They say that mastering a skill takes 10.000 hours of training, but not all training is equal. At Intigriti, we very often promote blog posts, tools, and videos and those are some amazing resources, but there’s much more than that!
Today, we’re going to focus on platforms that provide us with resources to learn ethical hacking. The list below is in no specific order and all of these have their own merits and pitfalls, be sure to experiment with a bunch of these!
📜 Overview
Let’s take a look at all the platforms that we will be talking about in this article! Is your favourite platform missing from this list? Let us know so we can add it!
- 🌍 All-round platforms [🔗]
- TryHackMe
- HackTheBox
- CyberSecLabs
- PentesterLab
- 🐛 Bug bounty focussed platforms [🔗]
- Intigriti Hackademy
- PortSwigger Academy
- BugBountyHunter
- Google Bug Hunter University
- Hacksec
- Hacker101
- Bugcrowd University
- 🚩 Capture The Flag [🔗]
- CTFtime
- 🔐 Cryptography [🔗]
- Cryptohack
- 📜 Application security [🔗]
- Kontra
- 🐧 Linux [🔗]
- LinuxJourney
- 📦 Binary exploitation / Reversing [🔗]
- Crackmes.one
- Pwnable.tw
📖 Platform index
Let’s get into the listing! We’re going to assess these platforms based on the content they provide and the structure they provide it in, as well as the overall look and feel!
🌍 All-round platforms
These are the platforms that provide labs and resources on a wide variety of topics ranging from web application exploitation, binary exploitation to active directory hacking and even hardware hacking. All of these platforms provide a plethora of interactive labs for you to solve FOR FREE. They also have a subscription model if you want more access.
TryHackMe
If you’re a beginner and you want to learn and get into cybersecurity in a fun way, then be sure to check out TryHackMe. They host a great series of lessons, curated by their team that gamifies the learning experience.
A lab would usually start with a short explanation of the topic. Introducing you into it, followed by an exercise. You can spin an actual lab up and start getting hands-on practice.
HackTheBox
If you like a good challenge, then you should check out HackTheBox. How does it work? You get a box and you hack into it! It’s as easy as that!
They always have 20 free machines to hack available alongside a bunch of challenges. Are you a beginner, then don’t worry! They have an academy and some basic machines for you to get to know the ropes of hacking!
CyberSecLabs
CyberSecLabs is a beginner focussed platform that attempts to teach you all about network penetration testing. Whether it be Windows or Linux box, you’ll learn loads.
Their main strength is the Active Directory machines, of which they have many. You will be knowledgeable on AD penetration testing after having completed these labs!
PentesterLab
PentesterLab is one that has been around for a long time and they’ve always kept on improving and improving.
With over 400 labs, you’re sure that you won’t run out of content. Their labs detail real vulnerabilities and they offer certificates of completion.
🐛 Bug bounty focussed platforms
These platforms and websites are the ones that we could classify as bug bounty focussed. That category name might not be the ideal one because very often these platforms’ main focus is web application testing and bug bounty is much more vast than that.
Intigriti Hackademy
Want to learn more about some of your favorite bug types? Want to learn by reading, hacking, and watching videos? Then the Intigriti Hackademy is ideal for you!
The goal with the hackademy is to explain everything in detail, whilst being simple to understand for beginners as well. Have we achieved our goal?
PortSwigger Academy
Want to learn anything related to web application security? The PortSwigger academy by the creators of BurpSuite is the place to go!
Their written content is top-notch and with their labs, you have an easy way of putting the knowledge you gained from reading to the test. Are you ready to get your hands dirty?
Check the PortSwigger Academy out here!
BugBountyHunter
Zseano is one of the top hunters we have today, and he is not keeping all his secrets to himself. He has created BugBountyHunter, a platform to help you get started on your bug bounty journey!
The labs provided contain vulnerabilities you will find in real applications, but you’re not told what to hunt for. This means that you really need your bug bounty hunter mindset in order to solve them!
Check BugBountyHunter out here!
