Interactive OSCP/CPTS Roadmap: HTB Machines + THM Rooms

Interactive OSCP/CPTS Roadmap: HTB Machines + THM Rooms

There is a very specific, deeply frustrating kind of paralysis that almost inevitably hits you about two weeks into any serious cybersecurity certification prep, and it is crucial to recognize it for what it actually is.

It is not imposter syndrome, it is not a lack of technical aptitude, and it is certainly not laziness; rather, it is a crushing wave of decision fatigue that cleverly masquerades as a skill gap, convincing you that you don't know enough when the reality is that you just don't know where to focus.

You confidently open up Hack The Box on a Saturday morning, ready to grind, and suddenly you find yourself staring blankly at a massive, overwhelming graveyard of hundreds of retired machines with absolutely zero context or guidance on where a beginner should actually start.

Thinking a change of scenery will help, you pivot over to TryHackMe, only to get immediately ambushed by a dozen different, overlapping learning paths that pull your attention in entirely different directions.

This constant context-switching is completely separate from the massive, disorganized lists of links and recommendations I constantly see flying across Discord servers and Reddit sub-communities, which often lead to situations where you end up spending three hours doing absolutely nothing except trying to figure out what you are supposed to be studying.

I have watched this exact, predictable pattern destroy the exam momentum for far more aspiring penetration testers than any technical failing ever has, because the mental overhead of constantly re-deciding what to practice next quietly accumulates into a heavy burnout that ultimately ends in abandoned exam dates and the depressing self-talk of "maybe I'll try again next year."

The Ultimate Pen Testing Lab Tracker

The Pen Testing Lab Tracker and Cheat Sheet is my definitive, authoritative answer to that absolute chaos, designed specifically to strip away the noise and give you a crystal-clear roadmap to success.

What I have meticulously built here is a comprehensive, all-in-one, interactive dashboard that seamlessly pulls together over 300 carefully curated practice machines from Hack The Box, TryHackMe, VulnHub, and various custom platforms, all intelligently mapped directly to the specific, actionable skill domains that elite exams like the OSCP, CPTS, OSWE, and OSEP actually test in the real world.

Every single machine included in this tracker has explicitly earned its place on the list by being directly and undeniably relevant to a specific certification outcome, meaning there is zero fluff and absolutely no wasted time.

If you are starting your daunting OSCP journey completely from scratch, this tracker empowers you to filter the database exclusively down to beginner-friendly “V1” machines so you can build a real, logical progression rather than taking a random, frustrating walk through wildly varying difficulty tiers.

It provides a deliberate, structured curriculum that actively scales alongside you; as your foundational skills develop and the exam syllabi inevitably evolve, you can escalate your practice targets accordingly, resting easy knowing that the path has already been expertly laid out, and all you have to do is show up and walk it.

Skill Development

The dynamic filtering capability is exactly where this tool earns its keep and transforms your everyday, highly stressful preparation sessions into highly focused, surgical strikes against your weakest areas.

Let’s say you just ran a grueling, multi-hour mock exam and your Active Directory enumeration completely fell apart under pressure, leaving you frustrated and lost. Instead of wasting forty-five minutes frantically searching outdated forums and subreddits for “good AD practice boxes” and hoping the recommendations are still valid, you simply type “Active Directory” into the tracker’s built-in search bar, and you are instantly done.

You are immediately presented with exactly the right Hack The Box machines, TryHackMe rooms, and advanced Pro Lab environments that have been purpose-built to isolate and fix that specific, critical knowledge gap so you can get back to actually hacking.

This exact same logic applies seamlessly to SMB exploitation, highly specific CVE classes, complex web application attack chains, or frankly whatever your current weak point happens to be; you can cleanly isolate the exact concepts holding you back and attack them with a level of precision that random box-hunting simply cannot provide.

Accessing Your Copy and Leveraging Walkthroughs

The tracker is entirely free to use, and I deliberately built it as a dynamic HTML page rather than a standard, flat PDF for a very specific and important reason: the exact moment you flatten this kind of rich data into a static document, you completely lose the powerful search, filtering, and interactivity functions that make it so incredibly useful in the first place, so please do not try to convert it. You can download the complete ZIP archive directly from my Google Drive right here: 

https://buymeacoffee.com/notescatalog/e/517406

Furthermore, I want to be completely honest with you: no tracker, no matter how perfectly designed, will ever fully replace that agonizing moment where you have been staring at a brick-wall machine for six straight hours and genuinely need to see exactly how a highly skilled practitioner thinks through a complex problem. When you inevitably hit that wall, these are the specific video playlists I actually recommend you lean on to reset your perspective:

Good luck on your journey, and stay focused.

0 comments

Leave a comment

Our Best Pick of Cyber Security Notes
Certified Security Blue Team Level 2 (BTL2) Study Notes (Unofficial)

Cyber Security Certification Notes

The Kali Linux Pentesting Cheat Sheet

Cyber Security Study Guides

Master AI for Content Creation, Business & Marketing

AI & ML Study Guides

The Definitive Networking Cheat Sheet (Tools)

IT Study Guides

Cybersecurity · Offensive & Defensive · Practitioner-First

Stop reading docs.
Start thinking like an attacker.

