12 Oylik bepul kiberxavfsizlik o‘quv Rejasi: Noldan mutaxassislik sari
Bu reja quyidagi bosqichlardan iborat bo‘lib, har biri CEH va Offensive Security imtihonlariga tayyorgarlikni qamrab oladi. Har bir bosqichda bepul resurslar, vositalar va amaliy mashqlar keltiriladi. Reja 12 oyga mo‘ljallangan, har hafta 10-15 soat o‘qish va amaliyotga bag‘ishlanadi.
Umumiy reja
1-3-oy - Asosiy bilimlar (tarmoq, Linux, dasturlash, kiberxavfsizlik asoslari)
4-6-oy - CEH Practical va OSCP uchun boshlang‘ich pentest ko‘nikmalari
7-9-oy- OSEP (Advanced Penetration Testing) uchun Active Directory va tarmoq hujumlari
10-11-oy - OSWE (Advanced Web Attacks) uchun web hujumlari
12-oy OSED (Exploit Development) va portfolio tayyorlash
🟢 1 - > Bosqich -> Asosiy Bilimlar (1-3-oy)
Maqsad - Kompyuter tizimlari, tarmoqlar, dasturlash va kiberxavfsizlik asoslarini o‘rganish.
(Kategoriya)
Virtual Lablar
(Resurs/Platforma)
TryHackMe (Free Tier)
(Tavsif)
Bepul yo‘llar -> Network Fundamentals, Linux Fundamentals, Intro to Cybersecurity
(Havola)
(Amaliy Maslahat)
“Pre Security” yo‘lini tamomlang.
(Haftalik Reja)
Hafta 1-4
“Network Fundamentals” va “Linux Fundamentals” yo‘llarini o‘ting (har biri 10 soat).
OverTheWire Wargames
Bepul CTF lablari (Bandit, Leviathan)
Bandit seriyasini to‘liq tamomlang (20+ vazifa).
Hafta 5-6
Bandit seriyasini yeching (10-15 vazifa, 15 soat).
VulnHub
Yuklab olinadigan zaif mashinalar
3 ta boshlang‘ich mashinani sinab ko‘ring (masalan, Kioptrix).
Hafta 7-8
Kioptrix yoki Mr. Robot mashinasini hack qiling (10 soat).
Vositalar
Kali Linux
Bepul pentest OS
Virtual mashinada o‘rnatib, Nmap va Wireshark bilan tanishing.
Hafta 1-2
Kali Linux o‘rnating, asosiy buyruqlarni o‘rganing (5 soat).
Nmap
Tarmoq skanerlash
nmap -sC -sV bilan o‘z tarmog‘ingizni skan qiling (qonuniy doirada).
Hafta 3-4
5 ta skan turi bilan tajriba qiling (10 soat).
Wireshark
Tarmoq trafik tahlili
HTTP trafikni ushlab, analiz qiling.
Hafta 5-6
HTTP va DNS trafiklarini tahlil qiling (8 soat).
Burp Suite Community
Web ilovalarini test qilish
DVWA da login formasi bilan tajriba qiling.
Hafta 7-8
Burp Suite bilan DVWA’da 3 ta tajriba o‘tkazing (5 soat).
Kurslar
The Cyber Mentor Free Labs
Bepul pentest va CTF lablari
5 ta bepul labni sinab ko‘ring.
Hafta 9-10
5 ta labni bajaring (10 soat).
FreeCodeCamp Cybersecurity
Bepul kiberxavfsizlik asoslari
“Cybersecurity Basics” kursini tamomlang.
Hafta 11-12
Kursni o‘qing (10 soat).
Kitoblar
“Learn Python The Hard Way” (PDF)
Bepul Python asoslari
10 ta mashqni bajaring.
Hafta 1-4
Har hafta 3 ta mashqni yeching (10 soat).
“Computer Networking: A Top-Down Approach” (PDF)
Tarmoq asoslari
1-4 boblarini o‘qing.
Hafta 5-8
1-4 boblarini o‘qing (15 soat).
Umumiy Maslahatlar
Kali Linux ni VirtualBox yoki VMware da o‘rnating va asosiy buyruqlarni o‘rganing.
TryHackMe da “Pre Security” yo‘lini tamomlashga 30 soat sarflang.
Python da oddiy tarmoq skanerini yozishni o‘rganing (masalan, socket moduli bilan).
🟡 2) Bosqich -> CEH Practical va OSCP (4-6-oy)
Maqsad - CEH imtihonining 20 ta amaliy vazifasi va OSCP imtihonining 5 ta mashinasini hack qilish ko‘nikmalarini o‘rganish.
