FREE Cybersecurity Resources and Labs (Dropping Cyber Advice)

Around 5 months ago, I posted an article on LinkedIn since it has gained over 68,413 views. The post simply states, "Does anyone know of any free Cybersecurity hands on labs?" Along with a few other words thanking everyone in advance for their help. The response was phenomenal considering it got 132 comments from folks who wants to help others out in the IT/Cyber community.

I decided to write this article to help folks who have joined my Cybertech Dave mentoring initiative and to assist anyone else that runs across this article that want to find a job in Cybersecurity. Helping people fill the gap in Cybersecurity is what I do!!! So, lets get started with some good quality resources listed below for everyone to start learning and having some fun. :)

Resources given will be for offensive and defensive folks.

First, thing I would highly recommend TryHackMe (THM) especially for beginners (by the way hiring managers) love this. The cool thing about this platform is it has videos that walk you through every single step of the way. It's a very nice way to get hands on experience (Cybertech Dave) recommended! Most of the rooms are completely free if you just want to sign up for the free account. However, if you decide to do the pre security, Defensive, pen-testing track you will have to pay $10 dollars each month.

TryHackMe applicable certifications: Net+, Sec+, eJPT, eCIR, GCFA.

Hackthebox (HTB) offers tons of free rooms to try and hack your way out. Further training includes Mosse' Cyber Security Institute which is a free online platform to practice and awards you with certificates at the end of each task and the best thing it is FREE of charge.

Mossé Cyber Security Institute Offensive security labs are also great; Offensive security's proving grounds...https://www.offensive-security.com/labs/ The offsec labs are very time-limited (3 hours each day), but are very good quality. (free version)

Security Innovation Community Page Free application security training resources, including access to SI's InstaFriend cyber range https://community.securityinnovation.com/

Further, not a lab but if you are looking to get hands-on experience with EDR/XDR/writing D&R rules/creating scalable automations, I'd check out us at?https://www.limacharlie.io/?You can do all of that for free (and no need to talk to any salespeople, just create an account, set up D&R rules, install agent & start hunting)

More suggestions would be check out root.me and PentesterLab.

I highly recommend you check out Hacker101, a free class for web security at https://www.hacker101.com/ Another tip would be to install Docker on a Linux machine and run juiceshop, DVWA, WebGoat, BeeWap, and any other vulnerable applications/machines to get hands on practice.

Furthermore, best of ALL you could build your own lab using VM's from VulnHub. One of my personal favorite for Defensive (blue) side is Rangeforce. And, if you download the (RangeForce Free Community Edition) you can utilize the labs for free. https://www.rangeforce.com/ (Cybertech Dave) recommended!

Rangeforce Applicable Certifications: eJPT, eCIR

The number of gamified training options are fortunately starting to increase for Blue Teamers. For instance, Over The Wire, TryHackMe, Rangeforce, and Blue Team Labs Online all has wonderful hands on experience one can utilize. For example Over The Wire has basic Linux skills to real-world situations. Great for beginners to folks with some basic knowledge of Linux and provides gamified CTF style lessons beginning with Linux Fundamentals (Bandit) the only thing required for this is a SSH connection.

One of the best things about OTW is the content is completely FREE. https://overthewire.org/wargames/

You can also check and solve 200+ labs available on?CyberEDU.ro?(https://cyberedu.ro). Another resource would be to explore Immersive Labs. WebSecurityAcademy by PortSwigger (my favorite) has some of the best web application security hands-on labs with absolutely superb & detailed solutions. (Cybertechdave) recommended.

Black Hills Information Security webinars is also a good source of training. They provide some free and "pay what you can" webinars that have led me to some excellent resources and information regarding career advice, training, new tools and they even have weekly job hunting webinars (which are excellent).

Here's a link to the BHIS site (https://www.blackhillsinfosec.com/), and a direct link to the "pay what you can" training webinars by John Strand as well (https://wildwesthackinfest.com/antisyphon/). You can also follow BHIS on LinkedIn to see their free 1 hour webinars that aren't listed on the antisyphon training page.

Also, if you want to learn the concepts and not just work on labs, the try going to SEED labs. This is actually part of an academic curriculum in cybersecurity that seedlabs Syracuse University use https://seedsecuritylabs.org/?Further, I "highly" recommend INE Starter Pass it contains the Penetration Testing Student Course, which contains not only learning material but hands on labs that directly relate to the resources you will get and it completely FREE.

Free resources:

If you are looking for some place for CTF's then you could try PicoCtf (?https://picoctf.org/index#picogym),

Simply Cyber website: (?https://lnkd.in/dahdm7dM )

Check out Gerald Auger, PhD podcast he does each morning (Cybersecurity Threat Brief First things First)

Stefan Waldvoge (Cyber Hunting guide) ?https://lnkd.in/ez32Djim?

CyberTalents (?https://cybertalents.com/login?),

CryptoHack (https://cryptohack.org/?),

Cyberdefenders ( https://cyberdefenders.org.?)

Laptop hacking Coffee (?https://ctf.laptophackingcoffee.org/challenges?)

RootMe (?https://www.root-me.org/?lang=en?)

Cyber Ranges (https://app.cyberranges.com?CYBER RANGES )

Range Force Community version (?https://www.rangeforce.com/blog/community-soc-challenge )

You can check out these Ultimate Test Drives from Palo Alto Networks ( https://www.paloaltonetworks.com/resources/test-drives )

If you are looking for local /home lab try this below links VM and Docker images.

https://websploit.org/

https://www.vulnhub.com/

OWASP has intentionally broken VMs, useful to train on:?https://owasp.org/www-project-vulnerable-web-applications-directory/

CyberTech Dave Resources:

I hope you have enjoyed reading my article. :)

At least 90 percent of everything listed above is FREE.

If you would like to learn more about my CyberTech Dave mentoring/Advising/Training platform or CyberTech day YouTube channel please follow the links BELOW:

???????????

CyberTech Dave Mentoring program https://www.dhirubhai.net/feed/update/urn:li:activity:6892941679439986688/

CyberTech Dave YouTube Channel ( https://lnkd.in/emg2uhFT )

?? Do you want to break into Cybersecurity? ?? Please use my CyberTech Dave?#Cybersecurity?(Mentoring/Advise/Training/ Program) and let me help you for FREE to help better your odds of finding a Cybersecurity position.

????????????

??Step 1:

The first step of the CyberTech Dave (Mentoring process) is to visite SC Simply Cyber website and take a look around for a couple hours :)??????????https://lnkd.in/dahdm7dM

??STEP 2:

The second step of the CyberTech Dave (Mentoring process) is to go to this website ??????????https://lnkd.in/ez32Djim?to further investigate on helping find a path/Focus in Cyber for a few more hours :)

??STEP 3:

After visiting/exploring Simply Cyber and visiting Stefans' website to investigate all the different domains of Cyber, you can THEN?#career?decide on a FOCUS/path you would like to take in your Cyber career.

??STEP 4: (

After you find a Focus and decide which path you won't to go down I will personally try my best to find you the right training needed. And, come up with mentoring plan tailored toward your Career goals in Cybersecurity.

Again, thank you all for reading my article..

Have FUN playing with all these labs!!

Good luck and hope this helps you land the Cybersecurity position of your dreams!!! :)

If you have any question at all about this article please do NOT hesitate to reach out to me. I am very approachable and open to LinkedIn connects.