Over the years I have explored many platforms to learn hands-on cyber security. Personally, when I'm looking for training I want something close to real life and comprehensive. I have noticed there is a lot of training out there that stays very high level which won't benefit someone that is getting into penetration testing. The good news is in recent years the options have expanded and I will go through some of my favorites.
Pentest Academy:
This site does cost money but for 250 dollars a year it's a real steal. They offer 2 types of learning on their site. The first is video courses that are like full college course quality. An example would be the "Attacking and Defending Active Directory" course which is 36 videos averaging around 30 minutes each. The other part is labs and they have a lot of labs. When I say a lot I mean like 250 labs for all types of security: secure code, Linux, Windows, networking, cracking passwords, etc. If you put in the time to go through the content you would be able to master cyber security.
website: https://www.pentesteracademy.com/
cost: $250 a year
Tryhackme:
Tryhackme is mostly free and is a great site for targeted learning. For example, they have labs specifically for Eternal Blue or log4j. The labs are also all done in the browser. They have great real-life examples and are up to date on the latest threats. The site provides hints if you get stuck on many of the machines and have questions for you to answer so you can see your progression. Most of the machines are free but they offer a subscription to give you full access.
website: https://tryhackme.com/
cost: $8 dollars a month
Hackthebox:
Hackthebox is the main site I think for pwning challenge machines. They have countless boxes. Most are free but older boxes require a subscription. If you’re looking for a specific attack there will probably be a box on Hackthebox for it. The only note is that many of these boxes I would consider challenge boxes instead of real life. An example would be the flag being hidden in the EXIF of an image instead of a text file on the desktop. You download a VPN file and access the machines on your virtual machine normally.
website: https://www.hackthebox.com/
cost: $14-$20 dollars a month.
Proving Ground:
This site is my favorite. Great real-life examples of boxes to hack into with various difficulties. If you get stuck they have hints as well as full walkthroughs for every box, which is amazing. I’ll note paying attention to the community difficulty (by mousing over the machine name) instead Proving Grounds rating as sometimes way off causing a lot of frustration. They also have retired OSCP boxes if you’re looking for that.
cost: $19 dollars a month
These are the main sites that I have found helpful however I know there are more out there that I have either not covered or simply not explored personally. In the future, I will go over some other course-specific sites like Pluralsight, Cybrary, and Coursera and share my thoughts.
Comments