(Kategoriya)
Virtual Lablar
(Resurs/Platforma)
TryHackMe (Free Rooms)
(Tavsif)
Bepul CTF va pentest lablari
(Havola)
(Amaliy Maslahat)
“Web Fundamentals” va “Metasploit” lablarini tamomlang.
(Haftalik Reja)
Hafta 13-16
“Web Hacking 101” va “Metasploit” yo‘llarini o‘ting (15 soat).
VulnHub
OSCP tipidagi mashinalar
10 ta mashinani hack qiling (masalan, Mr. Robot).
Hafta 17-20
5 ta mashinani hack qiling (20 soat).
Pwnable.kr
Bepul exploit va CTF lablari
5 ta boshlang‘ich vazifani yeching.
Hafta 21-22
5 ta vazifani yeching (10 soat).
Vositalar
Metasploit
Bepul exploit framework
msfconsole bilan 3 ta exploit sinab ko‘ring.
Hafta 13-14
3 ta exploitni sinab ko‘ring (8 soat).
Hydra
Parol krek qilish
SSH yoki HTTP formasi bilan tajriba qiling.
Hafta 15-16
SSH va HTTP formalarida brute force sinab ko‘ring (8 soat).
SQLmap
SQL injection avtomatizatsiyasi
DVWA’da SQLi sinab ko‘ring.
Hafta 17-18
DVWA da 5 ta SQLi hujumini o‘tkazing (10 soat).
John the Ripper
Hash krek qilish
NTLM hash bilan mashq qiling.
Hafta 19-20
3 ta hash turini krek qiling (8 soat).
Responder
NTLM hash olish
Lab muhitida LLMNR poisoning sinab ko‘ring.
Hafta 21-22
LLMNR poisoning bilan tajriba qiling (5 soat).
Kurslar
PortSwigger Web Security Academy
Bepul web hujumlari kurslari
XSS, SQLi, CSRF bo‘limlarini o‘ting.
Hafta 23-24
10 ta XSS va SQLi vazifasini yeching (15 soat).
TryHackMe Free Paths
Bepul pentest va CTF kurslari
“Offensive Pentesting” yo‘lini tamomlang.
Hafta 13-16
“Offensive Pentesting” yo‘lini o‘ting (15 soat).
Kitoblar
“Hacking: The Art of Exploitation” (PDF)
Pentest va exploit asoslari
Exploit bo‘limlarini o‘qing.
Hafta 17-20
Exploit bo‘limlarini o‘qing (10 soat).
Qo‘shimcha
OSCP Cheatsheet (0x4D31)
Bepul vositalar va buyruqlar ro‘yxati
10 ta buyruqni labda sinab ko‘ring.
Hafta 21-24
Cheat sheet dan 10 ta buyruqni sinab ko‘ring (5 soat).
Umumiy Maslahatlar
CEH imtihoni uchun PortSwigger Academy da 20 ta vazifani sinab ko‘ring (XSS, SQLi, CSRF).
OSCP uchun VulnHub da 10 ta mashinani hack qilib, hisobot yozishni mashq qiling (TCM Security shablonlaridan foydalaning).
Metasploit dan minimal foydalaning, chunki OSCP da cheklangan.
🔵 3) Bosqich -> Advanced Penetration Testing (OSEP) (7-9-oy)
Maqsad - Active Directory (AD) hujumlari, EDR bypass va ichki tarmoq ekspluatatsiyasini o‘rganish.
(Kategoriya)
Virtual Lablar
(Resurs/Platforma)
TryHackMe AD Tracks
(Tavsif)
Bepul Active Directory lablari
(Havola)
(Amaliy Maslahat)
“Active Directory Basics” yo‘lini tamomlang.
(Haftalik Reja)
Hafta 25-28
“Active Directory Basics” va “AD Attacks” yo‘llarini o‘ting (15 soat).
HackTheBox Free AD Labs
Bepul AD muhitlari
2-3 ta bepul AD mashinani sinab ko‘ring.
Hafta 29-30
2 ta AD mashinasini hack qiling (10 soat).
Tib3rius AD Labs
Bepul AD hujumlari lablari
5 ta bepul labni sinab ko‘ring.
Hafta 31-32
5 ta labni bajaring (10 soat).
Vositalar
BloodHound
AD graph tahlili
AD muhitida enumeration qiling.
Hafta 25-26
BloodHound bilan AD tahlil qiling (8 soat).
Mimikatz
Credential olish
Pass-the-hash tajribasini o‘tkazing.
Hafta 27-28
Pass-the-hash va golden ticket sinab ko‘ring (8 soat).
PowerView
AD enumeration
AD userlarini tahlil qiling.
