What about Practice in Cyber Security?

One of the significant challenges I faced during my studies was the practical application of course material. Often, the labs provided by the course creators are not free, making it difficult to gain access to the necessary environments. Below is a compilation of various platforms, some well-known and others less so, which offer practical labs for applying what you've learned. Here we go:

1. TryHackMe (THM)

TryHackMe is one of my favorite platforms due to its organization and ease of use for both labs and theoretical content. Approximately half of the content is free, but to access the remaining labs and CTF challenges, a Premium subscription is required. The best and easiest way to purchase a subscription is through a voucher from my friend 0xkillir, who is very trustworthy. For free labs and CTFs, you can check out this compilation.

2. Hack The Box (HTB)

Hack The Box is a well-known platform that offers an advanced CTF experience, though it also provides beginner and medium-level challenges. For those preparing for exams like EJPT, this compilation of labs can be very helpful. HTB offers both free and premium labs, with the premium subscription being slightly more expensive than THM. However, students can avail of a good discount with a student email.

3. HackMe

HackMe is a very nice platform for practicing HTML and JavaScript while studying Web Pentest. It provides a good perspective on source code, metadata, exif data, and other aspects, all for free.

4. Hacksplaining

Hacksplaining offers a very user-friendly explanation of web bugs and practical applications for each bug, providing a thorough explanation of each one. This platform is also free.

5. Attack & Defense

Attack & Defense is a comprehensive platform that offers labs for various topics, including DevSecOps, Linux Security, Cloud Security, and Windows Security. Although it is not free, you can access free labs.

6. CyberDefenders

CyberDefenders is an excellent platform for blue team scenarios, especially forensics and incident response (IR). It offers both free and paid labs and closely mimics SOC scenarios.

7. LetsDefend

LetsDefend is another good platform for blue team exercises.

8. VulnHub

VulnHub is a fantastic site for downloading ISO files for infected labs, which you can then work on using a VM.

9. BlueTeamLabs

BlueTeamLabs focuses on blue team exercises, particularly those related to investigations.

10. PortSwigger

PortSwigger is essential for anyone studying web pentesting. Most real-world scenarios are reflected in their labs, which cover various levels of difficulty for each vulnerability and are all free.

11. PentesterLab

PentesterLab offers advanced web labs, mostly paid, making it a great follow-up to PortSwigger labs.

12. CyberTalents

CyberTalents is a great site for CTFs related to both red and blue team activities, though not all of them are free.