHub repository with scripts and tools you’ve developed
  • Build a personal website showcasing your skills and achievements
These artifacts demonstrate practical skills to potential employers and provide talking points for interviews.

Next Steps

After completing Days 85-90, you’ll move on to: Continue practicing on CTF platforms regularly to maintain and improve your skills!

Build docs developers (and LLMs) love

Get started for freeTalk to us