Google Bug Hunter University
When talking about bug bounty, we cannot not talk about Google. They have also created their own Bug Hunter University for you to read, watch and most importantly learn about bug bounty.
Their top-notch non-technical content is their biggest asset in our opinion. How do you write a report, how do you assess the credibility of your tools, etc? It’s a much-watch for all up-and-coming hunters!
Check the Google Bug Hunter University out here!
Hacksec
This incredibly new platform may start to catch some steam in the upcoming months. It focuses on bug bounty and does so in a gamified way with a bunch of labs that you can start solving today!
We very much look forward to seeing how this new platform can shake up the scene and make security training even more accessible than they already are!
Hacker101
Hacker101 is a great learning resource by Hackerone. There are a bunch of learning tracks with great videos detailing basic things such as Javascript for beginners up to more advanced topics such as how to make the best use of BurpSuite for your bug bounty journey.
Additionally, they also have a CTF that’s continuously running for you to keep on practicing your bug bounty skills!
Bugcrowd University
The Bugcrowd University is a great place to find security talks and presentations.
Some very talented and interesting people have detailed some ingenious topics there, so be sure to check those out!
Check the Bugcrowd University out here!
🚩 Capture The Flag
CTFs or capture the flag events are a great practical way to stay up to date on what’s going on in the world of cybersecurity. Be sure to challenge yourself in some CTFs!
CTFtime
Ever played in a CTF? Want to find a team? When is the next CTF? How well did I perform in a CTF? CTFtime has the answer to all those questions. It is THE place to be if you want to start CTFing today.
I can definitely recommend playing some CTFs. They’re fun, easy-going, and a great way of polishing up your skills!
🔐 Cryptography
Cryptography is a niche that many often steer away from because they feel like it’s too mathematical. There is merit to that but crypto comes closer to the hacking you desire than you want. Check this resource out and we can promise you’ll fall in love!
CryptoHack
If there is one place you need to visit to learn the practical side of cryptography hacking, then it has to be CryptoHack. This is the place to be! They offer some amazing challenges, great courses and have an active community that loves to help.
Cryptography is and will always be hard, but Cryptohack makes it fun. Their labs are lifelike and teach you complex concepts in a gamified way.
📜 Application security
Ever looked through the source code of an open-source project to try and find some vulnerabilities? It’s harder than it looks! Luckily these resources can help us with that!
Kontra
Kontra is an amazing platform combining real vulnerabilities, with a guided lab experience where you can find them on your but being guided at every single step.
They have a bunch of free labs available for you to play around with right now and we can definitely recommend checking them out!
🐧 Linux
Linux is an operating system that you undoubtably will work within your cybersecurity career! Time to get more familiar with it!
LinuxJourney
LinuxJourney is all about teaching you basic and advanced concepts in Linux. Want to learn about the basic commands, there’s a section on that, want to learn about networking or logging? There are sections for that!
All labs have a written guide explaining everything as well as quizzes where you can put your knowledge to the test!
Check the LinuxJouney out here!
📦 Binary exploitation / Reversing
Binary exploitation or pwning and reverse engineering are a niche that many don’t immediately want to dig into. However, understanding how computers work at one of the lowest levels of abstraction, can be really interesting. Check these resources out and have some fun!
Crackmes.one
Crackmes.one is the place for you to download some fun binaries to reverse. It’s entirely crowdsourced, and you can even upload your own binary. Be cautious however that you don’t run any malware.
We love the little community on the platform and the guides that are being posted by the community.
Pwnable.tw
So you want to put your binary exploitation skills to the test? Pwnable is the place to do that. All of the binaries on there are sure to lead to an incredible amount of head scratches and nights wasted!
Can you climb the ranking on here? It’ll prove to be a tough nut to crack!
📍 Conclusion
The learning resources available for free are plentiful. There’s something fitting every learning style out there, so go ahead, try these out and continue with the one you like the best!
This list isn’t yet exhaustive at all. If you know any other platforms that deserve a place on this list, then be sure to let us know. We’d love to keep this article up to date!