Hacking (practical)

TryHackMe: an interactive cybersecurity learning platform offering virtual labs and challenges for beginners to advanced learners. ($ if you wanna complete the entire path or do the free chapters and compensate with YouTube walkthroughs)

VulnLab: provides a pentesting and red teaming lab with around 120 vulnerable machines, including standalone systems and complex Active Directory environments. It covers a range of difficulties from easy to advanced and offers guidance through notes, hints, and walkthroughs. ($)

VulnHub: offers downloadable virtual machines (VMs) designed to practice exploitation and penetration testing. (FREE)

PentesterLab: provides hands-on web application security training with real-world challenges and virtual labs focused on vulnerabilities. ($ + FREE)

Hack The Box: a platform for penetration testing challenges and CTFs, offering labs, virtual machines, and an academy for learning ethical hacking. ($ + FREE)

Offensive Security Labs: a platform offering practical labs for learning penetration testing and cybersecurity, connected to Offensive Security certifications. (Practice $, Play =3 free hours/day)

Slayer Labs: a cybersecurity training platform with a focus on hands-on labs and challenges, designed to improve penetration testing skills. ($)

Immersive Labs: a cybersecurity training platform for organizations and individuals to upskill their teams with hands-on labs and exercises in various security domains. ($ + FREE)

HackMyVM: a platform offering vulnerable virtual machines for learning and practicing penetration testing skills. (FREE)

Hack This Site: a safe and legal training ground for hackers to test and expand their ethical hacking skills with challenges, CTFs, and more. (FREE)

Try2Hack: a game of computer hacking that includes infrastructure, reverse engineering, cracking and cryptoanalysis tasks.

Kubernetes Goat: a GitHub project providing a vulnerable Kubernetes environment for security testing and learning. (FREE)

Damn Vulnerable GraphQL Application: a GitHub project for learning and exploiting vulnerabilities in GraphQL applications. (FREE)

OWASP Juice Shop: a vulnerable web application designed to learn and practice web application security testing, widely used for security training. (FREE)

PortSwigger: provider of web application security tools and training, empowering professionals to identify and address vulnerabilities effectively. In their labs, you can alternate between the BurpSuite community tool and ZAP (Zed Attack Proxy) . (FREE)

DVWA: an intentionally vulnerable web application designed to practice hacking in a controlled environment. (FREE)

GOAD: a pentest Active Directory LAB project. The purpose of this lab is to give pentesters a vulnerable Active directory environment ready to use to practice attack techniques. (FREE)​

CryptoHack: platform to learn about cryptography through solving challenges and cracking insecure code. (FREE)

Pwned Labs: upskills cybersecurity professionals affordably and effectively. Explore their interactive labs that replicate real-world scenarios. (FREE + $)