Field-ready notes, methodology breakdowns, and certification cheat sheets built by a practitioner for practitioners.

Browse Free Notes Unlock Premium →
62K+YouTube Subscribers
20K+Web Visitors
4K+Students and Professionals Using The Notes

What's in the vault

Two tiers.
One clear mission.

Whether you're just getting started or deep in the trenches, there's a tier built for where you are right now. Free notes cover the essentials — premium unlocks the full playbook.

Free Access

The essentials,
on the house.

A curated library of beginner and intermediate notes you can access right now — no signup, no friction.

  • Introductory walkthroughs on core concepts
  • Tool overviews: Nmap, Burp Suite, Metasploit & more
  • Selected HTB writeup summaries
  • Foundational blue team methodology notes
  • YouTube companion write-ups
Start Reading Free
Premium

The full
practitioner playbook.

Every note, every cheat sheet, every methodology breakdown — structured the way a senior analyst actually thinks.

  • Full OSCP, CPTS, OSWE, HTB CDSA prep DISCOUNTS
  • Complete HTB machine writeups (Guardian, Expressway & more)
  • AI Red Teaming tooling comparison notes
  • SOC analyst learning roadmaps & playbooks
  • Threat intelligence methodology guides
  • Malware analysis case studies (NotPetya & more)
  • New content added continuously
Become a Member →

Coverage

What you'll actually use.

Notes built around real engagements, real exam objectives, and real SOC workflows — not a rehash of vendor documentation.

#Penetration TestingOSCP · CPTS · HTB
#Web App SecurityOSWE · Bug Bounty
#SOC & Blue TeamCDSA · SIEM · IR
#Threat IntelligenceTAXII · YARA · MITRE
#Malware AnalysisReverse Engineering
#AI Red TeamingGarak · PyRIT · LLM Sec
#Network SecurityActive Directory · Pivoting
#Tooling & AutomationScripts · Integrations

Cert Coverage

OSCP CPTS OSWE HTB CDSA CEH CompTIA Sec+ eJPT

The author

Motasem Hamdan

I'm a cybersecurity practitioner, technical writer, and content creator who got tired of resources that treat readers like beginners forever.

My notes are built the way I wish someone had built them when I was grinding through certs and CTFs — methodology-first, practitioner-grade, and structured for how analysts actually think on the job.

Over 62,000 people on YouTube follow along. Thousands more read on the site every month. These aren't notes for passing an exam and forgetting everything — they're references you'll keep coming back to.

YouTube Channel @MotasemHamdan · 62K+ subscribers Main Site motasem-notes.net Store shop.motasem-notes.net
motasem_notes — practitioner.sh
whoami
motasem_hamdan — cybersec_practitioner

cat expertise.txt
offensive_security: advanced
blue_team_soc:      advanced
threat_intel:       advanced
technical_writing:  practitioner-grade

ls content/
htb_writeups/  cert_cheatsheets/
ai_red_team/   soc_methodology/
threat_intel/  malware_analysis/

cat philosophy.txt
"teach how to think,
 not just what to type."

_

Membership

One subscription.
Everything unlocked.

Skip the hours lost searching fragmented resources. One membership gives you the full library, updated continuously as the threat landscape evolves.

Free $0 forever
  • Foundational notes library
  • Selected HTB summaries
  • YouTube companion write-ups
  • Tool overview guides
Start Reading
Most Popular Premium Member $15 / month · cancel anytime
  • Full notes library (100+ resources)
  • Cert prep DISCOUNTS: OSCP, CPTS, OSWE, CDSA
  • Complete HTB machine writeups
  • SOC analyst methodology playbooks
  • AI Red Teaming notes
  • Threat intelligence guides
  • New content every week
  • Priority access to new releases
Become a Member →
Store : One-Time Pay What You Want
  • Buy individual cheat sheets
  • Downloadable PDFs & guides
  • No recurring commitment
  • Yours to keep permanently
Browse Store

FAQ

Good questions.


The free tier has solid foundational content. Premium notes are written for intermediate-to-advanced practitioners — they assume you know the basics and want to go deeper. If you're grinding toward OSCP or working in a SOC, you'll feel right at home.
Continuously. New walkthroughs, methodology updates, and cheat sheets drop regularly — aligned with new HTB machines, cert updates, and emerging threat topics. As a member, you get access to everything as it lands.
Yes, absolutely. Membership is managed through Buy Me a Coffee — you can cancel any time directly from your account. No long-term lock-in, no awkward cancellation flows.
The membership gives you ongoing access to the full library for a monthly fee. The store lets you buy individual resources once and own them permanently — good if you just need one specific cert pack.
Definitely. Head to @MotasemHamdan on YouTube — over 62K subscribers and a large back-catalogue of walkthroughs, tool demos, and methodology breakdowns. Best way to see if the teaching style clicks for you before committing to anything.
motasem-notes.net Practitioner-grade cybersecurity notes & resources.
Site Store YouTube Membership