Hi, I am Nakulan - an aspiring penetration tester and ethical hacker. I recently completed the Google Cybersecurity Certificate and decided to commit one full month to land a cybersecurity internship — without paying for expensive certifications like CEH or CompTIA.

This blog marks the end of my second week, and I want to document everything I’ve learned so far. Hopefully, this will help others who are also starting from scratch and aiming for practical experience.

According to the roadmap ChatGPT provided me, my next focus is to learn and get comfortable with some essential penetration testing tools. While I’ve started exploring basics like Gobuster , Nmap, nikto, hydra the plan is to deepen my understanding of these and other key tools used by professionals. Mastering these basics will be crucial as I move forward in my journey toward becoming a skilled penetration tester.

WHAT I LEARNED THIS WEEK:

1.TRYHACKME - NMAP

TCP connect scans
NULL, FIN and Xmas scans
Working with NSE

2.TRYHACKME - HYDRA

Basic HYDRA commands for brute-forcing

3.TRYHACKME - DNS IN DETAILS

Understanding Domain Hierarchy
Different DNS record types
How DNS request works

4.TRYHACKME - VULNERABILITES 101

Scoring Vulnerabilities
Exploring Vulnerability database

5.TRYHACKME - BECOME A HACKER

How TryHackMe structures learning to help beginners become hackers

6.YOUTUBE - NIKTO SCAN

What Nikto is and how to use it for web server scanning

7.YOUTUBE - GOBUSTER

Overview of Gobuster and its usage

8.YOUTUBE - BURP SUITE BASICS

Introduction to Burp Suite and its basic functions

HOW I FINISHED MY VULNVERSITY ROOM

According to the roadmap, this room was marked as important, and I immediately knew it was going to be challenging.

Here’s what I learned while working through it:

Practical use of Gobuster
Practical use of Burp Suite — this part took me through different phases of emotions, from confusion to satisfaction
What SUID is and how to search for it

To be honest, finishing the tasks wasn’t easy. I found the Gobuster and Nmap sections relatively straightforward, but the Burp Suite and privilege escalation parts were tougher. I even had to refer to a detailed blog walkthrough on Vulnversity to complete some tasks.

In the end, I learned a lot and realized I still have a long way to go. This experience also gave me a sense of the pressure and persistence needed to complete real penetration testing challenges.

KEY TAKEAWAYS

Some tasks feel easy at first, but others, like using Burp Suite and privilege escalation, can be quite challenging and require extra effort.
It’s okay to seek help from walkthroughs or blogs — the goal is to learn, not just to finish quickly.
Practical hands-on experience with tools like Gobuster and Nmap boosts confidence.
Understanding concepts like SUID is essential for privilege escalation.
The pressure of completing tough challenges taught me patience and persistence — important qualities for anyone pursuing penetration testing.

Week 3 preview

I’ll start with a simple CTF on TryHackMe to practice what I’ve learned so far.
I plan to explore key services like FTP, SMB, and SSH to understand common attack vectors.
I’ll also attempt a Hack The Box Starting Point machine and document my progress on GitHub and my blog.

Follow my journey:

GitHub: https://github.com/NAKULAN14

Linkedln: https://www.linkedin.com/in/nakulan-devarajan-4486611b8/

THANKS FOR READING!!

WEEK 2 :My Cyber Security journey