Hafta 29-30
AD enumeration tajribasi qiling (5 soat).
Impacket
Tarmoq va AD hujumlari
SMB relay tajribasi qiling.
Hafta 31-32
SMB relay va Kerberos hujumlarini sinab ko‘ring (8 soat).
Kurslar
Tib3rius AD Labs
Bepul AD hujumlari kurslari
5 ta bepul labni sinab ko‘ring.
Hafta 33-34
Tib3rius kurslarini o‘ting (10 soat).
TryHackMe Red Team Path
Bepul Red Team kurslari
“Red Team Fundamentals” yo‘lini tamomlang.
Hafta 35-36
“Red Team Fundamentals” yo‘lini o‘ting (15 soat).
Kitoblar
“Red Team Field Manual” (PDF)
Red Team buyruqlari
Buyruqlarni labda sinab ko‘ring.
Hafta 33-36
AD hujumlari bo‘yicha buyruqlarni o‘qing (5 soat).
Umumiy Maslahatlar
TryHackMe da “Active Directory Basics” va “AD Attacks” yo‘llarini tamomlang.
BloodHound va Mimikatz bilan 5 ta AD hujumini sinab ko‘ring (Kerberos, pass-the-hash).
Tib3rius AD lablarida 5-7 ta amaliyot qiling.
🟣 4) Bosqich -> Advanced Web Attacks (OSWE) (10-11-oy)
Maqsad - Web ilovalardagi zaifliklar, source code tahlili va avtomatlashtirilgan hujumlarni o‘rganish.
(Kategoriya)
Virtual Lablar
(Resurs/Platforma)
PortSwigger Web Security Academy
(Tavsif)
Bepul XSS, SQLi, SSRF lablari
(Havola)
(Amaliy Maslahat)
Har bo‘limdan 10-15 ta vazifani bajaring.
(Haftalik Reja)
Hafta 37-40
XSS, SQLi, CSRF bo‘limlaridan 50 ta vazifani yeching (20 soat).
OWASP Juice Shop
Zaif web ilova
OWASP Top 10 zaifliklarini sinab ko‘ring.
Hafta 41-42
OWASP Top 10 dan 5 ta zaiflikni sinab ko‘ring (10 soat).
DVWA
Bepul vulnerable web app
XSS va SQLi hujumlarini o‘rganing.
Hafta 43-44
DVWA da 10 ta vazifani yeching (10 soat).
Vositalar
OWASP ZAP
Bepul web skaner
Web ilovada zaifliklarni skan qiling.
Hafta 37-38
ZAP bilan 3 ta ilovani skan qiling (8 soat).
Nikto
Web server skaneri
O‘z lab ilovangizda Nikto’ni sinab ko‘ring.
Hafta 39-40
Nikto bilan 2 ta serverni skan qiling (5 soat).
Kurslar
PortSwigger Web Security Academy
Bepul web hujumlari kurslari
XSS, SQLi, CSRF bo‘limlarini o‘ting.
Hafta 41-44
50 ta vazifani tamomlang (20 soat).
TryHackMe Web Hacking
Bepul web pentest lablari
“Web Hacking 101” yo‘lini tamomlang.
Hafta 37-40
“Web Hacking 101” yo‘lini o‘ting (15 soat).
Kitoblar
“Web Application Hacker’s Handbook” (PDF)
Web hujumlari bo‘yicha qo‘llanma
XSS va SQLi bo‘limlarini o‘qing.
Hafta 41-44
XSS va SQLi bo‘limlarini o‘qing (10 soat).
Umumiy Maslahatlar
PortSwigger Academy da 50+ vazifani bajaring, ayniqsa XSS va SQLi bo‘limlariga e’tibor bering.
OWASP Juice Shop da OWASP Top 10 zaifliklarini sinab ko‘ring.
OWASP ZAP bilan DVWA da 5 ta skanerlash tajribasi o‘tkazing.
🔴 5) Bosqich -> Exploit Development (OSED) (12-oy)
Maqsad - 0-day ekspluatlar yozish, buffer overflow va Windows internals tahlilini o‘rganish.
(Kategoriya)
Virtual Lablar
(Resurs/Platforma)
VulnServer
(Tavsif)
Bepul exploit dev uchun zaif dastur
(Amaliy Maslahat)
5 ta zaiflik uchun exploit yozing.
(Haftalik Reja)
Hafta 45-46
3 ta buffer overflow eksploitini yozing (10 soat).
Exploit Exercises (Protostar/Nebula)
Bepul buffer overflow lablari
Protostar seriyasini tamomlang.
Hafta 47-48
Protostar dan 10 ta vazifani yeching (15 soat).
