Some of the way which i know:
Level-1 :— RESEARCH AND RESOURCES
The Art of Googling
Never give up Attitude, Patience and Consistency.
Know How to Find Resources
Read Articles and Blogs about CyberSecurity and Watch videos on new Tech and its Vulnerabilities.
Keep up with News and Updates in the CyberSecurity field, including what type of new attacks are happening.
Find Courses and Books that will teach you specific topics in-depth.
LEVEL-2 :— FUNDAMENTALS
LINUX BASICS
Linux Directory Structure
Familiarity of Environment
Basic Linux Terminal Commands
Manage Permission
Manage Linux Users and Groups
Manage and Monitor the Linux Services and Processes
WINDOWS BASICS
Groups and Policies
Active Directory
Basics of Powershell
Windows Services and Vulnerabilities
WEB APPLICATION BASICS
Understanding of URL
Role of Client and Server
How Request and Response Works
Request Header and Response Header
Caching Service and Cache
Web App Technology
Web App Vulnerabilities
PYTHON FUNDAMENTALS
Basic Syntax
Working of Loop
Working of if-else
List, Tuple and Dictionaries
Basics of Functions
Files I/O
Exception Heading
Socket Programming
BASICS OF SERVER
What is Server
Types of Server
How Passwords are Stored
How Server Works
BASICS OF NETWORKING
Protocol Services and Port no.
3-way Handshake
TCP Headers and UDP Headers
Secure Socket Layer
OSI Layers
Network Topologies
TCP/IP Protocol
Subnetting
Tunneling
Network Sevice Vulnerabilities
Level-3 :— TOOLS
These are called Ethical Hacking Tools.
Ethical Hacking Tools can detect vulnerabilities in computer systems, servers, web applications, and networks with the help of computer programs and scripts. There are several open-source and commercial tools available in the market that are widely used to prevent unauthorized access to a computer system.
LEARN EVERYTHING ABOUT THESE TOOLS AND HOW TO USE THEM.
PRACTICE IN EVERY ONE OF THEM, YOU WILL BE NEEDING THEM IN FUTURE
There are many tools for different purposes. I will list the top 10 beginner tools to start with.
Metasploit
Nmap
Burp suite
Wappalyzer
Cain and Abel
Cyberchef
Pydictor
Maltego
OWASP ZAP
theHarvester
Level-4 :— VULNERABLE MACHINE
OverTheWire
You will learn and practice many Linux Commands here.
There are 33 levels on OverTheWire's website, on every level, you will be given problems to solve for which you have to use different Linux Commands and then when you solve those problems YOU WILL ACHIEVE A FLAG.
It's really helpful for beginners who are just starting out.
DVWA
There are vulnerable applications on DVWA's site.
You can try brute force attacks on these applications, CSRF attacks and XSS attacks.
PicoCTF
Now here on PicoCTF's website, you'll get small tasks that- This flag is hidden maybe in the image or anywhere and you have to CAPTURE THE FLAG(CTF).
You'll get points for solving these tasks- 10, 20 and 40 points.
AFTER DOING ALL THIS YOU WOULD HAVE GAINED A LOT OF CONFIDENCE. NOW YOU CAN MOVE TO THE NEXT MACHINES.
NOTE:— IF YOU STILL DON'T FEEL CONFIDENT ENOUGH PRACTICE MORE ON PREVIOUS MACHINES.
VulnHub
You will get “Boot to Root" type of machines here.
Boot to Root means you have to open the machine from start then become SUPERUSER and then bring the flag.
You can download CTFs from VulnHub's website and choose levels accordingly- Easy, Hard and Advanced.
You should solve and practice at least 100–150 machines.
HackTheBox
Till here you were exploiting offline machines by downloading them to your local system. But now here you will get access to a VPN and then you have to solve it online.
The price for VIP is somewhere around 800–1000 Rs which you have to give every month.
You will get every level of machine and points after solving those machines.
You should solve a Minimum of 100 machines.
Level-5 :— A+ TOPICS
Buffer Overflow
Linux Commands and Privilege Escalation
Windows Commands and Privilege Escalation
Windows Kernel Exploits
Linux Kernel Exploits