Free Training and Guides

The following lists are free training services, open-source software and software lists, and other free training resources. We provide these “As-Is” and without official endorsement or warranty.

Administration and Troubleshooting

• Sad Servers: “LeetCode for Linux” - learn to troubleshoot and fix broken Linux servers.
• RegExr: Learn to write and test Regular Expressions (RegEx)
• Learn DMARC: Learn the importance of setting up DMARC for your email domain
• Killer Shell: simulators for Linux Foundation Exams
• RHCSA Practice Questions: practice questions for version 7 of the Red Hat Certified System Administrator exam. These are useful to anyone looking to practice Linux administration skills.

“Capture The Flag” sites

• OverTheWire’s Wargames: fantastic for beginners to CTFs and pentesting
• UnderTheWire: more free CTF machines
• Gandalf AI: prompt injection CTFs on a real generative AI system
• Awesome-CTF: Aggregated list of different CTF Sites
• HackTheBox: one of the biggest and most comprehensive CTF sites on the internet
• TryHackMe: Similar to HackTheBox but more educational and open-ended solutions

Cybersecurity

• Clark.Center: huge platform of free cybersecurity curriculum

Programming and Scripting

• Python Automate The Boring Stuff: practical Python Programming for total beginners

Intentionally Vulnerable VMs and Software

These are sites with software and virtual machines created to be intentionally vulnerable to test your pentesting skills or demonstrate vulnerabilities.

• VulnHub: large site with vulnerable virtual machines of all flavors
• OWASP Vulnerable Web Apps: the OWASP foundation maintains multiple different vulnerable web applications to demonstrate exploits and show the importance of patching.
• Game of Active Directory: a virtualized Active Directory domain with multiple vulnerable machines and misconfigurations. Designed to practice exploiting and pivoting within an AD environment.
• OWASP Juice Shop: a modern and sophisticated insecure web application built with the latest web technologies.
• Damn Vulnerable Web App: the original vulnerable web app, originally designed by OWASP.