Vositalar
x64dbg
Bepul Windows binary debugging
VulnServer da debugging sinab ko‘ring.
Hafta 45-46
x64dbg bilan 3 ta tajriba o‘tkazing (8 soat).
Ghidra
Bepul reverse engineering vositasi
Binar faylni analiz qiling.
Hafta 47-48
Ghidra bilan 2 ta faylni tahlil qiling (8 soat).
Pwntools
Bepul exploit scripting
Python’da oddiy exploit skript yozing.
Hafta 45-46
Pwntools bilan 2 ta skript yozing (8 soat).
Kurslar
Corelan Exploit Tutorials
Bepul buffer overflow qo‘llanmalari
Stack overflow bo‘limini o‘qing.
Hafta 47-48
Stack overflow bo‘limini o‘qing (10 soat).
RPISEC Modern Binary Exploitation
Bepul universitet kursi
5 ta labni bajaring.
Hafta 45-48
5 ta labni tamomlang (15 soat).
Kitoblar
“Hacking: The Art of Exploitation” (PDF)
Exploit va reverse engineering
Exploit bo‘limlarini o‘qing.
Hafta 45-48
Exploit bo‘limlarini o‘qing (10 soat).
Umumiy Maslahatlar
VulnServer da 5 ta buffer overflow eksploitini yozing.
Corelan tutorials bo‘yicha stack overflow va ROP chainingni o‘rganing.
Pwntools bilan 3 ta avtomatlashtirilgan exploit skriptini yozing.
🟣 6) Bosqich -> Professional Rivojlanish va Portfolio (12-oy oxiri)
Maqsad- Xalqaro darajadagi mutaxassis bo‘lish, portfolio tuzish, CTF va Bug Bounty da ishtirok etish.
(Kategoriya)
CTF va Musobaqalar
(Resurs/Platforma)
CTF time
(Tavsif)
Bepul global CTF musobaqalar jadvali
(Havola)
(Amaliy Maslahat)
Har hafta 1-2 ta CTF da qatnashing.
(Haftalik Reja)
Hafta 49-50
2 ta CTF musobaqasida ishtirok eting (10 soat).
Pwnable.kr
Bepul exploit va reverse lablari
5-10 ta vazifani yeching.
Hafta 51-52
5 ta vazifani yeching (10 soat).
Bug Bounty
Open Bug Bounty
Bepul bug bounty platformasi
2-3 ta oddiy zaiflik topib hisobot yozing.
Hafta 49-50
2 ta zaiflik toping (10 soat).
Portfolio
TCM Security Report Templates
Bepul pentest hisobot shablonlari
2 ta hisobot yozib GitHub’da joylashtiring.
Hafta 51-52
2 ta hisobot yozing (10 soat).
Qo‘shimcha
TryHackMe Free CTFs
Bepul CTF va pentest lablari
Har oy 5 ta bepul CTFni yeching.
Hafta 49-52
5 ta CTF ni yeching (15 soat).
Umumiy Maslahatlar
CTFtime dagi bepul musobaqalarda har hafta qatnashing.
Open Bug Bounty da oddiy zaifliklar (masalan, XSS) topib, hisobot yozishni o‘rganing.
GitHub da portfolio yarating, TryHackMe va VulnHub dan natijalarni joylashtiring.
Yakuniy Tavsiyalar
Vaqtni boshqarish - Har hafta 10-15 soat o‘qish va amaliyotga sarflang. Agar vaqt cheklangan bo‘lsa, haftada 5-7 soat bilan boshlang.
CEH uchun - PortSwigger Academy da 50+ vazifani bajaring. TryHackMe da “Web Fundamentals” va “Metasploit” lablarida 6 soatlik imtihonni simulyatsiya qiling.
OSCP uchun - VulnHub da 30-50 ta mashinani hack qiling. Hisobot yozishni TCM Security shablonlari bilan mashq qiling.
OSEP uchun - TryHackMe da “Active Directory Basics” va Tib3rius AD lablarini tamomlang. BloodHound va Mimikatz bilan 5 ta AD hujumini sinab ko‘ring.
OSWE uchun - PortSwigger Academy da 50+ vazifani bajaring. OWASP Juice Shop da OWASP Top 10 zaifliklarini sinab ko‘ring.
OSED uchun - VulnServer da 5 ta buffer overflow eksploitini yozing. Corelan tutorials va Exploit Exercises dan foydalaning.
Portfolio - GitHub da TryHackMe, VulnHub va Open Bug Bounty dan olingan natijalarni joylashtiring. 2-3 ta professional hisobot yozing.
Last updated
Was this helpful?